./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor743576238

<...>
DUID 00:04:44:79:fb:c8:ec:17:8e:fd:6c:10:37:74:be:fc:69:d0
forked to background, child pid 4602
[   97.519166][ T4603] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.555368][ T4603] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
syzkaller login: [  105.383913][  T114] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.161' (ECDSA) to the list of known hosts.
execve("./syz-executor743576238", ["./syz-executor743576238"], 0x7ffccdffc800 /* 10 vars */) = 0
brk(NULL)                               = 0x555555dc6000
brk(0x555555dc6c40)                     = 0x555555dc6c40
arch_prctl(ARCH_SET_FS, 0x555555dc6300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor743576238", 4096) = 27
brk(0x555555de7c40)                     = 0x555555de7c40
brk(0x555555de8000)                     = 0x555555de8000
mprotect(0x7f7b81a67000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555dc65d0) = 4950
./strace-static-x86_64: Process 4950 attached
[pid  4950] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  4950] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4950] setsid()                    = 1
[pid  4950] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  4950] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  4950] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  4950] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  4950] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  4950] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  4950] unshare(CLONE_NEWNS)        = 0
[pid  4950] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  4950] unshare(CLONE_NEWIPC)       = 0
[pid  4950] unshare(CLONE_NEWCGROUP)    = 0
[pid  4950] unshare(CLONE_NEWUTS)       = 0
[pid  4950] unshare(CLONE_SYSVSEM)      = 0
[pid  4950] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  4950] write(3, "16777216", 8)     = 8
[pid  4950] close(3)                    = 0
[pid  4950] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  4950] write(3, "536870912", 9)    = 9
[pid  4950] close(3)                    = 0
[pid  4950] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  4950] write(3, "1024", 4)         = 4
[pid  4950] close(3)                    = 0
[pid  4950] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  4950] write(3, "8192", 4)         = 4
[pid  4950] close(3)                    = 0
[pid  4950] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  4950] write(3, "1024", 4)         = 4
[pid  4950] close(3)                    = 0
[pid  4950] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  4950] write(3, "1024", 4)         = 4
[pid  4950] close(3)                    = 0
[pid  4950] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  4950] write(3, "1024 1048576 500 1024", 21) = 21
[pid  4950] close(3)                    = 0
[pid  4950] getpid()                    = 1
[pid  4950] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  4950] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  4950] unshare(CLONE_NEWNET)       = 0
[pid  4950] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  4950] write(3, "0 65535", 7)      = 7
[pid  4950] close(3)                    = 0
[pid  4950] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3
[pid  4950] dup2(3, 200)                = 200
[pid  4950] close(3)                    = 0
[pid  4950] ioctl(200, TUNSETIFF, 0x7ffce96e66f0) = 0
[pid  4950] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3
[pid  4950] write(3, "0", 1)            = 1
[pid  4950] close(3)                    = 0
[pid  4950] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3
[pid  4950] write(3, "0", 1)            = 1
[pid  4950] close(3)                    = 0
[pid  4950] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid  4950] access("/proc/net", R_OK)   = 0
[pid  4950] access("/proc/net/unix", R_OK) = 0
[pid  4950] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  4950] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  4950] close(4)                    = 0
[pid  4950] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  4950] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  4950] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  4950] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  4950] close(4)                    = 0
[pid  4950] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  4950] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  4950] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  4950] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  4950] close(4)                    = 0
[pid  4950] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
[pid  4950] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  4950] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  4950] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  4950] close(4)                    = 0
