./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor572489012 <...> [ 197.271994][ T3884] sched: DL replenish lagged too much Warning: Permanently added '10.128.0.225' (ED25519) to the list of known hosts. execve("./syz-executor572489012", ["./syz-executor572489012"], 0x7ffc7e0d8e00 /* 10 vars */) = 0 brk(NULL) = 0x55558bc1f000 brk(0x55558bc1fd00) = 0x55558bc1fd00 arch_prctl(ARCH_SET_FS, 0x55558bc1f380) = 0 set_tid_address(0x55558bc1f650) = 5808 set_robust_list(0x55558bc1f660, 24) = 0 rseq(0x55558bc1fca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor572489012", 4096) = 27 getrandom("\xef\xed\xff\x6f\xe0\xfd\x7b\x00", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558bc1fd00 brk(0x55558bc40d00) = 0x55558bc40d00 brk(0x55558bc41000) = 0x55558bc41000 mprotect(0x7fa2f2a9e000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558bc1f650) = 5809 ./strace-static-x86_64: Process 5809 attached [pid 5809] set_robust_list(0x55558bc1f660, 24) = 0 [pid 5809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5809] setpgid(0, 0) = 0 [pid 5809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5809] write(3, "1000", 4) = 4 [pid 5809] close(3) = 0 [pid 5809] write(1, "executing program\n", 18executing program ) = 18 [pid 5809] openat(AT_FDCWD, "/dev/comedi3", O_RDONLY|O_APPEND) = 3 [pid 5809] ioctl(3, COMEDI_DEVCONFIG, 0x2000000000c0) = 0 [pid 5809] openat(AT_FDCWD, "/dev/comedi3", O_RDONLY|O_NOATIME) = 4 [ 199.153801][ T5809] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 199.160609][ T5809] comedi comedi3: 8255: I/O port conflict (0x10000,4) [ 199.167949][ T5809] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 199.174742][ T5809] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 199.187977][ T5809] ===================================================== [ 199.195598][ T5809] BUG: KMSAN: kernel-infoleak-after-free in _copy_to_user+0xcc/0x120 [ 199.204069][ T5809] _copy_to_user+0xcc/0x120 [ 199.208788][ T5809] do_insnlist_ioctl+0x66e/0x930 [ 199.214144][ T5809] comedi_unlocked_ioctl+0x1e78/0x1f60 [ 199.219781][ T5809] __se_sys_ioctl+0x239/0x400 [ 199.224813][ T5809] __x64_sys_ioctl+0x97/0xe0 [ 199.229609][ T5809] x64_sys_call+0x1cbc/0x3e20 [ 199.234598][ T5809] do_syscall_64+0xd9/0x210 [ 199.239326][ T5809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.245478][ T5809] [ 199.247886][ T5809] Uninit was created at: [ 199.252532][ T5809] kfree+0x252/0xec0 [ 199.256611][ T5809] tomoyo_supervisor+0xc57/0x3100 [ 199.261991][ T5809] tomoyo_path_number_perm+0x4d8/0x7d0 [ 199.267685][ T5809] tomoyo_file_ioctl+0x3d/0x50 [ 199.272856][ T5809] security_file_ioctl+0x141/0x590 [ 199.278190][ T5809] __se_sys_ioctl+0xbb/0x400 [ 199.283071][ T5809] __x64_sys_ioctl+0x97/0xe0 [ 199.287876][ T5809] x64_sys_call+0x1cbc/0x3e20 [ 199.292950][ T5809] do_syscall_64+0xd9/0x210 [ 199.297748][ T5809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.303927][ T5809] [ 199.306337][ T5809] Bytes 4-583 of 584 are uninitialized [ 199.312120][ T5809] Memory access of size 584 starts at ffff88814448f800 [ 199.319100][ T5809] [ 199.321740][ T5809] CPU: 1 UID: 0 PID: 5809 Comm: syz-executor572 Not tainted 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(none) [ 199.334167][ T5809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 199.344524][ T5809] ===================================================== [ 