./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1542240244 <...> Warning: Permanently added '10.128.1.133' (ED25519) to the list of known hosts. execve("./syz-executor1542240244", ["./syz-executor1542240244"], 0x7ffc64e519a0 /* 10 vars */) = 0 brk(NULL) = 0x55555723e000 brk(0x55555723ed00) = 0x55555723ed00 arch_prctl(ARCH_SET_FS, 0x55555723e380) = 0 set_tid_address(0x55555723e650) = 4997 set_robust_list(0x55555723e660, 24) = 0 rseq(0x55555723eca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1542240244", 4096) = 28 getrandom("\x0e\xf0\xfd\xda\x15\x12\xf2\x3e", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555723ed00 brk(0x55555725fd00) = 0x55555725fd00 brk(0x555557260000) = 0x555557260000 mprotect(0x7f9044a0d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555723e650) = 4998 ./strace-static-x86_64: Process 4998 attached [pid 4998] set_robust_list(0x55555723e660, 24) = 0 [pid 4998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4998] setpgid(0, 0) = 0 [pid 4998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4998] write(3, "1000", 4) = 4 [pid 4998] close(3) = 0 [pid 4998] openat(AT_FDCWD, "/dev/net/tun", O_WRONLY|O_CREAT|O_TRUNC|O_NOATIME, 000) = 3 [pid 4998] ioctl(3, TUNSETIFF, 0x20000200) = 0 [pid 4998] socket(AF_INET, SOCK_PACKET, IPPROTO_IGMP) = 4 [pid 4998] ioctl(4, SIOCSIFFLAGS, {ifr_name="syzkaller1", ifr_flags=IFF_UP|IFF_DYNAMIC}) = 0 [ 148.475805][ T4998] syz-executor154 uses obsolete (PF_INET,SOCK_PACKET) [ 148.504035][ T4998] ===================================================== [ 148.511257][ T4998] BUG: KMSAN: uninit-value in llc_station_rcv+0x6fb/0x1290 [ 148.518816][ T4998] llc_station_rcv+0x6fb/0x1290 [ 148.523948][ T4998] llc_rcv+0xc5d/0x14a0 [ 148.528281][ T4998] __netif_receive_skb+0x1a6/0x5a0 [ 148.533707][ T4998] netif_receive_skb+0x58/0x660 [ 148.538740][ T4998] tun_rx_batched+0x3ee/0x980 [ 148.543682][ T4998] tun_get_user+0x54c5/0x69c0 [ 148.548526][ T4998] tun_chr_write_iter+0x3af/0x5d0 [ 148.553813][ T4998] vfs_write+0x8ef/0x15c0 [ 148.558319][ T4998] ksys_write+0x20f/0x4c0 [ 148.563010][ T4998] __x64_sys_write+0x93/0xd0 [ 148.567775][ T4998] do_syscall_64+0x41/0xc0 [ 148.572352][ T4998] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 148.578541][ T4998] [ 148.580949][ T4998] Uninit was created at: [ 148.585487][ T4998] slab_post_alloc_hook+0x12f/0xb70 [ 148.590879][ T4998] kmem_cache_alloc_node+0x577/0xa80 [ 148.596488][ T4998] kmalloc_reserve+0x13d/0x4a0 [ 148.601494][ T4998] __alloc_skb+0x318/0x740 [ 148.606235][ T4998] alloc_skb_with_frags+0xc8/0xbd0 [ 148.611539][ T4998] sock_alloc_send_pskb+0xa80/0xbf0 [ 148.617061][ T4998] tun_get_user+0x23d0/0x69c0 [ 148.621905][ T4998] tun_chr_write_iter+0x3af/0x5d0 [ 148.627208][ T4998] vfs_write+0x8ef/0x15c0 [ 148.631715][ T4998] ksys_write+0x20f/0x4c0 [ 148.636332][ T4998] __x64_sys_write+0x93/0xd0 [ 148.641099][ T4998] do_syscall_64+0x41/0xc0 [ 148.645778][ T4998] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 148.651855][ T4998] [ 148.654354][ T4998] CPU: 0 PID: 4998 Comm: syz-executor154 Not tainted 6.6.0-rc5-syzkaller-00072-g401644852d0b #0 [ 148.665141][ T4998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 148.675608][ T4998] ===================================================== [ 148.682653][ T4998] Disabling lock debugging due to kernel taint [ 148.689034][ T4998] Kernel panic - not syncing: kmsan.panic set ... [ 148.695562][ T4998] CPU: 0 PID: 4998 Comm: syz-executor154 Tainted: G B 6.6.0-rc5-syzkaller-00072-g401644852d0b #0 [ 148.707634][ T4998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 148.717825][ T4998] Call Trace: [ 148.721214][ T4998] [ 148.724247][ T4998] dump_stack_lvl+0x1bf/0x240 [ 148.729111][ T4998] dump_stack+0x1e/0x20 [ 148.733515][ T4998] panic+0x4d5/0xc70 [ 148.737618][ T4998] ? add_taint+0x108/0x1a0 [ 148.742217][ T4998] kmsan_report+0x2d0/0x2d0 [ 148.746904][ T4998] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 148.752911][ T4998] ? __msan_warning+0x96/0x110 [ 148.757838][ T4998] ? llc_station_rcv+0x6fb/0x1290 [ 148.763057][ T4998] ? llc_rcv+0xc5d/0x14a0 [ 148.767574][ T4998] ? __netif_receive_skb+0x1a6/0x5a0 [ 148.773094][ T4998] ? netif_receive_skb+0x58/0x660 [ 148.778308][ T4998] ? tun_rx_batched+0x3ee/0x980 [ 148.783327][ T4998] ? tun_get_user+0x54c5/0x69c0 [ 148.788344][ T4998] ? tun_chr_write_iter+0x3af/0x5d0 [ 148.793797][ T4998] ? vfs_write+0x8ef/0x15c0 [ 148.798508][ T4998] ? ksys_write+0x20f/0x4c0 [ 148.803209][ T4998] ? __x64_sys_write+0x93/0xd0 [ 148.808232][ T4998] ? do_syscall_64+0x41/0xc0 [ 148.812987][ T4998] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 148.819250][ T4998] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 148.825258][ T4998] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 148.831701][ T4998] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 148.837714][ T4998] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 148.843790][ T4998] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 148.850327][ T4998] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 148.856356][ T4998] __msan_warning+0x96/0x110 [ 148.861128][ T4998] llc_station_rcv+0x6fb/0x1290 [ 148.866185][ T4998] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 148.872211][ T4998] ? llc_ui_wait_for_busy_core+0x730/0x730 [ 148.878249][ T4998] llc_rcv+0xc5d/0x14a0 [ 148.882614][ T4998] __netif_receive_skb+0x1a6/0x5a0 [ 148.887949][ T4998] ? llc_set_station_handler+0x70/0x70 [ 148.893620][ T4998] netif_receive_skb+0x58/0x660 [ 148.898671][ T4998] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 148.904783][ T4998] ? tun_rx_batched+0x37c/0x980 [ 148.909816][ T4998] tun_rx_batched+0x3ee/0x980 [ 148.914681][ T4998] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 148.920695][ T4998] tun_get_user+0x54c5/0x69c0 [ 148.925554][ T4998] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 148.932039][ T4998] tun_chr_write_iter+0x3af/0x5d0 [ 148.937249][ T4998] ? tun_chr_read_iter+0x670/0x670 [ 148.942629][ T4998] vfs_write+0x8ef/0x15c0 [ 148.947185][ T4998] ksys_write+0x20f/0x4c0 [ 148.951727][ T4998] __x64_sys_write+0x93/0xd0 [ 148.956534][ T4998] do_syscall_64+0x41/0xc0 [ 148.961131][ T4998] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 148.967226][ T4998] RIP: 0033:0x7f904499ab39 [ 148.971783][ T4998] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 148.991599][ T4998] RSP: 002b:00007ffd6a7bd448 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 149.000194][ T4998] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f904499ab39 [ 149.008426][ T4998] RDX: 0000000000000016 RSI: 0000000020000040 RDI: 0000000000000003 [ 149.016544][ T4998] RBP: 00007f9044a0d5f0 R08: 0000000000000006 R09: 0000000000000006 [ 149.024662][ T4998] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001 [ 149.032790][ T4998] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 149.040933][ T4998] [ 149.044386][ T4998] Kernel Offset: disabled [ 149.048763][ T4998] Rebooting in 86400 seconds..