./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor966739023

<...>
Warning: Permanently added '10.128.0.244' (ED25519) to the list of known hosts.
execve("./syz-executor966739023", ["./syz-executor966739023"], 0x7fff89872370 /* 10 vars */) = 0
brk(NULL)                               = 0x55556eec3000
brk(0x55556eec3d00)                     = 0x55556eec3d00
arch_prctl(ARCH_SET_FS, 0x55556eec3380) = 0
set_tid_address(0x55556eec3650)         = 5173
set_robust_list(0x55556eec3660, 24)     = 0
rseq(0x55556eec3ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor966739023", 4096) = 27
getrandom("\xe9\x0f\x16\xda\xa6\x25\xdc\x0b", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55556eec3d00
brk(0x55556eee4d00)                     = 0x55556eee4d00
brk(0x55556eee5000)                     = 0x55556eee5000
mprotect(0x7ff4bb981000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556eec3650) = 5174
./strace-static-x86_64: Process 5174 attached
[pid  5174] set_robust_list(0x55556eec3660, 24) = 0
[pid  5174] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5174] setsid()                    = 1
[pid  5174] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5174] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5174] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5174] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5174] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5174] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5174] unshare(CLONE_NEWNS)        = 0
[pid  5174] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5174] unshare(CLONE_NEWIPC)       = 0
[pid  5174] unshare(CLONE_NEWCGROUP)    = 0
[pid  5174] unshare(CLONE_NEWUTS)       = 0
[pid  5174] unshare(CLONE_SYSVSEM)      = 0
[pid  5174] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5174] write(3, "16777216", 8)     = 8
[pid  5174] close(3)                    = 0
[pid  5174] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5174] write(3, "536870912", 9)    = 9
[pid  5174] close(3)                    = 0
[pid  5174] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5174] write(3, "1024", 4)         = 4
[pid  5174] close(3)                    = 0
[pid  5174] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5174] write(3, "8192", 4)         = 4
[pid  5174] close(3)                    = 0
[pid  5174] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5174] write(3, "1024", 4)         = 4
[pid  5174] close(3)                    = 0
[pid  5174] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5174] write(3, "1024", 4)         = 4
[pid  5174] close(3)                    = 0
[pid  5174] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5174] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5174] close(3)                    = 0
[pid  5174] getpid()                    = 1
[pid  5174] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5174] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5174] unshare(CLONE_NEWNET)       = 0
[pid  5174] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5174] write(3, "0 65535", 7)      = 7
[pid  5174] close(3)                    = 0
[pid  5174] openat(AT_FDCWD, "/dev/net/tun", O_RDWR|O_NONBLOCK) = 3
[pid  5174] dup2(3, 200)                = 200
[pid  5174] close(3)                    = 0
[pid  5174] ioctl(200, TUNSETIFF, 0x7fff9bd77380) = 0
[pid  5174] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/accept_dad", O_WRONLY|O_CLOEXEC) = 3
[pid  5174] write(3, "0", 1)            = 1
[pid  5174] close(3)                    = 0
[pid  5174] openat(AT_FDCWD, "/proc/sys/net/ipv6/conf/syz_tun/router_solicitations", O_WRONLY|O_CLOEXEC) = 3
[pid  5174] write(3, "0", 1)            = 1
[pid  5174] close(3)                    = 0
[pid  5174] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid  5174] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5174] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5174] close(4)                    = 0
[pid  5174] sendto(3, [{nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x18\x00\x00\x0b\x00\x00\x00\x08\x00\x02\x00\xac\x14\x14\xaa\x08\x00\x01\x00\xac\x14\x14\xaa"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5174] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5174] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5174] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5174] close(4)                    = 0
