./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3295812492 <...> Warning: Permanently added '10.128.0.178' (ED25519) to the list of known hosts. execve("./syz-executor3295812492", ["./syz-executor3295812492"], 0x7ffc36677260 /* 10 vars */) = 0 brk(NULL) = 0x5555572c2000 brk(0x5555572c2d00) = 0x5555572c2d00 arch_prctl(ARCH_SET_FS, 0x5555572c2380) = 0 set_tid_address(0x5555572c2650) = 4997 set_robust_list(0x5555572c2660, 24) = 0 rseq(0x5555572c2ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3295812492", 4096) = 28 getrandom("\xfd\xab\xba\x5d\x84\x0b\x70\x2c", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555572c2d00 brk(0x5555572e3d00) = 0x5555572e3d00 brk(0x5555572e4000) = 0x5555572e4000 mprotect(0x7fb350cd2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572c2650) = 4998 ./strace-static-x86_64: Process 4998 attached [pid 4998] set_robust_list(0x5555572c2660, 24) = 0 [pid 4998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4998] setpgid(0, 0) = 0 [pid 4998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4998] write(3, "1000", 4) = 4 [pid 4998] close(3) = 0 [pid 4998] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 4998] socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0 [pid 4998] ioctl(5, SIOCGIFINDEX, {ifr_name="lo", ifr_ifindex=1}) = 0 [pid 4998] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x78\x00\x00\x00\x24\x00\x0b\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x60\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x0a\x00\x01\x00\x6e\x65\x74\x65\x6d\x00\x04\x00\x48\x00\x02\x00\x00\x00\x00\x00\x86\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=120}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 120 [pid 4998] socket(AF_INET6, SOCK_SEQPACKET, IPPROTO_SCTP) = 6 [pid 4998] setsockopt(6, SOL_SCTP, SCTP_PEER_ADDR_PARAMS, "\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\x02\x00\x20\x00\x00\x00\x00\x78\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 156) = 0 [pid 4998] setsockopt(6, SOL_SCTP, SCTP_PEER_ADDR_PARAMS, "\x00\x00\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 156) = 0 [pid 4998] bind(6, {sa_family=AF_INET6, sin6_port=htons(20003), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}, 28) = 0 [ 160.041166][ T4998] netlink: 44 bytes leftover after parsing attributes in process `syz-executor329'. [ 160.089775][ T4998] ===================================================== [ 160.097873][ T4998] BUG: KMSAN: uninit-value in sctp_inq_pop+0x1597/0x1910 [ 160.105951][ T4998] sctp_inq_pop+0x1597/0x1910 [ 160.110874][ T4998] sctp_assoc_bh_rcv+0x1a7/0xc50 [ 160.116232][ T4998] sctp_inq_push+0x23e/0x2b0 [ 160.121054][ T4998] sctp_backlog_rcv+0x397/0xdb0 [ 160.126311][ T4998] __release_sock+0x207/0x570 [ 160.131183][ T4998] release_sock+0x6b/0x1e0 [ 160.135924][ T4998] sctp_wait_for_connect+0x486/0x810 [ 160.141540][ T4998] sctp_sendmsg_to_asoc+0x1ea7/0x1ee0 [ 160.147146][ T4998] sctp_sendmsg+0x32b4/0x4a70 [ 160.152347][ T4998] inet_sendmsg+0x105/0x190 [ 160.157046][ T4998] __sys_sendto+0x781/0xa30 [ 160.161917][ T4998] __x64_sys_sendto+0x125/0x1c0 [ 160.166982][ T4998] do_syscall_64+0x41/0xc0 [ 160.171832][ T4998] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 