./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1704036764 <...> syzkaller login: [ 100.243341][ T26] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.189' (ECDSA) to the list of known hosts. execve("./syz-executor1704036764", ["./syz-executor1704036764"], 0x7ffe22e10da0 /* 10 vars */) = 0 brk(NULL) = 0x555555808000 brk(0x555555808c40) = 0x555555808c40 arch_prctl(ARCH_SET_FS, 0x555555808300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1704036764", 4096) = 28 brk(0x555555829c40) = 0x555555829c40 brk(0x55555582a000) = 0x55555582a000 mprotect(0x7ff409cc6000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3493 attached , child_tidptr=0x5555558085d0) = 3493 [pid 3493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3493] setpgid(0, 0) = 0 [pid 3493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3493] write(3, "1000", 4) = 4 [pid 3493] close(3) = 0 [pid 3493] socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3 [pid 3493] bind(3, {sa_family=AF_INET, sin_port=htons(20000), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 [pid 3493] sendto(3, "\x31\xea\x37\xec\xb0\x7e\xf3\xf8\x14\x74\x4f\x7d\x16\x04\x2a\xa3\x88\x67\xfd\xfe\x8a\xeb\x89\xfb", 24, MSG_OOB|MSG_DONTROUTE|MSG_MORE|MSG_FASTOPEN, {sa_family=AF_INET, sin_port=htons(20000), sin_addr=inet_addr("0.0.0.0")}, 16) = 24 [ 103.237078][ T3493] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 103.240012][ T3493] ===================================================== [ 103.240091][ T3493] BUG: KMSAN: uninit-value in tcp_recvmsg+0x6cf/0xb60 [ 103.240147][ T3493] tcp_recvmsg+0x6cf/0xb60 [ 103.240198][ T3493] inet_recvmsg+0x13a/0x5a0 [ 103.240471][ T3493] __sys_recvfrom+0x696/0x900 [ 103.240528][ T3493] __x64_sys_recvfrom+0x122/0x1c0 [ 103.240584][ T3493] do_syscall_64+0x3d/0xb0 [ 103.240641][ T3493] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 103.240697][ T3493] [ 103.240704][ T3493] Local variable msg created at: [ 103.240715][ T3493] __sys_recvfrom+0x81/0x900 [ 103.240765][ T3493] __x64_sys_recvfrom+0x122/0x1c0 [ 103.240817][ T3493] [ 103.240824][ T3493] CPU: 0 PID: 3493 Comm: syz-executor170 Not tainted 5.19.0-rc3-syzkaller-30868-g4b28366af7d9 #0 [ 103.240869][ T3493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 103.240890][ T3493] ===================================================== [ 103.240901][ T3493] Disabling lock debugging due to kernel taint [ 103.240914][ T3493] Kernel panic - not syncing: kmsan.panic set ... [ 103.361010][ T3493] CPU: 0 PID: 3493 Comm: syz-executor170 Tainted: G B 5.19.0-rc3-syzkaller-30868-g4b28366af7d9 #0 [ 103.372937][ T3493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 103.383018][ T3493] Call Trace: [ 103.386315][ T3493] [ 103.389273][ T3493] dump_stack_lvl+0x1c8/0x256 [ 103.394007][ T3493] dump_stack+0x1a/0x1c [ 103.398235][ T3493] panic+0x4d3/0xc7d [ 103.402191][ T3493] ? print_tainted+0x1d1/0x1e0 [ 103.407022][ T3493] ? add_taint+0x104/0x1a0 [ 103.411473][ T3493] ? printk_sprint+0x29b/0x4d0 [ 103.416284][ T3493] kmsan_report+0x2cc/0x2d0 [ 103.420867][ T3493] ? __stack_depot_save+0x38d/0x4b0 [ 103.426121][ T3493] ? kmsan_get_metadata+0x33/0x220 [ 103.431289][ T3493] ? kmsan_internal_set_shadow_origin+0x62/0xe0 [ 103.437630][ T3493] ? __msan_warning+0x92/0x110 [ 103.442436][ T3493] ? tcp_recvmsg+0x6cf/0xb60 [ 103.447088][ T3493] ? inet_recvmsg+0x13a/0x5a0 [ 103.451807][ T3493] ? __sys_recvfrom+0x696/0x900 [ 103.456733][ T3493] ? __x64_sys_recvfrom+0x122/0x1c0 [ 103.462001][ T3493] ? do_syscall_64+0x3d/0xb0 [ 103.466641][ T3493] ? entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 103.472787][ T3493] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 103.478671][ T3493] ? tcp_recvmsg_locked+0x31a1/0x3410 [ 103.484124][ T3493] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 103.489971][ T3493] ? kmsan_get_metadata+0x33/0x220 [ 103.495125][ T3493] ? tcp_recvmsg+0x84/0xb60 [ 103.499772][ T3493] ? kmsan_get_metadata+0x33/0x220 [ 103.504931][ T3493] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 103.510808][ T3493] ? preempt_count_sub+0x7d/0x280 [ 103.515888][ T3493] ? kmsan_get_metadata+0x33/0x220 [ 103.521039][ T3493] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 103.526894][ T3493] __msan_warning+0x92/0x110 [ 103.531537][ T3493] tcp_recvmsg+0x6cf/0xb60 [ 103.535997][ T3493] ? __stack_depot_save+0x38d/0x4b0 [ 103.541270][ T3493] ? kmsan_get_metadata+0x33/0x220 [ 103.546431][ T3493] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 103.552303][ T3493] ? tcp_recv_timestamp+0x910/0x910 [ 103.557566][ T3493] inet_recvmsg+0x13a/0x5a0 [ 103.562106][ T3493] ? kmsan_get_metadata+0x33/0x220 [ 103.567275][ T3493] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 103.573128][ T3493] __sys_recvfrom+0x696/0x900 [ 103.577857][ T3493] ? inet_sendpage+0x210/0x210 [ 103.582697][ T3493] ? preempt_count_sub+0x7d/0x280 [ 103.587804][ T3493] ? kmsan_get_metadata+0x33/0x220 [ 103.592969][ T3493] ? kmsan_get_shadow_origin_ptr+0x9a/0xf0 [ 103.598833][ T3493] __x64_sys_recvfrom+0x122/0x1c0 [ 103.603920][ T3493] do_syscall_64+0x3d/0xb0 [ 103.608415][ T3493] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 103.614381][ T3493] RIP: 0033:0x7ff409c59da9 [ 103.618834][ T3493] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 103.638494][ T3493] RSP: 002b:00007ffded8a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 103.646965][ T3493] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff409c59da9 [ 103.654967][ T3493] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 103.662961][ T3493] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 103.670957][ T3493] R10: 000000000000076f R11: 0000000000000246 R12: 00007ff409c1d630 [ 103.678966][ T3493] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 103.687002][ T3493] [ 103.690227][ T3493] Kernel Offset: disabled [ 103.694586][ T3493] Rebooting in 86400 seconds..