./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2804924522 <...> Warning: Permanently added '10.128.0.57' (ED25519) to the list of known hosts. execve("./syz-executor2804924522", ["./syz-executor2804924522"], 0x7ffc0d26d5d0 /* 10 vars */) = 0 brk(NULL) = 0x555592920000 brk(0x555592920d40) = 0x555592920d40 arch_prctl(ARCH_SET_FS, 0x5555929203c0) = 0 set_tid_address(0x555592920690) = 5041 set_robust_list(0x5555929206a0, 24) = 0 rseq(0x555592920ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2804924522", 4096) = 28 getrandom("\x22\x70\x94\xb2\x4a\x8d\x26\xd6", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555592920d40 brk(0x555592941d40) = 0x555592941d40 brk(0x555592942000) = 0x555592942000 mprotect(0x7f3d5c3b8000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mount(NULL, "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0, NULL) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3 write(3, "\x3a\x73\x79\x7a\x30\x3a\x4d\x3a\x30\x3a\x01\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a", 21) = 21 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3 write(3, "\x3a\x73\x79\x7a\x31\x3a\x4d\x3a\x31\x3a\x02\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a\x50\x4f\x43", 24) = 24 close(3) = 0 chmod("/dev/raw-gadget", 0666) = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555592920690) = 5042 ./strace-static-x86_64: Process 5042 attached [pid 5042] set_robust_list(0x5555929206a0, 24) = 0 [pid 5042] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5042] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3 [pid 5042] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4 [pid 5042] dup2(4, 202) = 202 [pid 5042] close(4) = 0 [pid 5042] write(202, "\xff\x00", 2) = 2 [pid 5042] read(202, "\xff\x00\x00\x00", 4) = 4 [pid 5042] rt_sigaction(SIGRT_1, {sa_handler=0x7f3d5c35b600, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3d5c34cc80}, NULL, 8) = 0 [pid 5042] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5042] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3d5ba00000 [pid 5042] mprotect(0x7f3d5ba01000, 8388608, PROT_READ|PROT_WRITE) = 0 [pid 5042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3d5c200990, parent_tid=0x7f3d5c200990, exit_signal=0, stack=0x7f3d5ba00000, stack_size=0x800300, tls=0x7f3d5c2006c0}./strace-static-x86_64: Process 5043 attached => {parent_tid=[2]}, 88) = 2 [pid 5042] rt_sigprocmask(SIG_SETMASK, [], [pid 5043] rseq(0x7f3d5c200fe0, 0x20, 0, 0x53053053 [pid 5042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5043] <... rseq resumed>) = 0 [pid 5042] ioctl(3, HCIDEVUP [pid 5043] set_robust_list(0x7f3d5c2009a0, 24) = 0 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5043] read(202, "\x01\x03\x0c\x00", 1024) = 4 [pid 5043] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5043] read(202, "\x01\x03\x10\x00", 1024) = 4 [pid 5043] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5043] read(202, "\x01\x01\x10\x00", 1024) = 4 [pid 5043] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5043] read(202, "\x01\x09\x10\x00", 1024) = 4 [pid 5043] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13 [pid 5043] read(202, "\x01\x05\x10\x00", 1024) = 4 [pid 5043] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14 [ 180.246803][ T5044] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 180.258331][ T5044] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 180.281067][ T5044] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [pid 5043] read(202, "\x01\x23\x0c\x00", 1024) = 4 [pid 5043] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5043] read(202, "\x01\x14\x0c\x00", 1024) = 4 [pid 5043] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5043] read(202, "\x01\x25\x0c\x00", 1024) = 4 [pid 5043] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5043] read(202, "\x01\x38\x0c\x00", 