./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1782386662 <...> no interfaces have a carrier [ 115.405381][ T4587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.443884][ T4587] eql: remember to turn off Van-Jacobson compression on your slave devices [ 115.676866][ T25] cfg80211: failed to load regulatory.db Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.177' (ECDSA) to the list of known hosts. execve("./syz-executor1782386662", ["./syz-executor1782386662"], 0x7ffcfd697110 /* 10 vars */) = 0 brk(NULL) = 0x555555d3d000 brk(0x555555d3dc40) = 0x555555d3dc40 arch_prctl(ARCH_SET_FS, 0x555555d3d300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1782386662", 4096) = 28 brk(0x555555d5ec40) = 0x555555d5ec40 brk(0x555555d5f000) = 0x555555d5f000 mprotect(0x7fdf98038000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d3d5d0) = 5039 ./strace-static-x86_64: Process 5039 attached [pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5039] setpgid(0, 0) = 0 [pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5039] write(3, "1000", 4) = 4 [pid 5039] close(3) = 0 [pid 5039] openat(AT_FDCWD, "/dev/iommu", O_RDONLY) = 3 [pid 5039] ioctl(3, _IOC(_IOC_NONE, 0x3b, 0x81, 0), 0x20000040) = 0 [pid 5039] ioctl(3, _IOC(_IOC_NONE, 0x3b, 0x88, 0), 0x20000080) = 0 syzkaller login: [ 159.572150][ T5039] ===================================================== [ 159.579414][ T5039] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x1c5/0x270 [ 159.586960][ T5039] _copy_to_user+0x1c5/0x270 [ 159.591912][ T5039] iommufd_vfio_ioctl+0x1e57/0x2330 [ 159.597304][ T5039] iommufd_fops_ioctl+0x254/0xb10 [ 159.602776][ T5039] __se_sys_ioctl+0x2dd/0x4b0 [ 159.607656][ T5039] __x64_sys_ioctl+0xdc/0x120 [ 159.612575][ T5039] do_syscall_64+0x41/0xc0 [ 159.617200][ T5039] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 159.623533][ T5039] [ 159.625961][ T5039] Local variable info.i created at: [ 159.631245][ T5039] iommufd_vfio_ioctl+0x423/0x2330 [ 159.636575][ T5039] iommufd_fops_ioctl+0x254/0xb10 [ 159.641944][ T5039] [ 159.644359][ T5039] Bytes 20-23 of 24 are uninitialized [ 159.649846][ T5039] Memory access of size 24 starts at ffff88810ed3bcb0 [ 159.657009][ T5039] Data copied to user address 0000000020000100 [ 159.663382][ T5039] [ 159.665804][ T5039] CPU: 0 PID: 5039 Comm: syz-executor178 Not tainted 6.2.0-rc8-syzkaller-80994-gda13c00eebfb #0 [ 159.676523][ T5039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 159.686921][ T5039] ===================================================== [ 159.694073][ T5039] Disabling lock debugging due to kernel taint [ 159.700356][ T5039] Kernel panic - not syncing: kmsan.panic set ... [ 159.706905][ T5039] CPU: 0 PID: 5039 Comm: syz-executor178 Tainted: G B 6.2.0-rc8-syzkaller-80994-gda13c00eebfb #0 [ 159.718992][ T5039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 159.729174][ T5039] Call Trace: [ 159.732548][ T5039] [ 159.735574][ T5039] dump_stack_lvl+0x200/0x290 [ 159.740445][ T5039] dump_stack+0x29/0x30 [ 159.744804][ T5039] panic+0x4fd/0xc70 [ 159.748867][ T5039] ? add_taint+0x185/0x210 [ 159.753421][ T5039] kmsan_report+0x2d0/0x2d0 [ 159.758141][ T5039] ? kmsan_internal_check_memory+0x476/0x530 [ 159.764354][ T5039] ? kmsan_copy_to_user+0xd3/0xf0 [ 159.769583][ T5039] ? _copy_to_user+0x1c5/0x270 [ 159.774439][ T5039] ? iommufd_vfio_ioctl+0x1e57/0x2330 [ 159.779958][ T5039] ? iommufd_fops_ioctl+0x254/0xb10 [ 159.785338][ T5039] ? __se_sys_ioctl+0x2dd/0x4b0 [ 159.790379][ T5039] ? __x64_sys_ioctl+0xdc/0x120 [ 159.795425][ T5039] ? do_syscall_64+0x41/0xc0 [ 159.800141][ T5039] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 159.806361][ T5039] ? tomoyo_supervisor+0x26d3/0x2720 [ 159.811805][ T5039] ? kfree+0x1fe/0x4f0 [ 159.816059][ T5039] ? tomoyo_supervisor+0x26d3/0x2720 [ 159.821640][ T5039] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 159.827617][ T5039] ? preempt_count_sub+0xfc/0x330 [ 159.832876][ T5039] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 159.838911][ T5039] kmsan_internal_check_memory+0x476/0x530 [ 159.844885][ T5039] kmsan_copy_to_user+0xd3/0xf0 [ 159.849884][ T5039] ? should_fail_usercopy+0x3d/0x40 [ 159.855326][ T5039] _copy_to_user+0x1c5/0x270 [ 159.860094][ T5039] iommufd_vfio_ioctl+0x1e57/0x2330 [ 159.865475][ T5039] ? __se_sys_ioctl+0x2dd/0x4b0 [ 159.870557][ T5039] iommufd_fops_ioctl+0x254/0xb10 [ 159.875785][ T5039] ? iommufd_ctx_put+0x70/0x70 [ 159.880781][ T5039] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 159.886827][ T5039] ? iommufd_ctx_put+0x70/0x70 [ 159.891833][ T5039] __se_sys_ioctl+0x2dd/0x4b0 [ 159.896741][ T5039] __x64_sys_ioctl+0xdc/0x120 [ 159.901597][ T5039] do_syscall_64+0x41/0xc0 [ 159.906178][ T5039] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 159.912336][ T5039] RIP: 0033:0x7fdf97fcbda9 [ 159.916862][ T5039] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 159.936631][ T5039] RSP: 002b:00007ffd4425fb08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 159.945234][ T5039] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdf97fcbda9 [ 159.953309][ T5039] RDX: 0000000020000100 RSI: 0000000000003b70 RDI: 0000000000000003 [ 159.961387][ T5039] RBP: 0000000000000000 R08: 00007ffd4425fca8 R09: 00007ffd4425fca8 [ 159.969526][ T5039] R10: 00007ffd4425fca8 R11: 0000000000000246 R12: 00007fdf97f8f630 [ 159.977646][ T5039] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 159.985733][ T5039] [ 159.989128][ T5039] Kernel Offset: disabled [ 159.993531][ T5039] Rebooting in 86400 seconds..