160.177976][ T4998] [ 160.180401][ T4998] Uninit was stored to memory at: [ 160.185995][ T4998] sctp_inq_pop+0x151a/0x1910 [ 160.190919][ T4998] sctp_assoc_bh_rcv+0x1a7/0xc50 [ 160.196196][ T4998] sctp_inq_push+0x23e/0x2b0 [ 160.201027][ T4998] sctp_backlog_rcv+0x397/0xdb0 [ 160.206290][ T4998] __release_sock+0x207/0x570 [ 160.211162][ T4998] release_sock+0x6b/0x1e0 [ 160.215950][ T4998] sctp_wait_for_connect+0x486/0x810 [ 160.221537][ T4998] sctp_sendmsg_to_asoc+0x1ea7/0x1ee0 [ 160.227145][ T4998] sctp_sendmsg+0x32b4/0x4a70 [ 160.232208][ T4998] inet_sendmsg+0x105/0x190 [ 160.236892][ T4998] __sys_sendto+0x781/0xa30 [ 160.242019][ T4998] __x64_sys_sendto+0x125/0x1c0 [ 160.247106][ T4998] do_syscall_64+0x41/0xc0 [ 160.251898][ T4998] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 160.258053][ T4998] [ 160.260479][ T4998] Uninit was created at: [ 160.265067][ T4998] slab_post_alloc_hook+0x12f/0xb70 [ 160.270492][ T4998] __kmem_cache_alloc_node+0x536/0x8d0 [ 160.276578][ T4998] __kmalloc_node_track_caller+0x118/0x3c0 [ 160.282729][ T4998] kmalloc_reserve+0x249/0x4a0 [ 160.287705][ T4998] __alloc_skb+0x318/0x740 [ 160.292482][ T4998] sctp_packet_transmit+0x1729/0x4150 [ 160.298118][ T4998] sctp_outq_flush+0x1cde/0x5e70 [ 160.303514][ T4998] sctp_outq_uncork+0x9c/0xb0 [ 160.308434][ T4998] sctp_do_sm+0x8c1a/0x9380 [ 160.313327][ T4998] sctp_assoc_bh_rcv+0x8fe/0xc50 [ 160.318484][ T4998] sctp_inq_push+0x23e/0x2b0 [ 160.323475][ T4998] sctp_backlog_rcv+0x397/0xdb0 [ 160.328561][ T4998] __release_sock+0x207/0x570 [ 160.333622][ T4998] release_sock+0x6b/0x1e0 [ 160.338208][ T4998] sctp_wait_for_connect+0x486/0x810 [ 160.343799][ T4998] sctp_sendmsg_to_asoc+0x1ea7/0x1ee0 [ 160.349399][ T4998] sctp_sendmsg+0x32b4/0x4a70 [ 160.354404][ T4998] inet_sendmsg+0x105/0x190 [ 160.359094][ T4998] __sys_sendto+0x781/0xa30 [ 160.363942][ T4998] __x64_sys_sendto+0x125/0x1c0 [ 160.369006][ T4998] do_syscall_64+0x41/0xc0 [ 160.373782][ T4998] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 160.379926][ T4998] [ 160.382466][ T4998] CPU: 0 PID: 4998 Comm: syz-executor329 Not tainted 6.6.0-rc6-syzkaller-00334-g1acfd2bd3f0d #0 [ 160.393258][ T4998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 160.403597][ T4998] ===================================================== [ 160.410662][ T4998] Disabling lock debugging due to kernel taint [ 160.417101][ T4998] Kernel panic - not syncing: kmsan.panic set ... [ 160.423650][ T4998] CPU: 0 PID: 4998 Comm: syz-executor329 Tainted: G B 6.6.0-rc6-syzkaller-00334-g1acfd2bd3f0d #0 [ 160.435754][ T4998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 160.445975][ T4998] Call Trace: [ 160.449472][ T4998] [ 160.452527][ T4998] dump_stack_lvl+0x1bf/0x240 [ 160.457462][ T4998] dump_stack+0x1e/0x20 [ 160.461852][ T4998] panic+0x4d5/0xc70 [ 160.465979][ T4998] ? add_taint+0x108/0x1a0 [ 160.470594][ T4998] kmsan_report+0x2d0/0x2d0 [ 160.475311][ T4998] ? kmsan_internal_chain_origin+0xba/0xd0 [ 160.481338][ T4998] ? __msan_warning+0x96/0x110 [ 160.486299][ T4998] ? sctp_inq_pop+0x1597/0x1910 [ 160.491377][ T4998] ? sctp_assoc_bh_rcv+0x1a7/0xc50 [ 160.496693][ T4998] ? sctp_inq_push+0x23e/0x2b0 [ 160.501690][ T4998] ? sctp_backlog_rcv+0x397/0xdb0 [ 160.506945][ T4998] ? __release_sock+0x207/0x570 [ 160.511990][ T4998] ? release_sock+0x6b/0x1e0 [ 160.516749][ T4998] ? sctp_wait_for_connect+0x486/0x810 [ 160.522414][ T4998] ? sctp_sendmsg_to_asoc+0x1ea7/0x1ee0 [ 160.528190][ T4998] ? sctp_sendmsg+0x32b4/0x4a70 [ 160.533246][ T4998] ? inet_sendmsg+0x105/0x190 [ 160.538113][ T4998] ? __sys_sendto+0x781/0xa30 [ 160.543006][ T4998] ? __x64_sys_sendto+0x125/0x1c0 [ 160.548251][ T4998] ? do_syscall_64+0x41/0xc0 [ 160.553084][ T4998] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 160.559401][ T4998] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 160.565727][ T4998] ? kmem_cache_free+0xbd6/0x12a0 [ 160.570983][ T4998] ? sctp_chunk_put+0x233/0x2d0 [ 160.576066][ T4998] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 160.582535][ T4998] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 160.588575][ T4998] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 160.594598][ T4998] __msan_warning+0x96/0x110 [ 160.599382][ T4998] sctp_inq_pop+0x1597/0x1910 [ 160.604332][ T4998] sctp_assoc_bh_rcv+0x1a7/0xc50 [ 160.609498][ T4998] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 160.615522][ T4998] ? sctp_assoc_lookup_asconf_ack+0x250/0x250 [ 160.621832][ T4998] ? sctp_assoc_lookup_asconf_ack+0x250/0x250 [ 160.628125][ T4998] sctp_inq_push+0x23e/0x2b0 [ 160.632962][ T4998] sctp_backlog_rcv+0x397/0xdb0 [ 160.638076][ T4998] ? sctp_add_backlog+0x7c0/0x7c0 [ 160.643349][ T4998] ? sctp_add_backlog+0x7c0/0x7c0 [ 160.648606][ T4998] __release_sock+0x207/0x570 [ 160.653478][ T4998] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 160.659486][ T4998] release_sock+0x6b/0x1e0 [ 160.664072][ T4998] sctp_wait_for_connect+0x486/0x810 [ 160.669572][ T4998] ? wake_bit_function+0x370/0x370 [ 160.674928][ T4998] sctp_sendmsg_to_asoc+0x1ea7/0x1ee0 [ 160.680539][ T4998] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 160.686589][ T4998] sctp_sendmsg+0x32b4/0x4a70 [ 160.691458][ T4998] ? kmsan_internal_set_shadow_origin+0x66/0xe0 [ 160.697956][ T4998] ? sctp_getsockopt+0x1290/0x1290 [ 160.703264][ T4998] inet_sendmsg+0x105/0x190 [ 160.707952][ T4998] ? inet_send_prepare+0x5c0/0x5c0 [ 160.713255][ T4998] __sys_sendto+0x781/0xa30 [ 160.717979][ T4998] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 160.724027][ T4998] __x64_sys_sendto+0x125/0x1c0 [ 160.729117][ T4998] do_syscall_64+0x41/0xc0 [ 160.733772][ T4998] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 160.739911][ T4998] RIP: 0033:0x7fb350c5ed39 [ 160.744476][ T4998] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 160.764307][ T4998] RSP: 002b:00007ffd01f52658 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 160.772931][ T4998] RAX: ffffffffffffffda RBX: 0100000000000000 RCX: 00007fb350c5ed39 [ 160.781071][ T4998] RDX: 0000000000034000 RSI: 0000000020847fff RDI: 0000000000000006 [ 160.789213][ T4998] RBP: 0000000000000000 R08: 000000002005ffe4 R09: 000000000000001c [ 160.797352][ T4998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 160.805483][ T4998] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 160.813629][ T4998] [ 160.817135][ T4998] Kernel Offset: disabled [ 160.821526][ T4998] Rebooting in 86400 seconds..