./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3268322533 <...> Warning: Permanently added '10.128.0.188' (ED25519) to the list of known hosts. execve("./syz-executor3268322533", ["./syz-executor3268322533"], 0x7ffdbf1cb1b0 /* 10 vars */) = 0 brk(NULL) = 0x555555d76000 brk(0x555555d76d00) = 0x555555d76d00 arch_prctl(ARCH_SET_FS, 0x555555d76380) = 0 set_tid_address(0x555555d76650) = 5002 set_robust_list(0x555555d76660, 24) = 0 rseq(0x555555d76ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3268322533", 4096) = 28 getrandom("\xcc\x37\x8f\xe5\x1a\xa9\x04\xc1", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555d76d00 brk(0x555555d97d00) = 0x555555d97d00 brk(0x555555d98000) = 0x555555d98000 mprotect(0x7fc80e14c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=784, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5002}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x2e\x00\x00\x00\x98\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 784 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5002}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5002}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5002}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5002}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5002}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5002}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(3) = 0 close(4) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5004 attached [pid 5004] set_robust_list(0x555555d76660, 24) = 0 [pid 5002] <... clone resumed>, child_tidptr=0x555555d76650) = 5004 [pid 5004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5004] setpgid(0, 0) = 0 [pid 5004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5004] write(3, "1000", 4) = 4 [pid 5004] close(3) = 0 [pid 5004] openat(AT_FDCWD, "/dev/ttyS3", O_RDONLY) = 3 [pid 5004] ioctl(3, TIOCMSET, [TIOCM_LE|TIOCM_LOOP]) = 0 [pid 5004] openat(AT_FDCWD, "/dev/ttyS3", O_RDWR) = 4 [pid 5004] openat(AT_FDCWD, "/proc/timer_list", O_RDONLY) = 5 [ 146.519943][ T3894] ===================================================== [ 146.527568][ T3894] BUG: KMSAN: uninit-value in n_tty_receive_buf_standard+0xc58/0x9230 [ 146.536542][ T3894] n_tty_receive_buf_standard+0xc58/0x9230 [ 146.543139][ T3894] n_tty_receive_buf_common+0x178e/0x2310 [ 146.549739][ T3894] n_tty_receive_buf2+0x4c/0x60 [ 146.555294][ T3894] tty_ldisc_receive_buf+0xce/0x270 [ 146.561297][ T3894] tty_port_default_receive_buf+0xdf/0x190 [ 146.567808][ T3894] flush_to_ldisc+0x4b7/0xdc0 [ 146.573247][ T3894] process_scheduled_works+0x104e/0x1e70 [ 146.579698][ T3894] worker_thread+0xf45/0x1490 [ 146.584894][ T3894] kthread+0x3ed/0x540 [ 146.589599][ T3894] ret_from_fork+0x66/0x80 [ 146.594687][ T3894] ret_from_fork_asm+0x11/0x20 [ 146.600159][ T3894] [ 146.603081][ T3894] Uninit was created at: [ 146.607934][ T3894] slab_post_alloc_hook+0x129/0xa70 [ 146.614128][ T3894] __kmem_cache_alloc_node+0x5c9/0x970 [ 146.620300][ T3894] __kmalloc+0x121/0x3c0 [ 146.625124][ T3894] __tty_buffer_request_room+0x36e/0x6c0 [ 146.631489][ T3894] __tty_insert_flip_string_flags+0x140/0x560 [ 146.638135][ T3894] uart_insert_char+0x39e/0xa00 [ 146.643836][ T3894] serial8250_read_char+0x1a2/0x5d0 [ 146.649816][ T3894] serial8250_handle_irq+0x77b/0xb30 [ 146.655753][ T3894] serial8250_default_handle_irq+0x11a/0x2a0 [ 146.662498][ T3894] serial8250_interrupt+0xc0/0x350 [ 146.668405][ T3894] __handle_irq_event_percpu+0x113/0xc90 [ 146.674885][ T3894] handle_irq_event+0xef/0x2c0 [ 146.680293][ T3894] handle_edge_irq+0x341/0xf90 [ 146.685776][ T3894] __common_interrupt+0x94/0x1f0 [ 146.691494][ T3894] common_interrupt+0x89/0xa0 [ 146.696931][ T3894] asm_common_interrupt+0x2b/0x40 [ 146.702880][ T3894] [ 146.705764][ T3894] CPU: 0 PID: 3894 Comm: kworker/u4:23 Not tainted 6.7.0-rc3-syzkaller-00134-g994d5c58e50e #0 [ 146.716889][ T3894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 146.727819][ T3894] Workqueue: events_unbound flush_to_ldisc [ 146.734452][ T3894] ===================================================== [ 146.742191][ T3894] Disabling lock debugging due to kernel taint [ 146.748926][ T3894] Kernel panic - not syncing: kmsan.panic set ... [ 146.755400][ T3894] CPU: 0 PID: 3894 Comm: kworker/u4:23 Tainted: G B 6.7.0-rc3-syzkaller-00134-g994d5c58e50e #0 [ 146.767236][ T3894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 146.777437][ T3894] Workqueue: events_unbound flush_to_ldisc [ 146.783448][ T3894] Call Trace: [ 146.786826][ T3894] [ 146.789844][ T3894] dump_stack_lvl+0x1bf/0x240 [ 146.794729][ T3894] dump_stack+0x1e/0x20 [ 146.799054][ T3894] panic+0x4de/0xc90 [ 146.803133][ T3894] ? add_taint+0x108/0x1a0 [ 146.807730][ T3894] kmsan_report+0x2d0/0x2d0 [ 146.812547][ T3894] ? ilk_compute_pipe_wm+0x602/0x1100 [ 146.818146][ T3894] ? __msan_warning+0x96/0x110 [ 146.823033][ T3894] ? n_tty_receive_buf_standard+0xc58/0x9230 [ 146.829158][ T3894] ? n_tty_receive_buf_common+0x178e/0x2310 [ 146.835251][ T3894] ? n_tty_receive_buf2+0x4c/0x60 [ 146.840459][ T3894] ? tty_ldisc_receive_buf+0xce/0x270 [ 146.845980][ T3894] ? tty_port_default_receive_buf+0xdf/0x190 [ 146.852227][ T3894] ? flush_to_ldisc+0x4b7/0xdc0 [ 146.857257][ T3894] ? process_scheduled_works+0x104e/0x1e70 [ 146.863198][ T3894] ? worker_thread+0xf45/0x1490 [ 146.868246][ T3894] ? kthread+0x3ed/0x540 [ 146.872637][ T3894] ? ret_from_fork+0x66/0x80 [ 146.877447][ T3894] ? ret_from_fork_asm+0x11/0x20 [ 146.882526][ T3894] ? _raw_spin_lock_irqsave+0x35/0xc0 [ 146.888039][ T3894] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 146.894060][ T3894] ? ktime_get_mono_fast_ns+0x337/0x400 [ 146.899747][ T3894] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 146.905771][ T3894] ? rpm_suspend+0xa4/0x2de0 [ 146.910517][ T3894] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 146.916478][ T3894] __msan_warning+0x96/0x110 [ 146.921245][ T3894] n_tty_receive_buf_standard+0xc58/0x9230 [ 146.927204][ T3894] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 146.933212][ T3894] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 146.939593][ T3894] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 146.945567][ T3894] n_tty_receive_buf_common+0x178e/0x2310 [ 146.951503][ T3894] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 146.957499][ T3894] n_tty_receive_buf2+0x4c/0x60 [ 146.962489][ T3894] ? n_tty_write_wakeup+0x50/0x50 [ 146.967632][ T3894] tty_ldisc_receive_buf+0xce/0x270 [ 146.973070][ T3894] tty_port_default_receive_buf+0xdf/0x190 [ 146.979111][ T3894] ? tty_buffer_flush_work+0x40/0x40 [ 146.984596][ T3894] flush_to_ldisc+0x4b7/0xdc0 [ 146.989411][ T3894] ? tty_buffer_init+0x150/0x150 [ 146.994506][ T3894] process_scheduled_works+0x104e/0x1e70 [ 147.000316][ T3894] worker_thread+0xf45/0x1490 [ 147.005102][ T3894] kthread+0x3ed/0x540 [ 147.009313][ T3894] ? pr_cont_work+0xce0/0xce0 [ 147.014107][ T3894] ? kthread_blkcg+0x120/0x120 [ 147.018997][ T3894] ret_from_fork+0x66/0x80 [ 147.023590][ T3894] ? kthread_blkcg+0x120/0x120 [ 147.028563][ T3894] ret_from_fork_asm+0x11/0x20 [ 147.033563][ T3894] [ 147.037114][ T3894] Kernel Offset: disabled [ 147.041502][ T3894] Rebooting in 86400 seconds..