./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2587475774 <...> Warning: Permanently added '10.128.1.144' (ECDSA) to the list of known hosts. execve("./syz-executor2587475774", ["./syz-executor2587475774"], 0x7fff75daa530 /* 10 vars */) = 0 brk(NULL) = 0x555556c60000 brk(0x555556c60c40) = 0x555556c60c40 arch_prctl(ARCH_SET_FS, 0x555556c60300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2587475774", 4096) = 28 brk(0x555556c81c40) = 0x555556c81c40 brk(0x555556c82000) = 0x555556c82000 mprotect(0x7f8ad2de0000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4997 attached , child_tidptr=0x555556c605d0) = 4997 [pid 4997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4997] setpgid(0, 0) = 0 [pid 4997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4997] write(3, "1000", 4) = 4 [pid 4997] close(3) = 0 [pid 4997] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 3 [pid 4997] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 4997] socket(AF_NETLINK, SOCK_RAW|SOCK_NONBLOCK, NETLINK_ROUTE) = 5 [pid 4997] sendmsg(5, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base=NULL, iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = -1 EFAULT (Bad address) [pid 4997] getsockname(5, {sa_family=AF_NETLINK, nl_pid=4997, nl_groups=00000000}, [21 => 12]) = 0 [pid 4997] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x68\x00\x00\x00\x10\x00\x37\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x85\x13\x00\x00\x8b\x04\x04\x00\x00\x00\x00\x00\x48\x00\x12\x80\x08\x00\x01\x00\x73\x69\x74\x00\x3c\x00\x02\x80\x08\x00\x01\x00\x85\x13\x00\x00\x08\x00\x03\x00\xac\x1e\x00\x01\x08\x00\x14\x00\xef\x00\x00\x00\x06\x00\x10\x00\x1c\x00\x00\x00\x08\x00\x14\x00\x01\x20\x00\x00\x05\x00\x0a\x00\x00\x00\x00\x00\x06\x00\x0f\x00"..., iov_len=104}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 104 syzkaller login: [ 41.844509][ T4997] skbuff: skb_under_panic: text:ffffffff88aeef20 len:48 put:8 head:ffff88801f654c00 data:ffff88801f654bfc tail:0x2c end:0x140 dev:sit1 [ 41.858933][ T4997] ------------[ cut here ]------------ [ 41.864542][ T4997] kernel BUG at net/core/skbuff.c:200! [ 41.870103][ T4997] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 41.876151][ T4997] CPU: 0 PID: 4997 Comm: syz-executor258 Not tainted 6.3.0-syzkaller-12964-g89b7fd5d7f3c #0 [ 41.886196][ T4997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 41.896237][ T4997] RIP: 0010:skb_panic+0x152/0x1d0 [ 41.901279][ T4997] Code: 0f b6 04 01 84 c0 74 04 3c 03 7e 20 8b 4b 70 41 56 45 89 e8 48 c7 c7 40 c9 5d 8b 41 57 56 48 89 ee 52 4c 89 e2 e8 3e 04 61 f9 <0f> 0b 4c 89 4c 24 10 48 89 54 24 08 48 89 34 24 e8 49 ec cf f9 4c [ 41.920907][ T4997] RSP: 0018:ffffc900039beae8 EFLAGS: 00010282 [ 41.927091][ T4997] RAX: 0000000000000084 RBX: ffff88807624adc0 RCX: 0000000000000000 [ 41.935058][ T4997] RDX: 0000000000000000 RSI: ffffffff8168cf6c RDI: 0000000000000005 [ 41.943029][ T4997] RBP: ffffffff8b5dd760 R08: 0000000000000005 R09: 0000000000000000 [ 41.951099][ T4997] R10: 0000000000000200 R11: 0000000000000001 R12: ffffffff88aeef20 [ 41.959059][ T4997] R13: 0000000000000008 R14: ffff888021056000 R15: 0000000000000140 [ 41.967028][ T4997] FS: 