./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor452180521 <...> Warning: Permanently added '10.128.10.5' (ED25519) to the list of known hosts. execve("./syz-executor452180521", ["./syz-executor452180521"], 0x7ffd4ab068d0 /* 10 vars */) = 0 brk(NULL) = 0x55557953f000 brk(0x55557953fd00) = 0x55557953fd00 arch_prctl(ARCH_SET_FS, 0x55557953f380) = 0 set_tid_address(0x55557953f650) = 5780 set_robust_list(0x55557953f660, 24) = 0 rseq(0x55557953fca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor452180521", 4096) = 27 getrandom("\x4f\x14\xe0\x70\x14\xfa\xba\x46", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557953fd00 brk(0x555579560d00) = 0x555579560d00 brk(0x555579561000) = 0x555579561000 mprotect(0x7ffb468c2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557953f650) = 5781 ./strace-static-x86_64: Process 5781 attached [pid 5781] set_robust_list(0x55557953f660, 24) = 0 [pid 5781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5781] setpgid(0, 0) = 0 [pid 5781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5781] write(3, "1000", 4) = 4 [pid 5781] close(3) = 0 executing program [pid 5781] write(1, "executing program\n", 18) = 18 [pid 5781] io_uring_setup(1474, {flags=0, sq_thread_cpu=0x8003, sq_thread_idle=0, sq_entries=2048, cq_entries=4096, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|IORING_FEAT_LINKED_FILE|0xe000, sq_off={head=0, tail=4, ring_mask=16, ring_entries=24, flags=36, dropped=32, array=65600}, cq_off={head=8, tail=12, ring_mask=20, ring_entries=28, overflow=44, cqes=64, flags=40}}) = 3 [pid 5781] mmap(NULL, 73792, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_POPULATE, 3, 0) = 0x7ffb467fc000 [pid 5781] mmap(NULL, 131072, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_POPULATE, 3, 0x10000000) = 0x7ffb467dc000 [pid 5781] socket(AF_PHONET, SOCK_SEQPACKET, PN_PROTO_PIPE) = 4 [ 183.671344][ T5781] ===================================================== [ 183.678535][ T5781] BUG: KMSAN: uninit-value in io_recv+0x930/0x1f90 [ 183.685269][ T5781] io_recv+0x930/0x1f90 [ 183.689774][ T5781] io_issue_sqe+0x420/0x2130 [ 183.694514][ T5781] io_req_task_submit+0xfa/0x1d0 [ 183.699667][ T5781] io_handle_tw_list+0x55f/0x5c0 [ 183.704776][ T5781] tctx_task_work_run+0x109/0x3e0 [ 183.710082][ T5781] tctx_task_work+0x6d/0xc0 [ 183.714755][ T5781] task_work_run+0x268/0x310 [ 183.719538][ T5781] io_run_task_work+0x43a/0x4a0 [ 183.724564][ T5781] __se_sys_io_uring_enter+0x204f/0x4ce0 [ 183.730411][ T5781] __x64_sys_io_uring_enter+0x11f/0x1a0 [ 183.736147][ T5781] x64_sys_call+0xce5/0x3c30 [ 183.740960][ T5781] do_syscall_64+0xcd/0x1e0 [ 183.745626][ T5781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.751803][ T5781] [ 183.754211][ T5781] Uninit was created at: [ 183.758615][ T5781] __kmalloc_noprof+0x923/0x1230 [ 183.763763][ T5781] io_alloc_async_data+0xc0/0x220 [ 183.769049][ T5781] io_recvmsg_prep+0xbe8/0x1a20 [ 183.774070][ T5781] io_submit_sqes+0x1082/0x2f80 [ 183.779134][ T5781] __se_sys_io_uring_enter+0x409/0x4ce0 [ 183.784875][ T5781] __x64_sys_io_uring_enter+0x11f/0x1a0 [ 183.790640][ T5781] x64_sys_call+0xce5/0x3c30 [ 183.795423][ T5781] do_syscall_64+0xcd/0x1e0 [ 183.800109][ T5781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.806206][ T5781] [ 183.808597][ T5781] CPU: 1 UID: 0 PID: 5781 Comm: syz-executor452 Not tainted 6.13.0-rc4-syzkaller-00069-g8379578b11d5 #0 [ 183.819977][ T5781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 183.830254][ T5781] ===================================================== [ 183.837246][ T5781] Disabling lock debugging due to kernel taint [ 183.843557][ T5781] Kernel panic - not syncing: kmsan.panic set ... [ 183.850087][ T5781] CPU: 1 UID: 0 PID: 5781 Comm: syz-executor452 Tainted: G B 6.13.0-rc4-syzkaller-00069-g8379578b11d5 #0 [ 183.862810][ T5781] Tainted: [B]=BAD_PAGE [ 183.867019][ T5781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 183.877182][ T5781] Call