[pid  5174] sendto(3, [{nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x78\x00\x00\x0b\x00\x00\x00\x14\x00\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5174] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x14 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x500, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5174] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5174] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5174] close(4)                    = 0
[pid  5174] sendto(3, [{nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x02\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x08\x00\x01\x00\xac\x14\x14\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 48, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 48
[pid  5174] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=48, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5174] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5174] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5174] close(4)                    = 0
[pid  5174] sendto(3, [{nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}, "\x0a\x00\x00\x00\x0b\x00\x00\x00\x80\x00\x00\x00\x14\x00\x01\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbb\x0a\x00\x02\x00\xbb\xaa\xaa\xaa\xaa\xaa\x00\x00"], 60, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 60
[pid  5174] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=60, nlmsg_type=0x1c /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|0x600, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5174] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5174] ioctl(4, SIOCGIFINDEX, {ifr_name="syz_tun", ifr_ifindex=11}) = 0
[pid  5174] close(4)                    = 0
[pid  5174] sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0a\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44
[pid  5174] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5174] close(3)                    = 0
[pid  5174] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5174] write(3, "100000", 6)       = 6
[pid  5174] close(3)                    = 0
[pid  5174] mkdir("./syz-tmp", 0777)    = 0
[pid  5174] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  5174] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  5174] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid  5174] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5174] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  5174] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid  5174] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  5174] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5174] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5174] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  5174] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5174] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  5174] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid  5174] chdir("/")                  = 0
[pid  5174] umount2("./pivot", MNT_DETACH) = 0
[pid  5174] chroot("./newroot")         = 0
[pid  5174] chdir("/")                  = 0
[pid  5174] mkdir("/dev/binderfs", 0777) = 0
[pid  5174] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5174] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5174] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5177 attached
, child_tidptr=0x55556eec3650) = 2
[pid  5177] set_robust_list(0x55556eec3660, 24) = 0
[pid  5177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5177] setpgid(0, 0)               = 0
[pid  5177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5177] write(3, "1000", 4)         = 4
[pid  5177] close(3)                    = 0
[pid  5177] read(200, "\x33\x33\x00\x00\x00\x16\xaa\xaa\xaa\xaa\xaa\xaa\x86\xdd\x60\x00\x00\x00\x00\x38\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\xc2\x46\x00\x00\x00\x02\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xaa\xaa\xaa\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00"..., 1000) = 110
[pid  5177] read(200, executing program
0x7fff9bd76f20, 1000) = -1 EAGAIN (Resource temporarily unavailable)
[pid  5177] write(1, "executing program\n", 18) = 18
[pid  5177] socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = 3
[pid  5177] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x10\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x20\x00\x00\x00\x00\x0a\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x09\x00\x01\x00\x73\x79\x7a\x30\x00\x00\x00\x00\x40\x00\x00\x00\x03\x0a\x01\x02\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x09\x00\x03\x00\x73\x79\x7a\x32\x00\x00\x00\x00\x14\x00\x04\x80\x08\x00\x02\x40\x32\x65\x8a\xeb\x08\x00\x01\x40"..., iov_len=208}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 208
[  157.051261][ T5177] =====================================================
