./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3415003374 <...> Warning: Permanently added '10.128.1.53' (ED25519) to the list of known hosts. execve("./syz-executor3415003374", ["./syz-executor3415003374"], 0x7ffe42f17350 /* 10 vars */) = 0 brk(NULL) = 0x55557b28d000 brk(0x55557b28dd00) = 0x55557b28dd00 arch_prctl(ARCH_SET_FS, 0x55557b28d380) = 0 set_tid_address(0x55557b28d650) = 5048 set_robust_list(0x55557b28d660, 24) = 0 rseq(0x55557b28dca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3415003374", 4096) = 28 getrandom("\x93\xec\x7a\xb5\x63\x81\x9f\x61", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557b28dd00 brk(0x55557b2aed00) = 0x55557b2aed00 brk(0x55557b2af000) = 0x55557b2af000 mprotect(0x7f8b76c04000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557b28d650) = 5049 ./strace-static-x86_64: Process 5049 attached [pid 5049] set_robust_list(0x55557b28d660, 24) = 0 [pid 5049] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5049] setsid() = 1 [pid 5049] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5049] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5049] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5049] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5049] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5049] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5049] unshare(CLONE_NEWNS) = 0 [pid 5049] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5049] unshare(CLONE_NEWIPC) = 0 [pid 5049] unshare(CLONE_NEWCGROUP) = 0 [pid 5049] unshare(CLONE_NEWUTS) = 0 [pid 5049] unshare(CLONE_SYSVSEM) = 0 [pid 5049] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5049] write(3, "16777216", 8) = 8 [pid 5049] close(3) = 0 [pid 5049] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5049] write(3, "536870912", 9) = 9 [pid 5049] close(3) = 0 [pid 5049] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5049] write(3, "1024", 4) = 4 [pid 5049] close(3) = 0 [pid 5049] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5049] write(3, "8192", 4) = 4 [pid 5049] close(3) = 0 [pid 5049] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5049] write(3, "1024", 4) = 4 [pid 5049] close(3) = 0 [pid 5049] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5049] write(3, "1024", 4) = 4 [pid 5049] close(3) = 0 [pid 5049] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5049] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5049] close(3) = 0 [pid 5049] getpid() = 1 [pid 5049] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<) = 0 [pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5049] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5049] close(3) = 0 [pid 5049] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5053 attached , child_tidptr=0x55557b28d650) = 3 [pid 5053] set_robust_list(0x55557b28d660, 24) = 0 [pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5053] setpgid(0, 0) = 0 [pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5053] write(3, "1000", 4executing program ) = 4 [pid 5053] close(3) = 0 [pid 5053] write(1, "executing program\n", 18) = 18 [pid 5053] futex(0x20000700, FUTEX_WAIT, 2, {tv_sec=0, tv_nsec=60000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5053] rt_sigreturn({mask=[HUP QUIT ILL ABRT KILL USR1 SEGV USR2 PIPE TERM STKFLT CHLD TSTP TTIN TTOU URG VTALRM WINCH IO RTMIN RT_1 RT_2 RT_6 RT_7 RT_10 RT_11 RT_12 RT_14 RT_15 RT_17 RT_18 RT_20 RT_23 RT_24 RT_25 RT_29]}) = 0 [pid 