./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor851585484 <...> Warning: Permanently added '10.128.1.92' (ECDSA) to the list of known hosts. execve("./syz-executor851585484", ["./syz-executor851585484"], 0x7ffed9512500 /* 10 vars */) = 0 brk(NULL) = 0x555555c57000 brk(0x555555c57c40) = 0x555555c57c40 arch_prctl(ARCH_SET_FS, 0x555555c57300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor851585484", 4096) = 27 brk(0x555555c78c40) = 0x555555c78c40 brk(0x555555c79000) = 0x555555c79000 mprotect(0x7f5d161f3000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c575d0) = 3489 ./strace-static-x86_64: Process 3489 attached [pid 3489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3489] setpgid(0, 0) = 0 [pid 3489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3489] write(3, "1000", 4) = 4 [pid 3489] close(3) = 0 [pid 3489] openat(AT_FDCWD, "/dev/vmci", O_RDWR) = 3 [pid 3489] ioctl(3, IOCTL_VMCI_VERSION2, 0x20000080) = 720896 [pid 3489] ioctl(3, IOCTL_VMCI_INIT_CONTEXT, 0x20000000) = 0 [pid 3489] ioctl(3, IOCTL_VMCI_QUEUEPAIR_ALLOC, 0x20000640) = 0 [pid 3489] ioctl(3, IOCTL_VMCI_QUEUEPAIR_SETVA, 0x200000c0) = 0 [pid 3489] openat(AT_FDCWD, "/dev/vmci", O_RDWR) = 4 [pid 3489] ioctl(4, IOCTL_VMCI_VERSION2, 0x20000080) = 720896 [pid 3489] ioctl(4, IOCTL_VMCI_INIT_CONTEXT, 0x20000000) = 0 [pid 3489] ioctl(4, IOCTL_VMCI_QUEUEPAIR_ALLOC, 0x20000640) = 0 [ 116.333921][ T3489] ===================================================== [ 116.341103][ T3489] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 [ 116.348543][ T3489] _copy_to_user+0xbc/0x100 [ 116.353317][ T3489] vmci_host_unlocked_ioctl+0x1cd3/0x5480 [ 116.359161][ T3489] __se_sys_ioctl+0x222/0x400 [ 116.364072][ T3489] __x64_sys_ioctl+0x92/0xd0 [ 116.368807][ T3489] do_syscall_64+0x3d/0xb0 [ 116.373408][ T3489] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 116.379491][ T3489] [ 116.382045][ T3489] Uninit was stored to memory at: [ 116.387312][ T3489] kmemdup+0x89/0xd0 [ 116.391594][ T3489] vmci_datagram_dispatch+0x4ee/0x13f0 [ 116.397280][ T3489] qp_notify_peer+0x1fe/0x310 [ 116.402142][ T3489] qp_broker_alloc+0x3370/0x3850 [ 116.407176][ T3489] vmci_qp_broker_alloc+0xdf/0x120 [ 116.412508][ T3489] vmci_host_unlocked_ioctl+0x3305/0x5480 [ 116.418375][ T3489] __se_sys_ioctl+0x222/0x400 [ 116.423274][ T3489] __x64_sys_ioctl+0x92/0xd0 [ 116.428016][ T3489] do_syscall_64+0x3d/0xb0 [ 116.432682][ T3489] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 116.438754][ T3489] [ 116.441110][ T3489] Local variable ev created at: [ 116.446095][ T3489] qp_notify_peer+0x5a/0x310 [ 116.450827][ T3489] qp_broker_alloc+0x3370/0x3850 [ 116.456052][ T3489] [ 116.458436][ T3489] Bytes 28-31 of 48 are uninitialized [ 116.463969][ T3489] Memory access of size 48 starts at ffff88811768de80 [ 116.470830][ T3489] Data copied to user address 0000000020000100 [ 116.477188][ T3489] [ 116.479564][ T3489] CPU: 0 PID: 3489 Comm: syz-executor851 Not tainted 6.0.0-rc5-syzkaller-48540-g466a27efa4f0 #0 [ 116.490445][ T3489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 