[  157.058550][ T5177] BUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0
[  157.066697][ T5177]  nf_reject_ip6_tcphdr_put+0x688/0x6c0
[  157.072448][ T5177]  nf_send_reset6+0xd84/0x15b0
[  157.077475][ T5177]  nft_reject_inet_eval+0x3c1/0x880
[  157.082815][ T5177]  nft_do_chain+0x426/0x2290
[  157.087604][ T5177]  nft_do_chain_inet+0x41a/0x4f0
[  157.092740][ T5177]  nf_hook_slow+0xf4/0x400
[  157.097349][ T5177]  ipv6_rcv+0x29b/0x390
[  157.101674][ T5177]  __netif_receive_skb+0x1da/0xa00
[  157.106957][ T5177]  netif_receive_skb+0x58/0x660
[  157.111975][ T5177]  tun_rx_batched+0x3ee/0x980
[  157.116920][ T5177]  tun_get_user+0x5783/0x6c60
[  157.121763][ T5177]  tun_chr_write_iter+0x3ac/0x5d0
[  157.126967][ T5177]  vfs_write+0xb28/0x1540
[  157.131446][ T5177]  ksys_write+0x20f/0x4c0
[  157.135951][ T5177]  __x64_sys_write+0x93/0xe0
[  157.140693][ T5177]  x64_sys_call+0x306a/0x3ba0
[  157.145652][ T5177]  do_syscall_64+0xcd/0x1e0
[  157.150302][ T5177]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.156430][ T5177] 
[  157.158824][ T5177] Uninit was stored to memory at:
[  157.164150][ T5177]  nf_reject_ip6_tcphdr_put+0x60c/0x6c0
[  157.169892][ T5177]  nf_send_reset6+0xd84/0x15b0
[  157.174876][ T5177]  nft_reject_inet_eval+0x3c1/0x880
[  157.180244][ T5177]  nft_do_chain+0x426/0x2290
[  157.185143][ T5177]  nft_do_chain_inet+0x41a/0x4f0
[  157.190256][ T5177]  nf_hook_slow+0xf4/0x400
[  157.194864][ T5177]  ipv6_rcv+0x29b/0x390
[  157.199187][ T5177]  __netif_receive_skb+0x1da/0xa00
[  157.204473][ T5177]  netif_receive_skb+0x58/0x660
[  157.209462][ T5177]  tun_rx_batched+0x3ee/0x980
[  157.214369][ T5177]  tun_get_user+0x5783/0x6c60
[  157.219200][ T5177]  tun_chr_write_iter+0x3ac/0x5d0
[  157.224400][ T5177]  vfs_write+0xb28/0x1540
[  157.228875][ T5177]  ksys_write+0x20f/0x4c0
[  157.233291][ T5177]  __x64_sys_write+0x93/0xe0
[  157.238098][ T5177]  x64_sys_call+0x306a/0x3ba0
[  157.242949][ T5177]  do_syscall_64+0xcd/0x1e0
[  157.247625][ T5177]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.253715][ T5177] 
[  157.256164][ T5177] Uninit was stored to memory at:
[  157.261391][ T5177]  nf_reject_ip6_tcphdr_put+0x2ca/0x6c0
[  157.267147][ T5177]  nf_send_reset6+0xd84/0x15b0
[  157.272118][ T5177]  nft_reject_inet_eval+0x3c1/0x880
[  157.277546][ T5177]  nft_do_chain+0x426/0x2290
[  157.282316][ T5177]  nft_do_chain_inet+0x41a/0x4f0
[  157.287495][ T5177]  nf_hook_slow+0xf4/0x400
[  157.292081][ T5177]  ipv6_rcv+0x29b/0x390
[  157.296426][ T5177]  __netif_receive_skb+0x1da/0xa00
[  157.301682][ T5177]  netif_receive_skb+0x58/0x660
[  157.306703][ T5177]  tun_rx_batched+0x3ee/0x980
[  157.311540][ T5177]  tun_get_user+0x5783/0x6c60
[  157.316440][ T5177]  tun_chr_write_iter+0x3ac/0x5d0
[  157.321618][ T5177]  vfs_write+0xb28/0x1540
[  157.326121][ T5177]  ksys_write+0x20f/0x4c0
[  157.330595][ T5177]  __x64_sys_write+0x93/0xe0
[  157.335362][ T5177]  x64_sys_call+0x306a/0x3ba0
[  157.340236][ T5177]  do_syscall_64+0xcd/0x1e0
[  157.344962][ T5177]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.351066][ T5177] 
[  157.353455][ T5177] Uninit was created at:
[  157.357982][ T5177]  kmem_cache_alloc_node_noprof+0x6bf/0xb80
[  157.364120][ T5177]  kmalloc_reserve+0x13d/0x4a0
[  157.369015][ T5177]  __alloc_skb+0x363/0x7b0
[  157.373557][ T5177]  nf_send_reset6+0x98d/0x15b0
[  157.378593][ T5177]  nft_reject_inet_eval+0x3c1/0x880
[  157.384045][ T5177]  nft_do_chain+0x426/0x2290
[  157.388758][ T5177]  nft_do_chain_inet+0x41a/0x4f0
[  157.393802][ T5177]  nf_hook_slow+0xf4/0x400
[  157.398441][ T5177]  ipv6_rcv+0x29b/0x390
[  157.402700][ T5177]  __netif_receive_skb+0x1da/0xa00
[  157.408038][ T5177]  netif_receive_skb+0x58/0x660
[  157.413034][ T5177]  tun_rx_batched+0x3ee/0x980
[  157.417893][ T5177]  tun_get_user+0x5783/0x6c60
[  157.422728][ T5177]  tun_chr_write_iter+0x3ac/0x5d0
[  157.427938][ T5177]  vfs_write+0xb28/0x1540
[  157.432417][ T5177]  ksys_write+0x20f/0x4c0
[  157.436921][ T5177]  __x64_sys_write+0x93/0xe0
[  157.441684][ T5177]  x64_sys_call+0x306a/0x3ba0
[  157.446616][ T5177]  do_syscall_64+0xcd/0x1e0
[  157.451259][ T5177]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.457350][ T5177] 
[  157.459762][ T5177] CPU: 0 UID: 0 PID: 5177 Comm: syz-executor966 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[  157.470711][ T5177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  157.480929][ T5177] =====================================================
[  157.488005][ T5177] Disabling lock debugging due to kernel taint
[  157.494289][ T5177] Kernel panic - not syncing: kmsan.panic set ...
