./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor420312793 <...> Warning: Permanently added '10.128.1.47' (ED25519) to the list of known hosts. execve("./syz-executor420312793", ["./syz-executor420312793"], 0x7fffd340eec0 /* 10 vars */) = 0 brk(NULL) = 0x55555a187000 brk(0x55555a187d00) = 0x55555a187d00 arch_prctl(ARCH_SET_FS, 0x55555a187380) = 0 set_tid_address(0x55555a187650) = 5048 set_robust_list(0x55555a187660, 24) = 0 rseq(0x55555a187ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor420312793", 4096) = 27 getrandom("\x6f\x7d\x8b\xe3\xf2\xce\x7d\xb8", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555a187d00 brk(0x55555a1a8d00) = 0x55555a1a8d00 brk(0x55555a1a9000) = 0x55555a1a9000 mprotect(0x7f58dd6a3000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555a187650) = 5049 ./strace-static-x86_64: Process 5049 attached [pid 5049] set_robust_list(0x55555a187660, 24) = 0 [pid 5049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5049] setpgid(0, 0) = 0 [pid 5049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5049] write(3, "1000", 4) = 4 [pid 5049] close(3executing program ) = 0 [pid 5049] write(1, "executing program\n", 18) = 18 [pid 5049] openat(AT_FDCWD, "/dev/ppp", O_RDWR|O_NONBLOCK|O_NOATIME|O_CLOEXEC) = 3 [pid 5049] ioctl(3, PPPIOCNEWUNIT, 0x200000c0) = 0 [pid 5049] openat(AT_FDCWD, "/dev/ptmx", O_RDONLY) = 4 [pid 5049] ioctl(4, TIOCSETD, [3]) = 0 [pid 5049] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SOCKET_FILTER, insn_cnt=0, insns=NULL, license=NULL, log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=-1, func_info_rec_size=8, func_info=NULL, func_info_cnt=0, line_info_rec_size=16, line_info=NULL, line_info_cnt=0, attach_btf_id=4294967295, attach_prog_fd=-1}, 120) = -1 E2BIG (Argument list too long) [pid 5049] openat(AT_FDCWD, "/dev/ppp", O_RDONLY) = 5 [pid 5049] ioctl(5, PPPIOCATTCHAN, 0x20000180) = 0 [pid 5049] ioctl(5, PPPIOCCONNECT, 0x20000300) = 0 [ 154.048311][ T5049] ===================================================== [ 154.055615][ T5049] BUG: KMSAN: uninit-value in ppp_async_push+0xc05/0x2660 [ 154.063107][ T5049] ppp_async_push+0xc05/0x2660 [ 154.068101][ T5049] ppp_async_send+0x130/0x1b0 [ 154.073136][ T5049] ppp_push+0x220/0x22b0 [ 154.077566][ T5049] __ppp_xmit_process+0x123a/0x2780 [ 154.083050][ T5049] ppp_xmit_process+0x100/0x2b0 [ 154.088106][ T5049] ppp_write+0x63a/0x7d0 [ 154.092619][ T5049] vfs_writev+0xb0e/0x1450 [ 154.097222][ T5049] __x64_sys_pwritev+0x2e5/0x500 [ 154.102479][ T5049] x64_sys_call+0x3539/0x3b50 [ 154.107351][ T5049] do_syscall_64+0xcf/0x1e0 [ 154.112153][ T5049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.118264][ T5049] [ 154.120686][ T5049] Uninit was created at: [ 154.125232][ T5049] kmem_cache_alloc_node+0x622/0xc90 [ 154.130686][ T5049] kmalloc_reserve+0x13d/0x4a0 [ 154.135713][ T5049] __alloc_skb+0x35b/0x7a0 [ 154.140309][ T5049] ppp_write+0xe5/0x7d0 [ 154.144801][ T5049] vfs_writev+0xb0e/0x1450 [ 154.149487][ T5049] __x64_sys_pwritev+0x2e5/0x500 [ 154.154729][ T5049] x64_sys_call+0x3539/0x3b50 [ 154.159615][ T5049] do_syscall_64+0xcf/0x1e0 [ 154.164451][ T5049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.170566][ T5049] [ 154.173054][ T5049] CPU: 1 PID: 5049 Comm: syz-executor420 Not tainted 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 154.183362][ T5049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 154.193659][ T5049] ===================================================== [ 154.200684][ T5049] Disabling lock debugging due to kernel taint [ 154.206997][ T5049] Kernel panic - not syncing: kmsan.panic set ... [ 154.213513][ T5049] CPU: 1 PID: 5049 Comm: syz-executor420 Tainted: G B 6.9.0-syzkaller-02707-g614da38e2f7a #0 [ 154.225226][ T5049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 154.235403][ T5049] Call Trace: [ 154.238778][ T5049] [ 154.241816][ T5049] dump_stack_lvl+0x216/0x2d0 [ 154.246692][ T5049] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 154.252682][ T5049] dump_stack+0x1e/0x30 [ 154.257016][ T5049] panic+0x4e2/0xcd0 [ 154.261089][ T5049] ? kmsan_get_metadata+0xf1/0x1d0 [ 154.266383][ T5049] kmsan_report+0x2d5/0x2e0 [ 154.271054][ T5049] ? __msan_warning+0x95/0x120 [ 154.275973][ T5049] ? ppp_async_push+0xc05/0x2660 [ 154.281108][ T5049] ? ppp_async_send+0x130/0x1b0 [ 154.286154][ T5049] ? ppp_push+0x220/0x22b0 [ 154.290742][ T5049] ? __ppp_xmit_process+0x123a/0x2780 [ 154.296297][ T5049] ? ppp_xmit_process+0x100/0x2b0 [ 154.301519][ T5049] ? ppp_write+0x63a/0x7d0 [ 154.306130][ T5049] ? vfs_writev+0xb0e/0x1450 [ 154.310888][ T5049] ? __x64_sys_pwritev+0x2e5/0x500 [ 154.316151][ T5049] ? x64_sys_call+0x3539/0x3b50 [ 154.321183][ T5049] ? do_syscall_64+0xcf/0x1e0 [ 154.326047][ T5049] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.332398][ T5049] ? kmsan_get_metadata+0x146/0x1d0 [ 154.337757][ T5049] ? kmsan_get_metadata+0x146/0x1d0 [ 154.343121][ T5049] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 154.349104][ T5049] ? __module_address+0xef/0x7e0 [ 154.354189][ T5049] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 154.360170][ T5049] ? kmsan_get_metadata+0x146/0x1d0 [ 154.365532][ T5049] ? kmsan_get_metadata+0x146/0x1d0 [ 154.370897][ T5049] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 154.377441][ T5049] ? kmsan_get_metadata+0x146/0x1d0 [ 154.382801][ T5049] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 154.388782][ T5049] __msan_warning+0x95/0x120 [ 154.393520][ T5049] ppp_async_push+0xc05/0x2660 [ 154.398543][ T5049] ppp_async_send+0x130/0x1b0 [ 154.403426][ T5049] ? __pfx_ppp_async_send+0x10/0x10 [ 154.408829][ T5049] ppp_push+0x220/0x22b0 [ 154.413245][ T5049] ? kmsan_get_metadata+0x146/0x1d0 [ 154.418613][ T5049] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 154.424596][ T5049] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 154.430580][ T5049] ? stack_depot_save_flags+0x66d/0x6e0 [ 154.436304][ T5049] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 154.442758][ T5049] ? kmsan_get_metadata+0x146/0x1d0 [ 154.448128][ T5049] __ppp_xmit_process+0x123a/0x2780 [ 154.453523][ T5049] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 154.459514][ T5049] ? kmsan_get_metadata+0x146/0x1d0 [ 154.464899][ T5049] ppp_xmit_process+0x100/0x2b0 [ 154.469941][ T5049] ? ppp_xmit_process+0x2d/0x2b0 [ 154.475074][ T5049] ppp_write+0x63a/0x7d0 [ 154.479512][ T5049] vfs_writev+0xb0e/0x1450 [ 154.484097][ T5049] ? kmsan_get_metadata+0x146/0x1d0 [ 154.489460][ T5049] ? __pfx_ppp_write+0x10/0x10 [ 154.494428][ T5049] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 154.500409][ T5049] ? kmsan_get_metadata+0x146/0x1d0 [ 154.505773][ T5049] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 154.511761][ T5049] __x64_sys_pwritev+0x2e5/0x500 [ 154.516868][ T5049] x64_sys_call+0x3539/0x3b50 [ 154.521736][ T5049] do_syscall_64+0xcf/0x1e0 [ 154.526428][ T5049] ? clear_bhb_loop+0x25/0x80 [ 154.531304][ T5049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.537393][ T5049] RIP: 0033:0x7f58dd62fc79 [ 154.541928][ T5049] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 154.561716][ T5049] RSP: 002b:00007fff7b8e1b78 EFLAGS: 00000246 ORIG_RAX: 0000000000000128 [ 154.570292][ T5049] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f58dd62fc79 [ 154.578399][ T5049] RDX: 0000000000000001 RSI: 00000000200002c0 RDI: 0000000000000003 [ 154.586494][ T5049] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000006 [ 154.594598][ T5049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 154.602693][ T5049] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 154.610802][ T5049] [ 154.614239][ T5049] Kernel Offset: disabled [ 154.618622][ T5049] Rebooting in 86400 seconds..