./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor743576238
<...>
DUID 00:04:44:79:fb:c8:ec:17:8e:fd:6c:10:37:74:be:fc:69:d0
forked to background, child pid 4602
[ 97.519166][ T4603] 8021q: adding VLAN 0 to HW filter on device bond0
[ 97.555368][ T4603] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
syzkaller login: [ 105.383913][ T114] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.161' (ECDSA) to the list of known hosts.
execve("./syz-executor743576238", ["./syz-executor743576238"], 0x7ffccdffc800 /* 10 vars */) = 0
brk(NULL) = 0x555555dc6000
brk(0x555555dc6c40) = 0x555555dc6c40
arch_prctl(ARCH_SET_FS, 0x555555dc6300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor743576238", 4096) = 27
brk(0x555555de7c40) = 0x555555de7c40
brk(0x555555de8000) = 0x555555de8000
mprotect(0x7f7b81a67000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555dc65d0) = 4950
./strace-static-x86_64: Process 4950 attached
[pid 4950] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid 4950] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4950] setsid() = 1
[pid 4950] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid 4950] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid 4950] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid 4950] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid 4950] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid 4950] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid 4950] unshare(CLONE_NEWNS) = 0
[pid 4950] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid 4950] unshare(CLONE_NEWIPC) = 0
[pid 4950] unshare(CLONE_NEWCGROUP) = 0
[pid 4950] unshare(CLONE_NEWUTS) = 0
[pid 4950] unshare(CLONE_SYSVSEM) = 0
[pid 4950] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid 4950] write(3, "16777216", 8) = 8
[pid 4950] close(3) = 0
[pid 4950] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid 4950] write(3, "536870912", 9) = 9
[pid 4950] close(3) = 0
[pid 4950] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid 4950] write(3, "1024", 4) = 4
[pid 4950] close(3) = 0
[pid 4950] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid 4950] write(3, "8192", 4) = 4
[pid 4950] close(3) = 0
[pid 4950] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid 4950] write(3, "1024", 4) = 4
[pid 4950] close(3) = 0
[pid 4950] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid 4950] write(3, "1024", 4) = 4
[pid 4950] close(3) = 0
[pid 4950] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid 4950] write(3, "1024 1048576 500 1024", 21) = 21
[pid 4950] close(3) = 0
[pid 4950] getpid() = 1
[pid 4950] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 4950] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 4950] unshare(CLONE_NEWNET) = 0
[pid 4950] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid 4950] write(3, "0 65535", 7) = 7
[pid 4950] close(3) = 0
[pid 4950] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3
[pid 4950] dup2(3, 200) = 200
[pid 4950] close(3) = 0
[pid 4950] ioctl(200, TUNSETIFF, 0x7ffce96e66f0) = 0
[pid 4950] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3
[pid 4950] write(3, "0", 1) = 1
[pid 4950] close(3) = 0
[pid 4950] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3
[pid 4950] write(3, "0", 1) = 1
[pid 4950] close(3) = 0
[pid 4950] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid 4950] access("/proc/net", R_OK) = 0
[pid 4950] access("/proc/net/unix", R_OK) = 0
[pid 4950] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 4950] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid 4950] close(4) = 0
[pid 4950] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid 4950] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 4950] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 4950] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid 4950] close(4) = 0
[pid 4950] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid 4950] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 4950] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 4950] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid 4950] close(4) = 0
[pid 4950] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
[pid 4950] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 4950] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 4950] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid 4950] close(4) = 0
[pid 4950] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 60
[pid 4950] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 4950] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid 4950] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid 4950] close(4) = 0