5053] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [ 184.350149][ T5053] syz-executor341[5053] bad frame in rt_sigreturn frame:00007fff998fa470 ip:7f8b76c04570 sp:7fff998fa708 orax:ffffffffffffffff in syz-executor3415003374[7f8b76c04000+4000] [pid 5053] +++ killed by SIGSEGV (core dumped) +++ [pid 5049] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=3, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=25 /* 0.25 s */} --- [pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5049] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5049] close(3) = 0 [pid 5049] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5054 attached , child_tidptr=0x55557b28d650) = 4 [pid 5054] set_robust_list(0x55557b28d660, 24) = 0 [pid 5054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] setpgid(0, 0) = 0 [pid 5054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5054] write(3, "1000", 4executing program ) = 4 [pid 5054] close(3) = 0 [pid 5054] write(1, "executing program\n", 18) = 18 [pid 5054] futex(0x20000700, FUTEX_WAIT, 2, {tv_sec=0, tv_nsec=60000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5054] rt_sigreturn({mask=[HUP QUIT ILL ABRT KILL USR1 SEGV USR2 PIPE TERM STKFLT CHLD TSTP TTIN TTOU URG VTALRM WINCH IO RTMIN RT_1 RT_2 RT_6 RT_7 RT_10 RT_11 RT_12 RT_14 RT_15 RT_17 RT_18 RT_20 RT_23 RT_24 RT_25 RT_29]}) = 0 [pid 5054] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [ 184.690676][ T5054] syz-executor341[5054] bad frame in rt_sigreturn frame:00007fff998fa470 ip:7f8b76c04570 sp:7fff998fa708 orax:ffffffffffffffff in syz-executor3415003374[7f8b76c04000+4000] [pid 5054] +++ killed by SIGSEGV (core dumped) +++ [pid 5049] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=4, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=25 /* 0.25 s */} --- [pid 5049] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5049] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5049] close(3) = 0 [pid 5049] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5055 attached , child_tidptr=0x55557b28d650) = 5 [pid 5055] set_robust_list(0x55557b28d660, 24) = 0 [pid 5055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5055] setpgid(0, 0) = 0 [pid 5055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 5055] write(3, "1000", 4) = 4 [pid 5055] close(3) = 0 [pid 5055] write(1, "executing program\n", 18) = 18 [pid 5055] futex(0x20000700, FUTEX_WAIT, 2, {tv_sec=0, tv_nsec=60000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5055] rt_sigreturn({mask=[HUP QUIT ILL ABRT KILL USR1 SEGV USR2 PIPE TERM STKFLT CHLD TSTP TTIN TTOU URG VTALRM WINCH IO RTMIN RT_1 RT_2 RT_6 RT_7 RT_10 RT_11 RT_12 RT_14 RT_15 RT_17 RT_18 RT_20 RT_23 RT_24 RT_25 RT_29]}) = 0 [pid 5055] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [ 185.067019][ T5055] syz-executor341[5055] bad frame in rt_sigreturn frame:00007fff998fa470 ip:7f8b76c04570 sp:7fff998fa708 orax:ffffffffffffffff in syz-executor3415003374[7f8b76c04000+4000] [pid 5055] +++ killed by SIGSEGV (core dumped) +++ [pid 5049] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=5, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=24 /* 0.24 s */} --- [pid 5049] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5049] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5049] close(3) = 0 [pid 5049] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5056 attached , child_tidptr=0x55557b28d650) = 6 [pid 5056] set_robust_list(0x55557b28d660, 