[pid  4950] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 60
[pid  4950] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  4950] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  4950] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  4950] close(4)                    = 0
[pid  4950] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
[pid  4950] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  4950] close(3)                    = 0
[pid  4950] mkdir("/dev/binderfs", 0777) = 0
[pid  4950] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  4950] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4950] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555dc65d0) = 2
./strace-static-x86_64: Process 4952 attached
[pid  4952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4952] setpgid(0, 0)               = 0
[pid  4952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4952] write(3, "1000", 4)         = 4
[pid  4952] close(3)                    = 0
[pid  4952] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid  4952] read(200, 0x7ffce96e62a0, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid  4952] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 3
[pid  4952] ioctl(3, SIOCETHTOOL, 0x200002c0) = 0
[pid  4952] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid  4952] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5
[pid  4952] sendto(5, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x65\x74\x68\x74\x6f\x6f\x6c\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  4952] recvfrom(5, [{nlmsg_len=956, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=2}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x65\x74\x68\x74\x6f\x6f\x6c\x00\x06\x00\x01\x00\x16\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x00\x00\x60\x03\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 956
[pid  4952] recvfrom(5, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=2}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  4952] close(5)                    = 0
[  146.894621][ T4952] =====================================================
[  146.901779][ T4952] BUG: KMSAN: uninit-value in ethnl_set_linkmodes+0x190b/0x19d0
[  146.909836][ T4952]  ethnl_set_linkmodes+0x190b/0x19d0
[  146.916572][ T4952]  ethnl_default_set_doit+0x88d/0xde0
[  146.922249][ T4952]  genl_rcv_msg+0x141a/0x14c0
[  146.927103][ T4952]  netlink_rcv_skb+0x3f8/0x750
[  146.932309][ T4952]  genl_rcv+0x40/0x60
[  146.936441][ T4952]  netlink_unicast+0xf41/0x1270
[  146.941400][ T4952]  netlink_sendmsg+0x127d/0x1430
[  146.946620][ T4952]  ____sys_sendmsg+0xa24/0xe40
[  146.951561][ T4952]  ___sys_sendmsg+0x2a1/0x3f0
[  146.956512][ T4952]  __x64_sys_sendmsg+0x36b/0x540
[  146.961605][ T4952]  do_syscall_64+0x41/0xc0
[  146.966399][ T4952]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  146.973683][ T4952] 
[  146.976083][ T4952] Uninit was stored to memory at:
[  146.981322][ T4952]  tun_get_link_ksettings+0x37/0x60
[  146.987345][ T4952]  __ethtool_get_link_ksettings+0x17b/0x260
[  146.993517][ T4952]  ethnl_set_linkmodes+0xee/0x19d0
[  146.998790][ T4952]  ethnl_default_set_doit+0x88d/0xde0
[  147.004436][ T4952]  genl_rcv_msg+0x141a/0x14c0
[  147.009252][ T4952]  netlink_rcv_skb+0x3f8/0x750
[  147.014268][ T4952]  genl_rcv+0x40/0x60
[  147.018407][ T4952]  netlink_unicast+0xf41/0x1270
[  147.023571][ T4952]  netlink_sendmsg+0x127d/0x1430
[  147.028667][ T4952]  ____sys_sendmsg+0xa24/0xe40
[  147.034620][ T4952]  ___sys_sendmsg+0x2a1/0x3f0
[  147.039445][ T4952]  __x64_sys_sendmsg+0x36b/0x540
[  147.044681][ T4952]  do_syscall_64+0x41/0xc0
[  147.049246][ T4952]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  147.055498][ T4952] 
[  147.057884][ T4952] Uninit was stored to memory at:
[  147.063257][ T4952]  tun_set_link_ksettings+0x37/0x60
[  147.068615][ T4952]  ethtool_set_link_ksettings+0x600/0x690
[  147.074670][ T4952]  dev_ethtool+0x1db9/0x2a70
[  147.079439][ T4952]  dev_ioctl+0xb07/0x1270
[  147.084156][ T4952]  sock_do_ioctl+0x295/0x540
[  147.089044][ T4952]  sock_ioctl+0x729/0xd90
[  147.093724][ T4952]  __se_sys_ioctl+0x222/0x400
[  147.098552][ T4952]  __x64_sys_ioctl+0x96/0xe0
[  147.103438][ T4952]  do_syscall_64+0x41/0xc0
[  147.107990][ T4952]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  147.114130][ T4952] 
[  147.116521][ T4952] Local variable link_ksettings created at:
[  147.122606][ T4952]  ethtool_set_link_ksettings+0x54/0x690
[  147.128395][ T4952]  dev_ethtool+0x1db9/0x2a70
[  147.133276][ T4952] 
[  147.135663][ T4952] CPU: 1 PID: 4952 Comm: syz-executor743 Not tainted 6.3.0-syzkaller-g81af97bdef5e #0
[  147.145563][ T4952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[  147.155837][ T4952] =====================================================
[  147.163144][ T4952] Disabling lock debugging due to kernel taint
[  147.169404][ T4952] Kernel panic - not syncing: kmsan.panic set ...
