./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor348025161 <...> Warning: Permanently added '10.128.0.247' (ED25519) to the list of known hosts. execve("./syz-executor348025161", ["./syz-executor348025161"], 0x7ffd244e5a60 /* 10 vars */) = 0 brk(NULL) = 0x555555c12000 brk(0x555555c12d00) = 0x555555c12d00 arch_prctl(ARCH_SET_FS, 0x555555c12380) = 0 set_tid_address(0x555555c12650) = 4989 set_robust_list(0x555555c12660, 24) = 0 rseq(0x555555c12ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor348025161", 4096) = 27 getrandom("\xd5\x0a\x95\xb4\xfc\xf8\xdd\x9c", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555c12d00 brk(0x555555c33d00) = 0x555555c33d00 brk(0x555555c34000) = 0x555555c34000 mprotect(0x7fcf58981000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=784, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=4989}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x2e\x00\x00\x00\x98\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 784 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4989}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4989}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4989}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4989}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4989}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4989}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(3) = 0 close(4) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4990 attached , child_tidptr=0x555555c12650) = 4990 [pid 4990] set_robust_list(0x555555c12660, 24) = 0 [pid 4990] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4990] setpgid(0, 0) = 0 [pid 4990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4990] write(3, "1000", 4) = 4 [pid 4990] close(3) = 0 [pid 4990] openat(AT_FDCWD, "/dev/ttyS3", O_RDONLY) = 3 [pid 4990] ioctl(3, TIOCMSET, [TIOCM_LE|TIOCM_LOOP]) = 0 [pid 4990] openat(AT_FDCWD, "/dev/ttyS3", O_RDWR) = 4 [pid 4990] openat(AT_FDCWD, "/proc/timer_list", O_RDONLY) = 5 [ 145.661154][ T2992] ===================================================== [ 145.668348][ T2992] BUG: KMSAN: uninit-value in n_tty_receive_buf_standard+0xc58/0x9230 [ 145.676880][ T2992] n_tty_receive_buf_standard+0xc58/0x9230 [ 145.682968][ T2992] n_tty_receive_buf_common+0x178e/0x2320 [ 145.688998][ T2992] n_tty_receive_buf2+0x4c/0x60 [ 145.694185][ T2992] tty_ldisc_receive_buf+0xce/0x270 [ 145.699577][ T2992] tty_port_default_receive_buf+0xdf/0x190 [ 145.705737][ T2992] flush_to_ldisc+0x4b7/0xdc0 [ 145.710718][ T2992] process_scheduled_works+0x104e/0x1e70 [ 145.716583][ T2992] worker_thread+0xf45/0x1490 [ 145.721728][ T2992] kthread+0x3e8/0x540 [ 145.725999][ T2992] ret_from_fork+0x66/0x80 [ 145.730789][ T2992] ret_from_fork_asm+0x11/0x20 [ 145.735767][ T2992] [ 145.738170][ T2992] Uninit was created at: [ 145.742776][ T2992] slab_post_alloc_hook+0x12f/0xb70 [ 145.748284][ T2992] __kmem_cache_alloc_node+0x536/0x8d0 [ 145.754125][ T2992] __kmalloc+0x121/0x3c0 [ 145.758562][ T2992] __tty_buffer_request_room+0x36e/0x6c0 [ 145.764620][ T2992] __tty_insert_flip_string_flags+0x140/0x560 [ 145.771371][ T2992] uart_insert_char+0x39e/0xa00 [ 145.776513][ T2992] serial8250_read_char+0x1a2/0x5d0 [ 145.782165][ T2992] serial8250_handle_irq+0x73a/0xaf0 [ 145.787666][ T2992] serial8250_default_handle_irq+0x11a/0x2a0 [ 145.793999][ T2992] serial8250_interrupt+0xc0/0x350 [ 145.799388][ T2992] __handle_irq_event_percpu+0x113/0xc90 [ 145.805467][ T2992] handle_irq_event+0xef/0x2c0 [ 145.810643][ T2992] handle_edge_irq+0x341/0xf90 [ 145.815572][ T2992] __common_interrupt+0x94/0x1f0 [ 145.820850][ T2992] common_interrupt+0x89/0xa0 [ 145.825732][ T2992] asm_common_interrupt+0x2b/0x40 [ 145.831028][ T2992] [ 145.833440][ T2992] CPU: 1 PID: 2992 Comm: kworker/u4:12 Not tainted 6.6.0-rc2-syzkaller-00337-gd90b0276af8f #0 [ 145.844162][ T2992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 145.854512][ T2992] Workqueue: events_unbound flush_to_ldisc [ 145.860573][ T2992] ===================================================== [ 145.867614][ T2992] Disabling lock debugging due to kernel taint [ 145.874155][ T2992] Kernel panic - not syncing: kmsan.panic set ... [ 145.880780][ T2992] CPU: 1 PID: 2992 Comm: kworker/u4:12 Tainted: G B 6.6.0-rc2-syzkaller-00337-gd90b0276af8f #0 [ 145.893116][ T2992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 145.903473][ T2992] Workqueue: events_unbound flush_to_ldisc [ 145.909538][ T2992] Call Trace: [ 145.912924][ T2992] [ 145.915997][ T2992] dump_stack_lvl+0x1bf/0x240 [ 145.920881][ T2992] dump_stack+0x1e/0x20 [ 145.925202][ T2992] panic+0x4d5/0xc70 [ 145.929270][ T2992] ? add_taint+0x108/0x1a0 [ 145.933818][ T2992] kmsan_report+0x2d0/0x2d0 [ 145.938583][ T2992] ? __ieee80211_suspend+0x722/0x1210 [ 145.944230][ T2992] ? __msan_warning+0x96/0x110 [ 145.949174][ T2992] ? n_tty_receive_buf_standard+0xc58/0x9230 [ 145.955713][ T2992] ? n_tty_receive_buf_common+0x178e/0x2320 [ 145.961882][ T2992] ? n_tty_receive_buf2+0x4c/0x60 [ 145.967159][ T2992] ? tty_ldisc_receive_buf+0xce/0x270 [ 145.972803][ T2992] ? tty_port_default_receive_buf+0xdf/0x190 [ 145.979063][ T2992] ? flush_to_ldisc+0x4b7/0xdc0 [ 145.984461][ T2992] ? process_scheduled_works+0x104e/0x1e70 [ 145.990705][ T2992] ? worker_thread+0xf45/0x1490 [ 145.995758][ T2992] ? kthread+0x3e8/0x540 [ 146.000189][ T2992] ? ret_from_fork+0x66/0x80 [ 146.004956][ T2992] ? ret_from_fork_asm+0x11/0x20 [ 146.010087][ T2992] ? _raw_spin_lock_irqsave+0x35/0xc0 [ 146.016368][ T2992] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 146.022830][ T2992] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 146.028839][ T2992] ? n_tty_receive_char+0xd6b/0x1440 [ 146.034301][ T2992] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 146.040320][ T2992] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 146.046419][ T2992] __msan_warning+0x96/0x110 [ 146.051181][ T2992] n_tty_receive_buf_standard+0xc58/0x9230 [pid 4990] sendfile(4, 5, NULL, 2199023401110) = 6140 [pid 4990] exit_group(0) = ? [ 146.057198][ T2992] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 146.063673][ T2992] n_tty_receive_buf_common+0x178e/0x2320 [ 146.069633][ T2992] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 146.075682][ T2992] n_tty_receive_buf2+0x4c/0x60 [ 146.080709][ T2992] ? n_tty_write_wakeup+0x50/0x50 [ 146.085882][ T2992] tty_ldisc_receive_buf+0xce/0x270 [ 146.091287][ T2992] tty_port_default_receive_buf+0xdf/0x190 [ 146.097286][ T2992] ? tty_buffer_flush_work+0x40/0x40 [ 146.102711][ T2992] flush_to_ldisc+0x4b7/0xdc0 [ 146.107549][ T2992] ? tty_buffer_init+0x150/0x150 [ 146.112759][ T2992] process_scheduled_works+0x104e/0x1e70 [ 146.118686][ T2992] worker_thread+0xf45/0x1490 [ 146.123548][ T2992] kthread+0x3e8/0x540 [ 146.127878][ T2992] ? pr_cont_work+0xce0/0xce0 [ 146.132687][ T2992] ? kthread_blkcg+0x120/0x120 [ 146.137660][ T2992] ret_from_fork+0x66/0x80 [ 146.142450][ T2992] ? kthread_blkcg+0x120/0x120 [ 146.147401][ T2992] ret_from_fork_asm+0x11/0x20 [ 146.152304][ T2992] [ 146.155670][ T2992] Kernel Offset: disabled [ 146.160040][ T2992] Rebooting in 86400 seconds..