./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor300768136 <...> Warning: Permanently added '10.128.0.46' (ED25519) to the list of known hosts. execve("./syz-executor300768136", ["./syz-executor300768136"], 0x7ffd20527e00 /* 10 vars */) = 0 brk(NULL) = 0x55555605b000 brk(0x55555605bd00) = 0x55555605bd00 arch_prctl(ARCH_SET_FS, 0x55555605b380) = 0 set_tid_address(0x55555605b650) = 5000 set_robust_list(0x55555605b660, 24) = 0 rseq(0x55555605bca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor300768136", 4096) = 27 getrandom("\xcd\xd1\xdb\x27\xab\x08\x7d\x59", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555605bd00 brk(0x55555607cd00) = 0x55555607cd00 brk(0x55555607d000) = 0x55555607d000 mprotect(0x7fdb4f616000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555605b650) = 5001 ./strace-static-x86_64: Process 5001 attached [pid 5001] set_robust_list(0x55555605b660, 24) = 0 [pid 5001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5001] setpgid(0, 0) = 0 [pid 5001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "1000", 4) = 4 [pid 5001] close(3) = 0 [pid 5001] socket(AF_ALG, SOCK_SEQPACKET, 0) = 3 [pid 5001] bind(3, {sa_family=AF_ALG, salg_type="hash", salg_feat=0, salg_mask=0, salg_name="poly1305"}, 88) = 0 [pid 5001] accept4(3, NULL, NULL, 0) = 4 [pid 5001] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=20}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_MORE|MSG_BATCH) = 20 [pid 5001] accept(4, NULL, NULL) = 5 [ 161.834077][ T5001] ===================================================== [ 161.841659][ T5001] BUG: KMSAN: uninit-value in af_alg_free_sg+0x1a7/0x270 [ 161.848840][ T5001] af_alg_free_sg+0x1a7/0x270 [ 161.854042][ T5001] hash_sendmsg+0x1938/0x1c30 [ 161.858957][ T5001] ____sys_sendmsg+0x9c2/0xd60 [ 161.863991][ T5001] ___sys_sendmsg+0x28d/0x3c0 [ 161.868866][ T5001] __sys_sendmmsg+0x3c4/0x950 [ 161.873774][ T5001] __x64_sys_sendmmsg+0xbc/0x120 [ 161.878910][ T5001] do_syscall_64+0x44/0x110 [ 161.883637][ T5001] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 161.889877][ T5001] [ 161.892307][ T5001] Uninit was created at: [ 161.896733][ T5001] slab_post_alloc_hook+0x129/0xa70 [ 161.902299][ T5001] __kmem_cache_alloc_node+0x5c9/0x970 [ 161.907932][ T5001] __kmalloc+0x121/0x3c0 [ 161.913245][ T5001] sock_kmalloc+0x128/0x1c0 [ 161.917938][ T5001] hash_accept_parent+0xbf/0x430 [ 161.923242][ T5001] af_alg_accept+0x1fc/0x810 [ 161.928068][ T5001] hash_accept+0x340/0x790 [ 161.932857][ T5001] do_accept+0x606/0xa80 [ 161.937299][ T5001] __sys_accept4+0x18e/0x360 [ 161.942292][ T5001] __x64_sys_accept+0x95/0xf0 [ 161.947161][ T5001] do_syscall_64+0x44/0x110 [ 161.951950][ T5001] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 161.958070][ T5001] [ 161.960701][ T5001] CPU: 1 PID: 5001 Comm: syz-executor300 Not tainted 6.7.0-rc4-syzkaller-00039-g9ace34a8e446 #0 [ 161.971397][ T5001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 161.981772][ T5001] ===================================================== [ 161.988828][ T5001] Disabling lock debugging due to kernel taint [ 161.995221][ T5001] Kernel panic - not syncing: kmsan.panic set ... [ 162.001774][ T5001] CPU: 1 PID: 5001 Comm: syz-executor300 Tainted: G B 6.7.0-rc4-syzkaller-00039-g9ace34a8e446 #0 [ 162.013781][ T5001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 162.023946][ T5001] Call Trace: [ 162.027317][ T5001] [ 162.030374][ T5001] dump_stack_lvl+0x1bf/0x240 [ 162.037272][ T5001] dump_stack+0x1e/0x20 [ 162.041631][ T5001] panic+0x4de/0xc90 [ 162.045765][ T5001] ? add_taint+0x108/0x1a0 [ 162.050356][ T5001] kmsan_report+0x2d0/0x2d0 [ 162.055077][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 162.061119][ T5001] ? __msan_warning+0x96/0x110 [ 162.066033][ T5001] ? af_alg_free_sg+0x1a7/0x270 [ 162.071022][ T5001] ? hash_sendmsg+0x1938/0x1c30 [ 162.076022][ T5001] ? ____sys_sendmsg+0x9c2/0xd60 [ 162.081123][ T5001] ? ___sys_sendmsg+0x28d/0x3c0 [ 162.086197][ T5001] ? __sys_sendmmsg+0x3c4/0x950 [ 162.091288][ T5001] ? __x64_sys_sendmmsg+0xbc/0x120 [ 162.096606][ T5001] ? do_syscall_64+0x44/0x110 [ 162.101445][ T5001] ? entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 162.107678][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 162.113706][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 162.119699][ T5001] ? __kmem_cache_alloc_node+0x5d9/0x970 [ 162.125526][ T5001] ? sock_kmalloc+0x128/0x1c0 [ 162.130334][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 162.136365][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 162.142380][ T5001] __msan_warning+0x96/0x110 [ 162.147211][ T5001] af_alg_free_sg+0x1a7/0x270 [ 162.152144][ T5001] hash_sendmsg+0x1938/0x1c30 [ 162.157100][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 162.163183][ T5001] ? hash_accept+0x790/0x790 [ 162.167925][ T5001] ____sys_sendmsg+0x9c2/0xd60 [ 162.172855][ T5001] ___sys_sendmsg+0x28d/0x3c0 [ 162.177685][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 162.183673][ T5001] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 162.189713][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 162.195696][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 162.201718][ T5001] __sys_sendmmsg+0x3c4/0x950 [ 162.206545][ T5001] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0 [ 162.212584][ T5001] __x64_sys_sendmmsg+0xbc/0x120 [ 162.217852][ T5001] do_syscall_64+0x44/0x110 [ 162.222516][ T5001] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 162.228642][ T5001] RIP: 0033:0x7fdb4f5a2e39 [ 162.233186][ T5001] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 162.252982][ T5001] RSP: 002b:00007ffc3e2b5d58 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 162.261572][ T5001] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdb4f5a2e39 [ 162.269672][ T5001] RDX: 000000000000000a RSI: 000000002000a400 RDI: 0000000000000005 [ 162.277800][ T5001] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000006 [ 162.285904][ T5001] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 162.293995][ T5001] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 162.302111][ T5001] [ 162.305386][ T5001] Kernel Offset: disabled [ 162.309865][ T5001] Rebooting in 86400 seconds..