./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor367784629 <...> Warning: Permanently added '10.128.0.213' (ED25519) to the list of known hosts. execve("./syz-executor367784629", ["./syz-executor367784629"], 0x7ffd4161e190 /* 10 vars */) = 0 brk(NULL) = 0x555560645000 brk(0x555560645d00) = 0x555560645d00 arch_prctl(ARCH_SET_FS, 0x555560645380) = 0 set_tid_address(0x555560645650) = 5052 set_robust_list(0x555560645660, 24) = 0 rseq(0x555560645ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor367784629", 4096) = 27 getrandom("\xe5\x8a\x30\xfe\x9b\x3f\x77\xd9", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555560645d00 brk(0x555560666d00) = 0x555560666d00 brk(0x555560667000) = 0x555560667000 mprotect(0x7f8eee285000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555560645650) = 5053 ./strace-static-x86_64: Process 5053 attached [pid 5053] set_robust_list(0x555560645660, 24) = 0 [pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5053] setpgid(0, 0) = 0 [pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 5053] write(3, "1000", 4) = 4 [pid 5053] close(3) = 0 [pid 5053] write(1, "executing program\n", 18) = 18 [pid 5053] io_uring_setup(22072, {flags=IORING_SETUP_SUBMIT_ALL|IORING_SETUP_COOP_TASKRUN|0x13000, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|IORING_FEAT_LINKED_FILE|0x6000, sq_off={head=0, tail=4, ring_mask=16, ring_entries=24, flags=36, dropped=32, array=0}, cq_off={head=8, tail=12, ring_mask=20, ring_entries=28, overflow=44, cqes=64, flags=40}}) = 3 [pid 5053] mmap(NULL, 1048640, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_POPULATE, 3, 0) = 0x7f8eee0d1000 [pid 5053] mmap(NULL, 2097152, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_POPULATE, 3, 0x10000000) = 0x7f8eeded1000 [ 162.229254][ T5053] ===================================================== [ 162.236851][ T5053] BUG: KMSAN: uninit-value in io_req_task_work_add_remote+0x588/0x5d0 [ 162.247159][ T5053] io_req_task_work_add_remote+0x588/0x5d0 [ 162.253170][ T5053] io_msg_ring+0x1c38/0x1ef0 [ 162.258064][ T5053] io_issue_sqe+0x383/0x22c0 [ 162.262833][ T5053] io_submit_sqes+0x1259/0x2f20 [ 162.267914][ T5053] __se_sys_io_uring_enter+0x40c/0x3ca0 [ 162.274027][ T5053] __x64_sys_io_uring_enter+0x11f/0x1a0 [ 162.279708][ T5053] x64_sys_call+0x2d82/0x3c10 [ 162.284695][ T5053] do_syscall_64+0xcd/0x1e0 [ 162.289386][ T5053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.295584][ T5053] [ 162.297986][ T5053] Uninit was created at: [ 162.302405][ T5053] __alloc_pages_noprof+0x9d6/0xe70 [ 162.307873][ T5053] allocate_slab+0x203/0x1220 [ 162.312737][ T5053] ___slab_alloc+0x12ef/0x35e0 [ 162.317726][ T5053] kmem_cache_alloc_bulk_noprof+0x486/0x1330 [ 162.324004][ T5053] __io_alloc_req_refill+0x84/0x560 [ 162.329328][ T5053] io_submit_sqes+0x171b/0x2f20 [ 162.334385][ T5053] __se_sys_io_uring_enter+0x40c/0x3ca0 [ 162.340102][ T5053] __x64_sys_io_uring_enter+0x11f/0x1a0 [ 162.345905][ T5053] x64_sys_call+0x2d82/0x3c10 [ 162.350781][ T5053] do_syscall_64+0xcd/0x1e0 [ 162.355549][ T5053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.361663][ T5053] [ 162.364246][ T5053] CPU: 1 UID: 0 PID: 5053 Comm: syz-executor367 Not tainted 6.10.0-syzkaller-11840-g933069701c1b #0 [ 162.375256][ T5053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 162.385568][ T5053] ===================================================== [ 162.392588][ T5053] Disabling lock debugging due to kernel taint [ 162.398917][ T5053] Kernel panic - not syncing: kmsan.panic