[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 105.842830][ T31] audit: type=1800 audit(1565974223.888:25): pid=11637 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 105.866948][ T31] audit: type=1800 audit(1565974223.918:26): pid=11637 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 105.908284][ T31] audit: type=1800 audit(1565974223.948:27): pid=11637 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.36' (ECDSA) to the list of known hosts. 2019/08/16 16:50:37 fuzzer started 2019/08/16 16:50:43 dialing manager at 10.128.0.26:38533 2019/08/16 16:50:44 syscalls: 2376 2019/08/16 16:50:44 code coverage: enabled 2019/08/16 16:50:44 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/08/16 16:50:44 extra coverage: enabled 2019/08/16 16:50:44 setuid sandbox: enabled 2019/08/16 16:50:44 namespace sandbox: enabled 2019/08/16 16:50:44 Android sandbox: /sys/fs/selinux/policy does not exist 2019/08/16 16:50:44 fault injection: enabled 2019/08/16 16:50:44 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/08/16 16:50:44 net packet injection: enabled 2019/08/16 16:50:44 net device setup: enabled syzkaller login: [ 288.358277][T11800] ================================================================== [ 288.366520][T11800] BUG: KMSAN: uninit-value in kmem_cache_free+0x3df/0x2b70 [ 288.373749][T11800] CPU: 1 PID: 11800 Comm: syz-fuzzer Not tainted 5.3.0-rc3+ #17 [ 288.381387][T11800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 288.391461][T11800] Call Trace: [ 288.394790][T11800] dump_stack+0x191/0x1f0 [ 288.399137][T11800] kmsan_report+0x162/0x2d0 [ 288.403643][T11800] __msan_warning+0x75/0xe0 [ 288.408147][T11800] kmem_cache_free+0x3df/0x2b70 [ 288.413076][T11800] ? kfree_skb+0x473/0x4c0 [ 288.417515][T11800] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 288.423610][T11800] kfree_skb+0x473/0x4c0 [ 288.427859][T11800] ? packet_rcv_spkt+0x719/0x840 [ 288.432824][T11800] packet_rcv_spkt+0x719/0x840 [ 288.437609][T11800] ? packet_rcv+0x2190/0x2190 [ 288.442290][T11800] dev_queue_xmit_nit+0x1125/0x1200 [ 288.447507][T11800] dev_hard_start_xmit+0x21e/0xab0 [ 288.452632][T11800] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 288.458651][T11800] sch_direct_xmit+0x56c/0x18c0 [ 288.463496][T11800] ? kmsan_set_origin+0x26d/0x340 [ 288.468531][T11800] __dev_queue_xmit+0x1e53/0x4270 [ 288.473574][T11800] dev_queue_xmit+0x4b/0x60 [ 288.478082][T11800] ip_finish_output2+0x20c6/0x25d0 [ 288.483205][T11800] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 288.489262][T11800] ? nf_ct_deliver_cached_events+0x4d5/0x6e0 [ 288.495251][T11800] __ip_finish_output+0xaf8/0xda0 [ 288.500275][T11800] ip_finish_output+0x2db/0x420 [ 288.505126][T11800] ip_output+0x541/0x610 [ 288.509371][T11800] ? ip_mc_finish_output+0x6d0/0x6d0 [ 288.514647][T11800] ? ip_finish_output+0x420/0x420 [ 288.519681][T11800] __ip_queue_xmit+0x1caf/0x21f0 [ 288.524612][T11800] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 288.530583][T11800] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 288.536644][T11800] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 288.542831][T11800] ip_queue_xmit+0xcc/0xf0 [ 288.547242][T11800] ? tcp_v4_inbound_md5_hash+0xd10/0xd10 [ 288.552862][T11800] __tcp_transmit_skb+0x409e/0x5c60 [ 288.558086][T11800] __tcp_send_ack+0x701/0x840 [ 288.562778][T11800] tcp_send_ack+0x68/0x90 [ 288.567095][T11800] tcp_cleanup_rbuf+0x764/0x800 [ 288.571947][T11800] tcp_recvmsg+0x334d/0x4ff0 [ 288.576573][T11800] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 288.582598][T11800] ? tcp_mmap+0x150/0x150 [ 288.586916][T11800] ? tcp_mmap+0x150/0x150 [ 288.591241][T11800] inet_recvmsg+0x237/0x7d0 [ 288.595734][T11800] ? inet_sendpage+0x2c0/0x2c0 [ 