./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2752964754 <...> Warning: Permanently added '10.128.1.86' (ECDSA) to the list of known hosts. execve("./syz-executor2752964754", ["./syz-executor2752964754"], 0x7ffedc1756d0 /* 10 vars */) = 0 brk(NULL) = 0x555555c15000 brk(0x555555c15c40) = 0x555555c15c40 arch_prctl(ARCH_SET_FS, 0x555555c15300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2752964754", 4096) = 28 brk(0x555555c36c40) = 0x555555c36c40 brk(0x555555c37000) = 0x555555c37000 mprotect(0x7fb22dd8f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c155d0) = 4955 ./strace-static-x86_64: Process 4955 attached [pid 4955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4955] setpgid(0, 0) = 0 [pid 4955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4955] write(3, "1000", 4) = 4 [pid 4955] close(3) = 0 [pid 4955] openat(AT_FDCWD, "/dev/dri/card1", O_RDONLY) = 3 [pid 4955] ioctl(3, DRM_IOCTL_MODE_GETRESOURCES, 0x20000180) = 0 [pid 4955] openat(AT_FDCWD, "/dev/dri/card1", O_RDONLY) = 4 [pid 4955] ioctl(4, DRM_IOCTL_MODE_GETRESOURCES, 0x20000180) = 0 [pid 4955] ioctl(4, DRM_IOCTL_MODE_GETCRTC, 0x20000340) = 0 [ 150.597071][ T4955] ===================================================== [ 150.604421][ T4955] BUG: KMSAN: uninit-value in drm_mode_setcrtc+0x1ad3/0x24a0 [ 150.611969][ T4955] drm_mode_setcrtc+0x1ad3/0x24a0 [ 150.617370][ T4955] drm_ioctl_kernel+0x5ae/0x730 [ 150.622400][ T4955] drm_ioctl+0xd12/0x1590 [ 150.627020][ T4955] __se_sys_ioctl+0x222/0x400 [ 150.631853][ T4955] __x64_sys_ioctl+0x96/0xe0 [ 150.636626][ T4955] do_syscall_64+0x41/0xc0 [ 150.641211][ T4955] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 150.647281][ T4955] [ 150.649660][ T4955] Uninit was created at: [ 150.654139][ T4955] slab_post_alloc_hook+0x12d/0xb60 [ 150.659481][ T4955] __kmem_cache_alloc_node+0x4ff/0x8b0 [ 150.665219][ T4955] __kmalloc+0x121/0x3c0 [ 150.669588][ T4955] drm_mode_setcrtc+0x1dba/0x24a0 [ 150.674810][ T4955] drm_ioctl_kernel+0x5ae/0x730 [ 150.679829][ T4955] drm_ioctl+0xd12/0x1590 [ 150.684444][ T4955] __se_sys_ioctl+0x222/0x400 [ 150.689295][ T4955] __x64_sys_ioctl+0x96/0xe0 [ 150.694163][ T4955] do_syscall_64+0x41/0xc0 [ 150.698769][ T4955] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 150.704841][ T4955] [ 150.707223][ T4955] CPU: 1 PID: 4955 Comm: syz-executor275 Not tainted 6.4.0-rc4-syzkaller-g2741f1b02117 #0 [ 150.717277][ T4955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 150.727503][ T4955] ===================================================== [ 150.734578][ T4955] Disabling lock debugging due to kernel taint [ 150.740796][ T4955] Kernel panic - not syncing: kmsan.panic set ... [ 150.747275][ T4955] CPU: 1 PID: 4955 Comm: syz-executor275 Tainted: G B 6.4.0-rc4-syzkaller-g2741f1b02117 #0 [ 150.758794][ T4955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 150.768962][ T4955] Call Trace: [ 150.772327][ T4955] [ 150.775323][ T4955] dump_stack_lvl+0x1bf/0x240 [ 150.780125][ T4955] dump_stack+0x1e/0x20 [ 150.784434][ T4955] panic+0x4d5/0xc70 [ 150.788501][ T4955] ? add_taint+0x108/0x1a0 [ 150.793002][ T4955] kmsan_report+0x2d0/0x2d0 [ 150.797669][ T4955] ? __msan_warning+0x96/0x110 [ 150.802585][ T4955] ? drm_mode_setcrtc+0x1ad3/0x24a0 [ 150.807905][ T4955] ? drm_ioctl_kernel+0x5ae/0x730 [ 150.813053][ T4955] ? drm_ioctl+0xd12/0x1590 [ 150.817700][ T4955] ? __se_sys_ioctl+0x222/0x400 [ 150.822678][ T4955] ? __x64_sys_ioctl+0x96/0xe0 [ 150.827600][ T4955] ? do_syscall_64+0x41/0xc0 [ 150.832359][ T4955] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 150.838592][ T4955] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 150.844524][ T4955] ? ___drm_dbg+0x11c/0x2b0 [ 150.849128][ T4955] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 150.855531][ T4955] ? drm_fb_release+0x860/0x860 [ 150.860540][ T4955] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 150.866740][ T4955] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 150.872738][ T4955] __msan_warning+0x96/0x110 [ 150.877474][ T4955] drm_mode_setcrtc+0x1ad3/0x24a0 [ 150.882682][ T4955] ? drm_crtc_check_viewport+0x2b0/0x2b0 [ 150.888484][ T4955] drm_ioctl_kernel+0x5ae/0x730 [ 150.893465][ T4955] ? drm_crtc_check_viewport+0x2b0/0x2b0 [ 150.899302][ T4955] drm_ioctl+0xd12/0x1590 [ 150.903817][ T4955] ? drm_crtc_check_viewport+0x2b0/0x2b0 [ 150.909660][ T4955] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 150.915648][ T4955] ? drm_ioctl_kernel+0x730/0x730 [ 150.920802][ T4955] __se_sys_ioctl+0x222/0x400 [ 150.925643][ T4955] __x64_sys_ioctl+0x96/0xe0 [ 150.930713][ T4955] do_syscall_64+0x41/0xc0 [ 150.935271][ T4955] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 150.941263][ T4955] RIP: 0033:0x7fb22dd22609 [ 150.945811][ T4955] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 150.965593][ T4955] RSP: 002b:00007fff7021e218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 150.974118][ T4955] RAX: ffffffffffffffda RBX: 00007fb22dd66062 RCX: 00007fb22dd22609 [ 150.982190][ T4955] RDX: 0000000020000280 RSI: 00000000c06864a2 RDI: 0000000000000003 [ 150.990297][ T4955] RBP: 0000000000000000 R08: 00007fff7021e3b8 R09: 00007fff7021e3b8 [ 150.998376][ T4955] R10: 00007fff7021e3b8 R11: 0000000000000246 R12: 00007fb22dce1920 [ 151.006412][ T4955] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 151.014494][ T4955] [ 151.017774][ T4955] Kernel Offset: disabled [ 151.022151][ T4955] Rebooting in 86400 seconds..