./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1908686402 <...> Warning: Permanently added '10.128.0.142' (ED25519) to the list of known hosts. execve("./syz-executor1908686402", ["./syz-executor1908686402"], 0x7fff536897a0 /* 10 vars */) = 0 brk(NULL) = 0x555591360000 brk(0x555591360d00) = 0x555591360d00 arch_prctl(ARCH_SET_FS, 0x555591360380) = 0 set_tid_address(0x555591360650) = 5790 set_robust_list(0x555591360660, 24) = 0 rseq(0x555591360ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1908686402", 4096) = 28 getrandom("\x2e\x62\xba\x13\x7a\x56\x77\xfa", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555591360d00 brk(0x555591381d00) = 0x555591381d00 brk(0x555591382000) = 0x555591382000 mprotect(0x7f421de00000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555591360650) = 5791 ./strace-static-x86_64: Process 5791 attached [pid 5791] set_robust_list(0x555591360660, 24) = 0 [pid 5791] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5791] setpgid(0, 0) = 0 [pid 5791] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5791] write(3, "1000", 4) = 4 [pid 5791] close(3) = 0 [pid 5791] write(1, "executing program\n", 18executing program ) = 18 [pid 5791] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 5791] io_uring_setup(20841, {flags=IORING_SETUP_COOP_TASKRUN|0x10000, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|IORING_FEAT_LINKED_FILE|0xe000, sq_off={head=0, tail=4, ring_mask=16, ring_entries=24, flags=36, dropped=32, array=0}, cq_off={head=8, tail=12, ring_mask=20, ring_entries=28, overflow=44, cqes=64, flags=40}}) = 4 [pid 5791] mmap(NULL, 1048640, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_POPULATE, 4, 0) = 0x7f421dc4b000 [pid 5791] mmap(NULL, 2097152, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_POPULATE, 4, 0x10000000) = 0x7f421da4b000 [pid 5791] io_uring_setup(2708, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=4096, cq_entries=8192, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|IORING_FEAT_LINKED_FILE|0xe000, sq_off={head=0, tail=4, ring_mask=16, ring_entries=24, flags=36, dropped=32, array=131136}, cq_off={head=8, tail=12, ring_mask=20, ring_entries=28, overflow=44, cqes=64, flags=40}}) = 5 [pid 5791] mmap(NULL, 147520, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_POPULATE, 5, 0) = 0x7f421da26000 [pid 5791] mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_POPULATE, 5, 0x10000000) = 0x7f421d9e6000 [pid 5791] io_uring_enter(4, 18665, 0, 0, NULL, 0) = 1 [ 181.658062][ T5791] ===================================================== [ 181.665644][ T5791] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x2f3/0x2b30 [ 181.673258][ T5791] _copy_to_iter+0x2f3/0x2b30 [ 181.678363][ T5791] __skb_datagram_iter+0x18d/0x1190 [ 181.683955][ T5791] skb_copy_datagram_iter+0x5c/0x200 [ 181.689599][ T5791] netlink_recvmsg+0x432/0x1610 [ 181.694786][ T5791] sock_recvmsg+0x2c4/0x340 [ 181.699517][ T5791] sock_read_iter+0x32d/0x3c0 [ 181.704372][ T5791] __io_read+0x8d2/0x20f0 [ 181.708927][ T5791] io_read+0x3e/0xf0 [ 181.713025][ T5791] io_issue_sqe+0x429/0x22c0 [ 181.718047][ T5791] io_req_task_submit+0x104/0x1e0 [ 181.723244][ T5791] io_poll_task_func+0x12e5/0x1620 [ 181.728558][ T5791] io_handle_tw_list+0x23a/0x5c0 [ 181.733673][ T5791] tctx_task_work_run+0xf8/0x3d0 [ 181.738905][ T5791] tctx_task_work+0x6d/0xc0 [ 181.743678][ T5791] task_work_run+0x268/0x310 [ 181.748477][ T5791] ptrace_notify+0x304/0x320 [ 181.753233][ T5791] syscall_exit_work+0x14e/0x3e0 [ 181.758448][ T5791] syscall_exit_to_user_mode+0x13b/0x170 [ 181.764271][ T5791] do_syscall_64+0xda/0x1e0 [ 181.768997][ T5791] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.775077][ T5791] [ 181.777619][ T5791] Uninit was stored to memory at: [ 181.782961][ T5791] pskb_expand_head+0x305/0x1a60 [ 181.788197][ T5791] netlink_trim+0x2c2/0x330 [ 181.792880][ T5791] netlink_unicast+0x9f/0x1260 [ 181.797968][ T5791] nlmsg_notify+0x21d/0x2f0 [ 181.802696][ T5791] rtnetlink_send+0x73/0x90 [ 181.807457][ T5791] tc_ctl_action+0x146e/0x19d0 [ 181.812567][ T5791] rtnetlink_rcv_msg+0x12fc/0x1410 [ 181.818058][ T5791] netlink_rcv_skb+0x375/0x650 [ 181.823181][ T5791] rtnetlink_rcv+0x34/0x40 [ 181.827904][ T5791] netlink_unicast+0xf52/0x1260 [ 181.832945][ T5791] netlink_sendmsg+0x10da/0x11e0 [ 181.838147][ T5791] __sock_sendmsg+0x30f/0x380 [ 181.842968][ T5791] ____sys_sendmsg+0x877/0xb60 [ 181.847965][ T5791] ___sys_sendmsg+0x28d/0x3c0 [ 181.852841][ T5791] __x64_sys_sendmsg+0x300/0x4a0 [ 181.858238][ T5791] x64_sys_call+0x2da0/0x3ba0 [ 181.863090][ T5791] do_syscall_64+0xcd/0x1e0 [ 181.867818][ T5791] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.873922][ T5791] [ 181.876292][ T5791] Uninit was stored to memory at: [ 181.881674][ T5791] nla_put+0x1c6/0x230 [ 181.885882][ T5791] tcf_ife_dump+0x250/0x10b0 [ 181.890758][ T5791] tcf_action_dump_1+0x85e/0x970 [ 181.895865][ T5791] tcf_action_dump+0x1fd/0x460 [ 181.900858][ T5791] tca_get_fill+0x519/0x7a0 [ 181.905531][ T5791] tc_ctl_action+0x1365/0x19d0 [ 181.910564][ T5791] rtnetlink_rcv_msg+0x12fc/0x1410 [ 181.915949][ T5791] netlink_rcv_skb+0x375/0x650 [ 181.921082][ T5791] rtnetlink_rcv+0x34/0x40 [ 181.925677][ T5791] netlink_unicast+0xf52/0x1260 [ 181.930752][ T5791] netlink_sendmsg+0x10da/0x11e0 [ 181.936027][ T5791] __sock_sendmsg+0x30f/0x380 [ 181.940947][ T5791] ____sys_sendmsg+0x877/0xb60 [ 181.945921][ T5791] ___sys_sendmsg+0x28d/0x3c0 [ 181.951028][ T5791] __x64_sys_sendmsg+0x300/0x4a0 [ 181.956169][ T5791] x64_sys_call+0x2da0/0x3ba0 [ 181.961215][ T5791] do_syscall_64+0xcd/0x1e0 [ 181.965920][ T5791] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.972124][ T5791] [ 181.974532][ T5791] Local variable opt created at: [ 181.979759][ T5791] tcf_ife_dump+0xab/0x10b0 [ 181.984431][ T5791] tcf_action_dump_1+0x85e/0x970 [ 181.989597][ T5791] [ 181.992024][ T5791] Bytes 158-159 of 216 are uninitialized [ 181.997992][ T5791] Memory access of size 216 starts at ffff88811980e280 [ 182.004946][ T5791] [ 182.007467][ T5791] CPU: 1 UID: 0 PID: 5791 Comm: syz-executor190 Not tainted 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0 [ 182.018867][ T5791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 182.029110][ T5791] ===================================================== [ 182.036196][ T5791] Disabling lock debugging due to kernel taint [ 182.042599][ T5791] Kernel panic - not syncing: kmsan.panic set ... [ 182.049170][ T5791] CPU: 1 UID: 0 PID: 5791 Comm: syz-executor190 Tainted: G B 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0 [ 182.061972][ T5791] Tainted: [B]=BAD_PAGE [ 182.066198][ T5791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 182.076350][ T5791] Call Trace: [ 182.079698][ T5791] [ 182.082682][ T5791] dump_stack_lvl+0x216/0x2d0 [ 182.087511][ T5791] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.093419][ T5791] dump_stack+0x1e/0x30 [ 182.097747][ T5791] panic+0x4e2/0xcf0 [ 182.101774][ T5791] ? kmsan_get_metadata+0x131/0x1c0 [ 182.107189][ T5791] kmsan_report+0x2c7/0x2d0 [ 182.111898][ T5791] ? kmsan_internal_check_memory+0x1af/0x560 [ 182.118131][ T5791] ? kmsan_copy_to_user+0xd5/0xf0 [ 182.123376][ T5791] ? _copy_to_iter+0x2f3/0x2b30 [ 182.128517][ T5791] ? __skb_datagram_iter+0x18d/0x1190 [ 182.134360][ T5791] ? skb_copy_datagram_iter+0x5c/0x200 [ 182.139955][ T5791] ? netlink_recvmsg+0x432/0x1610 [ 182.145143][ T5791] ? sock_recvmsg+0x2c4/0x340 [ 182.149922][ T5791] ? sock_read_iter+0x32d/0x3c0 [ 182.154884][ T5791] ? __io_read+0x8d2/0x20f0 [ 182.159506][ T5791] ? io_read+0x3e/0xf0 [ 182.163712][ T5791] ? io_issue_sqe+0x429/0x22c0 [ 182.168766][ T5791] ? io_req_task_submit+0x104/0x1e0 [ 182.174076][ T5791] ? io_poll_task_func+0x12e5/0x1620 [ 182.179460][ T5791] ? io_handle_tw_list+0x23a/0x5c0 [ 182.184694][ T5791] ? tctx_task_work_run+0xf8/0x3d0 [ 182.190007][ T5791] ? tctx_task_work+0x6d/0xc0 [ 182.194818][ T5791] ? task_work_run+0x268/0x310 [ 182.199673][ T5791] ? ptrace_notify+0x304/0x320 [ 