./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3506600308 <...> syzkaller login: [ 100.253560][ T123] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.243' (ECDSA) to the list of known hosts. execve("./syz-executor3506600308", ["./syz-executor3506600308"], 0x7ffc2f9eb3d0 /* 10 vars */) = 0 brk(NULL) = 0x555555670000 brk(0x555555670c40) = 0x555555670c40 arch_prctl(ARCH_SET_FS, 0x555555670300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3506600308", 4096) = 28 brk(0x555555691c40) = 0x555555691c40 brk(0x555555692000) = 0x555555692000 mprotect(0x7f65a2fb5000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556705d0) = 3484 ./strace-static-x86_64: Process 3484 attached [pid 3484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3484] setpgid(0, 0) = 0 [pid 3484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3484] write(3, "1000", 4) = 4 [pid 3484] close(3) = 0 [pid 3484] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 3484] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x1c\x00\x00\x00\x4a\x00\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=28}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 28 [pid 3484] sendto(3, [{nlmsg_len=32, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_AX25, ifi_type=ARPHRD_NETROM, ifi_index=131083, ifi_flags=IFF_BROADCAST|IFF_NOTRAILERS|IFF_RUNNING|IFF_PROMISC|IFF_PORTSEL|IFF_AUTOMEDIA|IFF_ECHO|0x61700000, ifi_change=0x7664}], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [ 104.978090][ T3484] ===================================================== [ 104.985450][ T3484] BUG: KMSAN: kernel-infoleak in copyout+0xbc/0x100 [ 104.992240][ T3484] copyout+0xbc/0x100 [ 104.996315][ T3484] _copy_to_iter+0x5ce/0x1fe0 [ 105.001068][ T3484] simple_copy_to_iter+0x64/0xa0 [ 105.006190][ T3484] __skb_datagram_iter+0x123/0xdc0 [ 105.011426][ T3484] skb_copy_datagram_iter+0x53/0x1d0 [ 105.016959][ T3484] netlink_recvmsg+0x4d1/0x1720 [ 105.021990][ T3484] __sys_recvfrom+0x5b8/0x850 [ 105.026844][ T3484] __x64_sys_recvfrom+0x122/0x1c0 [ 105.032059][ T3484] do_syscall_64+0x3d/0xb0 [ 105.036586][ T3484] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 105.042664][ T3484] [ 105.045030][ T3484] Uninit was created at: [ 105.049365][ T3484] __kmalloc_node_track_caller+0x814/0x1250 [ 105.055397][ T3484] __alloc_skb+0x346/0xcf0 [ 105.059940][ T3484] netlink_dump+0x2da/0x1400 [ 105.064670][ T3484] __netlink_dump_start+0xa91/0xc60 [ 105.069988][ T3484] rtnetlink_rcv_msg+0x13c0/0x1860 [ 105.075299][ T3484] netlink_rcv_skb+0x3a5/0x6c0 [ 105.080160][ T3484] rtnetlink_rcv+0x30/0x40 [ 105.084784][ T3484] netlink_unicast+0xf3b/0x1270 [ 105.089778][ T3484] netlink_sendmsg+0x1288/0x1440 [ 105.094884][ T3484] ____sys_sendmsg+0xabc/0xe90 [ 105.099803][ T3484] ___sys_sendmsg+0x2a1/0x3f0 [ 105.104690][ T3484] __x64_sys_sendmsg+0x367/0x540 [ 105.109772][ T3484] do_syscall_64+0x3d/0xb0 [ 105.114350][ T3484] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 105.120381][ T3484] [ 105.122852][ T3484] Byte 17 of 560 is uninitialized [ 105.127947][ T3484] Memory access of size 560 starts at ffff88810e6e6000 [ 105.134986][ T3484] Data copied to user address 00007fff2e011610 [ 105.141190][ T3484] [ 105.143678][ T3484] CPU: 0 PID: 3484 Comm: syz-executor350 Not tainted 6.0.0-rc2-syzkaller-47461-gac3859c02d7f #0 [ 105.154269][ T3484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 105.164478][ T3484] ===================================================== [ 105.171478][ T3484] Disabling lock debugging due to kernel taint [ 