[pid 4950] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
[pid 4950] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 4950] close(3) = 0
[pid 4950] mkdir("/dev/binderfs", 0777) = 0
[pid 4950] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid 4950] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4950] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555dc65d0) = 2
./strace-static-x86_64: Process 4952 attached
[pid 4952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4952] setpgid(0, 0) = 0
[pid 4952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4952] write(3, "1000", 4) = 4
[pid 4952] close(3) = 0
[pid 4952] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid 4952] read(200, 0x7ffce96e62a0, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid 4952] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 3
[pid 4952] ioctl(3, SIOCETHTOOL, 0x200002c0) = 0
[pid 4952] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4
[pid 4952] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5
[pid 4952] sendto(5, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x65\x74\x68\x74\x6f\x6f\x6c\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid 4952] recvfrom(5, [{nlmsg_len=956, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=2}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x65\x74\x68\x74\x6f\x6f\x6c\x00\x06\x00\x01\x00\x16\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x00\x00\x00\x00\x60\x03\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 956
[pid 4952] recvfrom(5, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=2}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid 4952] close(5) = 0
[ 146.894621][ T4952] =====================================================
[ 146.901779][ T4952] BUG: KMSAN: uninit-value in ethnl_set_linkmodes+0x190b/0x19d0
[ 146.909836][ T4952] ethnl_set_linkmodes+0x190b/0x19d0
[ 146.916572][ T4952] ethnl_default_set_doit+0x88d/0xde0
[ 146.922249][ T4952] genl_rcv_msg+0x141a/0x14c0
[ 146.927103][ T4952] netlink_rcv_skb+0x3f8/0x750
[ 146.932309][ T4952] genl_rcv+0x40/0x60
[ 146.936441][ T4952] netlink_unicast+0xf41/0x1270
[ 146.941400][ T4952] netlink_sendmsg+0x127d/0x1430
[ 146.946620][ T4952] ____sys_sendmsg+0xa24/0xe40
[ 146.951561][ T4952] ___sys_sendmsg+0x2a1/0x3f0
[ 146.956512][ T4952] __x64_sys_sendmsg+0x36b/0x540
[ 146.961605][ T4952] do_syscall_64+0x41/0xc0
[ 146.966399][ T4952] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 146.973683][ T4952]
[ 146.976083][ T4952] Uninit was stored to memory at:
[ 146.981322][ T4952] tun_get_link_ksettings+0x37/0x60
[ 146.987345][ T4952] __ethtool_get_link_ksettings+0x17b/0x260
[ 146.993517][ T4952] ethnl_set_linkmodes+0xee/0x19d0
[ 146.998790][ T4952] ethnl_default_set_doit+0x88d/0xde0
[ 147.004436][ T4952] genl_rcv_msg+0x141a/0x14c0
[ 147.009252][ T4952] netlink_rcv_skb+0x3f8/0x750
[ 147.014268][ T4952] genl_rcv+0x40/0x60
[ 147.018407][ T4952] netlink_unicast+0xf41/0x1270
[ 147.023571][ T4952] netlink_sendmsg+0x127d/0x1430
[ 147.028667][ T4952] ____sys_sendmsg+0xa24/0xe40
[ 147.034620][ T4952] ___sys_sendmsg+0x2a1/0x3f0
[ 147.039445][ T4952] __x64_sys_sendmsg+0x36b/0x540
[ 147.044681][ T4952] do_syscall_64+0x41/0xc0
[ 147.049246][ T4952] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 147.055498][ T4952]
[ 147.057884][ T4952] Uninit was stored to memory at:
[ 147.063257][ T4952] tun_set_link_ksettings+0x37/0x60
[ 147.068615][ T4952] ethtool_set_link_ksettings+0x600/0x690
[ 147.074670][ T4952] dev_ethtool+0x1db9/0x2a70
[ 147.079439][ T4952] dev_ioctl+0xb07/0x1270
[ 147.084156][ T4952] sock_do_ioctl+0x295/0x540
[ 147.089044][ T4952] sock_ioctl+0x729/0xd90
[ 147.093724][ T4952] __se_sys_ioctl+0x222/0x400
[ 147.098552][ T4952] __x64_sys_ioctl+0x96/0xe0
[ 147.103438][ T4952] do_syscall_64+0x41/0xc0
[ 147.107990][ T4952] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 147.114130][ T4952]
[ 147.116521][ T4952] Local variable link_ksettings created at:
[ 147.122606][ T4952] ethtool_set_link_ksettings+0x54/0x690
[ 147.128395][ T4952] dev_ethtool+0x1db9/0x2a70
[ 147.133276][ T4952]
[ 147.135663][ T4952] CPU: 1 PID: 4952 Comm: syz-executor743 Not tainted 6.3.0-syzkaller-g81af97bdef5e #0
[ 147.145563][ T4952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 147.155837][ T4952] =====================================================
[ 147.163144][ T4952] Disabling lock debugging due to kernel taint
[ 147.169404][ T4952] Kernel panic - not syncing: kmsan.panic set ...