set ... [ 162.405451][ T5053] CPU: 1 UID: 0 PID: 5053 Comm: syz-executor367 Tainted: G B 6.10.0-syzkaller-11840-g933069701c1b #0 [ 162.417858][ T5053] Tainted: [B]=BAD_PAGE [ 162.422101][ T5053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 162.432261][ T5053] Call Trace: [ 162.435602][ T5053] [ 162.438589][ T5053] dump_stack_lvl+0x216/0x2d0 [ 162.443483][ T5053] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 162.449482][ T5053] dump_stack+0x1e/0x30 [ 162.453753][ T5053] panic+0x4e2/0xcd0 [ 162.457746][ T5053] ? kmsan_get_metadata+0xf1/0x1c0 [ 162.463015][ T5053] kmsan_report+0x2c7/0x2d0 [ 162.467718][ T5053] ? __msan_warning+0x95/0x120 [ 162.472602][ T5053] ? io_req_task_work_add_remote+0x588/0x5d0 [ 162.478793][ T5053] ? io_msg_ring+0x1c38/0x1ef0 [ 162.483710][ T5053] ? io_issue_sqe+0x383/0x22c0 [ 162.489176][ T5053] ? io_submit_sqes+0x1259/0x2f20 [ 162.494319][ T5053] ? __se_sys_io_uring_enter+0x40c/0x3ca0 [ 162.500150][ T5053] ? __x64_sys_io_uring_enter+0x11f/0x1a0 [ 162.505984][ T5053] ? x64_sys_call+0x2d82/0x3c10 [ 162.511217][ T5053] ? do_syscall_64+0xcd/0x1e0 [ 162.516016][ T5053] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.522650][ T5053] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.528851][ T5053] ? kmsan_get_metadata+0x13e/0x1c0 [ 162.534181][ T5053] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 162.540665][ T5053] ? kmsan_get_metadata+0x13e/0x1c0 [ 162.546028][ T5053] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 162.552004][ T5053] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 162.557946][ T5053] ? kmsan_get_metadata+0x13e/0x1c0 [ 162.563306][ T5053] ? kmsan_get_metadata+0x13e/0x1c0 [ 162.568647][ T5053] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 162.575100][ T5053] ? kmsan_get_metadata+0x13e/0x1c0 [ 162.580432][ T5053] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 162.586389][ T5053] __msan_warning+0x95/0x120 [ 162.591132][ T5053] io_req_task_work_add_remote+0x588/0x5d0 [ 162.597078][ T5053] io_msg_ring+0x1c38/0x1ef0 [ 162.601794][ T5053] ? __pfx_io_msg_ring+0x10/0x10 [ 162.606844][ T5053] io_issue_sqe+0x383/0x22c0 [ 162.611546][ T5053] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 162.617510][ T5053] io_submit_sqes+0x1259/0x2f20 [ 162.622514][ T5053] __se_sys_io_uring_enter+0x40c/0x3ca0 [ 162.628198][ T5053] ? kmsan_get_metadata+0x13e/0x1c0 [ 162.633525][ T5053] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 162.639548][ T5053] ? _raw_spin_unlock_irq+0x31/0x50 [ 162.644891][ T5053] __x64_sys_io_uring_enter+0x11f/0x1a0 [ 162.650567][ T5053] x64_sys_call+0x2d82/0x3c10 [ 162.655397][ T5053] do_syscall_64+0xcd/0x1e0 [ 162.660160][ T5053] ? clear_bhb_loop+0x25/0x80 [ 162.665012][ T5053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.671129][ T5053] RIP: 0033:0x7f8eee212b79 [ 162.675632][ T5053] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 162.695888][ T5053] RSP: 002b:00007ffdf4232308 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 162.704615][ T5053] RAX: ffffffffffffffda RBX: 0000000000005638 RCX: 00007f8eee212b79 [ 162.712686][ T5053] RDX: 0000000000000000 RSI: 0000000000000054 RDI: 0000000000000003 [ 162.720748][ T5053] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 162.728803][ T5053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.736859][ T5053] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 162.744962][ T5053] [ 162.748216][ T5053] Kernel Offset: disabled [ 162.752624][ T5053] Rebooting in 86400 seconds..