./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor994793930 <...> Warning: Permanently added '10.128.1.55' (ED25519) to the list of known hosts. execve("./syz-executor994793930", ["./syz-executor994793930"], 0x7ffde4d21910 /* 10 vars */) = 0 brk(NULL) = 0x555556d56000 brk(0x555556d56d00) = 0x555556d56d00 arch_prctl(ARCH_SET_FS, 0x555556d56380) = 0 set_tid_address(0x555556d56650) = 5003 set_robust_list(0x555556d56660, 24) = 0 rseq(0x555556d56ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor994793930", 4096) = 27 getrandom("\x6d\x72\x81\xf0\x87\xf3\x26\x26", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556d56d00 brk(0x555556d77d00) = 0x555556d77d00 brk(0x555556d78000) = 0x555556d78000 mprotect(0x7f58c84d2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d56650) = 5004 ./strace-static-x86_64: Process 5004 attached [pid 5004] set_robust_list(0x555556d56660, 24) = 0 [pid 5004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5004] setpgid(0, 0) = 0 [pid 5004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5004] write(3, "1000", 4) = 4 [pid 5004] close(3) = 0 [pid 5004] openat(AT_FDCWD, "/dev/net/tun", O_WRONLY|O_CREAT|O_TRUNC|O_NOATIME, 000) = 3 [pid 5004] ioctl(3, TUNSETIFF, 0x20000200) = 0 [pid 5004] socket(AF_INET, SOCK_PACKET, IPPROTO_IGMP) = 4 [pid 5004] ioctl(4, SIOCSIFFLAGS, {ifr_name="syzkaller1", ifr_flags=IFF_UP|IFF_DYNAMIC}) = 0 [ 144.983393][ T5004] syz-executor994 uses obsolete (PF_INET,SOCK_PACKET) [ 145.001506][ T5004] ===================================================== [ 145.008928][ T5004] BUG: KMSAN: uninit-value in __llc_lookup_established+0xe9d/0xf90 [ 145.017187][ T5004] __llc_lookup_established+0xe9d/0xf90 [ 145.023035][ T5004] llc_conn_handler+0x4bd/0x1360 [ 145.028164][ T5004] llc_rcv+0xfbb/0x14a0 [ 145.032522][ T5004] __netif_receive_skb+0x1a6/0x5a0 [ 145.037818][ T5004] netif_receive_skb+0x58/0x660 [ 145.042967][ T5004] tun_rx_batched+0x3ee/0x980 [ 145.047810][ T5004] tun_get_user+0x53af/0x66d0 [ 145.052743][ T5004] tun_chr_write_iter+0x3af/0x5d0 [ 145.057938][ T5004] vfs_write+0x8ef/0x1490 [ 145.062537][ T5004] ksys_write+0x20f/0x4c0 [ 145.067013][ T5004] __x64_sys_write+0x93/0xd0 [ 145.071842][ T5004] do_syscall_64+0x44/0x110 [ 145.076543][ T5004] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 145.082759][ T5004] [ 145.085165][ T5004] Local variable daddr created at: [ 145.090364][ T5004] llc_conn_handler+0x53/0x1360 [ 145.095495][ T5004] llc_rcv+0xfbb/0x14a0 [ 145.099802][ T5004] [ 145.102278][ T5004] CPU: 1 PID: 5004 Comm: syz-executor994 Not tainted 6.6.0-syzkaller-14500-g1c41041124bd #0 [ 145.112603][ T5004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 145.122893][ T5004] ===================================================== [ 145.129955][ T5004] Disabling lock debugging due to kernel taint [ 145.136306][ T5004] Kernel panic - not syncing: kmsan.panic set ... [ 145.142826][ T5004] CPU: 1 PID: 5004 Comm: syz-executor994 Tainted: G B 6.6.0-syzkaller-14500-g1c41041124bd #0 [ 145.154546][ T5004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 145.164837][ T5004] Call Trace: [ 145.168217][ T5004] [ 145.171241][ T5004] dump_stack_lvl+0x1bf/0x240 [ 145.176145][ T5004] dump_stack+0x1e/0x20 [ 145.180511][ T5004] panic+0x4de/0xc90 [ 145.184597][ T5004] ? add_taint+0x108/0x1a0 [ 145.189187][ T5004] kmsan_report+0x2d0/0x2d0 [ 145.193890][ T5004] ? kmsan_slab_free+0xd1/0x130 [ 145.198929][ T5004] ? snap_rcv+0x450/0x4f0 [ 145.203407][ T5004] ? llc_rcv+0xb4a/0x14a0 [ 145.207880][ T5004] ? __netif_receive_skb+0x1a6/0x5a0 [ 145.213354][ T5004] ? netif_receive_skb+0x58/0x660 [ 145.218582][ T5004] ? tun_rx_batched+0x3ee/0x980 [ 145.223598][ T5004] ? __msan_warning+0x96/0x110 [ 145.228547][ T5004] ? __llc_lookup_established+0xe9d/0xf90 [ 145.234477][ T5004] ? llc_conn_handler+0x4bd/0x1360 [ 145.239802][ T5004] ? llc_rcv+0xfbb/0x14a0 [ 145.244455][ T5004] ? __netif_receive_skb+0x1a6/0x5a0 [ 145.249940][ T5004] ? netif_receive_skb+0x58/0x660 [ 145.255171][ T5004] ? tun_rx_batched+0x3ee/0x980 [ 145.260195][ T5004] ? tun_get_user+0x53af/0x66d0 [ 145.265224][ T5004] ? tun_chr_write_iter+0x3af/0x5d0 [ 145.270585][ T5004] ? vfs_write+0x8ef/0x1490 [ 145.275288][ T5004] ? ksys_write+0x20f/0x4c0 [ 145.279946][ T5004] ? __x64_sys_write+0x93/0xd0 [ 145.284857][ T5004] ? do_syscall_64+0x44/0x110 [ 145.289739][ T5004] ? entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 145.296138][ T5004] ? kmsan_internal_chain_origin+0xba/0xd0 [ 145.302152][ T5004] ? entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 145.308438][ T5004] ? kmsan_internal_chain_origin+0x57/0xd0 [ 145.314443][ T5004] ? __msan_chain_origin+0xc1/0x140 [ 145.319831][ T5004] ? __skb_clone+0x588/0x650 [ 145.324592][ T5004] ? skb_clone+0x3aa/0x540 [ 145.329183][ T5004] ? llc_rcv+0xae5/0x14a0 [ 145.333667][ T5004] ? __netif_receive_skb+0x1a6/0x5a0 [ 145.339129][ T5004] ? netif_receive_skb+0x58/0x660 [ 145.344358][ T5004] ? tun_rx_batched+0x3ee/0x980 [ 145.349466][ T5004] ? tun_get_user+0x53af/0x66d0 [ 145.354502][ T5004] ? tun_chr_write_iter+0x3af/0x5d0 [ 145.359872][ T5004] ? vfs_write+0x8ef/0x1490 [ 145.364579][ T5004] ? ksys_write+0x20f/0x4c0 [ 145.369232][ T5004] ? __x64_sys_write+0x93/0xd0 [ 145.374239][ T5004] ? do_syscall_64+0x44/0x110 [ 145.379118][ T5004] ? entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 145.385420][ T5004] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 145.391446][ T5004] __msan_warning+0x96/0x110 [ 145.396222][ T5004] __llc_lookup_established+0xe9d/0xf90 [ 145.401980][ T5004] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 145.408010][ T5004] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 145.414038][ T5004] llc_conn_handler+0x4bd/0x1360 [ 145.419185][ T5004] ? snap_rcv+0x45a/0x4f0 [ 145.423690][ T5004] ? llc_sap_remove_socket+0x4e0/0x4e0 [ 145.429364][ T5004] llc_rcv+0xfbb/0x14a0 [ 145.433684][ T5004] ? snap_request+0x110/0x110 [ 145.438619][ T5004] __netif_receive_skb+0x1a6/0x5a0 [ 145.443937][ T5004] ? llc_set_station_handler+0x70/0x70 [ 145.449564][ T5004] netif_receive_skb+0x58/0x660 [ 145.454613][ T5004] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 145.460633][ T5004] ? tun_rx_batched+0x37c/0x980 [ 145.465659][ T5004] tun_rx_batched+0x3ee/0x980 [ 145.470503][ T5004] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 145.476521][ T5004] tun_get_user+0x53af/0x66d0 [ 145.481371][ T5004] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 145.487832][ T5004] ? kernel_write+0x760/0x9a0 [ 145.492742][ T5004] tun_chr_write_iter+0x3af/0x5d0 [ 145.497959][ T5004] ? tun_chr_read_iter+0x670/0x670 [ 145.503240][ T5004] vfs_write+0x8ef/0x1490 [ 145.507802][ T5004] ksys_write+0x20f/0x4c0 [ 145.512303][ T5004] __x64_sys_write+0x93/0xd0 [ 145.517058][ T5004] do_syscall_64+0x44/0x110 [ 145.521776][ T5004] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 145.527992][ T5004] RIP: 0033:0x7f58c845fb39 [ 145.532548][ T5004] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 145.552353][ T5004] RSP: 002b:00007fff48636268 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 145.560942][ T5004] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f58c845fb39 [ 145.569069][ T5004] RDX: 0000000000000016 RSI: 0000000020000040 RDI: 0000000000000003 [ 145.577179][ T5004] RBP: 00007f58c84d25f0 R08: 0000000000000006 R09: 0000000000000006 [ 145.585281][ T5004] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001 [ 145.593381][ T5004] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 145.601519][ T5004] [ 145.604941][ T5004] Kernel Offset: disabled [ 145.609315][ T5004] Rebooting in 86400 seconds..