199.351734][ T5809] Disabling lock debugging due to kernel taint [ 199.357967][ T5809] Kernel panic - not syncing: kmsan.panic set ... [ 199.364478][ T5809] CPU: 1 UID: 0 PID: 5809 Comm: syz-executor572 Tainted: G B 6.16.0-syzkaller-06699-ge8d780dcd957 #0 PREEMPT(none) [ 199.378277][ T5809] Tainted: [B]=BAD_PAGE [ 199.382555][ T5809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 199.392802][ T5809] Call Trace: [ 199.396160][ T5809] [ 199.399151][ T5809] __dump_stack+0x26/0x30 [ 199.403635][ T5809] dump_stack_lvl+0x53/0x270 [ 199.408441][ T5809] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 199.414407][ T5809] dump_stack+0x1e/0x25 [ 199.418747][ T5809] panic+0x4bd/0xd50 [ 199.422835][ T5809] kmsan_report+0x31c/0x320 [ 199.427500][ T5809] ? kmsan_internal_check_memory+0x1e1/0x230 [ 199.433701][ T5809] ? kmsan_copy_to_user+0xf1/0x190 [ 199.438962][ T5809] ? _copy_to_user+0xcc/0x120 [ 199.443862][ T5809] ? do_insnlist_ioctl+0x66e/0x930 [ 199.449093][ T5809] ? comedi_unlocked_ioctl+0x1e78/0x1f60 [ 199.454845][ T5809] ? __se_sys_ioctl+0x239/0x400 [ 199.459886][ T5809] ? __x64_sys_ioctl+0x97/0xe0 [ 199.464880][ T5809] ? x64_sys_call+0x1cbc/0x3e20 [ 199.469885][ T5809] ? do_syscall_64+0xd9/0x210 [ 199.474722][ T5809] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.480999][ T5809] ? kmsan_get_metadata+0xfb/0x160 [ 199.486270][ T5809] ? kmsan_get_metadata+0xfb/0x160 [ 199.491625][ T5809] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 199.497603][ T5809] ? kmsan_get_metadata+0xfb/0x160 [ 199.502870][ T5809] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 199.508857][ T5809] ? subdev_8255_insn+0x526/0x690 [ 199.514027][ T5809] ? kmsan_get_metadata+0xfb/0x160 [ 199.519308][ T5809] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 199.525275][ T5809] ? kmsan_get_metadata+0xfb/0x160 [ 199.530536][ T5809] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 199.536513][ T5809] kmsan_internal_check_memory+0x1e1/0x230 [ 199.542556][ T5809] kmsan_copy_to_user+0xf1/0x190 [ 199.547653][ T5809] _copy_to_user+0xcc/0x120 [ 199.552377][ T5809] do_insnlist_ioctl+0x66e/0x930 [ 199.557483][ T5809] comedi_unlocked_ioctl+0x1e78/0x1f60 [ 199.563093][ T5809] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 199.569015][ T5809] __se_sys_ioctl+0x239/0x400 [ 199.573835][ T5809] __x64_sys_ioctl+0x97/0xe0 [ 199.578569][ T5809] x64_sys_call+0x1cbc/0x3e20 [ 199.583408][ T5809] do_syscall_64+0xd9/0x210 [ 199.588126][ T5809] ? irqentry_exit+0x16/0x60 [ 199.592854][ T5809] ? clear_bhb_loop+0x40/0x90 [ 199.597698][ T5809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.603759][ T5809] RIP: 0033:0x7fa2f2a2bbf9 [ 199.608317][ T5809] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 199.628121][ T5809] RSP: 002b:00007fff4d7fcbe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 199.636668][ T5809] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa2f2a2bbf9 [ 199.644756][ T5809] RDX: 00002000001859c0 RSI: 000000008010640b RDI: 0000000000000004 [ 199.652876][ T5809] RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000006 [ 199.660945][ T5809] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000 [ 199.669015][ T5809] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 199.677106][ T5809] [ 199.680555][ T5809] Kernel Offset: disabled [ 199.684956][ T5809] Rebooting in 86400 seconds..