./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor140917770 <...> forked to background, child pid 3056 no interfaces have a carrier [ 80.868547][ T3057] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.884651][ T3057] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 105.373968][ T122] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.1.61' (ECDSA) to the list of known hosts. execve("./syz-executor140917770", ["./syz-executor140917770"], 0x7ffd7fa34150 /* 10 vars */) = 0 brk(NULL) = 0x555555cd7000 brk(0x555555cd7c40) = 0x555555cd7c40 arch_prctl(ARCH_SET_FS, 0x555555cd7300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor140917770", 4096) = 27 brk(0x555555cf8c40) = 0x555555cf8c40 brk(0x555555cf9000) = 0x555555cf9000 mprotect(0x7f70ba20f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555cd75d0) = 3488 ./strace-static-x86_64: Process 3488 attached [pid 3488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3488] setpgid(0, 0) = 0 [pid 3488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3488] write(3, "1000", 4) = 4 [pid 3488] close(3) = 0 [pid 3488] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [pid 3488] socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0 [pid 3488] ioctl(5, SIOCGIFINDEX, {ifr_name="lo", ifr_ifindex=1}) = 0 [pid 3488] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x24\x01\x00\x00\x24\x00\x0b\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x60\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x0a\x00\x01\x00\x6e\x65\x74\x65\x6d\x00\x00\x00\xf4\x00\x02\x00\x00\x00\x00\x00\x06\x00\x00\x00\xfd\xff\xff\xff\x70\x1a\x00\x00\xff\xfb\xff\xff\x6e\x00\x00\x00\x10\x00\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x2d\x00\x02\x00\xb0\xe6\xa2\xd6"..., iov_len=292}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 292 [pid 3488] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 6 [pid 3488] setsockopt(6, SOL_SCTP, SCTP_PEER_ADDR_PARAMS, "\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x07\x00\x20\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 156) = 0 [pid 3488] bind(6, {sa_family=AF_INET6, sin6_port=htons(20003), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}, 28) = 0 [ 115.173423][ T3488] ===================================================== [ 115.180532][ T3488] BUG: KMSAN: uninit-value in sctp_inq_pop+0x159f/0x1910 [ 115.187746][ T3488] sctp_inq_pop+0x159f/0x1910 [ 115.192664][ T3488] sctp_assoc_bh_rcv+0x1a3/0xc40 [ 115.197747][ T3488] sctp_inq_push+0x238/0x2b0 [ 115.202550][ T3488] sctp_backlog_rcv+0x3f1/0xe40 [ 115.207532][ T3488] __release_sock+0x1ff/0x560 [ 115.212467][ T3488] release_sock+0x67/0x1d0 [ 115.217000][ T3488] sctp_wait_for_connect+0x4a0/0x860 [ 115.222472][ T3488] sctp_sendmsg_to_asoc+0x179c/0x19e0 [ 115.228016][ T3488] sctp_sendmsg+0x3836/0x4ce0 [ 115.232913][ T3488] inet_sendmsg+0x101/0x180 [ 115.237536][ T3488] __sys_sendto+0x7ea/0xa60 [ 115.242215][ T3488] __x64_sys_sendto+0x121/0x1c0 [ 115.247190][ T3488] do_syscall_64+0x3d/0xb0 [ 115.251736][ T3488] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 115.257873][ T3488] [ 115.260245][ T3488] Uninit was stored to memory at: [ 115.265519][ T3488] sctp_inq_pop+0x1522/0x1910 [ 115.270320][ T3488] sctp_assoc_bh_rcv+0x1a3/0xc40 [ 115.275507][ T3488] sctp_inq_push+0x238/0x2b0 [ 115.280205][ T3488] sctp_backlog_rcv+0x3f1/0xe40 [ 115.285265][ T3488] __release_sock+0x1ff/0x560 [ 115.290089][ T3488] release_sock+0x67/0x1d0 [ 115.294749][ T3488] sctp_wait_for_connect+0x4a0/0x860 [ 115.300342][ T3488] sctp_sendmsg_to_asoc+0x179c/0x19e0 [ 115.305913][ T3488] sctp_sendmsg+0x3836/0x4ce0 [ 115.310735][ T3488] inet_sendmsg+0x101/0x180 [ 115.315515][ T3488] __sys_sendto+0x7ea/0xa60 [ 115.320118][ T3488] __x64_sys_sendto+0x121/0x1c0 [ 115.325163][ T3488] do_syscall_64+0x3d/0xb0 [ 115.329685][ T3488] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 115.335779][ T3488] [ 115.338150][ T3488] Uninit was created at: [ 115.342656][ T3488] __kmalloc_node_track_caller+0x86c/0x1230 [ 115.348716][ T3488] __alloc_skb+0x34a/0xd70 [ 115.353336][ T3488] sctp_packet_transmit+0x16e4/0x4080 [ 115.358825][ T3488] sctp_outq_flush+0x19a1/0x6090 [ 115.363964][ T3488] sctp_outq_uncork+0x96/0xb0 [ 115.368775][ T3488] sctp_do_sm+0x9503/0x9b90 [ 115.373549][ T3488] sctp_assoc_bh_rcv+0x8f8/0xc40 [ 115.378642][ T3488] sctp_inq_push+0x238/0x2b0 [ 115.383466][ T3488] sctp_backlog_rcv+0x3f1/0xe40 [ 115.388441][ T3488] __release_sock+0x1ff/0x560 [ 115.393368][ T3488] release_sock+0x67/0x1d0 [ 115.397896][ T3488] sctp_wait_for_connect+0x4a0/0x860 [ 115.403362][ T3488] sctp_sendmsg_to_asoc+0x179c/0x19e0 [ 115.408901][ T3488] sctp_sendmsg+0x3836/0x4ce0 [ 115.413800][ T3488] inet_sendmsg+0x101/0x180 [ 115.418500][ T3488] __sys_sendto+0x7ea/0xa60 [ 115.423206][ T3488] __x64_sys_sendto+0x121/0x1c0 [ 115.428178][ T3488] do_syscall_64+0x3d/0xb0 [ 115.432865][ T3488] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 115.438931][ T3488] [ 115.441316][ T3488] CPU: 0 PID: 3488 Comm: syz-executor140 Not tainted 5.19.0-syzkaller-32655-g1b070a5d1a2c #0 [ 115.451684][ T3488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 115.461984][ T3488] ===================================================== [ 115.469067][ T3488] Disabling lock debugging due to kernel taint [ 115.475355][ T3488] Kernel panic - not syncing: kmsan.panic set ... [ 115.481833][ T3488] CPU: 0 PID: 3488 Comm: syz-executor140 Tainted: G B 5.19.0-syzkaller-32655-g1b070a5d1a2c #0 [ 115.493446][ T3488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 115.503558][ T3488] Call Trace: [ 115.506877][ T3488] [ 115.509862][ T3488] dump_stack_lvl+0x1c8/0x256 [ 115.514706][ T3488] dump_stack+0x1a/0x1c [ 115.518972][ T3488] panic+0x4d3/0xc69 [ 115.523047][ T3488] kmsan_report+0x2cc/0x2d0 [ 115.527677][ T3488] ? kmsan_internal_chain_origin+0x103/0x120 [ 115.533752][ T3488] ? __msan_warning+0x92/0x110 [ 115.538606][ T3488] ? sctp_inq_pop+0x159f/0x1910 [ 115.543584][ T3488] ? sctp_assoc_bh_rcv+0x1a3/0xc40 [ 115.548834][ T3488] ? sctp_inq_push+0x238/0x2b0 [ 115.553695][ T3488] ? sctp_backlog_rcv+0x3f1/0xe40 [ 115.558853][ T3488] ? __release_sock+0x1ff/0x560 [ 115.563835][ T3488] ? release_sock+0x67/0x1d0 [ 115.568513][ T3488] ? sctp_wait_for_connect+0x4a0/0x860 [ 115.574122][ T3488] ? sctp_sendmsg_to_asoc+0x179c/0x19e0 [ 115.579835][ T3488] ? sctp_sendmsg+0x3836/0x4ce0 [ 115.584813][ T3488] ? inet_sendmsg+0x101/0x180 [ 115.589578][ T3488] ? __sys_sendto+0x7ea/0xa60 [ 115.594360][ T3488] ? __x64_sys_sendto+0x121/0x1c0 [ 115.599468][ T3488] ? do_syscall_64+0x3d/0xb0 [ 115.604158][ T3488] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 115.610379][ T3488] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 115.616642][ T3488] ? kmsan_internal_set_shadow_origin+0x62/0xe0 [ 115.623269][ T3488] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 115.629190][ T3488] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 115.635159][ T3488] __msan_warning+0x92/0x110 [ 115.639886][ T3488] sctp_inq_pop+0x159f/0x1910 [ 115.644671][ T3488] sctp_assoc_bh_rcv+0x1a3/0xc40 [ 115.649766][ T3488] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 115.655718][ T3488] ? sctp_assoc_lookup_asconf_ack+0x250/0x250 [ 115.661952][ T3488] ? sctp_assoc_lookup_asconf_ack+0x250/0x250 [ 115.668180][ T3488] sctp_inq_push+0x238/0x2b0 [ 115.672868][ T3488] sctp_backlog_rcv+0x3f1/0xe40 [ 115.677848][ T3488] ? sctp_add_backlog+0x870/0x870 [ 115.682960][ T3488] __release_sock+0x1ff/0x560 [ 115.687781][ T3488] release_sock+0x67/0x1d0 [ 115.692307][ T3488] sctp_wait_for_connect+0x4a0/0x860 [ 115.697773][ T3488] ? wake_bit_function+0x380/0x380 [ 115.703030][ T3488] sctp_sendmsg_to_asoc+0x179c/0x19e0 [ 115.708527][ T3488] sctp_sendmsg+0x3836/0x4ce0 [ 115.713349][ T3488] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 115.719317][ T3488] ? sctp_getsockopt+0x1280/0x1280 [ 115.724614][ T3488] ? sctp_getsockopt+0x1280/0x1280 [ 115.729863][ T3488] inet_sendmsg+0x101/0x180 [ 115.734465][ T3488] ? inet_send_prepare+0x5b0/0x5b0 [ 115.739707][ T3488] __sys_sendto+0x7ea/0xa60 [ 115.744337][ T3488] ? preempt_count_sub+0x7d/0x280 [ 115.749524][ T3488] ? kmsan_get_shadow_origin_ptr+0x49/0xa0 [ 115.755501][ T3488] __x64_sys_sendto+0x121/0x1c0 [ 115.760506][ T3488] do_syscall_64+0x3d/0xb0 [ 115.765020][ T3488] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 115.771106][ T3488] RIP: 0033:0x7f70ba1a22e9 [ 115.775612][ T3488] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 115.795330][ T3488] RSP: 002b:00007fff33708798 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 115.803863][ T3488] RAX: ffffffffffffffda RBX: 0100000000000000 RCX: 00007f70ba1a22e9 [ 115.811900][ T3488] RDX: 0000000000034000 RSI: 0000000020847fff RDI: 0000000000000006 [ 115.819948][ T3488] RBP: 0000000000000000 R08: 000000002005ffe4 R09: 000000000000001c [ 115.828026][ T3488] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f70ba165b70 [ 115.836111][ T3488] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 115.844203][ T3488] [ 115.847450][ T3488] Kernel Offset: disabled [ 115.851823][ T3488] Rebooting in 86400 seconds..