./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4064415861 <...> Warning: Permanently added '10.128.1.105' (ED25519) to the list of known hosts. execve("./syz-executor4064415861", ["./syz-executor4064415861"], 0x7ffc2352a450 /* 10 vars */) = 0 brk(NULL) = 0x55555e30a000 brk(0x55555e30ad00) = 0x55555e30ad00 arch_prctl(ARCH_SET_FS, 0x55555e30a380) = 0 set_tid_address(0x55555e30a650) = 5047 set_robust_list(0x55555e30a660, 24) = 0 rseq(0x55555e30aca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4064415861", 4096) = 28 getrandom("\x85\xd4\x50\xde\x1b\x1e\x65\x1e", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555e30ad00 brk(0x55555e32bd00) = 0x55555e32bd00 brk(0x55555e32c000) = 0x55555e32c000 mprotect(0x7fa625641000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555e30a650) = 5048 ./strace-static-x86_64: Process 5048 attached [pid 5048] set_robust_list(0x55555e30a660, 24) = 0 [pid 5048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5048] setpgid(0, 0) = 0 [pid 5048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5048] write(3, "1000", 4) = 4 [pid 5048] close(3) = 0 executing program [pid 5048] write(1, "executing program\n", 18) = 18 [pid 5048] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE, insn_cnt=12, insns=0x200000c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL, ...}, 144) = 3 [ 156.680140][ T5048] ===================================================== [ 156.687428][ T5048] BUG: KMSAN: uninit-value in strnchr+0x90/0xd0 [ 156.693864][ T5048] strnchr+0x90/0xd0 [ 156.697932][ T5048] bpf_bprintf_prepare+0x1c2/0x23c0 [ 156.703325][ T5048] bpf_trace_printk+0xec/0x3e0 [ 156.708295][ T5048] ___bpf_prog_run+0x13fe/0xe0f0 [ 156.713395][ T5048] __bpf_prog_run32+0xb2/0xe0 [ 156.718230][ T5048] bpf_trace_run2+0x116/0x300 [ 156.723057][ T5048] __bpf_trace_tlb_flush+0x2c/0x40 [ 156.728338][ T5048] switch_mm_irqs_off+0x9d2/0x1010 [ 156.733605][ T5048] __text_poke+0xb4e/0xfb0 [ 156.738197][ T5048] text_poke_bp_batch+0x17f/0x960 [ 156.743403][ T5048] text_poke_finish+0x7d/0xd0 [ 156.748258][ T5048] arch_jump_label_transform_apply+0x23/0x40 [ 156.754393][ T5048] __jump_label_update+0x6af/0x6d0 [ 156.759691][ T5048] jump_label_update+0x6a0/0x7a0 [ 156.764807][ T5048] static_key_enable_cpuslocked+0x229/0x260 [ 156.770894][ T5048] static_key_enable+0x23/0x30 [ 156.775840][ T5048] tracepoint_add_func+0x1084/0x1280 [ 156.781318][ T5048] tracepoint_probe_register_prio_may_exist+0xa8/0xf0 [ 156.788297][ T5048] bpf_probe_register+0x201/0x250 [ 156.793478][ T5048] bpf_raw_tp_link_attach+0x627/0x8a0 [ 156.799041][ T5048] bpf_raw_tracepoint_open+0x485/0x8a0 [ 156.804673][ T5048] __sys_bpf+0x5a6/0xd90 [ 156.809071][ T5048] __x64_sys_bpf+0xa0/0xe0 [ 156.813633][ T5048] x64_sys_call+0x96b/0x3b50 [ 156.818395][ T5048] do_syscall_64+0xcf/0x1e0 [ 156.823075][ T5048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.829155][ T5048] [ 156.831560][ T5048] Local variable stack created at: [ 156.836752][ T5048] __bpf_prog_run32+0x43/0xe0 [ 156.841587][ T5048] bpf_trace_run2+0x116/0x300 [ 156.846404][ T5048] [ 156.848822][ T5048] CPU: 1 PID: 5048 Comm: syz-executor406 Not tainted 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 156.859042][ T5048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 