[  157.500770][ T5177] CPU: 0 UID: 0 PID: 5177 Comm: syz-executor966 Tainted: G    B              6.11.0-syzkaller-04557-g2f27fce67173 #0
[  157.513144][ T5177] Tainted: [B]=BAD_PAGE
[  157.517342][ T5177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  157.527477][ T5177] Call Trace:
[  157.530809][ T5177]  <TASK>
[  157.533814][ T5177]  dump_stack_lvl+0x216/0x2d0
[  157.538644][ T5177]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  157.544574][ T5177]  dump_stack+0x1e/0x30
[  157.548812][ T5177]  panic+0x4e2/0xce0
[  157.552820][ T5177]  ? kmsan_get_metadata+0x71/0x1c0
[  157.558038][ T5177]  kmsan_report+0x2c7/0x2d0
[  157.562634][ T5177]  ? kmsan_metadata_is_contiguous+0x1b0/0x1e0
[  157.568824][ T5177]  ? __msan_warning+0x95/0x120
[  157.573699][ T5177]  ? nf_reject_ip6_tcphdr_put+0x688/0x6c0
[  157.579569][ T5177]  ? nf_send_reset6+0xd84/0x15b0
[  157.584628][ T5177]  ? nft_reject_inet_eval+0x3c1/0x880
[  157.590090][ T5177]  ? nft_do_chain+0x426/0x2290
[  157.594970][ T5177]  ? nft_do_chain_inet+0x41a/0x4f0
[  157.600198][ T5177]  ? nf_hook_slow+0xf4/0x400
[  157.604895][ T5177]  ? ipv6_rcv+0x29b/0x390
[  157.609363][ T5177]  ? __netif_receive_skb+0x1da/0xa00
[  157.614738][ T5177]  ? netif_receive_skb+0x58/0x660
[  157.619849][ T5177]  ? tun_rx_batched+0x3ee/0x980
[  157.624801][ T5177]  ? tun_get_user+0x5783/0x6c60
[  157.629746][ T5177]  ? tun_chr_write_iter+0x3ac/0x5d0
[  157.635042][ T5177]  ? vfs_write+0xb28/0x1540
[  157.639632][ T5177]  ? ksys_write+0x20f/0x4c0
[  157.644246][ T5177]  ? __x64_sys_write+0x93/0xe0
[  157.649166][ T5177]  ? x64_sys_call+0x306a/0x3ba0
[  157.654127][ T5177]  ? do_syscall_64+0xcd/0x1e0
[  157.658914][ T5177]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.665106][ T5177]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.671287][ T5177]  ? kmsan_get_metadata+0x13e/0x1c0
[  157.676576][ T5177]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  157.682479][ T5177]  ? kmsan_slab_alloc+0xdf/0x160
[  157.687532][ T5177]  ? kmem_cache_alloc_node_noprof+0x6bf/0xb80
[  157.693726][ T5177]  ? kmsan_get_metadata+0x13e/0x1c0
[  157.699023][ T5177]  ? kmsan_get_metadata+0x13e/0x1c0
[  157.704335][ T5177]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  157.710242][ T5177]  ? csum_partial+0x45e/0x4b0
[  157.715055][ T5177]  __msan_warning+0x95/0x120
[  157.719760][ T5177]  nf_reject_ip6_tcphdr_put+0x688/0x6c0
[  157.725450][ T5177]  nf_send_reset6+0xd84/0x15b0
[  157.730360][ T5177]  nft_reject_inet_eval+0x3c1/0x880
[  157.735651][ T5177]  ? kmsan_get_metadata+0x13e/0x1c0
[  157.740973][ T5177]  ? __pfx_nft_reject_inet_eval+0x10/0x10
[  157.746790][ T5177]  nft_do_chain+0x426/0x2290
[  157.751500][ T5177]  ? kmsan_get_metadata+0x13e/0x1c0