116.500745][ T3489] ===================================================== [ 116.507865][ T3489] Disabling lock debugging due to kernel taint [ 116.514172][ T3489] Kernel panic - not syncing: kmsan.panic set ... [ 116.520756][ T3489] CPU: 0 PID: 3489 Comm: syz-executor851 Tainted: G B 6.0.0-rc5-syzkaller-48540-g466a27efa4f0 #0 [ 116.532823][ T3489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 116.542976][ T3489] Call Trace: [ 116.546319][ T3489] [ 116.549318][ T3489] dump_stack_lvl+0x1c8/0x256 [ 116.554180][ T3489] dump_stack+0x1a/0x1c [ 116.558428][ T3489] panic+0x4d3/0xc69 [ 116.562448][ T3489] ? add_taint+0x104/0x1a0 [ 116.566993][ T3489] kmsan_report+0x2cc/0x2d0 [ 116.571649][ T3489] ? kmsan_internal_check_memory+0x1aa/0x530 [ 116.577729][ T3489] ? kmsan_copy_to_user+0xcf/0xe0 [ 116.582881][ T3489] ? _copy_to_user+0xbc/0x100 [ 116.587707][ T3489] ? vmci_host_unlocked_ioctl+0x1cd3/0x5480 [ 116.593733][ T3489] ? __se_sys_ioctl+0x222/0x400 [ 116.598694][ T3489] ? __x64_sys_ioctl+0x92/0xd0 [ 116.603569][ T3489] ? do_syscall_64+0x3d/0xb0 [ 116.608269][ T3489] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 116.614472][ T3489] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 116.620490][ T3489] ? slab_free_freelist_hook+0x5f1/0x650 [ 116.626286][ T3489] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 116.632278][ T3489] ? kfree+0x468/0x980 [ 116.636472][ T3489] ? vmci_ctx_dequeue_datagram+0x73d/0x7c0 [ 116.642401][ T3489] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 116.648314][ T3489] kmsan_internal_check_memory+0x1aa/0x530 [ 116.654229][ T3489] kmsan_copy_to_user+0xcf/0xe0 [ 116.659191][ T3489] ? should_fail_usercopy+0x2a/0x30 [ 116.664493][ T3489] _copy_to_user+0xbc/0x100 [ 116.669411][ T3489] vmci_host_unlocked_ioctl+0x1cd3/0x5480 [ 116.675242][ T3489] ? do_vfs_ioctl+0x1213/0x39a0 [ 116.680276][ T3489] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 116.686194][ T3489] ? vmci_host_poll+0x350/0x350 [ 116.691164][ T3489] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 116.697142][ T3489] ? vmci_host_poll+0x350/0x350 [ 116.702125][ T3489] __se_sys_ioctl+0x222/0x400 [ 116.706959][ T3489] __x64_sys_ioctl+0x92/0xd0 [ 116.711665][ T3489] do_syscall_64+0x3d/0xb0 [ 116.716218][ T3489] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 116.722242][ T3489] RIP: 0033:0x7f5d16186029 [ 116.726839][ T3489] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 116.746588][ T3489] RSP: 002b:00007ffe5c7d5b98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 116.755096][ T3489] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5d16186029 [ 116.763161][ T3489] RDX: 0000000020000040 RSI: 00000000000007ac RDI: 0000000000000003 [ 116.771219][ T3489] RBP: 0000000000000000 R08: 00007ffe5c7d5d38 R09: 00007ffe5c7d5d38 [ 116.779268][ T3489] R10: 00007ffe5c7d5d38 R11: 0000000000000246 R12: 00007f5d161498b0 [ 116.787317][ T3489] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 116.795422][ T3489] [ 116.798736][ T3489] Kernel Offset: disabled [ 116.803113][ T3489] Rebooting in 86400 seconds..