105.177754][ T3484] Kernel panic - not syncing: kmsan.panic set ... [ 105.184246][ T3484] CPU: 0 PID: 3484 Comm: syz-executor350 Tainted: G B 6.0.0-rc2-syzkaller-47461-gac3859c02d7f #0 [ 105.196260][ T3484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 105.206386][ T3484] Call Trace: [ 105.209710][ T3484] [ 105.212690][ T3484] dump_stack_lvl+0x1c8/0x256 [ 105.217511][ T3484] dump_stack+0x1a/0x1c [ 105.221802][ T3484] panic+0x4d3/0xc69 [ 105.225847][ T3484] kmsan_report+0x2cc/0x2d0 [ 105.230449][ T3484] ? kmsan_internal_check_memory+0x1aa/0x530 [ 105.236559][ T3484] ? kmsan_copy_to_user+0xcf/0xe0 [ 105.241659][ T3484] ? copyout+0xbc/0x100 [ 105.245896][ T3484] ? _copy_to_iter+0x5ce/0x1fe0 [ 105.250846][ T3484] ? simple_copy_to_iter+0x64/0xa0 [ 105.256043][ T3484] ? __skb_datagram_iter+0x123/0xdc0 [ 105.261454][ T3484] ? skb_copy_datagram_iter+0x53/0x1d0 [ 105.267040][ T3484] ? netlink_recvmsg+0x4d1/0x1720 [ 105.272179][ T3484] ? __sys_recvfrom+0x5b8/0x850 [ 105.277157][ T3484] ? __x64_sys_recvfrom+0x122/0x1c0 [ 105.282437][ T3484] ? do_syscall_64+0x3d/0xb0 [ 105.287098][ T3484] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 105.293303][ T3484] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 105.299205][ T3484] ? rb_insert_color+0x548/0xfd0 [ 105.304249][ T3484] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 105.310195][ T3484] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 105.316089][ T3484] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 105.321991][ T3484] kmsan_internal_check_memory+0x1aa/0x530 [ 105.327925][ T3484] kmsan_copy_to_user+0xcf/0xe0 [ 105.332899][ T3484] ? should_fail_usercopy+0x2a/0x30 [ 105.338186][ T3484] copyout+0xbc/0x100 [ 105.342236][ T3484] _copy_to_iter+0x5ce/0x1fe0 [ 105.346992][ T3484] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 105.352944][ T3484] simple_copy_to_iter+0x64/0xa0 [ 105.357976][ T3484] __skb_datagram_iter+0x123/0xdc0 [ 105.363223][ T3484] ? sock_load_diag_module+0x250/0x250 [ 105.368826][ T3484] ? skb_copy_datagram_iter+0x1d0/0x1d0 [ 105.374527][ T3484] skb_copy_datagram_iter+0x53/0x1d0 [ 105.379972][ T3484] netlink_recvmsg+0x4d1/0x1720 [ 105.384938][ T3484] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 105.390849][ T3484] ? netlink_sendmsg+0x1440/0x1440 [ 105.396065][ T3484] __sys_recvfrom+0x5b8/0x850 [ 105.400853][ T3484] ? preempt_count_sub+0x7d/0x280 [ 105.405999][ T3484] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 105.411957][ T3484] __x64_sys_recvfrom+0x122/0x1c0 [ 105.417136][ T3484] do_syscall_64+0x3d/0xb0 [ 105.421654][ T3484] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 105.427680][ T3484] RIP: 0033:0x7f65a2f0a70c [ 105.432186][ T3484] Code: 89 02 b8 ff ff ff ff eb b8 0f 1f 44 00 00 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 19 45 31 c9 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 64 c3 0f 1f 00 55 48 83 ec 20 48 89 54 24 10 [ 105.451939][ T3484] RSP: 002b:00007fff2e011598 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 105.460453][ T3484] RAX: ffffffffffffffda RBX: 00007fff2e011624 RCX: 00007f65a2f0a70c [ 105.468487][ T3484] RDX: 0000000000001000 RSI: 00007fff2e011610 RDI: 0000000000000003 [ 105.476529][ T3484] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 105.484576][ T3484] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff2e011610 [ 105.492615][ T3484] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 105.500702][ T3484] [ 105.503955][ T3484] Kernel Offset: disabled [ 105.508325][ T3484] Rebooting in 86400 seconds..