24) = 0 [pid 5056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5056] setpgid(0, 0) = 0 [pid 5056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 5056] write(3, "1000", 4) = 4 [pid 5056] close(3) = 0 [pid 5056] write(1, "executing program\n", 18) = 18 [pid 5056] futex(0x20000700, FUTEX_WAIT, 2, {tv_sec=0, tv_nsec=60000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5056] rt_sigreturn({mask=[HUP QUIT ILL ABRT KILL USR1 SEGV USR2 PIPE TERM STKFLT CHLD TSTP TTIN TTOU URG VTALRM WINCH IO RTMIN RT_1 RT_2 RT_6 RT_7 RT_10 RT_11 RT_12 RT_14 RT_15 RT_17 RT_18 RT_20 RT_23 RT_24 RT_25 RT_29]}) = 0 [pid 5056] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [ 185.408490][ T5056] syz-executor341[5056] bad frame in rt_sigreturn frame:00007fff998fa470 ip:7f8b76c04570 sp:7fff998fa708 orax:ffffffffffffffff in syz-executor3415003374[7f8b76c04000+4000] [pid 5056] +++ killed by SIGSEGV (core dumped) +++ [pid 5049] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=6, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=25 /* 0.25 s */} --- [pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5049] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5049] close(3) = 0 [pid 5049] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 5057 attached , child_tidptr=0x55557b28d650) = 7 [pid 5057] set_robust_list(0x55557b28d660, 24) = 0 [pid 5057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5057] setpgid(0, 0) = 0 [pid 5057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5057] write(3, "1000", 4) = 4 [pid 5057] close(3) = 0 [pid 5057] write(1, "executing program\n", 18) = 18 [pid 5057] futex(0x20000700, FUTEX_WAIT, 2, {tv_sec=0, tv_nsec=60000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5057] rt_sigreturn({mask=[HUP QUIT ILL ABRT KILL USR1 SEGV USR2 PIPE TERM STKFLT CHLD TSTP TTIN TTOU URG VTALRM WINCH IO RTMIN RT_1 RT_2 RT_6 RT_7 RT_10 RT_11 RT_12 RT_14 RT_15 RT_17 RT_18 RT_20 RT_23 RT_24 RT_25 RT_29]}) = 0 [pid 5057] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [ 185.757178][ T5057] syz-executor341[5057] bad frame in rt_sigreturn frame:00007fff998fa470 ip:7f8b76c04570 sp:7fff998fa708 orax:ffffffffffffffff in syz-executor3415003374[7f8b76c04000+4000] [pid 5057] +++ killed by SIGSEGV (core dumped) +++ [pid 5049] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=7, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=24 /* 0.24 s */} --- [pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5049] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5049] close(3) = 0 [pid 5049] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5058 attached , child_tidptr=0x55557b28d650) = 8 [pid 5058] set_robust_list(0x55557b28d660, 24) = 0 [pid 5058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5058] setpgid(0, 0) = 0 [pid 5058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 5058] write(3, "1000", 4) = 4 [pid 5058] close(3) = 0 [pid 5058] write(1, "executing program\n", 18) = 18 [pid 5058] futex(0x20000700, FUTEX_WAIT, 2, {tv_sec=0, tv_nsec=60000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5058] rt_sigreturn({mask=[HUP QUIT ILL ABRT KILL USR1 SEGV USR2 PIPE TERM STKFLT CHLD TSTP TTIN TTOU URG VTALRM WINCH IO RTMIN RT_1 RT_2 RT_6 RT_7 RT_10 RT_11 RT_12 RT_14 RT_15 RT_17 RT_18 RT_20 RT_23 RT_24 RT_25 RT_29]}) = 0 [pid 5058] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [ 186.101084][ T5058] syz-executor341[5058] bad frame in rt_sigreturn