./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor966209038 <...> Warning: Permanently added '10.128.0.157' (ED25519) to the list of known hosts. execve("./syz-executor966209038", ["./syz-executor966209038"], 0x7ffe88013c90 /* 10 vars */) = 0 brk(NULL) = 0x5555906d8000 brk(0x5555906d8d00) = 0x5555906d8d00 arch_prctl(ARCH_SET_FS, 0x5555906d8380) = 0 set_tid_address(0x5555906d8650) = 5783 set_robust_list(0x5555906d8660, 24) = 0 rseq(0x5555906d8ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor966209038", 4096) = 27 getrandom("\xf5\x06\x4c\x1d\xaf\xdb\xef\x5e", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555906d8d00 brk(0x5555906f9d00) = 0x5555906f9d00 brk(0x5555906fa000) = 0x5555906fa000 mprotect(0x7fd8575a5000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555906d8650) = 5784 ./strace-static-x86_64: Process 5784 attached [pid 5784] set_robust_list(0x5555906d8660, 24) = 0 [pid 5784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5784] setpgid(0, 0) = 0 [pid 5784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5784] write(3, "1000", 4executing program ) = 4 [pid 5784] close(3) = 0 [pid 5784] write(1, "executing program\n", 18) = 18 [pid 5784] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5784] setsockopt(3, SOL_SCTP, SCTP_PEER_ADDR_PARAMS, "\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 156) = 0 [pid 5784] bind(3, {sa_family=AF_INET6, sin6_port=htons(20003), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}, 28) = 0 [pid 5784] sendto(3, "\x58\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65252, 0, {sa_family=AF_INET6, sin6_port=htons(20003), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}, 28) = 65252 [pid 5784] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4 [pid 5784] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 5 [pid 5784] ioctl(5, SIOCGIFINDEX, {ifr_name="lo", ifr_ifindex=1}) = 0 [pid 5784] sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4c\x00\x00\x00\x24\x00\x41\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x0a\x00\x01\x00\x6e\x65\x74\x65\x6d\x00\x00\x00\x1c\x00\x02\x00\x00\x00\x00\x00\xfc\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", iov_len=76}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 76 [pid 5784] exit_group(0) = ? [pid 5784] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5784, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5785 attached , child_tidptr=0x5555906d8650) = 5785 [pid 5785] set_robust_list(0x5555906d8660, 24) = 0 [pid 5785] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5785] setpgid(0, 0) = 0 [pid 5785] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5785] write(3, "1000", 4) = 4 [pid 5785] close(3executing program ) = 0 [pid 5785] write(1, "executing program\n", 18) = 18 [pid 5785] socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP) = 3 [pid 5785] setsockopt(3, SOL_SCTP, SCTP_PEER_ADDR_PARAMS, "\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 156) = 0 [pid 5785] bind(3, {sa_family=AF_INET6, sin6_port=htons(20003), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_scope_id=0}, 28) = 0 [ 207.403773][ T5785] ===================================================== [ 207.411107][ T5785] BUG: KMSAN: uninit-value in sctp_inq_pop+0x15b7/0x1920 [ 207.418437][ T5785] sctp_inq_pop+0x15b7/0x1920 [ 207.423479][ T5785] sctp_assoc_bh_rcv+0x1a7/0xc50 [ 207.428603][ T5785] sctp_inq_push+0x2ef/0x380 [ 207.433489][ T5785] sctp_backlog_rcv+0x397/0xdb0 [ 207.438558][ T5785] sk_backlog_rcv+0x13b/0x420 [ 207.443536][ T5785] __release_sock+0x1da/0x330 [ 207.448436][ T5785] release_sock+0x6b/0x250 [ 207.453152][ T5785] sctp_wait_for_connect+0x487/0x820 [ 207.458647][ T5785] sctp_sendmsg_to_asoc+0x1ec1/0x1f00 [ 207.464323][ T5785] sctp_sendmsg+0x32b9/0x4a80 [ 207.469200][ T5785] inet_sendmsg+0x25a/0x280 [ 207.473965][ T5785] __sock_sendmsg+0x267/0x380 [ 207.478907][ T5785] __sys_sendto+0x594/0x750 [ 207.483722][ T5785] __x64_sys_sendto+0x125/0x1d0 [ 207.488756][ T5785] x64_sys_call+0x346a/0x3c30 [ 207.493696][ T5785] do_syscall_64+0xcd/0x1e0 [ 207.498364][ T5785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.504583][ T5785] [ 207.507012][ T5785] Uninit was stored to memory at: [ 207.512402][ T5785] sctp_inq_pop+0x153e/0x1920 [ 207.517308][ T5785] sctp_assoc_bh_rcv+0x1a7/0xc50 [ 207.522551][ T5785] sctp_inq_push+0x2ef/0x380 [ 207.527354][ T5785] sctp_backlog_rcv+0x397/0xdb0 [ 207.532510][ T5785] sk_backlog_rcv+0x13b/0x420 [ 207.537393][ T5785] __release_sock+0x1da/0x330 [ 207.542348][ T5785] release_sock+0x6b/0x250 [ 207.546925][ T5785] sctp_wait_for_connect+0x487/0x820 [ 207.552546][ T5785] sctp_sendmsg_to_asoc+0x1ec1/0x1f00 [ 207.558159][ T5785] sctp_sendmsg+0x32b9/0x4a80 [ 207.563163][ T5785] inet_sendmsg+0x25a/0x280 [ 207.567962][ T5785] __sock_sendmsg+0x267/0x380 [ 207.572987][ T5785] __sys_sendto+0x594/0x750 [ 207.577674][ T5785] __x64_sys_sendto+0x125/0x1d0 [ 207.582918][ T5785] x64_sys_call+0x346a/0x3c30 [ 207.587791][ T5785] do_syscall_64+0xcd/0x1e0 [ 207.592566][ T5785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.598700][ T5785] [ 207.601084][ T5785] Uninit was created at: [ 207.605727][ T5785] __kmalloc_node_track_caller_noprof+0x945/0x1240 [ 207.612543][ T5785] kmalloc_reserve+0x23e/0x4a0 [ 207.617442][ T5785] __alloc_skb+0x363/0x7b0 [ 207.621964][ T5785] sctp_packet_transmit+0x17fa/0x43a0 [ 207.627738][ T5785] sctp_outq_flush+0x1b2f/0x6590 [ 207.632957][ T5785] sctp_outq_uncork+0x9c/0xb0 [ 207.637884][ T5785] sctp_do_sm+0x8c49/0x93d0 [ 207.642775][ T5785] sctp_assoc_bh_rcv+0x8fe/0xc50 [ 207.647937][ T5785] sctp_inq_push+0x2ef/0x380 [ 207.652787][ T5785] sctp_backlog_rcv+0x397/0xdb0 [ 207.657854][ T5785] sk_backlog_rcv+0x13b/0x420 [ 207.662882][ T5785] __release_sock+0x1da/0x330 [ 207.667770][ T5785] release_sock+0x6b/0x250 [ 207.672507][ T5785] sctp_wait_for_connect+0x487/0x820 [ 207.678022][ T5785] sctp_sendmsg_to_asoc+0x1ec1/0x1f00 [ 207.683726][ T5785] sctp_sendmsg+0x32b9/0x4a80 [ 207.688597][ T5785] inet_sendmsg+0x25a/0x280 [ 207.693335][ T5785] __sock_sendmsg+0x267/0x380 [ 207.698254][ T5785] __sys_sendto+0x594/0x750 [ 207.703082][ T5785] __x64_sys_sendto+0x125/0x1d0 [ 207.708114][ T5785] x64_sys_call+0x346a/0x3c30 [ 207.713025][ T5785] do_syscall_64+0xcd/0x1e0 [ 207.717700][ T5785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.723895][ T5785] [ 207.726332][ T5785] CPU: 1 UID: 0 PID: 5785 Comm: syz-executor966 Not tainted 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0 [ 207.737683][ T5785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 207.748017][ T5785] ===================================================== [ 207.755139][ T5785] Disabling lock debugging due to kernel taint [ 207.761403][ T5785] Kernel panic - not syncing: kmsan.panic set ... [ 207.767937][ T5785] CPU: 1 UID: 0 PID: 5785 Comm: syz-executor966 Tainted: G B 6.14.0-rc2-syzkaller-00056-gab68d7eb7b1a #0 [ 207.780715][ T5785] Tainted: [B]=BAD_PAGE [ 207.784993][ T5785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 207.795159][ T5785] Call Trace: [ 207.798515][ T5785] [ 207.801515][ T5785] dump_stack_lvl+0x216/0x2d0 [ 207.806314][ T5785] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 207.812280][ T5785] dump_stack+0x1e/0x24 [ 207.816569][ T5785] panic+0x4e2/0xcf0 [ 207.820696][ T5785] ? kmsan_get_metadata+0xe1/0x1c0 [ 207.825962][ T5785] kmsan_report+0x2c7/0x2d0 [ 207.830641][ T5785] ? kmsan_internal_chain_origin+0xb0/0xd0 [ 207.836627][ T5785] ? __msan_warning+0x95/0x120 [ 207.841519][ T5785] ? sctp_inq_pop+0x15b7/0x1920 [ 207.846529][ T5785] ? sctp_assoc_bh_rcv+0x1a7/0xc50 [ 207.851803][ T5785] ? sctp_inq_push+0x2ef/0x380 [ 207.856712][ T5785] ? sctp_backlog_rcv+0x397/0xdb0 [ 207.861900][ T5785] ? sk_backlog_rcv+0x13b/0x420 [ 207.866927][ T5785] ? __release_sock+0x1da/0x330 [ 207.871917][ T5785] ? release_sock+0x6b/0x250 [ 207.876644][ T5785] ? sctp_wait_for_connect+0x487/0x820 [ 207.882278][ T5785] ? sctp_sendmsg_to_asoc+0x1ec1/0x1f00 [ 207.888036][ T5785] ? sctp_sendmsg+0x32b9/0x4a80 [ 207.893027][ T5785] ? inet_sendmsg+0x25a/0x280 [ 207.897856][ T5785] ? __sock_sendmsg+0x267/0x380 [ 207.902946][ T5785] ? __sys_sendto+0x594/0x750 [ 207.907750][ T5785] ? __x64_sys_sendto+0x125/0x1d0 [ 207.912898][ T5785] ? x64_sys_call+0x346a/0x3c30 [ 207.917881][ T5785] ? do_syscall_64+0xcd/0x1e0 [ 207.922678][ T5785] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.928914][ T5785] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.935157][ T5785] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 207.941110][ T5785] ? kmsan_get_metadata+0x13e/0x1c0 [ 207.946461][ T5785] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 207.952966][ T5785] ? kmsan_get_metadata+0x13e/0x1c0 [ 207.958324][ T5785] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 207.964274][ T5785] ? kmsan_get_metadata+0x13e/0x1c0 [ 207.969653][ T5785] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 207.975599][ T5785] __msan_warning+0x95/0x120 [ 207.980312][ T5785] sctp_inq_pop+0x15b7/0x1920 [ 207.985156][ T5785] sctp_assoc_bh_rcv+0x1a7/0xc50 [ 207.990293][ T5785] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 207.996314][ T5785] ? __pfx_sctp_assoc_bh_rcv+0x10/0x10 [ 208.001983][ T5785] ? __pfx_sctp_assoc_bh_rcv+0x10/0x10 [ 208.007729][ T5785] sctp_inq_push+0x2ef/0x380 [ 208.012502][ T5785] sctp_backlog_rcv+0x397/0xdb0 [ 208.017559][ T5785] ? __pfx_sctp_backlog_rcv+0x10/0x10 [ 208.023135][ T5785] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 208.028466][ T5785] sk_backlog_rcv+0x13b/0x420 [ 208.033263][ T5785] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 208.039222][ T5785] __release_sock+0x1da/0x330 [ 208.044056][ T5785] release_sock+0x6b/0x250 [ 208.048629][ T5785] sctp_wait_for_connect+0x487/0x820 [ 208.054152][ T5785] ? __pfx_autoremove_wake_function+0x10/0x10 [ 208.060423][ T5785] sctp_sendmsg_to_asoc+0x1ec1/0x1f00 [ 208.066029][ T5785] ? kmsan_get_metadata+0x13e/0x1c0 [ 208.071389][ T5785] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 208.077357][ T5785] ? kmsan_get_metadata+0x13e/0x1c0 [ 208.082712][ T5785] sctp_sendmsg+0x32b9/0x4a80 [ 208.087535][ T5785] ? kmsan_get_metadata+0x13e/0x1c0 [ 208.092902][ T5785] ? __pfx_udp_sendmsg+0x10/0x10 [ 208.097994][ T5785] ? __pfx_sctp_sendmsg+0x10/0x10 [ 208.103260][ T5785] inet_sendmsg+0x25a/0x280 [ 208.107938][ T5785] ? __pfx_inet_sendmsg+0x10/0x10 [ 208.113340][ T5785] __sock_sendmsg+0x267/0x380 [ 208.118191][ T5785] __sys_sendto+0x594/0x750 [ 208.122836][ T5785] ? kmsan_get_metadata+0x13e/0x1c0 [ 208.128177][ T5785] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 208.134150][ T5785] __x64_sys_sendto+0x125/0x1d0 [ 208.139154][ T5785] x64_sys_call+0x346a/0x3c30 [ 208.144000][ T5785] do_syscall_64+0xcd/0x1e0 [ 208.148684][ T5785] ? clear_bhb_loop+0x25/0x80 [ 208.153517][ T5785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.159570][ T5785] RIP: 0033:0x7fd857531d39 [ 208.164086][ T5785] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 208.183846][ T5785] RSP: 002b:00007fffe7cc4268 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 208.192437][ T5785] RAX: ffffffffffffffda RBX: 0100000000000000 RCX: 00007fd857531d39 [ 208.200594][ T5785] RDX: 000000000000fee4 RSI: 0000400000847fff RDI: 0000000000000003 [ 208.208683][ T5785] RBP: 0000000000000000 R08: 000040000005ffe4 R09: 000000000000001c [ 208.216790][ T5785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 208.224871][ T5785] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 208.233007][ T5785] [ 208.236464][ T5785] Kernel Offset: disabled [ 208.240879][ T5785] Rebooting in 86400 seconds..