1024) = 4 [pid 5043] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5043] read(202, "\x01\x39\x0c\x00", 1024) = 4 [pid 5043] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5043] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6 [pid 5043] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5043] read(202, [pid 5042] <... ioctl resumed>, 0) = -1 EALREADY (Operation already in progress) [pid 5042] ioctl(3, HCISETSCAN [pid 5043] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5 [pid 5043] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7 [pid 5043] rt_sigprocmask(SIG_BLOCK, ~[RT_1], [pid 5042] <... ioctl resumed>, 0x7ffdae64ae40) = 0 [pid 5043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5043] madvise(0x7f3d5ba00000, 8372224, MADV_DONTNEED) = 0 [pid 5043] exit(0) = ? [pid 5043] +++ exited with 0 +++ [pid 5042] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3) = 13 [pid 5042] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3) = 14 [pid 5042] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14 [pid 5042] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22 [ 180.300630][ T5044] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 180.317107][ T5044] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 180.327835][ T5044] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [pid 5042] close(3) = 0 [pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5042] setsid() = 1 [pid 5042] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5042] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5042] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5042] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5042] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5042] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5042] unshare(CLONE_NEWNS) = 0 [pid 5042] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5042] unshare(CLONE_NEWIPC) = 0 [pid 5042] unshare(CLONE_NEWCGROUP) = 0 [pid 5042] unshare(CLONE_NEWUTS) = 0 [pid 5042] unshare(CLONE_SYSVSEM) = 0 [pid 5042] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "16777216", 8) = 8 [pid 5042] close(3) = 0 [pid 5042] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "536870912", 9) = 9 [pid 5042] close(3) = 0 [pid 5042] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "1024", 4) = 4 [pid 5042] close(3) = 0 [pid 5042] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "8192", 4) = 4 [pid 5042] close(3) = 0 [pid 5042] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "1024", 4) = 4 [pid 5042] close(3) = 0 [pid 5042] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "1024", 4) = 4 [pid 5042] close(3) = 0 [pid 5042] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5042] close(3) = 0 [pid 5042] getpid() = 1 [pid 5042] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<) = 0 [pid 5042] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5049 attached , child_tidptr=0x555592920690) = 4 [pid 5049] set_robust_list(0x5555929206a0, 24) = 0 [pid 5049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5049] setpgid(0, 0) = 0 [pid 5049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5049] write(3, "1000", 4) = 4 [pid 5049] close(3) = 0 [pid 5049] read(200, 0x7ffdae64aa10, 1000) = -1 EAGAIN (Resource temporarily unavailable) [pid 5049] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE, insn_cnt=4, insns=0x200002c0, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_SOCK_CREATE, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = 3 [pid 5049] bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name="kfree", prog_fd=3}}, 16) = 4 [pid 5049] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5049] sendfile(-1, -1, NULL, 16064) = -1 EBADF (Bad file descriptor) [pid 5049] openat(AT_FDCWD, NULL, O_RDONLY) = -1 EFAULT (Bad address) [ 182.395972][ T5044] Bluetooth: hci0: command tx timeout [ 184.476095][ T5044] Bluetooth: hci0: command tx timeout [ 186.556030][ T5044] Bluetooth: hci0: command tx timeout [ 188.635716][ T5044] Bluetooth: hci0: command tx timeout [ 193.237537][ T54] ===================================================== [ 193.244939][ T54] BUG: KMSAN: uninit-value in virtqueue_add+0x1e86/0x65c0 [ 193.252287][ T54] virtqueue_add+0x1e86/0x65c0 [ 193.257267][ T54] virtqueue_add_sgs+0x186/0x1b0 [ 193.262424][ T54] virtscsi_add_cmd+0x838/0xad0 [ 193.267476][ T54] virtscsi_queuecommand+0x898/0xa60 [ 193.272994][ T54] scsi_queue_rq+0x4cd0/0x5a80 [ 193.277953][ T54] blk_mq_dispatch_rq_list+0x148e/0x3ae0 [ 193.283778][ T54] __blk_mq_sched_dispatch_requests+0x11b7/0x26e0 [ 193.290401][ T54] blk_mq_sched_dispatch_requests+0x12f/0x270 [ 193.296654][ T54] blk_mq_run_work_fn+0xd0/0x280 [ 193.301791][ T54] process_scheduled_works+0xa81/0x1bd0 [ 193.307520][ T54] worker_thread+0xea5/0x1560 [ 193.312358][ T54] kthread+0x3e2/0x540 [ 193.316606][ T54] ret_from_fork+0x6d/0x90 [ 193.321191][ T54] ret_from_fork_asm+0x1a/0x30 [ 193.326189][ T54] [ 193.328604][ T54] Uninit was stored to memory at: [ 193.333946][ T54] copy_page_from_iter_atomic+0x12b7/0x2ae0 [ 193.340036][ T54] generic_perform_write+0x4c1/0xc60 [ 193.345538][ T54] ext4_buffered_write_iter+0x564/0xaa0 [ 193.351318][ T54] ext4_file_write_iter+0x208/0x3450 [ 193.356806][ T54] __kernel_write_iter+0x68b/0xc40 [ 193.362115][ T54] dump_user_range+0x8dc/0xee0 [ 193.367090][ T54] elf_core_dump+0x520f/0x59c0 [ 193.372050][ T54] do_coredump+0x32d5/0x4920 [ 193.376829][ T54] get_signal+0x267e/0x2d00 [ 193.381510][ T54] arch_do_signal_or_restart+0x53/0xcb0 [ 193.387303][ T54] syscall_exit_to_user_mode+0x5d/0x160 [ 193.393040][ T54] do_syscall_64+0xdc/0x1e0 [ 193.397742][ T54] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.403815][ T54] [ 193.406233][ T54] Uninit was created at: [ 193.410710][ T54] __alloc_pages+0x9d6/0xe70 [ 193.415518][ T54] alloc_pages_mpol+0x299/0x990 [ 193.420571][ T54] alloc_pages+0x1bf/0x1e0 [ 193.425184][ T54] dump_user_range+0x4a/0xee0 [ 193.430079][ T54] elf_core_dump+0x520f/0x59c0 [ 193.435060][ T54] do_coredump+0x32d5/0x4920 [ 193.439867][ T54] get_signal+0x267e/0x2d00 [ 193.444582][ T54] arch_do_signal_or_restart+0x53/0xcb0 [ 193.450390][ T54] syscall_exit_to_user_mode+0x5d/0x160 [ 193.456128][ T54] do_syscall_64+0xdc/0x1e0 [ 193.460817][ T54] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.466902][ T54] [ 193.469320][ T54] Bytes 0-1023 of 1024 are uninitialized [ 193.475165][ T54] Memory access of size 1024 starts at ffff88811fe3cc00 [ 193.482226][ T54] [ 193.484642][ T54] CPU: 0 PID: 54 Comm: kworker/0:1H Not tainted 6.9.0-rc6-syzkaller-00234-g7367539ad4b0 #0 [ 193.494824][ T54] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 193.505038][ T54] Workqueue: kblockd blk_mq_run_work_fn [ 193.510841][ T54] ===================================================== [ 193.517886][ T54] Disabling lock debugging due to kernel taint [ 193.524203][ T54] Kernel panic - not syncing: kmsan.panic set ... [ 193.530745][ T54] CPU: 0 PID: 54 Comm: kworker/0:1H Tainted: G B 6.9.0-rc6-syzkaller-00234-g7367539ad4b0 #0 [ 193.542503][ T54] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 193.552839][ T54] Workqueue: kblockd blk_mq_run_work_fn [ 193.558647][ T54] Call Trace: [ 193.562049][ T54] [ 193.565094][ T54] dump_stack_lvl+0x216/0x2d0 [ 193.569975][ T54] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 193.575985][ T54] dump_stack+0x1e/0x30 [ 193.580325][ T54] panic+0x4e2/0xcd0 [ 193.585186][ T54] ? kmsan_get_metadata+0x131/0x1d0 [ 193.590587][ T54] kmsan_report+0x2d5/0x2e0 [ 193.595265][ T54] ? kmsan_get_metadata+0x146/0x1d0 [ 193.600641][ T54] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 193.607140][ T54] ? kmsan_internal_check_memory+0x48c/0x560 [ 193.613355][ T54] ? kmsan_handle_dma+0xac/0xc0 [ 193.618426][ T54] ? virtqueue_add+0x1e86/0x65c0 [ 193.623594][ T54] ? virtqueue_add_sgs+0x186/0x1b0 [ 193.628946][ T54] ? virtscsi_add_cmd+0x838/0xad0 [ 193.634182][ T54] ? virtscsi_queuecommand+0x898/0xa60 [ 193.639852][ T54] ? scsi_queue_rq+0x4cd0/0x5a80 [ 193.644989][ T54] ? blk_mq_dispatch_rq_list+0x148e/0x3ae0 [ 193.650996][ T54] ? __blk_mq_sched_dispatch_requests+0x11b7/0x26e0 [ 193.657789][ T54] ? blk_mq_sched_dispatch_requests+0x12f/0x270 [ 193.664225][ T54] ? blk_mq_run_work_fn+0xd0/0x280 [ 193.669553][ T54] ? process_scheduled_works+0xa81/0x1bd0 [ 193.675487][ T54] ? worker_thread+0xea5/0x1560 [ 193.680529][ T54] ? kthread+0x3e2/0x540 [ 193.684969][ T54] ? ret_from_fork+0x6d/0x90 [ 193.689751][ T54] ? ret_from_fork_asm+0x1a/0x30 [ 193.694906][ T54] ? scsi_queue_rq+0x4342/0x5a80 [ 193.700040][ T54] ? blk_mq_dispatch_rq_list+0x148e/0x3ae0 [ 193.706210][ T54] ? __blk_mq_sched_dispatch_requests+0x11b7/0x26e0 [ 193.712997][ T54] ? blk_mq_sched_dispatch_requests+0x12f/0x270 [ 193.719449][ T54] ? blk_mq_run_work_fn+0xd0/0x280 [ 193.724797][ T54] ? process_scheduled_works+0xa81/0x1bd0 [ 193.730708][ T54] ? worker_thread+0xea5/0x1560 [ 193.735747][ T54] ? kthread+0x3e2/0x540 [ 193.740183][ T54] ? ret_from_fork+0x6d/0x90 [ 193.744950][ T54] ? ret_from_fork_asm+0x1a/0x30 [ 193.750098][ T54] ? kmsan_get_metadata+0x146/0x1d0 [ 193.755480][ T54] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 193.761465][ T54] ? kmsan_get_metadata+0x146/0x1d0 [ 193.766847][ T54] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 193.772841][ T54] ? should_fail_ex+0x4a/0x800 [ 193.777847][ T54] ? kmsan_get_metadata+0x146/0x1d0 [ 193.783226][ T54] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 193.789225][ T54] ? kmsan_get_metadata+0x146/0x1d0 [ 193.794605][ T54] kmsan_internal_check_memory+0x48c/0x560 [ 193.800664][ T54] kmsan_handle_dma+0xac/0xc0 [ 193.805598][ T54] virtqueue_add+0x1e86/0x65c0 [ 193.810600][ T54] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 193.816594][ T54] ? kmsan_get_metadata+0x146/0x1d0 [ 193.821974][ T54] ? kmsan_get_metadata+0x146/0x1d0 [ 193.827351][ T54] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 193.833375][ T54] virtqueue_add_sgs+0x186/0x1b0 [ 193.838561][ T54] virtscsi_add_cmd+0x838/0xad0 [ 193.843668][ T54] virtscsi_queuecommand+0x898/0xa60 [ 193.849187][ T54] ? __pfx_virtscsi_queuecommand+0x10/0x10 [ 193.855219][ T54] scsi_queue_rq+0x4cd0/0x5a80 [ 193.860213][ T54] ? __pfx_scsi_queue_rq+0x10/0x10 [ 193.865535][ T54] blk_mq_dispatch_rq_list+0x148e/0x3ae0 [ 193.871378][ T54] ? sbitmap_get+0x4d5/0x670 [ 193.876196][ T54] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 193.882186][ T54] ? kmsan_get_metadata+0x146/0x1d0 [ 193.887574][ T54] ? dd_dispatch_request+0x9f1/0xa20 [ 193.893055][ T54] __blk_mq_sched_dispatch_requests+0x11b7/0x26e0 [ 193.899709][ T54] ? finish_task_switch+0x1c8/0x8f0 [ 193.905120][ T54] ? __blk_mq_sched_dispatch_requests+0xf91/0x26e0 [ 193.911850][ T54] blk_mq_sched_dispatch_requests+0x12f/0x270 [ 193.918134][ T54] blk_mq_run_work_fn+0xd0/0x280 [ 193.923299][ T54] ? __pfx_blk_mq_run_work_fn+0x10/0x10 [ 193.929064][ T54] process_scheduled_works+0xa81/0x1bd0 [ 193.934842][ T54] worker_thread+0xea5/0x1560 [ 193.939711][ T54] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 193.945729][ T54] kthread+0x3e2/0x540 [ 193.950018][ T54] ? __pfx_worker_thread+0x10/0x10 [ 193.955345][ T54] ? __pfx_kthread+0x10/0x10 [ 193.960145][ T54] ret_from_fork+0x6d/0x90 [ 193.964768][ T54] ? __pfx_kthread+0x10/0x10 [ 193.969565][ T54] ret_from_fork_asm+0x1a/0x30 [ 193.974542][ T54] [ 195.498222][ T54] Shutting down cpus with NMI [ 195.503353][ T54] Kernel Offset: disabled [ 195.507756][ T54] Rebooting in 86400 seconds..