156.869224][ T5048] ===================================================== [ 156.876246][ T5048] Disabling lock debugging due to kernel taint [ 156.882495][ T5048] Kernel panic - not syncing: kmsan.panic set ... [ 156.889000][ T5048] CPU: 1 PID: 5048 Comm: syz-executor406 Tainted: G B 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 156.900847][ T5048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 156.910995][ T5048] Call Trace: [ 156.914345][ T5048] [ 156.917427][ T5048] dump_stack_lvl+0x216/0x2d0 [ 156.922254][ T5048] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 156.928194][ T5048] dump_stack+0x1e/0x30 [ 156.932483][ T5048] panic+0x4e2/0xcd0 [ 156.936519][ T5048] ? kmsan_get_metadata+0xf1/0x1d0 [ 156.941767][ T5048] kmsan_report+0x2d5/0x2e0 [ 156.946416][ T5048] ? __msan_warning+0x95/0x120 [ 156.951290][ T5048] ? strnchr+0x90/0xd0 [ 156.955501][ T5048] ? bpf_bprintf_prepare+0x1c2/0x23c0 [ 156.961040][ T5048] ? bpf_trace_printk+0xec/0x3e0 [ 156.966208][ T5048] ? ___bpf_prog_run+0x13fe/0xe0f0 [ 156.971451][ T5048] ? __bpf_prog_run32+0xb2/0xe0 [ 156.976427][ T5048] ? bpf_trace_run2+0x116/0x300 [ 156.981496][ T5048] ? __bpf_trace_tlb_flush+0x2c/0x40 [ 156.986922][ T5048] ? switch_mm_irqs_off+0x9d2/0x1010 [ 156.992352][ T5048] ? __text_poke+0xb4e/0xfb0 [ 156.997081][ T5048] ? text_poke_bp_batch+0x17f/0x960 [ 157.002538][ T5048] ? text_poke_finish+0x7d/0xd0 [ 157.007530][ T5048] ? arch_jump_label_transform_apply+0x23/0x40 [ 157.013814][ T5048] ? __jump_label_update+0x6af/0x6d0 [ 157.019257][ T5048] ? jump_label_update+0x6a0/0x7a0 [ 157.024596][ T5048] ? static_key_enable_cpuslocked+0x229/0x260 [ 157.030832][ T5048] ? static_key_enable+0x23/0x30 [ 157.035908][ T5048] ? tracepoint_add_func+0x1084/0x1280 [ 157.041528][ T5048] ? tracepoint_probe_register_prio_may_exist+0xa8/0xf0 [ 157.048641][ T5048] ? bpf_probe_register+0x201/0x250 [ 157.053966][ T5048] ? bpf_raw_tp_link_attach+0x627/0x8a0 [ 157.059691][ T5048] ? bpf_raw_tracepoint_open+0x485/0x8a0 [ 157.065472][ T5048] ? __sys_bpf+0x5a6/0xd90 [ 157.070015][ T5048] ? __x64_sys_bpf+0xa0/0xe0 [ 157.074727][ T5048] ? x64_sys_call+0x96b/0x3b50 [ 157.079633][ T5048] ? do_syscall_64+0xcf/0x1e0 [ 157.084452][ T5048] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.090677][ T5048] ? kmsan_get_metadata+0x146/0x1d0 [ 157.096009][ T5048] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 157.102425][ T5048] ? kmsan_get_metadata+0x146/0x1d0 [ 157.107781][ T5048] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 157.113728][ T5048] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 157.119706][ T5048] ? kmsan_get_metadata+0x146/0x1d0 [ 157.125053][ T5048] ? kmsan_get_metadata+0x146/0x1d0 [ 157.130400][ T5048] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 157.136431][ T5048] __msan_warning+0x95/0x120 [ 157.141137][ T5048] strnchr+0x90/0xd0 [ 157.145184][ T5048] bpf_bprintf_prepare+0x1c2/0x23c0 [ 157.150552][ T5048] ? kmsan_get_metadata+0x146/0x1d0 [ 157.155873][ T5048] ? kmsan_internal_memmove_metadata+0x91/0x230 [ 157.162285][ T5048] ? __msan_memcpy+0x108/0x1c0 [ 157.167201][ T5048] bpf_trace_printk+0xec/0x3e0 [ 157.172290][ T5048] ? kmsan_get_metadata+0x146/0x1d0 [ 157.177610][ T5048] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 