./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor894872066 <...> forked to background, child pid 3062 no interfaces have a carrier [ 91.671396][ T3063] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.720780][ T3063] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 100.263782][ T121] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.1.10' (ECDSA) to the list of known hosts. execve("./syz-executor894872066", ["./syz-executor894872066"], 0x7ffe0f94b210 /* 10 vars */) = 0 brk(NULL) = 0x555555f58000 brk(0x555555f58c40) = 0x555555f58c40 arch_prctl(ARCH_SET_FS, 0x555555f58300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor894872066", 4096) = 27 brk(0x555555f79c40) = 0x555555f79c40 brk(0x555555f7a000) = 0x555555f7a000 mprotect(0x7fd982235000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f585d0) = 3503 ./strace-static-x86_64: Process 3503 attached [pid 3503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3503] setpgid(0, 0) = 0 [pid 3503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3503] write(3, "1000", 4) = 4 [pid 3503] close(3) = 0 [pid 3503] openat(AT_FDCWD, "/dev/net/tun", O_WRONLY|O_CREAT|O_TRUNC|O_NOATIME, 000) = 3 [pid 3503] ioctl(3, TUNSETIFF, 0x20000200) = 0 [pid 3503] ioctl(3, TUNSETLINK, 0x118) = 0 [pid 3503] socket(AF_INET, SOCK_PACKET, IPPROTO_IGMP) = 4 [pid 3503] ioctl(4, SIOCSIFFLAGS, {ifr_name="syzkaller1", ifr_flags=IFF_UP|IFF_DYNAMIC}) = 0 [ 134.819691][ T3503] syz-executor894 uses obsolete (PF_INET,SOCK_PACKET) [ 134.834303][ T3503] ===================================================== [ 134.841529][ T3503] BUG: KMSAN: uninit-value in can_receive+0x219/0x5d0 [ 134.848547][ T3503] can_receive+0x219/0x5d0 [ 134.853154][ T3503] canfd_rcv+0x16d/0x2d0 [ 134.857522][ T3503] __netif_receive_skb+0x1b3/0x5d0 [ 134.862879][ T3503] netif_receive_skb_internal+0x53/0x340 [ 134.868699][ T3503] netif_receive_skb+0x35/0x350 [ 134.873779][ T3503] tun_rx_batched+0x837/0x930 [ 134.878618][ T3503] tun_get_user+0x3bc6/0x4300 [ 134.883499][ T3503] tun_chr_write_iter+0x3ab/0x5d0 [ 134.888680][ T3503] vfs_write+0x830/0x1570 [ 134.893299][ T3503] ksys_write+0x21b/0x4e0 [ 134.897802][ T3503] __x64_sys_write+0x8f/0xd0 [ 134.902688][ T3503] do_syscall_64+0x3d/0xb0 [ 134.907252][ T3503] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 134.913419][ T3503] [ 134.915814][ T3503] Uninit was created at: [ 134.920267][ T3503] __kmem_cache_alloc_node+0x6ee/0xc90 [ 134.926030][ T3503] __kmalloc_node_track_caller+0x114/0x3c0 [ 134.932045][ T3503] __alloc_skb+0x34a/0xca0 [ 134.936637][ T3503] alloc_skb_with_frags+0xb9/0xba0 [ 134.942005][ T3503] sock_alloc_send_pskb+0xaa8/0xc30 [ 134.947375][ T3503] tun_get_user+0x174b/0x4300 [ 134.952322][ T3503] tun_chr_write_iter+0x3ab/0x5d0 [ 134.957519][ T3503] vfs_write+0x830/0x1570 [ 134.962123][ T3503] ksys_write+0x21b/0x4e0 [ 134.966618][ T3503] __x64_sys_write+0x8f/0xd0 [ 134.971373][ T3503] do_syscall_64+0x3d/0xb0 [ 134.976045][ T3503] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 134.982163][ T3503] [ 134.984556][ T3503] CPU: 0 PID: 3503 Comm: syz-executor894 Not tainted 6.1.0-rc7-syzkaller-63931-g49a9a20768f5 #0 [ 134.995220][ T3503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 135.005451][ T3503] ===================================================== [ 135.012569][ T3503] Disabling lock debugging due to kernel taint [ 135.018806][ T3503] Kernel panic - not syncing: kmsan.panic set ... [ 135.025314][ T3503] CPU: 0 PID: 3503 Comm: syz-executor894 Tainted: G B 6.1.0-rc7-syzkaller-63931-g49a9a20768f5 #0 [ 135.037358][ T3503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 135.047527][ T3503] Call Trace: [ 135.050893][ T3503] [ 135.053906][ T3503] dump_stack_lvl+0x1c8/0x256 [ 135.058752][ T3503] dump_stack+0x1a/0x1f [ 135.063059][ T3503] panic+0x4d3/0xc64 [ 135.067149][ T3503] ? add_taint+0x104/0x1a0 [ 135.071735][ T3503] kmsan_report+0x2ca/0x2d0 [ 135.076409][ T3503] ? __netif_receive_skb_core+0xbf/0x6360 [ 135.082328][ T3503] ? __msan_warning+0x92/0x110 [ 135.087250][ T3503] ? can_receive+0x219/0x5d0 [ 135.091979][ T3503] ? canfd_rcv+0x16d/0x2d0 [ 135.096540][ T3503] ? __netif_receive_skb+0x1b3/0x5d0 [ 135.102017][ T3503] ? netif_receive_skb_internal+0x53/0x340 [ 135.108002][ T3503] ? netif_receive_skb+0x35/0x350 [ 135.113193][ T3503] ? tun_rx_batched+0x837/0x930 [ 135.118296][ T3503] ? tun_get_user+0x3bc6/0x4300 [ 135.123349][ T3503] ? tun_chr_write_iter+0x3ab/0x5d0 [ 135.128700][ T3503] ? vfs_write+0x830/0x1570 [ 135.133376][ T3503] ? ksys_write+0x21b/0x4e0 [ 135.138053][ T3503] ? __x64_sys_write+0x8f/0xd0 [ 135.143001][ T3503] ? do_syscall_64+0x3d/0xb0 [ 135.147751][ T3503] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 135.153983][ T3503] ? __stack_depot_save+0x21/0x4b0 [ 135.159277][ T3503] ? kmsan_internal_set_shadow_origin+0x62/0xe0 [ 135.165706][ T3503] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 135.171699][ T3503] ? __netif_receive_skb_core+0x5619/0x6360 [ 135.177803][ T3503] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 135.183795][ T3503] __msan_warning+0x92/0x110 [ 135.188548][ T3503] can_receive+0x219/0x5d0 [ 135.193116][ T3503] canfd_rcv+0x16d/0x2d0 [ 135.197499][ T3503] __netif_receive_skb+0x1b3/0x5d0 [ 135.202811][ T3503] ? can_rcv_filter+0xfe0/0xfe0 [ 135.207815][ T3503] netif_receive_skb_internal+0x53/0x340 [ 135.213623][ T3503] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 135.219619][ T3503] netif_receive_skb+0x35/0x350 [ 135.224643][ T3503] tun_rx_batched+0x837/0x930 [ 135.229483][ T3503] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 135.235468][ T3503] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 135.241465][ T3503] tun_get_user+0x3bc6/0x4300 [ 135.246393][ T3503] ? kmsan_internal_poison_memory+0x2f/0x90 [ 135.252520][ T3503] tun_chr_write_iter+0x3ab/0x5d0 [ 135.257733][ T3503] ? tun_chr_read_iter+0x670/0x670 [ 135.263004][ T3503] vfs_write+0x830/0x1570 [ 135.267549][ T3503] ksys_write+0x21b/0x4e0 [ 135.272070][ T3503] __x64_sys_write+0x8f/0xd0 [ 135.276852][ T3503] do_syscall_64+0x3d/0xb0 [ 135.281420][ T3503] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 135.287467][ T3503] RIP: 0033:0x7fd9821c7f19 [ 135.292085][ T3503] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 135.311860][ T3503] RSP: 002b:00007ffe50cc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 135.320425][ T3503] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd9821c7f19 [ 135.328528][ T3503] RDX: 0000000000000056 RSI: 0000000020000040 RDI: 0000000000000003 [ 135.336611][ T3503] RBP: 0000000000000000 R08: 00007ffe50cc4e18 R09: 00007ffe50cc4e18 [ 135.344803][ T3503] R10: 00007ffe50cc4e18 R11: 0000000000000246 R12: 00007fd98218b7a0 [ 135.352900][ T3503] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 135.361017][ T3503] [ 135.364297][ T3503] Kernel Offset: disabled [ 135.368675][ T3503] Rebooting in 86400 seconds..