./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1233140852 <...> Warning: Permanently added '10.128.0.116' (ED25519) to the list of known hosts. execve("./syz-executor1233140852", ["./syz-executor1233140852"], 0x7ffe808ec8b0 /* 10 vars */) = 0 brk(NULL) = 0x55556ffeb000 brk(0x55556ffebd00) = 0x55556ffebd00 arch_prctl(ARCH_SET_FS, 0x55556ffeb380) = 0 set_tid_address(0x55556ffeb650) = 5807 set_robust_list(0x55556ffeb660, 24) = 0 rseq(0x55556ffebca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1233140852", 4096) = 28 getrandom("\x17\x69\x6b\x99\xb4\xb6\x2e\x38", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556ffebd00 brk(0x55557000cd00) = 0x55557000cd00 brk(0x55557000d000) = 0x55557000d000 mprotect(0x7fea2a56b000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5808 attached , child_tidptr=0x55556ffeb650) = 5808 [pid 5808] set_robust_list(0x55556ffeb660, 24) = 0 [pid 5808] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5808] setpgid(0, 0) = 0 [pid 5808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5808] write(3, "1000", 4) = 4 [pid 5808] close(3) = 0 executing program [pid 5808] write(1, "executing program\n", 18) = 18 [pid 5808] openat(AT_FDCWD, "/dev/net/tun", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|O_CLOEXEC, 000) = 3 [pid 5808] ioctl(3, TUNSETIFF, 0x2000000000c0) = 0 [pid 5808] openat(AT_FDCWD, "/dev/net/tun", O_RDONLY|O_APPEND) = 4 [pid 5808] close(4) = 0 [pid 5808] socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0 [pid 5808] ioctl(4, SIOCSIFFLAGS, {ifr_name="syzkaller0", ifr_flags=IFF_UP|IFF_DYNAMIC}) = 0 [pid 5808] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 6 [pid 5808] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 7 [pid 5808] sendto(7, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x09\x00\x02\x00\x54\x49\x50\x43\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32 [pid 5808] recvfrom(7, [{nlmsg_len=88, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5808}, "\x01\x02\x00\x00\x09\x00\x02\x00\x54\x49\x50\x43\x00\x00\x00\x00\x06\x00\x01\x00\x36\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x08\x00\x00\x00\x08\x00\x05\x00\x00\x00\x00\x00\x18\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x02\x00\x00\x00"], 4096, 0, NULL, NULL) = 88 [pid 5808] recvfrom(7, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5808}, {error=0, msg={nlmsg_len=32, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 [pid 5808] close(7) = 0 [pid 5808] sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x38\x00\x00\x00\x36\x00\x01\x00\x00\x00\x0d\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x41\x00\x00\x00\x1c\x00\x17\x00\x00\x00\x00\x00\x00\x00\x00\x65\x74\x68\x3a\x73\x79\x7a\x6b\x61\x6c\x6c\x65\x72\x30\x00\x00", iov_len=56}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 56 [ 203.348636][ T5808] tipc: Started in network mode [ 203.354437][ T5808] tipc: Node identity 4689370d27fe, cluster identity 4711 [ 203.364198][ T5808] tipc: Enabled bearer , priority 0 [ 203.374729][ T5808] ===================================================== [ 203.382130][ T5808] BUG: KMSAN: uninit-value in