157.183643][ T5048] ___bpf_prog_run+0x13fe/0xe0f0 [ 157.188748][ T5048] ? kmsan_get_metadata+0x146/0x1d0 [ 157.194088][ T5048] __bpf_prog_run32+0xb2/0xe0 [ 157.198994][ T5048] ? __pfx___bpf_prog_run32+0x10/0x10 [ 157.204516][ T5048] bpf_trace_run2+0x116/0x300 [ 157.209327][ T5048] ? kmsan_get_metadata+0x146/0x1d0 [ 157.214654][ T5048] __bpf_trace_tlb_flush+0x2c/0x40 [ 157.219990][ T5048] switch_mm_irqs_off+0x9d2/0x1010 [ 157.225243][ T5048] __text_poke+0xb4e/0xfb0 [ 157.229800][ T5048] ? __pfx_text_poke_memcpy+0x10/0x10 [ 157.235326][ T5048] ? switch_mm_irqs_off+0x920/0x1010 [ 157.240777][ T5048] ? switch_mm_irqs_off+0x920/0x1010 [ 157.246222][ T5048] text_poke_bp_batch+0x17f/0x960 [ 157.251423][ T5048] ? kmsan_get_metadata+0x146/0x1d0 [ 157.256803][ T5048] ? kmsan_get_metadata+0x146/0x1d0 [ 157.262135][ T5048] ? kmsan_get_shadow_origin_ptr+0x16/0xb0 [ 157.268078][ T5048] text_poke_finish+0x7d/0xd0 [ 157.272902][ T5048] arch_jump_label_transform_apply+0x23/0x40 [ 157.279008][ T5048] __jump_label_update+0x6af/0x6d0 [ 157.284288][ T5048] jump_label_update+0x6a0/0x7a0 [ 157.289369][ T5048] ? kmsan_report+0x2a0/0x2e0 [ 157.294190][ T5048] static_key_enable_cpuslocked+0x229/0x260 [ 157.300272][ T5048] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 157.306234][ T5048] static_key_enable+0x23/0x30 [ 157.311147][ T5048] ? __SCT__tp_func_exit_mmap+0x8/0x8 [ 157.316639][ T5048] tracepoint_add_func+0x1084/0x1280 [ 157.322092][ T5048] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 157.328508][ T5048] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 157.334545][ T5048] tracepoint_probe_register_prio_may_exist+0xa8/0xf0 [ 157.341477][ T5048] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 157.347436][ T5048] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 157.353389][ T5048] bpf_probe_register+0x201/0x250 [ 157.358564][ T5048] bpf_raw_tp_link_attach+0x627/0x8a0 [ 157.364093][ T5048] ? kmsan_get_metadata+0x146/0x1d0 [ 157.369418][ T5048] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 157.375823][ T5048] ? kmsan_get_metadata+0x146/0x1d0 [ 157.381149][ T5048] bpf_raw_tracepoint_open+0x485/0x8a0 [ 157.386760][ T5048] __sys_bpf+0x5a6/0xd90 [ 157.391154][ T5048] __x64_sys_bpf+0xa0/0xe0 [ 157.395703][ T5048] x64_sys_call+0x96b/0x3b50 [ 157.400440][ T5048] do_syscall_64+0xcf/0x1e0 [ 157.405097][ T5048] ? clear_bhb_loop+0x25/0x80 [ 157.409926][ T5048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.415973][ T5048] RIP: 0033:0x7fa6255ceb39 [ 157.420479][ T5048] Code: Unable to access opcode bytes at 0x7fa6255ceb0f. [ 157.427575][ T5048] RSP: 002b:00007ffdb34b4808 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 157.436116][ T5048] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa6255ceb39 [ 157.444187][ T5048] RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000011 [ 157.452252][ T5048] RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000006 [ 157.460312][ T5048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000003a28 [ 157.468371][ T5048] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 157.476450][ T5048] [ 158.848553][ T5048] Shutting down cpus with NMI [ 158.853579][ T5048] Kernel Offset: disabled [ 158.857961][ T5048] Rebooting in 86400 seconds..