./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor965500465
<...>
Warning: Permanently added '10.128.0.230' (ECDSA) to the list of known hosts.
execve("./syz-executor965500465", ["./syz-executor965500465"], 0x7fff77fa8050 /* 10 vars */) = 0
brk(NULL) = 0x5555568f4000
brk(0x5555568f4c40) = 0x5555568f4c40
arch_prctl(ARCH_SET_FS, 0x5555568f4300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor965500465", 4096) = 27
brk(0x555556915c40) = 0x555556915c40
brk(0x555556916000) = 0x555556916000
mprotect(0x7f405d97b000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568f45d0) = 3484
./strace-static-x86_64: Process 3484 attached
[pid 3484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3484] setpgid(0, 0) = 0
[pid 3484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3484] write(3, "1000", 4) = 4
[pid 3484] close(3) = 0
[pid 3484] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
[pid 3484] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x10\x00\x01\x04\x00\xee\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\x01\x00\x00\x00\x01\x00\x00\x00\x1c\x00\x12\x00\x0c\x00\x01\x00\x62\x72\x69\x64\x67\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60
[ 126.502083][ T3484] netlink: 12 bytes leftover after parsing attributes in process `syz-executor965'.
[pid 3484] socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM) = 4
[ 126.592347][ C1] =====================================================
[ 126.599536][ C1] BUG: KMSAN: uninit-value in xfrm_state_find+0x1614/0x61f0
[ 126.607014][ C1] xfrm_state_find+0x1614/0x61f0
[ 126.612224][ C1] xfrm_resolve_and_create_bundle+0x7dd/0x4ed0
[ 126.618530][ C1] xfrm_lookup_with_ifid+0xd3f/0x4120
[ 126.624156][ C1] xfrm_lookup_route+0x5f/0x2b0
[ 126.629155][ C1] ip_route_output_flow+0x29b/0x340
[ 126.634667][ C1] igmpv3_newpack+0x43b/0x1440
[ 126.639602][ C1] add_grhead+0x86/0x390
[ 126.644124][ C1] add_grec+0x2185/0x2380
[ 126.648612][ C1] igmp_ifc_timer_expire+0x11b6/0x1f30
[ 126.654313][ C1] call_timer_fn+0x43/0x480
[ 126.658961][ C1] expire_timers+0x272/0x610
[ 126.663820][ C1] __run_timers+0x5bd/0x8c0
[ 126.668481][ C1] run_timer_softirq+0x64/0xe0
[ 126.673518][ C1] __do_softirq+0x1c5/0x7b9
[ 126.678167][ C1] invoke_softirq+0x8f/0x100
[ 126.683022][ C1] __irq_exit_rcu+0x5a/0x110
[ 126.687741][ C1] irq_exit_rcu+0xe/0x10
[ 126.692222][ C1] sysvec_apic_timer_interrupt+0x9a/0xc0
[ 126.698040][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 126.704304][ C1] arch_ptrace+0x27b/0x470
[ 126.708887][ C1] __se_sys_ptrace+0x2e5/0x780
[ 126.713940][ C1] __x64_sys_ptrace+0xb9/0x110
[ 126.718868][ C1] do_syscall_64+0x3d/0xb0
[ 126.723550][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 126.729587][ C1]
[ 126.732091][ C1] Local variable fl4 created at:
[ 126.737093][ C1] igmpv3_newpack+0x7e/0x1440
[ 126.742006][ C1] add_grhead+0x86/0x390
[ 126.746392][ C1]
[ 126.748782][ C1] CPU: 1 PID: 3479 Comm: strace-static-x Not tainted 6.1.0-syzkaller-64311-g5c6259d6d19f #0
[ 126.759119][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 126.769373][ C1] =====================================================
[ 126.776517][ C1] Disabling lock debugging due to kernel taint
[ 126.782842][ C1] Kernel panic - not syncing: kmsan.panic set ...
