./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1352110663 <...> Warning: Permanently added '10.128.1.153' (ED25519) to the list of known hosts. execve("./syz-executor1352110663", ["./syz-executor1352110663"], 0x7ffd329dadf0 /* 10 vars */) = 0 brk(NULL) = 0x55556f375000 brk(0x55556f375d00) = 0x55556f375d00 arch_prctl(ARCH_SET_FS, 0x55556f375380) = 0 set_tid_address(0x55556f375650) = 5041 set_robust_list(0x55556f375660, 24) = 0 rseq(0x55556f375ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1352110663", 4096) = 28 getrandom("\x91\x95\xe8\xc6\x79\x2a\x08\x78", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556f375d00 brk(0x55556f396d00) = 0x55556f396d00 brk(0x55556f397000) = 0x55556f397000 mprotect(0x7f95bf1be000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556f375650) = 5042 ./strace-static-x86_64: Process 5042 attached [pid 5042] set_robust_list(0x55556f375660, 24) = 0 [pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5042] setpgid(0, 0) = 0 [pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "1000", 4) = 4 [pid 5042] close(3) = 0 [pid 5042] io_uring_setup(9471, {flags=IORING_SETUP_COOP_TASKRUN|0x10000, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=16384, cq_entries=32768, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|IORING_FEAT_LINKED_FILE|0x6000, sq_off={head=0, tail=4, ring_mask=16, ring_entries=24, flags=36, dropped=32, array=0}, cq_off={head=8, tail=12, ring_mask=20, ring_entries=28, overflow=44, cqes=64, flags=40}}) = 3 [pid 5042] mmap(NULL, 524352, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_POPULATE, 3, 0) = 0x7f95bf08a000 [pid 5042] mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_POPULATE, 3, 0x10000000) = 0x7f95bef8a000 [pid 5042] socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = 4 [ 184.719334][ T5042] ===================================================== [ 184.726736][ T5042] BUG: KMSAN: uninit-value in io_req_cqe_overflow+0x193/0x1c0 [ 184.734581][ T5042] io_req_cqe_overflow+0x193/0x1c0 [ 184.739965][ T5042] __io_submit_flush_completions+0x7eb/0x1be0 [ 184.746456][ T5042] io_submit_sqes+0x2b30/0x2f10 [ 184.751597][ T5042] __se_sys_io_uring_enter+0x40f/0x3c80 [ 184.757369][ T5042] __x64_sys_io_uring_enter+0x11f/0x1a0 [ 184.763209][ T5042] x64_sys_call+0x2c0/0x3b50 [ 184.768072][ T5042] do_syscall_64+0xcf/0x1e0 [ 184.772969][ T5042] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.779123][ T5042] [ 184.781766][ T5042] Uninit was stored to memory at: [ 184.787115][ T5042] io_recv_finish+0xf10/0x1560 [ 184.792244][ T5042] io_recv+0x12ec/0x1ea0 [ 184.796689][ T5042] io_issue_sqe+0x429/0x22c0 [ 184.801715][ T5042] io_submit_sqes+0x1266/0x2f10 [ 184.806775][ T5042] __se_sys_io_uring_enter+0x40f/0x3c80 [ 184.812739][ T5042] __x64_sys_io_uring_enter+0x11f/0x1a0 [ 184.818524][ T5042] x64_sys_call+0x2c0/0x3b50 [ 184.823496][ T5042] do_syscall_64+0xcf/0x1e0 [ 184.828257][ T5042] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.834528][ T5042] [ 184.836971][ T5042] Uninit was created at: [ 184.841692][ T5042] __kmalloc+0x6e4/0x1060 [ 184.846270][ T5042] io_alloc_async_data+0xc0/0x220 [ 184.851810][ T5042] io_recvmsg_prep+0xbe8/0x1a20 [ 184.856881][ T5042] io_submit_sqes+0x1135/0x2f10 [ 184.862030][ T5042] __se_sys_io_uring_enter+0x40f/0x3c80 [ 184.867811][ T5042] __x64_sys_io_uring_enter+0x11f/0x1a0 [ 184.873682][ T5042] x64_sys_call+0x2c0/0x3b50 [ 184.878542][ T5042] do_syscall_64+0xcf/0x1e0 [ 184.883473][ T5042] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.889639][ T5042] [ 184.892242][ T5042] CPU: 1 PID: 5042 Comm: syz-executor135 Not tainted 6.9.0-syzkaller-01768-ga5131c3fdf26 #0 [ 184.902731][ T5042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 184.913160][ T5042] ===================================================== [ 184.920245][ T5042] Disabling lock debugging due to kernel taint [ 184.926716][ T5042] Kernel panic - not syncing: kmsan.panic set ... [ 184.933277][ T5042] CPU: 1 PID: 5042 Comm: syz-executor135 Tainted: G B 6.9.0-syzkaller-01768-ga5131c3fdf26 #0 [ 184.945047][ T5042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 184.955216][ T5042] Call Trace: [ 184.958613][ T5042] [ 184.961685][ T5042] dump_stack_lvl+0x216/0x2d0 [ 184.966648][ T5042] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 184.972716][ T5042] dump_stack+0x1e/0x30 [ 184.977079][ T5042] panic+0x4e2/0xcd0 [ 184.981172][ T5042] ? kmsan_get_metadata+0x101/0x1d0 [ 184.986628][ T5042] kmsan_report+0x2d5/0x2e0 [ 184.991370][ T5042] ? __msan_warning+0x95/0x120 [ 184.996319][ T5042] ? io_req_cqe_overflow+0x193/0x1c0 [ 185.001999][ T5042] ? __io_submit_flush_completions+0x7eb/0x1be0 [ 185.008553][ T5042] ? io_submit_sqes+0x2b30/0x2f10 [ 185.013806][ T5042] ? __se_sys_io_uring_enter+0x40f/0x3c80 [ 185.019785][ T5042] ? __x64_sys_io_uring_enter+0x11f/0x1a0 [ 185.025689][ T5042] ? x64_sys_call+0x2c0/0x3b50 [ 185.030723][ T5042] ? do_syscall_64+0xcf/0x1e0 [ 185.035646][ T5042] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.041909][ T5042] ? kmsan_get_metadata+0x146/0x1d0 [ 185.047352][ T5042] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 185.053415][ T5042] ? io_recv_finish+0xead/0x1560 [ 185.058552][ T5042] ? kmsan_get_metadata+0x146/0x1d0 [ 185.063935][ T5042] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 185.070003][ T5042] ? io_recv+0x19e8/0x1ea0 [ 185.074661][ T5042] ? kmsan_get_metadata+0x146/0x1d0 [ 185.080102][ T5042] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 185.086135][ T5042] __msan_warning+0x95/0x120 [ 185.090864][ T5042] io_req_cqe_overflow+0x193/0x1c0 [ 185.096268][ T5042] __io_submit_flush_completions+0x7eb/0x1be0 [ 185.102599][ T5042] io_submit_sqes+0x2b30/0x2f10 [ 185.107744][ T5042] __se_sys_io_uring_enter+0x40f/0x3c80 [ 185.113697][ T5042] ? kmsan_get_metadata+0x146/0x1d0 [ 185.119074][ T5042] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 185.125132][ T5042] ? _raw_spin_unlock_irq+0x31/0x50 [ 185.130512][ T5042] __x64_sys_io_uring_enter+0x11f/0x1a0 [ 185.136277][ T5042] x64_sys_call+0x2c0/0x3b50 [ 185.141134][ T5042] do_syscall_64+0xcf/0x1e0 [ 185.145970][ T5042] ? clear_bhb_loop+0x25/0x80 [ 185.150930][ T5042] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.157073][ T5042] RIP: 0033:0x7f95bf14bbb9 [ 185.161626][ T5042] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 185.181573][ T5042] RSP: 002b:00007ffe05dc6908 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 185.190207][ T5042] RAX: ffffffffffffffda RBX: 00000000000024ff RCX: 00007f95bf14bbb9 [ 185.198383][ T5042] RDX: 0000000000000000 RSI: 0000000000005c26 RDI: 0000000000000003 [ 185.206562][ T5042] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 185.214679][ T5042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 185.222788][ T5042] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 185.230989][ T5042] [ 185.234534][ T5042] Kernel Offset: disabled [ 185.238951][ T5042] Rebooting in 86400 seconds..