182.204549][ T5791] ? syscall_exit_work+0x14e/0x3e0 [ 182.209885][ T5791] ? syscall_exit_to_user_mode+0x13b/0x170 [ 182.215884][ T5791] ? do_syscall_64+0xda/0x1e0 [ 182.220715][ T5791] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.227050][ T5791] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.232370][ T5791] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.238341][ T5791] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.243657][ T5791] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.249023][ T5791] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.254962][ T5791] ? __module_address+0x4d/0x630 [ 182.260081][ T5791] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.265371][ T5791] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.271281][ T5791] kmsan_internal_check_memory+0x1af/0x560 [ 182.277250][ T5791] kmsan_copy_to_user+0xd5/0xf0 [ 182.282323][ T5791] ? should_fail_usercopy+0x2e/0x40 [ 182.287878][ T5791] _copy_to_iter+0x2f3/0x2b30 [ 182.292761][ T5791] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 182.299263][ T5791] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.304578][ T5791] ? __skb_try_recv_from_queue+0x62f/0xcd0 [ 182.310544][ T5791] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.315869][ T5791] __skb_datagram_iter+0x18d/0x1190 [ 182.321207][ T5791] ? __skb_try_recv_datagram+0x5f4/0x6f0 [ 182.326976][ T5791] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 182.332752][ T5791] skb_copy_datagram_iter+0x5c/0x200 [ 182.338181][ T5791] netlink_recvmsg+0x432/0x1610 [ 182.343173][ T5791] ? aa_sock_msg_perm+0xea/0x240 [ 182.348225][ T5791] ? __pfx_netlink_recvmsg+0x10/0x10 [ 182.353665][ T5791] ? __pfx_netlink_recvmsg+0x10/0x10 [ 182.359095][ T5791] sock_recvmsg+0x2c4/0x340 [ 182.363704][ T5791] sock_read_iter+0x32d/0x3c0 [ 182.368492][ T5791] ? __pfx_sock_read_iter+0x10/0x10 [ 182.373792][ T5791] __io_read+0x8d2/0x20f0 [ 182.379305][ T5791] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 182.385634][ T5791] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.390936][ T5791] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.396880][ T5791] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.402934][ T5791] io_read+0x3e/0xf0 [ 182.407021][ T5791] ? __pfx_io_read+0x10/0x10 [ 182.411735][ T5791] io_issue_sqe+0x429/0x22c0 [ 182.416484][ T5791] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.421813][ T5791] io_req_task_submit+0x104/0x1e0 [ 182.427009][ T5791] io_poll_task_func+0x12e5/0x1620 [ 182.432304][ T5791] ? __pfx_io_poll_task_func+0x10/0x10 [ 182.437889][ T5791] io_handle_tw_list+0x23a/0x5c0 [ 182.443028][ T5791] tctx_task_work_run+0xf8/0x3d0 [ 182.448079][ T5791] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 182.453998][ T5791] ? __pfx_tctx_task_work+0x10/0x10 [ 182.459321][ T5791] tctx_task_work+0x6d/0xc0 [ 182.463943][ T5791] task_work_run+0x268/0x310 [ 182.468635][ T5791] ptrace_notify+0x304/0x320 [ 182.473342][ T5791] ? kmsan_get_metadata+0x13e/0x1c0 [ 182.478917][ T5791] syscall_exit_work+0x14e/0x3e0 [ 182.484015][ T5791] syscall_exit_to_user_mode+0x13b/0x170 [ 182.489852][ T5791] do_syscall_64+0xda/0x1e0 [ 182.494500][ T5791] ? clear_bhb_loop+0x25/0x80 [ 182.499476][ T5791] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.505611][ T5791] RIP: 0033:0x7f421dd8ce79 [ 182.510125][ T5791] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 182.529984][ T5791] RSP: 002b:00007ffc7abdd4e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 182.538616][ T5791] RAX: 000000000000006c RBX: 0000000000000000 RCX: 00007f421dd8ce79 [ 182.546692][ T5791] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 182.554762][ T5791] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 182.562819][ T5791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 182.570937][ T5791] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 182.579184][ T5791] [ 182.582595][ T5791] Kernel Offset: disabled [ 182.586990][ T5791] Rebooting in 86400 seconds..