frame:00007fff998fa470 ip:7f8b76c04570 sp:7fff998fa708 orax:ffffffffffffffff in syz-executor3415003374[7f8b76c04000+4000] [pid 5058] +++ killed by SIGSEGV (core dumped) +++ [pid 5049] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=8, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 5049] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5049] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5049] close(3) = 0 [pid 5049] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557b28d650) = 9 ./strace-static-x86_64: Process 5059 attached [pid 5059] set_robust_list(0x55557b28d660, 24) = 0 [pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] setpgid(0, 0) = 0 [pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 5059] write(3, "1000", 4) = 4 [pid 5059] close(3) = 0 [pid 5059] write(1, "executing program\n", 18) = 18 [pid 5059] futex(0x20000700, FUTEX_WAIT, 2, {tv_sec=0, tv_nsec=60000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5059] rt_sigreturn({mask=[HUP QUIT ILL ABRT KILL USR1 SEGV USR2 PIPE TERM STKFLT CHLD TSTP TTIN TTOU URG VTALRM WINCH IO RTMIN RT_1 RT_2 RT_6 RT_7 RT_10 RT_11 RT_12 RT_14 RT_15 RT_17 RT_18 RT_20 RT_23 RT_24 RT_25 RT_29]}) = 0 [pid 5059] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [ 186.459223][ T5059] syz-executor341[5059] bad frame in rt_sigreturn frame:00007fff998fa470 ip:7f8b76c04570 sp:7fff998fa708 orax:ffffffffffffffff in syz-executor3415003374[7f8b76c04000+4000] [pid 5059] +++ killed by SIGSEGV (core dumped) +++ [pid 5049] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=9, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=25 /* 0.25 s */} --- [pid 5049] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5049] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5049] close(3) = 0 [pid 5049] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5060 attached , child_tidptr=0x55557b28d650) = 10 [pid 5060] set_robust_list(0x55557b28d660, 24) = 0 [pid 5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5060] setpgid(0, 0) = 0 executing program [pid 5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5060] write(3, "1000", 4) = 4 [pid 5060] close(3) = 0 [pid 5060] write(1, "executing program\n", 18) = 18 [pid 5060] futex(0x20000700, FUTEX_WAIT, 2, {tv_sec=0, tv_nsec=60000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5060] rt_sigreturn({mask=[HUP QUIT ILL ABRT KILL USR1 SEGV USR2 PIPE TERM STKFLT CHLD TSTP TTIN TTOU URG VTALRM WINCH IO RTMIN RT_1 RT_2 RT_6 RT_7 RT_10 RT_11 RT_12 RT_14 RT_15 RT_17 RT_18 RT_20 RT_23 RT_24 RT_25 RT_29]}) = 0 [pid 5060] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [ 186.804996][ T5060] syz-executor341[5060] bad frame in rt_sigreturn frame:00007fff998fa470 ip:7f8b76c04570 sp:7fff998fa708 orax:ffffffffffffffff in syz-executor3415003374[7f8b76c04000+4000] [pid 5060] +++ killed by SIGSEGV (core dumped) +++ [pid 5049] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=10, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=23 /* 0.23 s */} --- [pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5049] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5049] close(3) = 0 [pid 5049] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5061 attached , child_tidptr=0x55557b28d650) = 11 [pid 5061] set_robust_list(0x55557b28d660, 24) = 0 [pid 5061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5061] setpgid(0, 0) = 0 [pid 5061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5061] write(3, "1000", 