[ 147.175945][ T4952] CPU: 1 PID: 4952 Comm: syz-executor743 Tainted: G B 6.3.0-syzkaller-g81af97bdef5e #0
[ 147.187086][ T4952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 147.197275][ T4952] Call Trace:
[ 147.200630][ T4952] <TASK>
[ 147.203636][ T4952] dump_stack_lvl+0x1cc/0x260
[ 147.208451][ T4952] dump_stack+0x1e/0x20
[ 147.212768][ T4952] panic+0x4e2/0xc70
[ 147.216894][ T4952] ? add_taint+0x108/0x1a0
[ 147.221467][ T4952] kmsan_report+0x2d0/0x2d0
[ 147.226066][ T4952] ? _raw_spin_lock_irqsave+0x45/0xd0
[ 147.231545][ T4952] ? __msan_warning+0x96/0x110
[ 147.236414][ T4952] ? ethnl_set_linkmodes+0x190b/0x19d0
[ 147.242018][ T4952] ? ethnl_default_set_doit+0x88d/0xde0
[ 147.247703][ T4952] ? genl_rcv_msg+0x141a/0x14c0
[ 147.252675][ T4952] ? netlink_rcv_skb+0x3f8/0x750
[ 147.257758][ T4952] ? genl_rcv+0x40/0x60
[ 147.262027][ T4952] ? netlink_unicast+0xf41/0x1270
[ 147.267270][ T4952] ? netlink_sendmsg+0x127d/0x1430
[ 147.272495][ T4952] ? ____sys_sendmsg+0xa24/0xe40
[ 147.277594][ T4952] ? ___sys_sendmsg+0x2a1/0x3f0
[ 147.282657][ T4952] ? __x64_sys_sendmsg+0x36b/0x540
[ 147.287939][ T4952] ? do_syscall_64+0x41/0xc0
[ 147.293034][ T4952] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 147.299368][ T4952] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 147.305281][ T4952] ? kmsan_internal_memmove_metadata+0x204/0x360
[ 147.311752][ T4952] ? __msan_memcpy+0x108/0x1b0
[ 147.316660][ T4952] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 147.322849][ T4952] __msan_warning+0x96/0x110
[ 147.327570][ T4952] ethnl_set_linkmodes+0x190b/0x19d0
[ 147.333017][ T4952] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 147.338991][ T4952] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 147.344963][ T4952] ? ethnl_set_linkmodes_validate+0x540/0x540
[ 147.351203][ T4952] ? ethnl_set_linkmodes_validate+0x540/0x540
[ 147.357375][ T4952] ethnl_default_set_doit+0x88d/0xde0
[ 147.362885][ T4952] ? ethnl_default_done+0x90/0x90
[ 147.368049][ T4952] genl_rcv_msg+0x141a/0x14c0
[ 147.372967][ T4952] ? ethnl_default_done+0x90/0x90
[ 147.378169][ T4952] netlink_rcv_skb+0x3f8/0x750
[ 147.383085][ T4952] ? genl_bind+0x480/0x480
[ 147.387615][ T4952] ? genl_pernet_exit+0x60/0x60
[ 147.392580][ T4952] genl_rcv+0x40/0x60
[ 147.396726][ T4952] netlink_unicast+0xf41/0x1270
[ 147.401725][ T4952] netlink_sendmsg+0x127d/0x1430
[ 147.406836][ T4952] ? netlink_getsockopt+0x1400/0x1400
[ 147.412375][ T4952] ____sys_sendmsg+0xa24/0xe40
[ 147.417327][ T4952] ___sys_sendmsg+0x2a1/0x3f0
[ 147.422154][ T4952] ? filter_irq_stacks+0x164/0x1a0
[ 147.427520][ T4952] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 147.433468][ T4952] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 147.439493][ T4952] __x64_sys_sendmsg+0x36b/0x540
[ 147.444606][ T4952] do_syscall_64+0x41/0xc0
[ 147.449190][ T4952] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 147.455281][ T4952] RIP: 0033:0x7f7b819f36b9
[ 147.459787][ T4952] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 147.479500][ T4952] RSP: 002b:00007ffce96e6698 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 147.488010][ T4952] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7b819f36b9
[ 147.496116][ T4952] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000004
[ 147.504255][ T4952] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000f0b5ff
[ 147.512442][ T4952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 147.520536][ T4952] R13: 00007ffce96e66c0 R14: 00007ffce96e66b0 R15: 0000000000000003
[ 147.528759][ T4952] </TASK>
[ 147.532093][ T4952] Kernel Offset: disabled
[ 147.536477][ T4952] Rebooting in 86400 seconds..