[ 126.789345][ C1] CPU: 1 PID: 3479 Comm: strace-static-x Tainted: G B 6.1.0-syzkaller-64311-g5c6259d6d19f #0
[ 126.801028][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 126.811195][ C1] Call Trace:
[ 126.814565][ C1]
[ 126.817495][ C1] dump_stack_lvl+0x1c8/0x256
[ 126.822347][ C1] dump_stack+0x1a/0x21
[ 126.826653][ C1] panic+0x4d3/0xc64
[ 126.830747][ C1] ? add_taint+0x104/0x1a0
[ 126.835328][ C1] kmsan_report+0x2ca/0x2d0
[ 126.839984][ C1] ? preempt_count_sub+0x7d/0x280
[ 126.845174][ C1] ? _raw_spin_unlock_irqrestore+0x34/0x50
[ 126.851199][ C1] ? __msan_warning+0x92/0x110
[ 126.856210][ C1] ? xfrm_state_find+0x1614/0x61f0
[ 126.861478][ C1] ? xfrm_resolve_and_create_bundle+0x7dd/0x4ed0
[ 126.867954][ C1] ? xfrm_lookup_with_ifid+0xd3f/0x4120
[ 126.873646][ C1] ? xfrm_lookup_route+0x5f/0x2b0
[ 126.878889][ C1] ? ip_route_output_flow+0x29b/0x340
[ 126.884435][ C1] ? igmpv3_newpack+0x43b/0x1440
[ 126.889540][ C1] ? add_grhead+0x86/0x390
[ 126.894116][ C1] ? add_grec+0x2185/0x2380
[ 126.898779][ C1] ? igmp_ifc_timer_expire+0x11b6/0x1f30
[ 126.904578][ C1] ? call_timer_fn+0x43/0x480
[ 126.909402][ C1] ? expire_timers+0x272/0x610
[ 126.914308][ C1] ? __run_timers+0x5bd/0x8c0
[ 126.919128][ C1] ? run_timer_softirq+0x64/0xe0
[ 126.924306][ C1] ? __do_softirq+0x1c5/0x7b9
[ 126.929129][ C1] ? invoke_softirq+0x8f/0x100
[ 126.934077][ C1] ? __irq_exit_rcu+0x5a/0x110
[ 126.938986][ C1] ? irq_exit_rcu+0xe/0x10
[ 126.943542][ C1] ? sysvec_apic_timer_interrupt+0x9a/0xc0
[ 126.949521][ C1] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 126.955825][ C1] ? arch_ptrace+0x27b/0x470
[ 126.960581][ C1] ? __se_sys_ptrace+0x2e5/0x780
[ 126.965677][ C1] ? __x64_sys_ptrace+0xb9/0x110
[ 126.970779][ C1] ? do_syscall_64+0x3d/0xb0
[ 126.975506][ C1] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 126.981723][ C1] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 126.987694][ C1] ? xfrm_state_find+0x193/0x61f0
[ 126.992873][ C1] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 126.998848][ C1] ? __xfrm_dst_hash+0x33c/0x630
[ 127.003953][ C1] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 127.009941][ C1] __msan_warning+0x92/0x110
[ 127.014677][ C1] xfrm_state_find+0x1614/0x61f0
[ 127.019770][ C1] ? call_rcu+0x60e/0xc20
[ 127.024299][ C1] xfrm_resolve_and_create_bundle+0x7dd/0x4ed0
[ 127.030668][ C1] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 127.036651][ C1] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 127.042639][ C1] xfrm_lookup_with_ifid+0xd3f/0x4120
[ 127.048183][ C1] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 127.054167][ C1] xfrm_lookup_route+0x5f/0x2b0
[ 127.059172][ C1] ip_route_output_flow+0x29b/0x340
[ 127.064572][ C1] igmpv3_newpack+0x43b/0x1440
[ 127.069500][ C1] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 127.075511][ C1] add_grhead+0x86/0x390
[ 127.079924][ C1] add_grec+0x2185/0x2380