4) = 4 [pid 5061] close(3) = 0 [pid 5061] write(1, "executing program\n", 18) = 18 [pid 5061] futex(0x20000700, FUTEX_WAIT, 2, {tv_sec=0, tv_nsec=60000000}executing program ) = -1 ETIMEDOUT (Connection timed out) [pid 5061] rt_sigreturn({mask=[HUP QUIT ILL ABRT KILL USR1 SEGV USR2 PIPE TERM STKFLT CHLD TSTP TTIN TTOU URG VTALRM WINCH IO RTMIN RT_1 RT_2 RT_6 RT_7 RT_10 RT_11 RT_12 RT_14 RT_15 RT_17 RT_18 RT_20 RT_23 RT_24 RT_25 RT_29]}) = 0 [pid 5061] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [ 187.145165][ T5061] syz-executor341[5061] bad frame in rt_sigreturn frame:00007fff998fa470 ip:7f8b76c04570 sp:7fff998fa708 orax:ffffffffffffffff in syz-executor3415003374[7f8b76c04000+4000] [pid 5061] +++ killed by SIGSEGV (core dumped) +++ [pid 5049] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=11, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=23 /* 0.23 s */} --- [pid 5049] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5049] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5049] close(3) = 0 [pid 5049] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5062 attached , child_tidptr=0x55557b28d650) = 12 [pid 5062] set_robust_list(0x55557b28d660, 24) = 0 [pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] setpgid(0, 0) = 0 [pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] write(3, "1000", 4executing program ) = 4 [pid 5062] close(3) = 0 [pid 5062] write(1, "executing program\n", 18) = 18 [pid 5062] futex(0x20000700, FUTEX_WAIT, 2, {tv_sec=0, tv_nsec=60000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5062] rt_sigreturn({mask=[HUP QUIT ILL ABRT KILL USR1 SEGV USR2 PIPE TERM STKFLT CHLD TSTP TTIN TTOU URG VTALRM WINCH IO RTMIN RT_1 RT_2 RT_6 RT_7 RT_10 RT_11 RT_12 RT_14 RT_15 RT_17 RT_18 RT_20 RT_23 RT_24 RT_25 RT_29]}) = 0 [pid 5062] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 5062] +++ killed by SIGSEGV (core dumped) +++ [pid 5049] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=12, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=23 /* 0.23 s */} --- [pid 5049] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5049] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5049] close(3) = 0 [pid 5049] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5063 attached [pid 5063] set_robust_list(0x55557b28d660, 24) = 0 [pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5049] <... clone resumed>, child_tidptr=0x55557b28d650) = 13 [pid 5063] <... prctl resumed>) = 0 [pid 5063] setpgid(0, 0) = 0 [pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5063] write(3, "1000", 4) = 4 [pid 5063] close(3) = 0 executing program [pid 5063] write(1, "executing program\n", 18) = 18 [pid 5063] futex(0x20000700, FUTEX_WAIT, 2, {tv_sec=0, tv_nsec=60000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5063] rt_sigreturn({mask=[HUP QUIT ILL ABRT KILL USR1 SEGV USR2 PIPE TERM STKFLT CHLD TSTP TTIN TTOU URG VTALRM WINCH IO RTMIN RT_1 RT_2 RT_6 RT_7 RT_10 RT_11 RT_12 RT_14 RT_15 RT_17 RT_18 RT_20 RT_23 RT_24 RT_25 RT_29]}) = 0 [pid 5063] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 5063] +++ killed by SIGSEGV (core dumped) +++ [pid 5049] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=13, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5049] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5049] close(3) = 0 [pid 5049] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5064 attached [pid 5064] set_robust_list(0x55557b28d660, 24 [pid 5049] <... clone resumed>, child_tidptr=0x55557b28d650) = 14 [pid 5064] <... set_robust_list resumed>) = 0 [pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5064] setpgid(0, 0) = 0 [pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 5064] write(3, "1000", 4) = 4 [pid 5064] close(3) = 0 [pid 5064] write(1, "executing program\n", 18) = 18 [pid 5064] futex(0x20000700, FUTEX_WAIT, 2, {tv_sec=0, tv_nsec=60000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5064] rt_sigreturn({mask=[HUP QUIT ILL ABRT KILL USR1 SEGV USR2 PIPE TERM STKFLT CHLD TSTP TTIN TTOU URG VTALRM WINCH IO RTMIN RT_1 RT_2 RT_6 RT_7 RT_10 RT_11 RT_12 RT_14 RT_15 RT_17 RT_18 RT_20 RT_23 RT_24 RT_25 RT_29]}) = 0 [pid 5064] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 5064] +++ killed by SIGSEGV (core dumped) +++ [pid 5049] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=14, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 5049] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5049] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5049] close(3) = 0 [pid 5049] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557b28d650) = 15 ./strace-static-x86_64: Process 5065 attached [pid 5065] set_robust_list(0x55557b28d660, 24) = 0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] write(3, "1000", 4) = 4 executing program [pid 5065] close(3) = 0 [pid 5065] write(1, "executing program\n", 18) = 18 [pid 5065] futex(0x20000700, FUTEX_WAIT, 2, {tv_sec=0, tv_nsec=60000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5065] rt_sigreturn({mask=[HUP QUIT ILL ABRT KILL USR1 SEGV USR2 PIPE TERM STKFLT CHLD TSTP TTIN TTOU URG VTALRM WINCH IO RTMIN RT_1 RT_2 RT_6 RT_7 RT_10 RT_11 RT_12 RT_14 RT_15 RT_17 RT_18 RT_20 RT_23 RT_24 RT_25 RT_29]}) = 0 [pid 5065] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [pid 5065] +++ killed by SIGSEGV (core dumped) +++ [pid 5049] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=15, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=23 /* 0.23 s */} --- [pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5049] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5049] close(3) = 0 [pid 5049] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5066 attached , child_tidptr=0x55557b28d650) = 16 [pid 5066] set_robust_list(0x55557b28d660, 24) = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4) = 4 executing program [pid 5066] close(3) = 0 [pid 5066] write(1, "executing program\n", 18) = 18 [pid 5066] futex(0x20000700, FUTEX_WAIT, 2, {tv_sec=0, tv_nsec=60000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5066] rt_sigreturn({mask=[HUP QUIT ILL ABRT KILL USR1 SEGV USR2 PIPE TERM STKFLT CHLD TSTP TTIN TTOU URG VTALRM WINCH IO RTMIN RT_1 RT_2 RT_6 RT_7 RT_10 RT_11 RT_12 RT_14 RT_15 RT_17 RT_18 RT_20 RT_23 RT_24 RT_25 RT_29]}) = 0 [pid 5066] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} --- [ 189.108114][ T98] ===================================================== [ 189.115524][ T98] BUG: KMSAN: uninit-value in virtqueue_add+0x1e86/0x65c0 [ 189.122906][ T98] virtqueue_add+0x1e86/0x65c0 [ 189.127917][ T98] virtqueue_add_sgs+0x186/0x1b0 [ 189.133193][ T98] virtscsi_add_cmd+0x838/0xad0 [ 189.138283][ T98] virtscsi_queuecommand+0x898/0xa60 [ 189.143889][ T98] scsi_queue_rq+0x4cc7/0x5a80 [ 189.148874][ T98] blk_mq_dispatch_rq_list+0x79b/0x3440 [ 189.154684][ T98] __blk_mq_sched_dispatch_requests+0x11b7/0x26e0 [ 189.161390][ T98] blk_mq_sched_dispatch_requests+0x12f/0x270 [ 189.167721][ T98] blk_mq_run_work_fn+0xd0/0x280 [ 189.172885][ T98] process_scheduled_works+0xa81/0x1bd0 [ 189.178675][ T98] worker_thread+0xea5/0x1560 [ 189.183564][ T98] kthread+0x3e2/0x540 [ 189.187892][ T98] ret_from_fork+0x6d/0x90 [ 189.192489][ T98] ret_from_fork_asm+0x1a/0x30 [ 189.197471][ T98] [ 189.199932][ T98] Uninit was stored to memory at: [ 189.205486][ T98] copy_page_from_iter_atomic+0x12b7/0x2ae0 [ 189.211751][ T98] generic_perform_write+0x4c1/0xc60 [ 189.217301][ T98] ext4_buffered_write_iter+0x564/0xaa0 [ 189.223155][ T98] ext4_file_write_iter+0x208/0x3450 [ 189.228684][ T98] __kernel_write_iter+0x64d/0xc80 [ 189.234089][ T98] dump_user_range+0x8dc/0xee0 [ 189.239091][ T98] elf_core_dump+0x57c7/0x5ae0 [ 189.244075][ T98] do_coredump+0x32d5/0x4920 [ 189.249021][ T98] get_signal+0x267e/0x2d00 [ 189.253760][ T98] arch_do_signal_or_restart+0x53/0xcb0 [ 189.259558][ T98] syscall_exit_to_user_mode+0x5d/0x160 [ 189.265384][ T98] do_syscall_64+0xdc/0x1e0 [ 189.270264][ T98] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.276429][ T98] [ 189.278888][ T98] Uninit was created at: [ 189.283441][ T98] __alloc_pages+0x9d6/0xe70 [ 189.288258][ T98] alloc_pages_mpol+0x299/0x990 [ 189.293333][ T98] alloc_pages+0x1bf/0x1e0 [ 189.297967][ T98] dump_user_range+0x4a/0xee0 [ 189.302974][ T98] elf_core_dump+0x57c7/0x5ae0 [ 189.307988][ T98] do_coredump+0x32d5/0x4920 [ 189.312801][ T98] get_signal+0x267e/0x2d00 [ 189.317559][ T98] arch_do_signal_or_restart+0x53/0xcb0 [ 189.323390][ T98] syscall_exit_to_user_mode+0x5d/0x160 [ 189.329218][ T98] do_syscall_64+0xdc/0x1e0 [ 189.333982][ T98] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.340151][ T98] [ 189.342607][ T98] Bytes 0-4095 of 4096 are uninitialized [ 189.348498][ T98] Memory access of size 4096 starts at ffff88812e295000 [ 189.355571][ T98] [ 189.358010][ T98] CPU: 0 PID: 98 Comm: kworker/0:1H Not tainted 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 189.367892][ T98] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 189.378167][ T98] Workqueue: kblockd blk_mq_run_work_fn [ 189.384046][ T98] ===================================================== [ 189.391119][ T98] Disabling lock debugging due to kernel taint [ 189.397407][ T98] Kernel panic - not syncing: kmsan.panic set ... [ 189.403971][ T98] CPU: 0 PID: 98 Comm: kworker/0:1H Tainted: G B 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 189.415375][ T98] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 189.425716][ T98] Workqueue: kblockd blk_mq_run_work_fn [ 189.431585][ T98] Call Trace: [ 189.434984][ T98] [ 189.438082][ T98] dump_stack_lvl+0x216/0x2d0 [ 189.443140][ T98] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 189.449223][ T98] dump_stack+0x1e/0x30 [ 189.453653][ T98] panic+0x4e2/0xcd0 [ 189.457789][ T98] ? kmsan_get_metadata+0xf1/0x1d0 [ 189.463242][ T98] kmsan_report+0x2d5/0x2e0 [ 189.468137][ T98] ? kmsan_get_metadata+0x146/0x1d0 [ 189.473598][ T98] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 189.480134][ T98] ? kmsan_internal_check_memory+0x48c/0x560 [ 189.486386][ T98] ? kmsan_handle_dma+0xac/0xc0 [ 189.491567][ T98] ? virtqueue_add+0x1e86/0x65c0 [ 189.496763][ T98] ? virtqueue_add_sgs+0x186/0x1b0 [ 189.502080][ T98] ? virtscsi_add_cmd+0x838/0xad0 [ 189.507350][ T98] ? virtscsi_queuecommand+0x898/0xa60 [ 189.513067][ T98] ? scsi_queue_rq+0x4cc7/0x5a80 [ 189.518229][ T98] ? blk_mq_dispatch_rq_list+0x79b/0x3440 [ 189.524223][ T98] ? __blk_mq_sched_dispatch_requests+0x11b7/0x26e0 [ 189.531119][ T98] ? blk_mq_sched_dispatch_requests+0x12f/0x270 [ 189.537633][ T98] ? blk_mq_run_work_fn+0xd0/0x280 [ 189.542944][ T98] ? process_scheduled_works+0xa81/0x1bd0 [ 189.548879][ T98] ? worker_thread+0xea5/0x1560 [ 189.553929][ T98] ? kthread+0x3e2/0x540 [ 189.558381][ T98] ? ret_from_fork+0x6d/0x90 [ 189.563183][ T98] ? ret_from_fork_asm+0x1a/0x30 [ 189.568385][ T98] ? scsi_queue_rq+0x4335/0x5a80 [ 189.573684][ T98] ? blk_mq_dispatch_rq_list+0x79b/0x3440 [ 189.579676][ T98] ? __blk_mq_sched_dispatch_requests+0x11b7/0x26e0 [ 189.586513][ T98] ? blk_mq_sched_dispatch_requests+0x12f/0x270 [ 189.593007][ T98] ? blk_mq_run_work_fn+0xd0/0x280 [ 189.598342][ T98] ? process_scheduled_works+0xa81/0x1bd0 [ 189.604292][ T98] ? worker_thread+0xea5/0x1560 [ 189.609351][ T98] ? kthread+0x3e2/0x540 [ 189.613822][ T98] ? ret_from_fork+0x6d/0x90 [ 189.618631][ T98] ? ret_from_fork_asm+0x1a/0x30 [ 189.623842][ T98] ? kmsan_get_metadata+0x146/0x1d0 [ 189.629264][ T98] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 189.635286][ T98] ? kmsan_get_metadata+0x146/0x1d0 [ 189.640684][ T98] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 189.646714][ T98] ? should_fail_ex+0x4a/0x800 [ 189.651683][ T98] ? kmsan_get_metadata+0x146/0x1d0 [ 189.657104][ T98] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 189.663130][ T98] ? kmsan_get_metadata+0x146/0x1d0 [ 189.668525][ T98] kmsan_internal_check_memory+0x48c/0x560 [ 189.674595][ T98] kmsan_handle_dma+0xac/0xc0 [ 189.679464][ T98] virtqueue_add+0x1e86/0x65c0 [ 189.684448][ T98] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 189.690461][ T98] ? kmsan_get_metadata+0x146/0x1d0 [ 189.695941][ T98] ? kmsan_get_metadata+0x146/0x1d0 [ 189.701340][ T98] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 189.707383][ T98] virtqueue_add_sgs+0x186/0x1b0 [ 189.712553][ T98] virtscsi_add_cmd+0x838/0xad0 [ 189.717658][ T98] virtscsi_queuecommand+0x898/0xa60 [ 189.723167][ T98] ? __pfx_virtscsi_queuecommand+0x10/0x10 [ 189.729360][ T98] scsi_queue_rq+0x4cc7/0x5a80 [ 189.734375][ T98] ? __pfx_scsi_queue_rq+0x10/0x10 [ 189.739715][ T98] blk_mq_dispatch_rq_list+0x79b/0x3440 [ 189.745843][ T98] ? sbitmap_get+0x431/0x670 [ 189.750634][ T98] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 189.756669][ T98] ? dd_dispatch_request+0x9a1/0xa20 [ 189.762201][ T98] __blk_mq_sched_dispatch_requests+0x11b7/0x26e0 [ 189.768885][ T98] ? finish_task_switch+0x1c8/0x8f0 [ 189.774402][ T98] ? __blk_mq_sched_dispatch_requests+0x1031/0x26e0 [ 189.781260][ T98] blk_mq_sched_dispatch_requests+0x12f/0x270 [ 189.787595][ T98] blk_mq_run_work_fn+0xd0/0x280 [ 189.792734][ T98] ? __pfx_blk_mq_run_work_fn+0x10/0x10 [ 189.798478][ T98] process_scheduled_works+0xa81/0x1bd0 [ 189.804281][ T98] worker_thread+0xea5/0x1560 [ 189.809169][ T98] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 189.815198][ T98] kthread+0x3e2/0x540 [ 189.819482][ T98] ? __pfx_worker_thread+0x10/0x10 [ 189.824830][ T98] ? __pfx_kthread+0x10/0x10 [ 189.829639][ T98] ret_from_fork+0x6d/0x90 [ 189.834269][ T98] ? __pfx_kthread+0x10/0x10 [ 189.839078][ T98] ret_from_fork_asm+0x1a/0x30 [ 189.844090][ T98] [ 191.386447][ T98] Shutting down cpus with NMI [ 191.391635][ T98] Kernel Offset: disabled [ 191.396157][ T98] Rebooting in 86400 seconds..