[  157.756822][ T5177]  ? kmsan_get_metadata+0x13e/0x1c0
[  157.762239][ T5177]  ? ipv6_find_hdr+0xe8d/0x12f0
[  157.767258][ T5177]  ? kmsan_get_metadata+0x13e/0x1c0
[  157.772618][ T5177]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  157.778558][ T5177]  nft_do_chain_inet+0x41a/0x4f0
[  157.783692][ T5177]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  157.789267][ T5177]  nf_hook_slow+0xf4/0x400
[  157.793823][ T5177]  ipv6_rcv+0x29b/0x390
[  157.798136][ T5177]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  157.803453][ T5177]  __netif_receive_skb+0x1da/0xa00
[  157.808740][ T5177]  ? kmsan_get_metadata+0x13e/0x1c0
[  157.814072][ T5177]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  157.819998][ T5177]  netif_receive_skb+0x58/0x660
[  157.824944][ T5177]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  157.830863][ T5177]  ? tun_rx_batched+0x37c/0x980
[  157.835830][ T5177]  tun_rx_batched+0x3ee/0x980
[  157.840612][ T5177]  ? kmsan_get_metadata+0x13e/0x1c0
[  157.845925][ T5177]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  157.851901][ T5177]  tun_get_user+0x5783/0x6c60
[  157.856708][ T5177]  ? _raw_spin_unlock_irqrestore+0x3f/0x60
[  157.862708][ T5177]  ? kmsan_get_metadata+0x13e/0x1c0
[  157.868030][ T5177]  ? kmsan_get_metadata+0x13e/0x1c0
[  157.873375][ T5177]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  157.879903][ T5177]  tun_chr_write_iter+0x3ac/0x5d0
[  157.885106][ T5177]  vfs_write+0xb28/0x1540
[  157.889536][ T5177]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  157.895195][ T5177]  ksys_write+0x20f/0x4c0
[  157.899627][ T5177]  __x64_sys_write+0x93/0xe0
[  157.904314][ T5177]  x64_sys_call+0x306a/0x3ba0
[  157.909103][ T5177]  do_syscall_64+0xcd/0x1e0
[  157.913717][ T5177]  ? clear_bhb_loop+0x25/0x80
[  157.918572][ T5177]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.924609][ T5177] RIP: 0033:0x7ff4bb9071d0
[  157.929141][ T5177] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d d1 ee 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[  157.948860][ T5177] RSP: 002b:00007fff9bd77318 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[  157.957377][ T5177] RAX: ffffffffffffffda RBX: 00007fff9bd773b0 RCX: 00007ff4bb9071d0
[  157.965455][ T5177] RDX: 000000000000004a RSI: 0000000020000040 RDI: 00000000000000c8
[  157.973505][ T5177] RBP: 00007fff9bd77360 R08: 0000000000000000 R09: 00007fff9bd77340
[  157.981558][ T5177] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  157.989600][ T5177] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  157.997656][ T5177]  </TASK>
[  158.001000][ T5177] Kernel Offset: disabled
[  158.005380][ T5177] Rebooting in 86400 seconds..