[ 127.084421][ C1] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 127.090401][ C1] ? kmsan_internal_set_shadow_origin+0x62/0xe0
[ 127.096833][ C1] igmp_ifc_timer_expire+0x11b6/0x1f30
[ 127.102492][ C1] ? igmp_gq_timer_expire+0xe0/0xe0
[ 127.107854][ C1] ? igmp_gq_timer_expire+0xe0/0xe0
[ 127.113221][ C1] call_timer_fn+0x43/0x480
[ 127.117889][ C1] ? igmp_gq_timer_expire+0xe0/0xe0
[ 127.123256][ C1] expire_timers+0x272/0x610
[ 127.128010][ C1] __run_timers+0x5bd/0x8c0
[ 127.132687][ C1] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 127.138692][ C1] run_timer_softirq+0x64/0xe0
[ 127.143607][ C1] ? migrate_timer_list+0x5d0/0x5d0
[ 127.149037][ C1] __do_softirq+0x1c5/0x7b9
[ 127.153711][ C1] invoke_softirq+0x8f/0x100
[ 127.158536][ C1] __irq_exit_rcu+0x5a/0x110
[ 127.163268][ C1] irq_exit_rcu+0xe/0x10
[ 127.167640][ C1] sysvec_apic_timer_interrupt+0x9a/0xc0
[ 127.173458][ C1]
[ 127.176458][ C1]
[ 127.179458][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 127.185597][ C1] RIP: 0010:arch_ptrace+0x27b/0x470
[ 127.190977][ C1] Code: ee 4c 89 fa e8 66 33 fb ff 49 89 c5 eb 1f 41 c7 86 20 03 00 00 00 00 00 00 4c 89 e7 48 89 de 4c 89 fa 4c 89 e9 e8 b5 ad 14 00 <41> 89 c5 41 8b 9e 20 03 00 00 41 8b 8e a8 0f 00 00 48 63 d3 49 63
[ 127.210750][ C1] RSP: 0018:ffff88810f9c3de0 EFLAGS: 00000282
[ 127.217250][ C1] RAX: 0000000000000000 RBX: 0000000000000018 RCX: ffff88811a2c0000
[ 127.225356][ C1] RDX: ffff888227f13cc0 RSI: 0000000000000004 RDI: 000000000001ad48
[ 127.233550][ C1] RBP: ffff88810f9c3e28 R08: 0000000000000000 R09: ffff88810f1c39d0
[ 127.241645][ C1] R10: ffff88810f9c3988 R11: ffff88811a2c0000 R12: ffff888117ef0000
[ 127.249751][ C1] R13: 0000000000000000 R14: ffff88811a2c0b30 R15: 0000000000000000
[ 127.257886][ C1] __se_sys_ptrace+0x2e5/0x780
[ 127.262833][ C1] ? kmsan_get_shadow_origin_ptr+0x49/0xa0
[ 127.268847][ C1] __x64_sys_ptrace+0xb9/0x110
[ 127.273797][ C1] do_syscall_64+0x3d/0xb0
[ 127.278374][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 127.284419][ C1] RIP: 0033:0x4e987a
[ 127.288407][ C1] Code: 70 41 83 f8 03 c7 44 24 10 08 00 00 00 48 89 44 24 18 48 8d 44 24 30 8b 70 08 4c 0f 43 d1 48 89 44 24 20 b8 65 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3e 48 85 c0 78 06 41 83 f8 02 76 1b 48 8b 54
[ 127.308176][ C1] RSP: 002b:00007fff77fa7bf0 EFLAGS: 00000206 ORIG_RAX: 0000000000000065
[ 127.316744][ C1] RAX: ffffffffffffffda RBX: 0000000001e5d368 RCX: 00000000004e987a
[ 127.324835][ C1] RDX: 0000000000000000 RSI: 0000000000000d9b RDI: 0000000000000018
[ 127.333008][ C1] RBP: 0000000000000018 R08: 0000000000000017 R09: 000000000000019b
[ 127.341438][ C1] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000001e5eb90
[ 127.349611][ C1] R13: 0000000000000000 R14: 0000000001e5eb90 R15: 000000000063f160
[ 127.357804][ C1]
[ 127.361090][ C1] Kernel Offset: disabled
[ 127.365464][ C1] Rebooting in 86400 seconds..