./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2380743578 <...> [ 110.504617][ T9] cfg80211: failed to load regulatory.db forked to background, child pid 4609 [ 113.180310][ T4610] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.227657][ T4610] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.219' (ECDSA) to the list of known hosts. execve("./syz-executor2380743578", ["./syz-executor2380743578"], 0x7ffd33afa9b0 /* 10 vars */) = 0 brk(NULL) = 0x5555568bb000 brk(0x5555568bbc40) = 0x5555568bbc40 arch_prctl(ARCH_SET_FS, 0x5555568bb300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2380743578", 4096) = 28 brk(0x5555568dcc40) = 0x5555568dcc40 brk(0x5555568dd000) = 0x5555568dd000 mprotect(0x7fa2be805000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568bb5d0) = 4955 ./strace-static-x86_64: Process 4955 attached [pid 4955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4955] setpgid(0, 0) = 0 [pid 4955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4955] write(3, "1000", 4) = 4 [pid 4955] close(3) = 0 [pid 4955] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3 [pid 4955] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 [pid 4955] sendto(4, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0b\x00\x02\x00\x54\x49\x50\x43\x76\x32\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 4955] recvfrom(4, [{nlmsg_len=548, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=4955}, "\x01\x02\x00\x00\x0b\x00\x02\x00\x54\x49\x50\x43\x76\x32\x00\x00\x06\x00\x01\x00\x31\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x0a\x00\x00\x00\xe4\x01\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x03\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 548 [pid 4955] recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4955}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 4955] close(4) = 0 syzkaller login: [ 163.391028][ T4955] netlink: 12 bytes leftover after parsing attributes in process `syz-executor238'. [ 163.401012][ T4955] ===================================================== [ 163.408647][ T4955] BUG: KMSAN: uninit-value in strstr+0xb8/0x2f0 [ 163.415193][ T4955] strstr+0xb8/0x2f0 [ 163.419211][ T4955] tipc_nl_node_reset_link_stats+0x3ea/0xb50 [ 163.425489][ T4955] genl_rcv_msg+0x12ed/0x1380 [ 163.430378][ T4955] netlink_rcv_skb+0x371/0x650 [ 163.435444][ T4955] genl_rcv+0x40/0x60 [ 163.439621][ T4955] netlink_unicast+0xf28/0x1230 [ 163.444768][ T4955] netlink_sendmsg+0x122f/0x13d0 [ 163.449889][ T4955] ____sys_sendmsg+0x999/0xd50 [ 163.455024][ T4955] ___sys_sendmsg+0x28d/0x3c0 [ 163.459897][ T4955] __x64_sys_sendmsg+0x304/0x490 [ 163.465171][ T4955] do_syscall_64+0x41/0xc0 [ 163.469761][ T4955] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 163.476079][ T4955] [ 163.478485][ T4955] Uninit was created at: [ 163.483109][ T4955] slab_post_alloc_hook+0x12d/0xb60 [ 163.488789][ T4955] kmem_cache_alloc_node+0x535/0xa30 [ 163.494433][ T4955] kmalloc_reserve+0x148/0x470 [ 163.499398][ T4955] __alloc_skb+0x318/0x740 [ 163.504082][ T4955] netlink_sendmsg+0xb34/0x13d0 [ 163.509127][ T4955] ____sys_sendmsg+0x999/0xd50 [ 163.515238][ T4955] ___sys_sendmsg+0x28d/0x3c0 [ 163.520132][ T4955] __x64_sys_sendmsg+0x304/0x490 [ 163.525391][ T4955] do_syscall_64+0x41/0xc0 [ 163.530000][ T4955] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 163.536227][ T4955] [ 163.538655][ T4955] CPU: 0 PID: 4955 Comm: syz-executor238 Not tainted 6.4.0-rc1-syzkaller-g46e8b6e7cfeb #0 [ 163.548938][ T4955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 163.559294][ T4955] ===================================================== [ 163.566417][ T4955] Disabling lock debugging due to kernel taint [ 163.572844][ T4955] Kernel panic - not syncing: kmsan.panic set ... [ 163.579402][ T4955] CPU: 0 PID: 4955 Comm: syz-executor238 Tainted: G B 6.4.0-rc1-syzkaller-g46e8b6e7cfeb #0 [ 163.590980][ T4955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 163.601203][ T4955] Call Trace: [ 163.604625][ T4955] [ 163.607713][ T4955] dump_stack_lvl+0x1bf/0x240 [ 163.612623][ T4955] dump_stack+0x1e/0x20 [ 163.616985][ T4955] panic+0x4d5/0xc70 [ 163.621114][ T4955] ? add_taint+0x108/0x1a0 [ 163.625702][ T4955] kmsan_report+0x2d0/0x2d0 [ 163.630365][ T4955] ? __msan_warning+0x96/0x110 [ 163.635326][ T4955] ? strstr+0xb8/0x2f0 [ 163.639578][ T4955] ? tipc_nl_node_reset_link_stats+0x3ea/0xb50 [ 163.645973][ T4955] ? genl_rcv_msg+0x12ed/0x1380 [ 163.651001][ T4955] ? netlink_rcv_skb+0x371/0x650 [ 163.656119][ T4955] ? genl_rcv+0x40/0x60 [ 163.660476][ T4955] ? netlink_unicast+0xf28/0x1230 [ 163.665661][ T4955] ? netlink_sendmsg+0x122f/0x13d0 [ 163.670980][ T4955] ? ____sys_sendmsg+0x999/0xd50 [ 163.676085][ T4955] ? ___sys_sendmsg+0x28d/0x3c0 [ 163.681161][ T4955] ? __x64_sys_sendmsg+0x304/0x490 [ 163.686492][ T4955] ? do_syscall_64+0x41/0xc0 [ 163.691299][ T4955] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 163.697587][ T4955] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 163.703652][ T4955] ? __nla_validate_parse+0x38cb/0x42a0 [ 163.709431][ T4955] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 163.715489][ T4955] __msan_warning+0x96/0x110 [ 163.720310][ T4955] strstr+0xb8/0x2f0 [ 163.724394][ T4955] ? strcmp+0x63/0x120 [ 163.728643][ T4955] tipc_nl_node_reset_link_stats+0x3ea/0xb50 [ 163.734905][ T4955] ? tipc_nl_node_get_link+0x980/0x980 [ 163.740593][ T4955] ? tipc_nl_node_get_link+0x980/0x980 [ 163.746240][ T4955] genl_rcv_msg+0x12ed/0x1380 [ 163.751077][ T4955] ? filter_irq_stacks+0x60/0x1a0 [ 163.756304][ T4955] ? tipc_nl_node_get_link+0x980/0x980 [ 163.761955][ T4955] netlink_rcv_skb+0x371/0x650 [ 163.766920][ T4955] ? genl_bind+0x450/0x450 [ 163.771497][ T4955] ? genl_pernet_exit+0x60/0x60 [ 163.776574][ T4955] genl_rcv+0x40/0x60 [ 163.780738][ T4955] netlink_unicast+0xf28/0x1230 [ 163.785747][ T4955] netlink_sendmsg+0x122f/0x13d0 [ 163.790856][ T4955] ? netlink_getsockopt+0x990/0x990 [ 163.796243][ T4955] ____sys_sendmsg+0x999/0xd50 [ 163.801208][ T4955] ___sys_sendmsg+0x28d/0x3c0 [ 163.806095][ T4955] ? filter_irq_stacks+0x60/0x1a0 [ 163.811293][ T4955] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 163.817347][ T4955] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 163.823401][ T4955] __x64_sys_sendmsg+0x304/0x490 [ 163.828606][ T4955] do_syscall_64+0x41/0xc0 [ 163.833175][ T4955] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 163.839224][ T4955] RIP: 0033:0x7fa2be798759 [ 163.843870][ T4955] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 163.863642][ T4955] RSP: 002b:00007ffe337ff1b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 163.872256][ T4955] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa2be798759 [ 163.880373][ T4955] RDX: 0000000000000000 RSI: 0000000020000a40 RDI: 0000000000000003 [ 163.888511][ T4955] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffe337ff358 [ 163.896659][ T4955] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa2be75ba60 [ 163.904795][ T4955] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 163.913037][ T4955] [ 163.916449][ T4955] Kernel Offset: disabled [ 163.920860][ T4955] Rebooting in 86400 seconds..