288.600486][T11800] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 288.606453][T11800] ? inet_sendpage+0x2c0/0x2c0 [ 288.611202][T11800] ? inet_sendpage+0x2c0/0x2c0 [ 288.615957][T11800] sock_read_iter+0x5be/0x660 [ 288.620636][T11800] ? kernel_sock_ip_overhead+0x340/0x340 [ 288.626279][T11800] __vfs_read+0xa67/0xc90 [ 288.630631][T11800] vfs_read+0x359/0x6f0 [ 288.634791][T11800] ksys_read+0x265/0x430 [ 288.639034][T11800] __se_sys_read+0x92/0xb0 [ 288.643445][T11800] __x64_sys_read+0x4a/0x70 [ 288.647948][T11800] do_syscall_64+0xbc/0xf0 [ 288.652372][T11800] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 288.658292][T11800] RIP: 0033:0x47fcb4 [ 288.662210][T11800] Code: ff ff cc cc cc cc e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 288.681813][T11800] RSP: 002b:000000c4203b1760 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 288.690226][T11800] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcb4 [ 288.698182][T11800] RDX: 0000000000001000 RSI: 000000c42039c000 RDI: 0000000000000003 [ 288.706138][T11800] RBP: 000000c4203b17b0 R08: 0000000000000000 R09: 0000000000000000 [ 288.714223][T11800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 288.722178][T11800] R13: 0000000000000008 R14: 0000000000000002 R15: ffffffffffffffff [ 288.730149][T11800] [ 288.732461][T11800] Uninit was stored to memory at: [ 288.737472][T11800] kmsan_internal_chain_origin+0xcc/0x150 [ 288.743179][T11800] __msan_chain_origin+0x6b/0xe0 [ 288.748125][T11800] ___slab_alloc+0x1dbc/0x1fb0 [ 288.752978][T11800] kmem_cache_alloc+0xade/0xd10 [ 288.757808][T11800] skb_clone+0x326/0x5d0 [ 288.762051][T11800] dev_queue_xmit_nit+0x539/0x1200 [ 288.767167][T11800] dev_hard_start_xmit+0x21e/0xab0 [ 288.772299][T11800] sch_direct_xmit+0x56c/0x18c0 [ 288.777139][T11800] __dev_queue_xmit+0x1e53/0x4270 [ 288.782318][T11800] dev_queue_xmit+0x4b/0x60 [ 288.786820][T11800] ip_finish_output2+0x20c6/0x25d0 [ 288.791911][T11800] __ip_finish_output+0xaf8/0xda0 [ 288.796936][T11800] ip_finish_output+0x2db/0x420 [ 288.801779][T11800] ip_output+0x541/0x610 [ 288.806139][T11800] __ip_queue_xmit+0x1caf/0x21f0 [ 288.811083][T11800] ip_queue_xmit+0xcc/0xf0 [ 288.815496][T11800] __tcp_transmit_skb+0x409e/0x5c60 [ 288.820760][T11800] __tcp_send_ack+0x701/0x840 [ 288.825417][T11800] tcp_send_ack+0x68/0x90 [ 288.829732][T11800] tcp_cleanup_rbuf+0x764/0x800 [ 288.834691][T11800] tcp_recvmsg+0x334d/0x4ff0 [ 288.839275][T11800] inet_recvmsg+0x237/0x7d0 [ 288.843796][T11800] sock_read_iter+0x5be/0x660 [ 288.848477][T11800] __vfs_read+0xa67/0xc90 [ 288.852790][T11800] vfs_read+0x359/0x6f0 [ 288.856928][T11800] ksys_read+0x265/0x430 [ 288.861181][T11800] __se_sys_read+0x92/0xb0 [ 288.865582][T11800] __x64_sys_read+0x4a/0x70 [ 288.870065][T11800] do_syscall_64+0xbc/0xf0 [ 288.874463][T11800] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 288.880334][T11800] [ 288.882645][T11800] Uninit was created at: [ 288.886873][T11800] kmsan_internal_poison_shadow+0x53/0xa0 [ 288.892573][T11800] kmsan_slab_free+0x8d/0x100 [ 288.897247][T11800] kmem_cache_free_bulk+0x3ad9/0x3f50 [ 288.902603][T11800] __kfree_skb_flush+0xb0/0x100 [ 288.907447][T11800] net_rx_action+0x1908/0x1950 [ 288.912216][T11800] __do_softirq+0x4a1/0x83a [ 288.916712][T11800] irq_exit+0x230/0x280 [ 288.920852][T11800] do_IRQ+0x20d/0x3a0 [ 288.924823][T11800] ret_from_intr+0x0/0x33 [ 288.929135][T11800] prepare_exit_to_usermode+0x1ea/0x4d0 [ 288.934670][T11800] swapgs_restore_regs_and_return_to_usermode+0x0/0x39 [ 288.941496][T11800] ================================================================== [ 288.949555][T11800] Disabling lock debugging due to kernel taint [ 288.955720][T11800] Kernel panic - not syncing: panic_on_warn set ... [ 288.962297][T11800] CPU: 1 PID: 11800 Comm: syz-fuzzer Tainted: