./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor300331978 <...> Warning: Permanently added '10.128.1.93' (ED25519) to the list of known hosts. execve("./syz-executor300331978", ["./syz-executor300331978"], 0x7ffd58661e50 /* 10 vars */) = 0 brk(NULL) = 0x55555714d000 brk(0x55555714dd00) = 0x55555714dd00 arch_prctl(ARCH_SET_FS, 0x55555714d380) = 0 set_tid_address(0x55555714d650) = 5000 set_robust_list(0x55555714d660, 24) = 0 rseq(0x55555714dca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor300331978", 4096) = 27 getrandom("\xc1\xf5\x84\x57\x90\x68\xa0\xf1", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555714dd00 brk(0x55555716ed00) = 0x55555716ed00 brk(0x55555716f000) = 0x55555716f000 mprotect(0x7f1c1ac61000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555714d650) = 5001 ./strace-static-x86_64: Process 5001 attached [pid 5001] set_robust_list(0x55555714d660, 24) = 0 [pid 5001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5001] setpgid(0, 0) = 0 [pid 5001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "1000", 4) = 4 [pid 5001] close(3) = 0 [pid 5001] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 5001] socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0 [pid 5001] ioctl(5, SIOCGIFINDEX, {ifr_name="lo", ifr_ifindex=1}) = 0 [ 141.133874][ T5001] ===================================================== [ 141.141086][ T5001] BUG: KMSAN: uninit-value in fq_change+0x1348/0x2fe0 [ 141.147963][ T5001] fq_change+0x1348/0x2fe0 [ 141.152571][ T5001] fq_init+0x68e/0x780 [ 141.156778][ T5001] qdisc_create+0x12f3/0x1be0 [ 141.161652][ T5001] tc_modify_qdisc+0x11ef/0x2c20 [ 141.166755][ T5001] rtnetlink_rcv_msg+0x16a6/0x1840 [ 141.172189][ T5001] netlink_rcv_skb+0x371/0x650 [ 141.177072][ T5001] rtnetlink_rcv+0x34/0x40 [ 141.181689][ T5001] netlink_unicast+0xf47/0x1250 [ 141.186710][ T5001] netlink_sendmsg+0x1238/0x13d0 [ 141.191879][ T5001] ____sys_sendmsg+0x9c2/0xd60 [ 141.196781][ T5001] ___sys_sendmsg+0x28d/0x3c0 [ 141.201756][ T5001] __x64_sys_sendmsg+0x307/0x490 [ 141.206830][ T5001] do_syscall_64+0x44/0x110 [ 141.211536][ T5001] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 141.217620][ T5001] [ 141.220162][ T5001] Uninit was created at: [ 141.224604][ T5001] slab_post_alloc_hook+0x129/0xa70 [ 141.230098][ T5001] kmem_cache_alloc_node+0x5e9/0xb10 [ 141.235528][ T5001] kmalloc_reserve+0x13d/0x4a0 [ 141.240573][ T5001] __alloc_skb+0x318/0x740 [ 141.245129][ T5001] netlink_sendmsg+0xb34/0x13d0 [ 141.250211][ T5001] ____sys_sendmsg+0x9c2/0xd60 [ 141.255104][ T5001] ___sys_sendmsg+0x28d/0x3c0 [ 141.259968][ T5001] __x64_sys_sendmsg+0x307/0x490 [ 141.265042][ T5001] do_syscall_64+0x44/0x110 [ 141.269826][ T5001] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 141.275895][ T5001] [ 141.278254][ T5001] CPU: 1 PID: 5001 Comm: syz-executor300 Not tainted 6.6.0-syzkaller-12401-g8f6f76a6a29f #0 [ 141.288561][ T5001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 141.298790][ T5001] ===================================================== [ 141.305924][ T5001] Disabling lock debugging due to kernel taint [ 141.312196][ T5001] Kernel panic - not syncing: kmsan.panic set ... [ 141.318660][ T5001] CPU: 1 PID: 5001 Comm: syz-executor300 Tainted: G B 6.6.0-syzkaller-12401-g8f6f76a6a29f #0 [ 141.330310][ T5001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 141.340461][ T5001] Call Trace: [ 141.343803][ T5001] [ 141.346824][ T5001] dump_stack_lvl+0x1bf/0x240 [ 141.351690][ T5001] dump_stack+0x1e/0x20 [ 141.356018][ T5001] panic+0x4de/0xc90 [ 141.360066][ T5001] ? add_taint+0x108/0x1a0 [ 141.364642][ T5001] kmsan_report+0x2d0/0x2d0 [ 141.369336][ T5001] ? __msan_warning+0x96/0x110 [ 141.374270][ T5001] ? fq_change+0x1348/0x2fe0 [ 141.379018][ T5001] ? fq_init+0x68e/0x780 [ 141.383404][ T5001] ? qdisc_create+0x12f3/0x1be0 [ 141.388397][ T5001] ? tc_modify_qdisc+0x11ef/0x2c20 [ 141.393617][ T5001] ? rtnetlink_rcv_msg+0x16a6/0x1840 [ 141.399041][ T5001] ? netlink_rcv_skb+0x371/0x650 [ 141.404077][ T5001] ? rtnetlink_rcv+0x34/0x40 [ 141.408806][ T5001] ? netlink_unicast+0xf47/0x1250 [ 141.414001][ T5001] ? netlink_sendmsg+0x1238/0x13d0 [ 141.419208][ T5001] ? ____sys_sendmsg+0x9c2/0xd60 [ 141.424293][ T5001] ? ___sys_sendmsg+0x28d/0x3c0 [ 141.429270][ T5001] ? __x64_sys_sendmsg+0x307/0x490 [ 141.434481][ T5001] ? do_syscall_64+0x44/0x110 [ 141.439332][ T5001] ? entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 141.445590][ T5001] ? __nla_validate_parse+0x3b80/0x4590 [ 141.451319][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 141.457259][ T5001] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 141.463639][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 141.469612][ T5001] __msan_warning+0x96/0x110 [ 141.474378][ T5001] fq_change+0x1348/0x2fe0 [ 141.478992][ T5001] fq_init+0x68e/0x780 [ 141.483226][ T5001] ? qdisc_peek_dequeued+0x3d0/0x3d0 [ 141.488664][ T5001] qdisc_create+0x12f3/0x1be0 [ 141.493468][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 141.499451][ T5001] tc_modify_qdisc+0x11ef/0x2c20 [ 141.504545][ T5001] ? qdisc_offload_query_caps+0x120/0x120 [ 141.510424][ T5001] rtnetlink_rcv_msg+0x16a6/0x1840 [ 141.515663][ T5001] ? slab_post_alloc_hook+0x129/0xa70 [ 141.521194][ T5001] ? __x64_sys_sendmsg+0x307/0x490 [ 141.526450][ T5001] ? do_syscall_64+0x44/0x110 [ 141.531302][ T5001] ? entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 141.537567][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 141.543563][ T5001] ? netlink_rcv_skb+0x44/0x650 [ 141.548520][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 141.554500][ T5001] ? netlink_rcv_skb+0x44/0x650 [ 141.559452][ T5001] ? filter_irq_stacks+0x60/0x1a0 [ 141.564664][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 141.570618][ T5001] netlink_rcv_skb+0x371/0x650 [ 141.575545][ T5001] ? rtnetlink_bind+0xf0/0xf0 [ 141.580359][ T5001] ? rtnetlink_net_exit+0x60/0x60 [ 141.585478][ T5001] rtnetlink_rcv+0x34/0x40 [ 141.590041][ T5001] netlink_unicast+0xf47/0x1250 [ 141.595106][ T5001] netlink_sendmsg+0x1238/0x13d0 [ 141.600192][ T5001] ? netlink_getsockopt+0x980/0x980 [ 141.605496][ T5001] ____sys_sendmsg+0x9c2/0xd60 [ 141.610417][ T5001] ___sys_sendmsg+0x28d/0x3c0 [ 141.615186][ T5001] ? filter_irq_stacks+0x60/0x1a0 [ 141.620430][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 141.626438][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 141.632448][ T5001] __x64_sys_sendmsg+0x307/0x490 [ 141.637539][ T5001] do_syscall_64+0x44/0x110 [ 141.642224][ T5001] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 141.648306][ T5001] RIP: 0033:0x7f1c1abeeb79 [ 141.652842][ T5001] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 141.672620][ T5001] RSP: 002b:00007ffd2457acd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 141.681159][ T5001] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1c1abeeb79 [ 141.689258][ T5001] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 141.697332][ T5001] RBP: 00007f1c1ac615f0 R08: 0000000000000006 R09: 0000000000000006 [ 141.705374][ T5001] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001 [ 141.713428][ T5001] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 141.721551][ T5001] [ 141.724876][ T5001] Kernel Offset: disabled [ 141.729249][ T5001] Rebooting in 86400 seconds..