./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1269941500 <...> [ 95.134188][ T123] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.10.2' (ECDSA) to the list of known hosts. execve("./syz-executor1269941500", ["./syz-executor1269941500"], 0x7ffe8479f1f0 /* 10 vars */) = 0 brk(NULL) = 0x5555559bf000 brk(0x5555559bfc40) = 0x5555559bfc40 arch_prctl(ARCH_SET_FS, 0x5555559bf300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1269941500", 4096) = 28 brk(0x5555559e0c40) = 0x5555559e0c40 brk(0x5555559e1000) = 0x5555559e1000 mprotect(0x7f95e74ba000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559bf5d0) = 3487 ./strace-static-x86_64: Process 3487 attached [pid 3487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3487] setpgid(0, 0) = 0 [pid 3487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3487] write(3, "1000", 4) = 4 [pid 3487] close(3) = 0 [pid 3487] io_uring_setup(7702, {flags=0, sq_thread_cpu=0, sq_thread_idle=2048, sq_entries=8192, cq_entries=16384, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=262464}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3487] mmap(0x20002000, 295232, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20002000 [pid 3487] mmap(0x20003000, 524288, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0x10000000) = 0x20003000 [pid 3487] socket(AF_SMC, SOCK_STREAM, SMCPROTO_SMC) = 4 [ 102.061105][ T3487] ===================================================== [ 102.068473][ T3487] BUG: KMSAN: uninit-value in io_req_cqe_overflow+0x1f8/0x220 [ 102.076209][ T3487] io_req_cqe_overflow+0x1f8/0x220 [ 102.081461][ T3487] __io_fill_cqe_req+0x4ad/0x830 [ 102.086679][ T3487] io_submit_flush_completions+0x11c/0x390 [ 102.092710][ T3487] io_submit_sqes+0x7d3/0xd50 [ 102.097489][ T3487] __se_sys_io_uring_enter+0x597/0x1d30 [ 102.103267][ T3487] __x64_sys_io_uring_enter+0x117/0x190 [ 102.108963][ T3487] do_syscall_64+0x3d/0xb0 [ 102.113579][ T3487] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 102.119619][ T3487] [ 102.121966][ T3487] Uninit was stored to memory at: [ 102.127280][ T3487] io_recv+0x18ee/0x1d00 [ 102.131651][ T3487] io_issue_sqe+0x3b1/0x11d0 [ 102.136459][ T3487] io_submit_sqe+0xb40/0x1be0 [ 102.141256][ T3487] io_submit_sqes+0x542/0xd50 [ 102.146164][ T3487] __se_sys_io_uring_enter+0x597/0x1d30 [ 102.151866][ T3487] __x64_sys_io_uring_enter+0x117/0x190 [ 102.157585][ T3487] do_syscall_64+0x3d/0xb0 [ 102.162097][ T3487] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 102.168218][ T3487] [ 102.170588][ T3487] Local variable msg created at: [ 102.175640][ T3487] io_recv+0x4b/0x1d00 [ 102.179825][ T3487] io_issue_sqe+0x3b1/0x11d0 [ 102.184720][ T3487] [ 102.187112][ T3487] CPU: 0 PID: 3487 Comm: syz-executor126 Not tainted 6.0.0-rc2-syzkaller-47461-gac3859c02d7f #0 [ 102.197730][ T3487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 102.207924][ T3487] ===================================================== [ 102.214977][ T3487] Disabling lock debugging due to kernel taint [ 102.221186][ T3487] Kernel panic - not syncing: kmsan.panic set ... [ 102.227653][ T3487] CPU: 0 PID: 3487 Comm: syz-executor126 Tainted: G B 6.0.0-rc2-syzkaller-47461-gac3859c02d7f #0 [ 102.239652][ T3487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 102.249782][ T3487] Call Trace: [ 102.253133][ T3487] [ 102.256120][ T3487] dump_stack_lvl+0x1c8/0x256 [ 102.260914][ T3487] dump_stack+0x1a/0x1c [ 102.265196][ T3487] panic+0x4d3/0xc69 [ 102.269183][ T3487] kmsan_report+0x2cc/0x2d0 [ 102.273802][ T3487] ? __local_bh_enable_ip+0x75/0xa0 [ 102.279139][ T3487] ? __msan_warning+0x92/0x110 [ 102.284027][ T3487] ? io_req_cqe_overflow+0x1f8/0x220 [ 102.289384][ T3487] ? __io_fill_cqe_req+0x4ad/0x830 [ 102.294564][ T3487] ? io_submit_flush_completions+0x11c/0x390 [ 102.300624][ T3487] ? io_submit_sqes+0x7d3/0xd50 [ 102.305554][ T3487] ? __se_sys_io_uring_enter+0x597/0x1d30 [ 102.311348][ T3487] ? __x64_sys_io_uring_enter+0x117/0x190 [ 102.317144][ T3487] ? do_syscall_64+0x3d/0xb0 [ 102.321815][ T3487] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 102.327987][ T3487] ? smc_recvmsg+0x2cd/0xa90 [ 102.332675][ T3487] ? smc_sendmsg+0xab0/0xab0 [ 102.337397][ T3487] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 102.343310][ T3487] ? io_recv+0x18ee/0x1d00 [ 102.347865][ T3487] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 102.353758][ T3487] __msan_warning+0x92/0x110 [ 102.358437][ T3487] io_req_cqe_overflow+0x1f8/0x220 [ 102.363690][ T3487] __io_fill_cqe_req+0x4ad/0x830 [ 102.368732][ T3487] ? kmsan_internal_set_shadow_origin+0x62/0xe0 [ 102.375112][ T3487] io_submit_flush_completions+0x11c/0x390 [ 102.381057][ T3487] io_submit_sqes+0x7d3/0xd50 [ 102.385848][ T3487] __se_sys_io_uring_enter+0x597/0x1d30 [ 102.391523][ T3487] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 102.397488][ T3487] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 102.403383][ T3487] __x64_sys_io_uring_enter+0x117/0x190 [ 102.409016][ T3487] do_syscall_64+0x3d/0xb0 [ 102.413508][ T3487] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 102.419546][ T3487] RIP: 0033:0x7f95e744cee9 [ 102.424029][ T3487] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 102.443731][ T3487] RSP: 002b:00007ffee4617df8 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 102.452232][ T3487] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f95e744cee9 [ 102.460299][ T3487] RDX: 0000000000000000 RSI: 00000000000002ff RDI: 0000000000000003 [ 102.468316][ T3487] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 102.476349][ T3487] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f95e7410770 [ 102.484403][ T3487] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 102.492438][ T3487] [ 102.495677][ T3487] Kernel Offset: disabled [ 102.500070][ T3487] Rebooting in 86400 seconds..