0000555556c60300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 41.975946][ T4997] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.982518][ T4997] CR2: 00007fbe19f5ba60 CR3: 0000000076258000 CR4: 0000000000350ef0 [ 41.990596][ T4997] Call Trace: [ 41.994036][ T4997] [ 41.996954][ T4997] ? fou_build_udp+0x30/0x370 [ 42.001633][ T4997] skb_push+0xc8/0xe0 [ 42.005750][ T4997] fou_build_udp+0x30/0x370 [ 42.010251][ T4997] gue_build_header+0xfb/0x150 [ 42.015012][ T4997] ? __gue_build_header+0x890/0x890 [ 42.020207][ T4997] ? __gue_build_header+0x890/0x890 [ 42.025398][ T4997] ip_tunnel_xmit+0x67a/0x3170 [ 42.030174][ T4997] ? mark_lock.part.0+0x74/0x1970 [ 42.035192][ T4997] ? ip_md_tunnel_xmit+0x1f80/0x1f80 [ 42.040468][ T4997] ? print_usage_bug.part.0+0x660/0x660 [ 42.046009][ T4997] sit_tunnel_xmit__.isra.0+0xe7/0x150 [ 42.051466][ T4997] sit_tunnel_xmit+0xf73/0x2860 [ 42.056310][ T4997] ? ipip_rcv+0x20/0x20 [ 42.060462][ T4997] ? skb_crc32c_csum_help+0x80/0x80 [ 42.065644][ T4997] ? validate_xmit_xfrm+0x4b7/0x1330 [ 42.070921][ T4997] ? netif_skb_features+0x398/0xb90 [ 42.076105][ T4997] dev_hard_start_xmit+0x187/0x700 [ 42.081204][ T4997] __dev_queue_xmit+0x2be2/0x3b10 [ 42.086217][ T4997] ? netdev_core_pick_tx+0x390/0x390 [ 42.091513][ T4997] ? find_held_lock+0x2d/0x110 [ 42.096268][ T4997] ? ip_finish_output2+0x778/0x22b0 [ 42.101460][ T4997] ? lock_downgrade+0x690/0x690 [ 42.106306][ T4997] ? __local_bh_enable_ip+0xa4/0x130 [ 42.111584][ T4997] ? lockdep_hardirqs_on+0x7d/0x100 [ 42.116774][ T4997] ? ___neigh_create+0x187f/0x2a40 [ 42.121879][ T4997] ? neigh_connected_output+0x41c/0x550 [ 42.127430][ T4997] neigh_connected_output+0x3c2/0x550 [ 42.132798][ T4997] ip_finish_output2+0x778/0x22b0 [ 42.137819][ T4997] ? nf_hook+0x20d/0x640 [ 42.142054][ T4997] ? ip_fragment.constprop.0+0x240/0x240 [ 42.147683][ T4997] ? nf_hook+0x640/0x640 [ 42.151960][ T4997] __ip_finish_output+0x396/0x650 [ 42.156981][ T4997] ip_finish_output+0x31/0x280 [ 42.161740][ T4997] ip_output+0x1a3/0x320 [ 42.166063][ T4997] ip_send_skb+0xd8/0x260 [ 42.170378][ T4997] udp_send_skb+0x73a/0x14a0 [ 42.174957][ T4997] udp_sendmsg+0x1b86/0x27e0 [ 42.179564][ T4997] ? ip_frag_init+0x320/0x320 [ 42.184263][ T4997] ? __lock_acquire+0x1916/0x5df0 [ 42.189289][ T4997] ? udp_recvmsg+0x12d0/0x12d0 [ 42.194050][ T4997] ? mark_lock.part.0+0xee/0x1970 [ 42.199078][ T4997] ? print_usage_bug.part.0+0x660/0x660 [ 42.204625][ T4997] ? print_usage_bug.part.0+0x660/0x660 [ 42.210163][ T4997] ? __lock_acquire+0x1916/0x5df0 [ 42.215187][ T4997] udpv6_sendmsg+0x180a/0x2d50 [ 42.219947][ T4997] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 42.225921][ T4997] ? udp_v6_push_pending_frames+0x200/0x200 [ 42.231805][ T4997] ? reacquire_held_locks+0x216/0x4e0 [ 42.237164][ T4997] ? release_sock+0x1f/0x1b0 [ 42.241750][ T4997] ? find_held_lock+0x2d/0x110 [ 42.246525][ T4997] ? inet_autobind+0x130/0x190 [ 42.251282][ T4997] ? lock_downgrade+0x690/0x690 [ 42.256128][ T4997] ? inet_autobind+0x130/0x190 [ 42.260886][ T4997] ? __local_bh_enable_ip+0xa4/0x130 [ 42.266158][ T4997] ? lockdep_hardirqs_on+0x7d/0x100 [ 42.271344][ T4997] ? inet_autobind+0x130/0x190 [ 42.276102][ T4997] ? __local_bh_enable_ip+0xa4/0x130 [ 42.281379][ T4997] ? inet_autobind+0x135/0x190 [ 42.286225][ T4997] inet6_sendmsg+0x9d/0xe0 [ 42.290629][ T4997] ? inet6_compat_ioctl+0x320/0x320 [ 42.295816][ T4997] sock_sendmsg+0xde/0x190 [ 42.300219][ T4997] ____sys_sendmsg+0x334/0x900 [ 42.304970][ T4997] ? kernel_sendmsg+0x50/0x50 [ 42.309632][ T4997] ? psi_task_switch+0x2de/0x950 [ 42.314555][ T4997] ? find_held_lock+0x2d/0x110 [ 42.319309][ T4997] ___sys_sendmsg+0x110/0x1b0 [ 42.323977][ T4997] ? do_recvmmsg+0x6e0/0x6e0 [ 42.328641][ T4997] ? __lock_acquire+0x1916/0x5df0 [ 42.333663][ T4997] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 42.339636][ T4997] ? __fget_light+0x20a/0x270 [ 42.344309][ T4997] __sys_sendmmsg+0x18f/0x460 [ 42.348976][ T4997] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 42.353993][ T4997] ? ptrace_stop.part.0+0x60f/0x8e0 [ 42.359179][ T4997] ? find_held_lock+0x2d/0x110 [ 42.363934][ T4997] ? ptrace_notify+0xfe/0x140 [ 42.368692][ T4997] ? lock_downgrade+0x690/0x690 [ 42.373538][ T4997] ? _raw_spin_unlock_irq+0x23/0x50 [ 42.378728][ T4997] ? lockdep_hardirqs_on+0x7d/0x100 [ 42.383916][ T4997] __x64_sys_sendmmsg+0x9d/0x100 [ 42.388932][ T4997] do_syscall_64+0x39/0xb0 [ 42.393354][ T4997] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.399241][ T4997] RIP: 0033:0x7f8ad2d73139 [ 42.403645][ T4997] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 42.423332][ T4997] RSP: 002b:00007ffc3813a128 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 42.431775][ T4997] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8ad2d73139 [ 42.439735][ T4997] RDX: 0000000000000001 RSI: 00000000200017c0 RDI: 0000000000000003 [ 42.447809][ T4997] RBP: 0000000000000000 R08: 00007ffc3813a2c8 R09: 00007ffc3813a2c8 [ 42.455770][ T4997] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8ad2d369c0 [ 42.463726][ T4997] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 42.471774][ T4997] [ 42.474775][ T4997] Modules linked in: [ 42.478771][ T4997] ---[ end trace 0000000000000000 ]--- [ 42.484252][ T4997] RIP: 0010:skb_panic+0x152/0x1d0 [ 42.489293][ T4997] Code: 0f b6 04 01 84 c0 74 04 3c 03 7e 20 8b 4b 70 41 56 45 89 e8 48 c7 c7 40 c9 5d 8b 41 57 56 48 89 ee 52 4c 89 e2 e8 3e 04 61 f9 <0f> 0b 4c 89 4c 24 10 48 89 54 24 08 48 89 34 24 e8 49 ec cf f9 4c [ 42.509114][ T4997] RSP: 0018:ffffc900039beae8 EFLAGS: 00010282 [ 42.515209][ T4997] RAX: 0000000000000084 RBX: ffff88807624adc0 RCX: 0000000000000000 [ 42.523225][ T4997] RDX: 0000000000000000 RSI: ffffffff8168cf6c RDI: 0000000000000005 [ 42.531293][ T4997] RBP: ffffffff8b5dd760 R08: 0000000000000005 R09: 0000000000000000 [ 42.539249][ T4997] R10: 0000000000000200 R11: 0000000000000001 R12: ffffffff88aeef20 [ 42.547240][ T4997] R13: 0000000000000008 R14: ffff888021056000 R15: 0000000000000140 [ 42.555242][ T4997] FS: 0000555556c60300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 42.564182][ T4997] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.570767][ T4997] CR2: 00007fbe19f5ba60 CR3: 0000000076258000 CR4: 0000000000350ef0 [ 42.578738][ T4997] Kernel panic - not syncing: Fatal exception in interrupt [ 42.586855][ T4997] Kernel Offset: disabled [ 42.591165][ T4997] Rebooting in 86400 seconds..