./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor328496723 <...> Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts. execve("./syz-executor328496723", ["./syz-executor328496723"], 0x7fffcee699c0 /* 10 vars */) = 0 brk(NULL) = 0x555555d85000 brk(0x555555d85c40) = 0x555555d85c40 arch_prctl(ARCH_SET_FS, 0x555555d85300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor328496723", 4096) = 27 brk(0x555555da6c40) = 0x555555da6c40 brk(0x555555da7000) = 0x555555da7000 mprotect(0x7f96a3bc7000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d855d0) = 4984 ./strace-static-x86_64: Process 4984 attached [pid 4984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4984] setpgid(0, 0) = 0 [pid 4984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4984] write(3, "1000", 4) = 4 [pid 4984] close(3) = 0 [pid 4984] ioctl(-1, AUTOFS_DEV_IOCTL_FAIL, 0x200000c0) = -1 EBADF (Bad file descriptor) [pid 4984] io_setup(8, [0x7f96a3b12000]) = 0 [pid 4984] openat(AT_FDCWD, "/dev/qrtr-tun", O_RDWR|O_SYNC) = 3 [ 147.424122][ T4984] ===================================================== [ 147.431315][ T4984] BUG: KMSAN: uninit-value in qrtr_tx_resume+0x185/0x1f0 [ 147.438628][ T4984] qrtr_tx_resume+0x185/0x1f0 [ 147.443552][ T4984] qrtr_endpoint_post+0xf85/0x11b0 [ 147.448841][ T4984] qrtr_tun_write_iter+0x270/0x400 [ 147.454524][ T4984] aio_write+0x63a/0x950 [ 147.458939][ T4984] io_submit_one+0x1d1c/0x3bf0 [ 147.463987][ T4984] __se_sys_io_submit+0x293/0x770 [ 147.469187][ T4984] __x64_sys_io_submit+0x92/0xd0 [ 147.474385][ T4984] do_syscall_64+0x3d/0xb0 [ 147.478930][ T4984] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 147.485136][ T4984] [ 147.487525][ T4984] Uninit was created at: [ 147.491910][ T4984] __kmem_cache_alloc_node+0x71f/0xce0 [ 147.497880][ T4984] __kmalloc_node_track_caller+0x114/0x3b0 [ 147.503946][ T4984] __alloc_skb+0x3af/0x8f0 [ 147.508557][ T4984] __netdev_alloc_skb+0x120/0x7d0 [ 147.514004][ T4984] qrtr_endpoint_post+0xbd/0x11b0 [ 147.519172][ T4984] qrtr_tun_write_iter+0x270/0x400 [ 147.524661][ T4984] aio_write+0x63a/0x950 [ 147.529065][ T4984] io_submit_one+0x1d1c/0x3bf0 [ 147.534161][ T4984] __se_sys_io_submit+0x293/0x770 [ 147.539377][ T4984] __x64_sys_io_submit+0x92/0xd0 [ 147.544799][ T4984] do_syscall_64+0x3d/0xb0 [ 147.549453][ T4984] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 147.555581][ T4984] [ 147.557969][ T4984] CPU: 0 PID: 4984 Comm: syz-executor328 Not tainted 6.2.0-rc5-syzkaller-80200-g41c66f470616 #0 [ 147.568591][ T4984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 147.579110][ T4984] ===================================================== [ 147.586322][ T4984] Disabling lock debugging due to kernel taint [ 147.592561][ T4984] Kernel panic - not syncing: kmsan.panic set ... [ 147.599168][ T4984] CPU: 0 PID: 4984 Comm: syz-executor328 Tainted: G B 6.2.0-rc5-syzkaller-80200-g41c66f470616 #0 [ 147.611626][ T4984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 147.623384][ T4984] Call Trace: [ 147.626843][ T4984] [ 147.630089][ T4984] dump_stack_lvl+0x1c8/0x260 [ 147.635343][ T4984] dump_stack+0x1a/0x20 [ 147.639653][ T4984] panic+0x4d3/0xc70 [ 147.643759][ T4984] ? add_taint+0x104/0x1a0 [ 147.648694][ T4984] kmsan_report+0x2cc/0x2d0 [ 147.653366][ T4984] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 147.659351][ T4984] ? __msan_warning+0x92/0x110 [ 147.664255][ T4984] ? qrtr_tx_resume+0x185/0x1f0 [ 147.669212][ T4984] ? qrtr_endpoint_post+0xf85/0x11b0 [ 147.674816][ T4984] ? qrtr_tun_write_iter+0x270/0x400 [ 147.680317][ T4984] ? aio_write+0x63a/0x950 [ 147.685046][ T4984] ? io_submit_one+0x1d1c/0x3bf0 [ 147.690170][ T4984] ? __se_sys_io_submit+0x293/0x770 [ 147.695772][ T4984] ? __x64_sys_io_submit+0x92/0xd0 [ 147.701250][ T4984] ? do_syscall_64+0x3d/0xb0 [ 147.706020][ T4984] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 147.712394][ T4984] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 147.718708][ T4984] ? preempt_count_sub+0x7d/0x280 [ 147.724371][ T4984] ? _raw_spin_unlock_irqrestore+0x34/0x50 [ 147.730429][ T4984] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 147.736848][ T4984] __msan_warning+0x92/0x110 [ 147.741707][ T4984] qrtr_tx_resume+0x185/0x1f0 [ 147.746691][ T4984] qrtr_endpoint_post+0xf85/0x11b0 [ 147.751985][ T4984] qrtr_tun_write_iter+0x270/0x400 [ 147.757331][ T4984] ? qrtr_tun_read_iter+0x6f0/0x6f0 [ 147.762885][ T4984] aio_write+0x63a/0x950 [ 147.767352][ T4984] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 147.773353][ T4984] io_submit_one+0x1d1c/0x3bf0 [ 147.778389][ T4984] ? preempt_count_sub+0x7d/0x280 [ 147.783780][ T4984] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 147.789842][ T4984] __se_sys_io_submit+0x293/0x770 [ 147.795205][ T4984] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 147.801474][ T4984] __x64_sys_io_submit+0x92/0xd0 [ 147.806613][ T4984] do_syscall_64+0x3d/0xb0 [ 147.811160][ T4984] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 147.817383][ T4984] RIP: 0033:0x7f96a3b5ae29 [ 147.821914][ T4984] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 147.841863][ T4984] RSP: 002b:00007ffdf60bdbe8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 147.850471][ T4984] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f96a3b5ae29 [ 147.859355][ T4984] RDX: 0000000020000180 RSI: 0000000000000001 RDI: 00007f96a3b12000 [ 147.867484][ T4984] RBP: 0000000000000000 R08: 00007ffdf60bdd88 R09: 00007ffdf60bdd88 [ 147.876218][ T4984] R10: 00007ffdf60bdd88 R11: 0000000000000246 R12: 00007f96a3b1e6b0 [ 147.884783][ T4984] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 147.892933][ T4984] [ 147.896423][ T4984] Kernel Offset: disabled [ 147.900853][ T4984] Rebooting in 86400 seconds..