G B 5.3.0-rc3+ #17 [ 288.971377][T11800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 288.981412][T11800] Call Trace: [ 288.984800][T11800] dump_stack+0x191/0x1f0 [ 288.989167][T11800] panic+0x3c9/0xc1e [ 288.993081][T11800] kmsan_report+0x2ca/0x2d0 [ 288.997594][T11800] __msan_warning+0x75/0xe0 [ 289.002140][T11800] kmem_cache_free+0x3df/0x2b70 [ 289.006987][T11800] ? kfree_skb+0x473/0x4c0 [ 289.011589][T11800] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 289.017676][T11800] kfree_skb+0x473/0x4c0 [ 289.021916][T11800] ? packet_rcv_spkt+0x719/0x840 [ 289.026848][T11800] packet_rcv_spkt+0x719/0x840 [ 289.031611][T11800] ? packet_rcv+0x2190/0x2190 [ 289.036277][T11800] dev_queue_xmit_nit+0x1125/0x1200 [ 289.041488][T11800] dev_hard_start_xmit+0x21e/0xab0 [ 289.046631][T11800] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 289.052693][T11800] sch_direct_xmit+0x56c/0x18c0 [ 289.057528][T11800] ? kmsan_set_origin+0x26d/0x340 [ 289.062562][T11800] __dev_queue_xmit+0x1e53/0x4270 [ 289.067604][T11800] dev_queue_xmit+0x4b/0x60 [ 289.072101][T11800] ip_finish_output2+0x20c6/0x25d0 [ 289.077212][T11800] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 289.083275][T11800] ? nf_ct_deliver_cached_events+0x4d5/0x6e0 [ 289.089267][T11800] __ip_finish_output+0xaf8/0xda0 [ 289.094404][T11800] ip_finish_output+0x2db/0x420 [ 289.099251][T11800] ip_output+0x541/0x610 [ 289.103513][T11800] ? ip_mc_finish_output+0x6d0/0x6d0 [ 289.108873][T11800] ? ip_finish_output+0x420/0x420 [ 289.113977][T11800] __ip_queue_xmit+0x1caf/0x21f0 [ 289.118961][T11800] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 289.124932][T11800] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 289.130985][T11800] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 289.137057][T11800] ip_queue_xmit+0xcc/0xf0 [ 289.141492][T11800] ? tcp_v4_inbound_md5_hash+0xd10/0xd10 [ 289.147125][T11800] __tcp_transmit_skb+0x409e/0x5c60 [ 289.152375][T11800] __tcp_send_ack+0x701/0x840 [ 289.157054][T11800] tcp_send_ack+0x68/0x90 [ 289.161384][T11800] tcp_cleanup_rbuf+0x764/0x800 [ 289.166513][T11800] tcp_recvmsg+0x334d/0x4ff0 [ 289.171153][T11800] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 289.177128][T11800] ? tcp_mmap+0x150/0x150 [ 289.181440][T11800] ? tcp_mmap+0x150/0x150 [ 289.185775][T11800] inet_recvmsg+0x237/0x7d0 [ 289.190274][T11800] ? inet_sendpage+0x2c0/0x2c0 [ 289.195050][T11800] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 289.201033][T11800] ? inet_sendpage+0x2c0/0x2c0 [ 289.205782][T11800] ? inet_sendpage+0x2c0/0x2c0 [ 289.210537][T11800] sock_read_iter+0x5be/0x660 [ 289.215234][T11800] ? kernel_sock_ip_overhead+0x340/0x340 [ 289.220854][T11800] __vfs_read+0xa67/0xc90 [ 289.225202][T11800] vfs_read+0x359/0x6f0 [ 289.229357][T11800] ksys_read+0x265/0x430 [ 289.233602][T11800] __se_sys_read+0x92/0xb0 [ 289.238033][T11800] __x64_sys_read+0x4a/0x70 [ 289.242540][T11800] do_syscall_64+0xbc/0xf0 [ 289.246969][T11800] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 289.252877][T11800] RIP: 0033:0x47fcb4 [ 289.256786][T11800] Code: ff ff cc cc cc cc e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 289.276381][T11800] RSP: 002b:000000c4203b1760 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 289.284799][T11800] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcb4 [ 289.292757][T11800] RDX: 0000000000001000 RSI: 000000c42039c000 RDI: 0000000000000003 [ 289.300713][T11800] RBP: 000000c4203b17b0 R08: 0000000000000000 R09: 0000000000000000 [ 289.308874][T11800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 289.316873][T11800] R13: 0000000000000008 R14: 0000000000000002 R15: ffffffffffffffff [ 289.326076][T11800] Kernel Offset: disabled [ 289.330446][T11800] Rebooting in 86400 seconds..