./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor46814992 <...> syzkaller login: [ 95.142915][ T123] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.187' (ECDSA) to the list of known hosts. execve("./syz-executor46814992", ["./syz-executor46814992"], 0x7ffff3cc4a70 /* 10 vars */) = 0 brk(NULL) = 0x555556c81000 brk(0x555556c81c40) = 0x555556c81c40 arch_prctl(ARCH_SET_FS, 0x555556c81300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor46814992", 4096) = 26 brk(0x555556ca2c40) = 0x555556ca2c40 brk(0x555556ca3000) = 0x555556ca3000 mprotect(0x7fdca61f4000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c815d0) = 3475 ./strace-static-x86_64: Process 3475 attached [pid 3475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3475] setpgid(0, 0) = 0 [pid 3475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3475] write(3, "1000", 4) = 4 [pid 3475] close(3) = 0 [pid 3475] io_uring_setup(18777, {flags=IORING_SETUP_IOPOLL, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3475] mmap(0x20ee7000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20ee7000 [pid 3475] mmap(0x20002000, 2097152, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0x10000000) = 0x20002000 [pid 3475] mmap(0x20ee7000, 12288, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED, 3, 0x10000000) = 0x20ee7000 [pid 3475] io_uring_setup(11751, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=16384, cq_entries=32768, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=524608}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 4 [pid 3475] mmap(0x20002000, 590144, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0) = 0x20002000 [pid 3475] mmap(0x20003000, 1048576, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 4, 0x10000000) = 0x20003000 [ 99.095074][ T3475] ===================================================== [ 99.102138][ T3475] BUG: KMSAN: uninit-value in io_issue_sqe+0x1d5ed/0x1f590 [ 99.109364][ T3475] io_issue_sqe+0x1d5ed/0x1f590 [ 99.114259][ T3475] io_submit_sqe+0xaaed/0xe670 [ 99.119081][ T3475] io_submit_sqes+0x692/0x1a80 [ 99.123867][ T3475] __se_sys_io_uring_enter+0x89c/0x25a0 [ 99.129430][ T3475] __x64_sys_io_uring_enter+0x19d/0x200 [ 99.135001][ T3475] do_syscall_64+0x51/0xa0 [ 99.139459][ T3475] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 99.145398][ T3475] [ 99.147728][ T3475] Uninit was created at: [ 99.152034][ T3475] kmem_cache_alloc_bulk+0xe98/0x1530 [ 99.157441][ T3475] __io_alloc_req_refill+0x482/0x867 [ 99.162743][ T3475] io_submit_sqes+0x98a/0x1a80 [ 99.167545][ T3475] __se_sys_io_uring_enter+0x89c/0x25a0 [ 99.173109][ T3475] __x64_sys_io_uring_enter+0x19d/0x200 [ 99.178804][ T3475] do_syscall_64+0x51/0xa0 [ 99.183336][ T3475] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 99.189269][ T3475] [ 99.191589][ T3475] CPU: 0 PID: 3475 Comm: syz-executor468 Not tainted 5.18.0-rc4-syzkaller #0 [ 99.200382][ T3475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 99.210451][ T3475] ===================================================== [ 99.217377][ T3475] Disabling lock debugging due to kernel taint [ 99.223782][ T3475] Kernel panic - not syncing: kmsan.panic set ... [ 99.230211][ T3475] CPU: 0 PID: 3475 Comm: syz-executor468 Tainted: G B 5.18.0-rc4-syzkaller #0 [ 99.240396][ T3475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 99.250472][ T3475] Call Trace: [ 99.253754][ T3475] [ 99.256694][ T3475] dump_stack_lvl+0x1ff/0x28e [ 99.261397][ T3475] dump_stack+0x25/0x28 [ 99.265575][ T3475] panic+0x4fe/0xc73 [ 99.269498][ T3475] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 99.275690][ T3475] ? add_taint+0x181/0x210 [ 99.280143][ T3475] ? console_unlock+0x1c00/0x2130 [ 99.285212][ T3475] ? _raw_spin_unlock_irqrestore+0x78/0xb0 [ 99.291040][ T3475] kmsan_report+0x2e6/0x2f0 [ 99.295569][ T3475] ? __msan_warning+0x94/0x110 [ 99.300379][ T3475] ? io_issue_sqe+0x1d5ed/0x1f590 [ 99.305424][ T3475] ? io_submit_sqe+0xaaed/0xe670 [ 99.310406][ T3475] ? io_submit_sqes+0x692/0x1a80 [ 99.315368][ T3475] ? __se_sys_io_uring_enter+0x89c/0x25a0 [ 99.321129][ T3475] ? __x64_sys_io_uring_enter+0x19d/0x200 [ 99.326886][ T3475] ? do_syscall_64+0x51/0xa0 [ 99.331515][ T3475] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [ 99.337619][ T3475] ? kmsan_get_metadata+0x33/0x220 [ 99.342750][ T3475] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 99.348575][ T3475] ? __rcu_read_unlock+0x82/0xf0 [ 99.353552][ T3475] ? __fget_files+0x627/0x6c0 [ 99.358285][ T3475] ? kmsan_get_metadata+0x33/0x220 [ 99.363416][ T3475] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 99.369268][ T3475] __msan_warning+0x94/0x110 [ 99.373909][ T3475] io_issue_sqe+0x1d5ed/0x1f590 [ 99.378780][ T3475] ? kmem_cache_alloc_bulk+0xe98/0x1530 [ 99.384370][ T3475] ? __io_alloc_req_refill+0x482/0x867 [ 99.389861][ T3475] ? io_submit_sqes+0x98a/0x1a80 [ 99.394827][ T3475] ? __se_sys_io_uring_enter+0x89c/0x25a0 [ 99.400569][ T3475] ? __x64_sys_io_uring_enter+0x19d/0x200 [ 99.406310][ T3475] ? do_syscall_64+0x51/0xa0 [ 99.410942][ T3475] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [ 99.417046][ T3475] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 99.422911][ T3475] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 99.428766][ T3475] ? kmsan_get_metadata+0x33/0x220 [ 99.433909][ T3475] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 99.439735][ T3475] ? kmsan_get_metadata+0x33/0x220 [ 99.444867][ T3475] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 99.450704][ T3475] io_submit_sqe+0xaaed/0xe670 [ 99.455512][ T3475] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 99.461368][ T3475] io_submit_sqes+0x692/0x1a80 [ 99.466180][ T3475] ? kmsan_get_metadata+0x33/0x220 [ 99.471327][ T3475] __se_sys_io_uring_enter+0x89c/0x25a0 [ 99.476937][ T3475] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 99.482794][ T3475] __x64_sys_io_uring_enter+0x19d/0x200 [ 99.488392][ T3475] do_syscall_64+0x51/0xa0 [ 99.492848][ T3475] ? exc_page_fault+0x76/0x150 [ 99.497662][ T3475] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 99.503576][ T3475] RIP: 0033:0x7fdca61875a9 [ 99.507996][ T3475] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 99.527647][ T3475] RSP: 002b:00007ffc76cb5b48 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 99.536101][ T3475] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdca61875a9 [ 99.544082][ T3475] RDX: 0000000000000000 RSI: 00000000000063f4 RDI: 0000000000000003 [ 99.552061][ T3475] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 99.560039][ T3475] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdca614ae30 [ 99.568035][ T3475] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 99.576049][ T3475] [ 99.579343][ T3475] Kernel Offset: disabled [ 99.583669][ T3475] Rebooting in 86400 seconds..