tipc_rcv+0x17fa/0x1ea0 [ 203.389076][ T5808] tipc_rcv+0x17fa/0x1ea0 [ 203.394124][ T5808] tipc_l2_rcv_msg+0x213/0x320 [ 203.399105][ T5808] __netif_receive_skb_list_core+0x133b/0x16b0 [ 203.405674][ T5808] netif_receive_skb_list_internal+0xee7/0x1530 [ 203.412514][ T5808] napi_complete_done+0x3fb/0x7d0 [ 203.417904][ T5808] tun_get_user+0x4c0d/0x6ca0 [ 203.422946][ T5808] tun_chr_write_iter+0x3e9/0x5c0 [ 203.428257][ T5808] do_iter_readv_writev+0x947/0xba0 [ 203.433963][ T5808] vfs_writev+0x52a/0x1500 [ 203.438681][ T5808] do_writev+0x1b5/0x580 [ 203.443493][ T5808] __x64_sys_writev+0x99/0xf0 [ 203.448393][ T5808] x64_sys_call+0x24b1/0x3e20 [ 203.453435][ T5808] do_syscall_64+0xd9/0x210 [ 203.458230][ T5808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.464567][ T5808] [ 203.467175][ T5808] Uninit was created at: [ 203.472041][ T5808] kmem_cache_alloc_node_noprof+0x818/0xf00 [ 203.478220][ T5808] kmalloc_reserve+0x13c/0x4b0 [ 203.483409][ T5808] __alloc_skb+0x347/0x7d0 [ 203.488042][ T5808] napi_alloc_skb+0xc1/0x740 [ 203.493099][ T5808] napi_get_frags+0xab/0x250 [ 203.497968][ T5808] tun_get_user+0x134f/0x6ca0 [ 203.503208][ T5808] tun_chr_write_iter+0x3e9/0x5c0 [ 203.508442][ T5808] do_iter_readv_writev+0x947/0xba0 [ 203.514030][ T5808] vfs_writev+0x52a/0x1500 [ 203.518750][ T5808] do_writev+0x1b5/0x580 [ 203.523380][ T5808] __x64_sys_writev+0x99/0xf0 [ 203.528284][ T5808] x64_sys_call+0x24b1/0x3e20 [ 203.533355][ T5808] do_syscall_64+0xd9/0x210 [ 203.538133][ T5808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.544486][ T5808] [ 203.546929][ T5808] CPU: 1 UID: 0 PID: 5808 Comm: syz-executor123 Not tainted 6.16.0-syzkaller-10499-g89748acdf226 #0 PREEMPT(none) [ 203.559598][ T5808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 203.569985][ T5808] ===================================================== [ 203.577201][ T5808] Disabling lock debugging due to kernel taint [ 203.583624][ T5808] Kernel panic - not syncing: kmsan.panic set ... [ 203.590413][ T5808] CPU: 1 UID: 0 PID: 5808 Comm: syz-executor123 Tainted: G B 6.16.0-syzkaller-10499-g89748acdf226 #0 PREEMPT(none) [ 203.604303][ T5808] Tainted: [B]=BAD_PAGE [ 203.608581][ T5808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 203.619136][ T5808] Call Trace: [ 203.622546][ T5808] [ 203.625780][ T5808] __dump_stack+0x26/0x30 [ 203.630340][ T5808] dump_stack_lvl+0x53/0x270 [ 203.635174][ T5808] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 203.641229][ T5808] dump_stack+0x1e/0x25 [ 203.645625][ T5808] vpanic+0x361/0xbc0 [ 203.649921][ T5808] panic+0x15d/0x160 [ 203.654111][ T5808] kmsan_report+0x31c/0x320 [ 203.658925][ T5808] ? __msan_warning+0x1b/0x30 [ 203.663816][ T5808] ? tipc_rcv+0x17fa/0x1ea0 [ 203.668519][ T5808] ? tipc_l2_rcv_msg+0x213/0x320 [ 203.673664][ T5808] ? __netif_receive_skb_list_core+0x133b/0x16b0 [ 203.680268][ T5808] ? netif_receive_skb_list_internal+0xee7/0x1530 [ 203.687044][ T5808] ? napi_complete_done+0x3fb/0x7d0 [ 203.692527][ T5808] ? tun_get_user+0x4c0d/0x6ca0 [ 203.697613][ T5808] ? tun_chr_write_iter+0x3e9/0x5c0 [ 203.703080][ T5808] ? do_iter_readv_writev+0x947/0xba0 [ 203.708700][ T5808] ? vfs_writev+0x52a/0x1500 [ 203.713485][ T5808] ? do_writev+0x1b5/0x580 [ 203.718478][ T5808] ? __x64_sys_writev+0x99/0xf0 [ 203.723739][ T5808] ? x64_sys_call+0x24b1/0x3e20 [ 203.728869][ T5808] ? do_syscall_64+0xd9/0x210 [ 203.733898][ T5808] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.740284][ T5808] ? __pskb_pull_tail+0x1779/0x2660 [ 203.745833][ T5808] ? __pskb_pull_tail+0x1779/0x2660 [ 203.751332][ T5808] ? kmsan_get_metadata+0xfb/0x160 [ 203.756758][ T5808] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 203.762809][ T5808] ? tipc_msg_validate+0x80b/0xb70 [ 203.768132][ T5808] ? kmsan_get_metadata+0xfb/0x160 [ 203.773476][ T5808] __msan_warning+0x1b/0x30 [ 203.778165][ T5808] tipc_rcv+0x17fa/0x1ea0 [ 203.782742][ T5808] tipc_l2_rcv_msg+0x213/0x320 [ 203.787798][ T5808] __netif_receive_skb_list_core+0x133b/0x16b0 [ 203.794274][ T5808] ? __pfx_tipc_l2_rcv_msg+0x10/0x10 [ 203.799800][ T5808] netif_receive_skb_list_internal+0xee7/0x1530 [ 203.806363][ T5808] napi_complete_done+0x3fb/0x7d0 [ 203.811932][ T5808] ? tun_get_user+0x4bcc/0x6ca0 [ 203.817025][ T5808] tun_get_user+0x4c0d/0x6ca0 [ 203.821955][ T5808] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 203.828168][ T5808] ? stack_depot_save_flags+0x60f/0x7b0 [ 203.833954][ T5808] ? kmsan_get_metadata+0xfb/0x160 [ 203.839301][ T5808] ? kmsan_get_metadata+0xfb/0x160 [ 203.844636][ T5808] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 203.851358][ T5808] tun_chr_write_iter+0x3e9/0x5c0 [ 203.856641][ T5808] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 203.862600][ T5808] do_iter_readv_writev+0x947/0xba0 [ 203.868085][ T5808] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 203.873998][ T5808] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 203.879875][ T5808] vfs_writev+0x52a/0x1500 [ 203.884536][ T5808] ? stack_depot_save_flags+0x35/0x7b0 [ 203.890340][ T5808] ? kmsan_get_metadata+0xfb/0x160 [ 203.895690][ T5808] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 203.901740][ T5808] do_writev+0x1b5/0x580 [ 203.906259][ T5808] __x64_sys_writev+0x99/0xf0 [ 203.911287][ T5808] x64_sys_call+0x24b1/0x3e20 [ 203.916255][ T5808] do_syscall_64+0xd9/0x210 [ 203.921045][ T5808] ? irqentry_exit+0x16/0x60 [ 203.926038][ T5808] ? clear_bhb_loop+0x40/0x90 [ 203.931126][ T5808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.937288][ T5808] RIP: 0033:0x7fea2a4f8a99 [ 203.941961][ T5808] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 203.961902][ T5808] RSP: 002b:00007ffcb054dba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 203.970519][ T5808] RAX: ffffffffffffffda RBX: c4d95777bfdf749c RCX: 00007fea2a4f8a99 [ 203.978731][ T5808] RDX: 0000000000000002 RSI: 0000200000000440 RDI: 0000000000000003 [ 203.986899][ T5808] RBP: 00007fea2a56b5f0 R08: 0000000000000006 R09: 0000000000000006 [ 203.995131][ T5808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 204.003367][ T5808] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 204.011638][ T5808] [ 204.015172][ T5808] Kernel Offset: disabled [ 204.019566][ T5808] Rebooting in 86400 seconds..