Trace: [ 183.880526][ T5781] [ 183.883520][ T5781] dump_stack_lvl+0x216/0x2d0 [ 183.888318][ T5781] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 183.894248][ T5781] dump_stack+0x1e/0x24 [ 183.898521][ T5781] panic+0x4e2/0xcf0 [ 183.902528][ T5781] ? kmsan_get_metadata+0x131/0x1c0 [ 183.907841][ T5781] kmsan_report+0x2c7/0x2d0 [ 183.912444][ T5781] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 183.918361][ T5781] ? __msan_warning+0x95/0x120 [ 183.923253][ T5781] ? io_recv+0x930/0x1f90 [ 183.927725][ T5781] ? io_issue_sqe+0x420/0x2130 [ 183.932678][ T5781] ? io_req_task_submit+0xfa/0x1d0 [ 183.937925][ T5781] ? io_handle_tw_list+0x55f/0x5c0 [ 183.943206][ T5781] ? tctx_task_work_run+0x109/0x3e0 [ 183.948529][ T5781] ? tctx_task_work+0x6d/0xc0 [ 183.953311][ T5781] ? task_work_run+0x268/0x310 [ 183.958189][ T5781] ? io_run_task_work+0x43a/0x4a0 [ 183.963352][ T5781] ? __se_sys_io_uring_enter+0x204f/0x4ce0 [ 183.969297][ T5781] ? __x64_sys_io_uring_enter+0x11f/0x1a0 [ 183.975148][ T5781] ? x64_sys_call+0xce5/0x3c30 [ 183.980042][ T5781] ? do_syscall_64+0xcd/0x1e0 [ 183.984839][ T5781] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.991048][ T5781] ? kmsan_get_metadata+0x13e/0x1c0 [ 183.996350][ T5781] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 184.002821][ T5781] ? kmsan_get_metadata+0x13e/0x1c0 [ 184.008120][ T5781] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 184.014040][ T5781] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 184.019976][ T5781] ? stack_depot_save_flags+0x6db/0x750 [ 184.025641][ T5781] ? kmsan_get_metadata+0x13e/0x1c0 [ 184.030945][ T5781] ? kmsan_get_metadata+0x13e/0x1c0 [ 184.036252][ T5781] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 184.042713][ T5781] ? kmsan_get_metadata+0x13e/0x1c0 [ 184.048013][ T5781] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 184.053927][ T5781] __msan_warning+0x95/0x120 [ 184.058645][ T5781] io_recv+0x930/0x1f90 [ 184.062941][ T5781] ? __pfx_io_recv+0x10/0x10 [ 184.067679][ T5781] io_issue_sqe+0x420/0x2130 [ 184.072397][ T5781] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 184.078421][ T5781] ? kmsan_get_metadata+0x13e/0x1c0 [ 184.083732][ T5781] io_req_task_submit+0xfa/0x1d0 [ 184.088789][ T5781] ? __pfx_io_req_task_submit+0x10/0x10 [ 184.094503][ T5781] io_handle_tw_list+0x55f/0x5c0 [ 184.099566][ T5781] tctx_task_work_run+0x109/0x3e0 [ 184.104705][ T5781] ? __pfx_tctx_task_work+0x10/0x10 [ 184.110041][ T5781] tctx_task_work+0x6d/0xc0 [ 184.114663][ T5781] task_work_run+0x268/0x310 [ 184.119368][ T5781] io_run_task_work+0x43a/0x4a0 [ 184.124342][ T5781] __se_sys_io_uring_enter+0x204f/0x4ce0 [ 184.130107][ T5781] ? kmsan_get_metadata+0x13e/0x1c0 [ 184.135416][ T5781] ? kmsan_get_metadata+0x13e/0x1c0 [ 184.140714][ T5781] ? kmsan_get_metadata+0x13e/0x1c0 [ 184.146014][ T5781] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 184.152483][ T5781] ? kmsan_get_metadata+0x13e/0x1c0 [ 184.157835][ T5781] __x64_sys_io_uring_enter+0x11f/0x1a0 [ 184.163520][ T5781] x64_sys_call+0xce5/0x3c30 [ 184.168245][ T5781] do_syscall_64+0xcd/0x1e0 [ 184.172846][ T5781] ? clear_bhb_loop+0x25/0x80 [ 184.177677][ T5781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.183779][ T5781] RIP: 0033:0x7ffb4684fbf9 [ 184.188300][ T5781] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 184.208097][ T5781] RSP: 002b:00007fff4fe5e718 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 184.216635][ T5781] RAX: ffffffffffffffda RBX: 00000000000005c2 RCX: 00007ffb4684fbf9 [ 184.224697][ T5781] RDX: 0000000000003900 RSI: 00000000000006e2 RDI: 0000000000000003 [ 184.232750][ T5781] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 184.240803][ T5781] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 184.248875][ T5781] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 184.257019][ T5781] [ 184.260513][ T5781] Kernel Offset: disabled [ 184.264919][ T5781] Rebooting in 86400 seconds..