./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1403842406 <...> syzkaller login: [ 100.253810][ T121] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.1.17' (ECDSA) to the list of known hosts. execve("./syz-executor1403842406", ["./syz-executor1403842406"], 0x7fff5d63ef70 /* 10 vars */) = 0 brk(NULL) = 0x555556021000 brk(0x555556021c40) = 0x555556021c40 arch_prctl(ARCH_SET_FS, 0x555556021300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1403842406", 4096) = 28 brk(0x555556042c40) = 0x555556042c40 brk(0x555556043000) = 0x555556043000 mprotect(0x7f0bdcd86000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560215d0) = 3487 ./strace-static-x86_64: Process 3487 attached [pid 3487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3487] setpgid(0, 0) = 0 [pid 3487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3487] write(3, "1000", 4) = 4 [pid 3487] close(3) = 0 [pid 3487] openat(AT_FDCWD, "/dev/char/4:1", O_RDWR) = 3 [pid 3487] io_uring_setup(388, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=512, cq_entries=1024, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=16704}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 4 [pid 3487] mmap(0x20148000, 18752, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0) = 0x20148000 [pid 3487] mmap(0x20ffc000, 32768, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0x10000000) = 0x20ffc000 [pid 3487] socket(AF_RDS, SOCK_SEQPACKET, 0) = 5 [pid 3487] io_uring_enter(4, 17909, 0, 0, NULL, 0) = 1 [pid 3487] openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDWR) = 6 [ 107.555619][ T3487] ===================================================== [ 107.562968][ T3487] BUG: KMSAN: uninit-value in __io_uring_show_fdinfo+0xe74/0x225a [ 107.570962][ T3487] __io_uring_show_fdinfo+0xe74/0x225a [ 107.576838][ T3487] io_uring_show_fdinfo+0x103/0x49c [ 107.582276][ T3487] seq_show+0x9b9/0xb30 [ 107.586588][ T3487] traverse+0x27f/0xa20 [ 107.590840][ T3487] seq_lseek+0x248/0x440 [ 107.595302][ T3487] __x64_sys_lseek+0x2a2/0x420 [ 107.600249][ T3487] do_syscall_64+0x3d/0xb0 [ 107.604824][ T3487] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 107.610903][ T3487] [ 107.613391][ T3487] Uninit was stored to memory at: [ 107.618637][ T3487] __io_fill_cqe_req+0x32b/0x830 [ 107.623816][ T3487] io_submit_flush_completions+0x11c/0x390 [ 107.629786][ T3487] io_submit_sqes+0x7d3/0xd50 [ 107.634746][ T3487] __se_sys_io_uring_enter+0x597/0x1d30 [ 107.640447][ T3487] __x64_sys_io_uring_enter+0x117/0x190 [ 107.646260][ T3487] do_syscall_64+0x3d/0xb0 [ 107.650854][ T3487] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 107.656979][ T3487] [ 107.659364][ T3487] Uninit was stored to memory at: [ 107.664657][ T3487] io_recv+0x18ee/0x1d00 [ 107.669037][ T3487] io_issue_sqe+0x3b1/0x11d0 [ 107.673860][ T3487] io_submit_sqe+0xb40/0x1be0 [ 107.678681][ T3487] io_submit_sqes+0x542/0xd50 [ 107.683618][ T3487] __se_sys_io_uring_enter+0x597/0x1d30 [ 107.689316][ T3487] __x64_sys_io_uring_enter+0x117/0x190 [ 107.695188][ T3487] do_syscall_64+0x3d/0xb0 [ 107.699723][ T3487] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 107.705941][ T3487] [ 107.708326][ T3487] Local variable msg created at: [ 107.713443][ T3487] io_recv+0x4b/0x1d00 [ 107.717672][ T3487] io_issue_sqe+0x3b1/0x11d0 [ 107.722466][ T3487] [ 107.724844][ T3487] CPU: 0 PID: 3487 Comm: syz-executor140 Not tainted 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 107.735455][ T3487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 107.745650][ T3487] ===================================================== [ 107.752763][ T3487] Disabling lock debugging due to kernel taint [ 107.758977][ T3487] Kernel panic - not syncing: kmsan.panic set ... [ 107.765459][ T3487] CPU: 0 PID: 3487 Comm: syz-executor140 Tainted: G B 6.0.0-rc4-syzkaller-48205-g4367d178d9eb #0 [ 107.777480][ T3487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 107.787632][ T3487] Call Trace: [ 107.790960][ T3487] [ 107.793949][ T3487] dump_stack_lvl+0x1c8/0x256 [ 107.798805][ T3487] dump_stack+0x1a/0x1c [ 107.803071][ T3487] panic+0x4d3/0xc69 [ 107.807134][ T3487] kmsan_report+0x2cc/0x2d0 [ 107.811794][ T3487] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 107.817743][ T3487] ? __msan_warning+0x92/0x110 [ 107.822640][ T3487] ? __io_uring_show_fdinfo+0xe74/0x225a [ 107.828383][ T3487] ? io_uring_show_fdinfo+0x103/0x49c [ 107.833854][ T3487] ? seq_show+0x9b9/0xb30 [ 107.838265][ T3487] ? traverse+0x27f/0xa20 [ 107.842697][ T3487] ? seq_lseek+0x248/0x440 [ 107.847232][ T3487] ? __x64_sys_lseek+0x2a2/0x420 [ 107.852304][ T3487] ? do_syscall_64+0x3d/0xb0 [ 107.857013][ T3487] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 107.863229][ T3487] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 107.869309][ T3487] ? seq_printf+0x372/0x3d0 [ 107.873954][ T3487] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 107.879914][ T3487] __msan_warning+0x92/0x110 [ 107.884648][ T3487] __io_uring_show_fdinfo+0xe74/0x225a [ 107.890244][ T3487] ? __rcu_read_unlock+0x76/0xd0 [ 107.895306][ T3487] io_uring_show_fdinfo+0x103/0x49c [ 107.900688][ T3487] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 107.906678][ T3487] ? io_sq_offload_create+0x185d/0x185d [ 107.912401][ T3487] seq_show+0x9b9/0xb30 [ 107.916724][ T3487] ? seq_fdinfo_open+0x2b0/0x2b0 [ 107.921802][ T3487] traverse+0x27f/0xa20 [ 107.926092][ T3487] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 107.932025][ T3487] seq_lseek+0x248/0x440 [ 107.936393][ T3487] ? traverse+0xa20/0xa20 [ 107.940842][ T3487] __x64_sys_lseek+0x2a2/0x420 [ 107.945738][ T3487] do_syscall_64+0x3d/0xb0 [ 107.950360][ T3487] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 107.956365][ T3487] RIP: 0033:0x7f0bdcd19249 [ 107.960857][ T3487] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 107.980607][ T3487] RSP: 002b:00007ffd069959f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000008 [ 107.989121][ T3487] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0bdcd19249 [ 107.997198][ T3487] RDX: 0000000000000000 RSI: 0000000000008002 RDI: 0000000000000006 [ 108.005236][ T3487] RBP: 00007ffd06995a20 R08: 00007ffd06995890 R09: 0000000000000000 [ 108.013279][ T3487] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007f0bdccdc840 [ 108.021345][ T3487] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 108.029432][ T3487] [ 108.032695][ T3487] Kernel Offset: disabled [ 108.037081][ T3487] Rebooting in 86400 seconds..