[  147.175945][ T4952] CPU: 1 PID: 4952 Comm: syz-executor743 Tainted: G    B              6.3.0-syzkaller-g81af97bdef5e #0
[  147.187086][ T4952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[  147.197275][ T4952] Call Trace:
[  147.200630][ T4952]  <TASK>
[  147.203636][ T4952]  dump_stack_lvl+0x1cc/0x260
[  147.208451][ T4952]  dump_stack+0x1e/0x20
[  147.212768][ T4952]  panic+0x4e2/0xc70
[  147.216894][ T4952]  ? add_taint+0x108/0x1a0
[  147.221467][ T4952]  kmsan_report+0x2d0/0x2d0
[  147.226066][ T4952]  ? _raw_spin_lock_irqsave+0x45/0xd0
[  147.231545][ T4952]  ? __msan_warning+0x96/0x110
[  147.236414][ T4952]  ? ethnl_set_linkmodes+0x190b/0x19d0
[  147.242018][ T4952]  ? ethnl_default_set_doit+0x88d/0xde0
[  147.247703][ T4952]  ? genl_rcv_msg+0x141a/0x14c0
[  147.252675][ T4952]  ? netlink_rcv_skb+0x3f8/0x750
[  147.257758][ T4952]  ? genl_rcv+0x40/0x60
[  147.262027][ T4952]  ? netlink_unicast+0xf41/0x1270
[  147.267270][ T4952]  ? netlink_sendmsg+0x127d/0x1430
[  147.272495][ T4952]  ? ____sys_sendmsg+0xa24/0xe40
[  147.277594][ T4952]  ? ___sys_sendmsg+0x2a1/0x3f0
[  147.282657][ T4952]  ? __x64_sys_sendmsg+0x36b/0x540
[  147.287939][ T4952]  ? do_syscall_64+0x41/0xc0
[  147.293034][ T4952]  ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  147.299368][ T4952]  ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[  147.305281][ T4952]  ? kmsan_internal_memmove_metadata+0x204/0x360
[  147.311752][ T4952]  ? __msan_memcpy+0x108/0x1b0
[  147.316660][ T4952]  ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[  147.322849][ T4952]  __msan_warning+0x96/0x110
[  147.327570][ T4952]  ethnl_set_linkmodes+0x190b/0x19d0
[  147.333017][ T4952]  ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[  147.338991][ T4952]  ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[  147.344963][ T4952]  ? ethnl_set_linkmodes_validate+0x540/0x540
[  147.351203][ T4952]  ? ethnl_set_linkmodes_validate+0x540/0x540
[  147.357375][ T4952]  ethnl_default_set_doit+0x88d/0xde0
[  147.362885][ T4952]  ? ethnl_default_done+0x90/0x90
[  147.368049][ T4952]  genl_rcv_msg+0x141a/0x14c0
[  147.372967][ T4952]  ? ethnl_default_done+0x90/0x90
[  147.378169][ T4952]  netlink_rcv_skb+0x3f8/0x750
[  147.383085][ T4952]  ? genl_bind+0x480/0x480
[  147.387615][ T4952]  ? genl_pernet_exit+0x60/0x60
[  147.392580][ T4952]  genl_rcv+0x40/0x60
[  147.396726][ T4952]  netlink_unicast+0xf41/0x1270
[  147.401725][ T4952]  netlink_sendmsg+0x127d/0x1430
[  147.406836][ T4952]  ? netlink_getsockopt+0x1400/0x1400
[  147.412375][ T4952]  ____sys_sendmsg+0xa24/0xe40
[  147.417327][ T4952]  ___sys_sendmsg+0x2a1/0x3f0
[  147.422154][ T4952]  ? filter_irq_stacks+0x164/0x1a0
[  147.427520][ T4952]  ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[  147.433468][ T4952]  ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[  147.439493][ T4952]  __x64_sys_sendmsg+0x36b/0x540
[  147.444606][ T4952]  do_syscall_64+0x41/0xc0
[  147.449190][ T4952]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  147.455281][ T4952] RIP: 0033:0x7f7b819f36b9
[  147.459787][ T4952] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[  147.479500][ T4952] RSP: 002b:00007ffce96e6698 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  147.488010][ T4952] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7b819f36b9
[  147.496116][ T4952] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000004
[  147.504255][ T4952] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000f0b5ff
[  147.512442][ T4952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  147.520536][ T4952] R13: 00007ffce96e66c0 R14: 00007ffce96e66b0 R15: 0000000000000003
[  147.528759][ T4952]  </TASK>
[  147.532093][ T4952] Kernel Offset: disabled
[  147.536477][ T4952] Rebooting in 86400 seconds..