[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 111.951336][ T30] audit: type=1800 audit(1565962791.009:25): pid=12017 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 111.976794][ T30] audit: type=1800 audit(1565962791.039:26): pid=12017 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 112.016846][ T30] audit: type=1800 audit(1565962791.069:27): pid=12017 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.97' (ECDSA) to the list of known hosts. 2019/08/16 13:40:04 fuzzer started 2019/08/16 13:40:10 dialing manager at 10.128.0.26:38533 2019/08/16 13:40:10 syscalls: 2376 2019/08/16 13:40:10 code coverage: enabled 2019/08/16 13:40:10 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/08/16 13:40:10 extra coverage: enabled 2019/08/16 13:40:10 setuid sandbox: enabled 2019/08/16 13:40:10 namespace sandbox: enabled 2019/08/16 13:40:10 Android sandbox: /sys/fs/selinux/policy does not exist 2019/08/16 13:40:10 fault injection: enabled 2019/08/16 13:40:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/08/16 13:40:10 net packet injection: enabled 2019/08/16 13:40:10 net device setup: enabled syzkaller login: [ 253.530662][T12169] ================================================================== [ 253.538923][T12169] BUG: KMSAN: uninit-value in kmem_cache_free+0x3df/0x2b70 [ 253.546156][T12169] CPU: 1 PID: 12169 Comm: syz-fuzzer Not tainted 5.3.0-rc3+ #17 [ 253.553820][T12169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 253.563890][T12169] Call Trace: [ 253.567223][T12169] dump_stack+0x191/0x1f0 [ 253.571585][T12169] kmsan_report+0x162/0x2d0 [ 253.576118][T12169] __msan_warning+0x75/0xe0 [ 253.580652][T12169] kmem_cache_free+0x3df/0x2b70 [ 253.585537][T12169] ? kfree_skb+0x473/0x4c0 [ 253.589993][T12169] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 253.596079][T12169] kfree_skb+0x473/0x4c0 [ 253.600367][T12169] ? packet_rcv_spkt+0x719/0x840 [ 253.605307][T12169] packet_rcv_spkt+0x719/0x840 [ 253.610073][T12169] ? packet_rcv+0x2190/0x2190 [ 253.614914][T12169] dev_queue_xmit_nit+0x1125/0x1200 [ 253.620226][T12169] dev_hard_start_xmit+0x21e/0xab0 [ 253.625340][T12169] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 253.631340][T12169] sch_direct_xmit+0x56c/0x18c0 [ 253.636178][T12169] ? kmsan_set_origin+0x26d/0x340 [ 253.641209][T12169] __dev_queue_xmit+0x1e53/0x4270 [ 253.646248][T12169] dev_queue_xmit+0x4b/0x60 [ 253.650756][T12169] ip_finish_output2+0x20c6/0x25d0 [ 253.655871][T12169] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 253.661927][T12169] ? nf_ct_deliver_cached_events+0x4d5/0x6e0 [ 253.667920][T12169] __ip_finish_output+0xaf8/0xda0 [ 253.672952][T12169] ip_finish_output+0x2db/0x420 [ 253.677803][T12169] ip_output+0x541/0x610 [ 253.682065][T12169] ? ip_mc_finish_output+0x6d0/0x6d0 [ 253.687352][T12169] ? ip_finish_output+0x420/0x420 [ 253.692361][T12169] __ip_queue_xmit+0x1caf/0x21f0 [ 253.697288][T12169] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 253.703282][T12169] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 253.709399][T12169] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 253.715478][T12169] ip_queue_xmit+0xcc/0xf0 [ 253.719890][T12169] ? tcp_v4_inbound_md5_hash+0xd10/0xd10 [ 253.725508][T12169] __tcp_transmit_skb+0x409e/0x5c60 [ 253.730733][T12169] __tcp_send_ack+0x701/0x840 [ 253.735422][T12169] tcp_send_ack+0x68/0x90 [ 253.739739][T12169] tcp_cleanup_rbuf+0x764/0x800 [ 253.744584][T12169] tcp_recvmsg+0x334d/0x4ff0 [ 253.749213][T12169] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 253.755203][T12169] ? tcp_mmap+0x150/0x150 [ 253.759527][T12169] ? tcp_mmap+0x150/0x150 [ 253.763863][T12169] inet_recvmsg+0x237/0x7d0 [ 253.768367][T12169] ? inet_sendpage+0x2c0/0x2c0 [ 253.773122][T12169] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 253.779090][T12169] ? inet_sendpage+0x2c0/0x2c0 [ 253.783864][T12169] ? inet_sendpage+0x2c0/0x2c0 [ 253.788618][T12169] sock_read_iter+0x5be/0x660 [ 253.793314][T12169] ? kernel_sock_ip_overhead+0x340/0x340 [ 253.798941][T12169] __vfs_read+0xa67/0xc90 [ 253.803302][T12169] vfs_read+0x359/0x6f0 [ 253.807465][T12169] ksys_read+0x265/0x430 [ 253.811708][T12169] __se_sys_read+0x92/0xb0 [ 253.816119][T12169] __x64_sys_read+0x4a/0x70 [ 253.820612][T12169] do_syscall_64+0xbc/0xf0 [ 253.825021][T12169] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 253.830936][T12169] RIP: 0033:0x47fcb4 [ 253.834830][T12169] Code: ff ff cc cc cc cc e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 253.854427][T12169] RSP: 002b:000000c4201ab710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 253.862834][T12169] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcb4 [ 253.870891][T12169] RDX: 0000000000001000 RSI: 000000c4202c2000 RDI: 0000000000000003 [ 253.878850][T12169] RBP: 000000c4201ab760 R08: 0000000000000000 R09: 0000000000000000 [ 253.886809][T12169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 253.894776][T12169] R13: 0000000000000008 R14: 0000000000000004 R15: ffffffffffffffff [ 253.902753][T12169] [ 253.905067][T12169] Uninit was stored to memory at: [ 253.910088][T12169] kmsan_internal_chain_origin+0xcc/0x150 [ 253.915795][T12169] __msan_chain_origin+0x6b/0xe0 [ 253.920739][T12169] ___slab_alloc+0x1dbc/0x1fb0 [ 253.925484][T12169] kmem_cache_alloc+0xade/0xd10 [ 253.930315][T12169] skb_clone+0x326/0x5d0 [ 253.934547][T12169] dev_queue_xmit_nit+0x539/0x1200 [ 253.939637][T12169] dev_hard_start_xmit+0x21e/0xab0 [ 253.944757][T12169] sch_direct_xmit+0x56c/0x18c0 [ 253.949617][T12169] __dev_queue_xmit+0x1e53/0x4270 [ 253.954626][T12169] dev_queue_xmit+0x4b/0x60 [ 253.959114][T12169] ip_finish_output2+0x20c6/0x25d0 [ 253.964224][T12169] __ip_finish_output+0xaf8/0xda0 [ 253.969230][T12169] ip_finish_output+0x2db/0x420 [ 253.974075][T12169] ip_output+0x541/0x610 [ 253.978302][T12169] __ip_queue_xmit+0x1caf/0x21f0 [ 253.983224][T12169] ip_queue_xmit+0xcc/0xf0 [ 253.987626][T12169] __tcp_transmit_skb+0x409e/0x5c60 [ 253.992806][T12169] __tcp_send_ack+0x701/0x840 [ 253.997476][T12169] tcp_send_ack+0x68/0x90 [ 254.001783][T12169] tcp_cleanup_rbuf+0x764/0x800 [ 254.006620][T12169] tcp_recvmsg+0x334d/0x4ff0 [ 254.011192][T12169] inet_recvmsg+0x237/0x7d0 [ 254.015680][T12169] sock_read_iter+0x5be/0x660 [ 254.020344][T12169] __vfs_read+0xa67/0xc90 [ 254.025816][T12169] vfs_read+0x359/0x6f0 [ 254.032759][T12169] ksys_read+0x265/0x430 [ 254.036987][T12169] __se_sys_read+0x92/0xb0 [ 254.041411][T12169] __x64_sys_read+0x4a/0x70 [ 254.045895][T12169] do_syscall_64+0xbc/0xf0 [ 254.050299][T12169] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 254.056177][T12169] [ 254.058495][T12169] Uninit was created at: [ 254.062740][T12169] kmsan_internal_poison_shadow+0x53/0xa0 [ 254.068467][T12169] kmsan_slab_free+0x8d/0x100 [ 254.073130][T12169] kmem_cache_free_bulk+0x3ad9/0x3f50 [ 254.078489][T12169] __kfree_skb_flush+0xb0/0x100 [ 254.083322][T12169] net_rx_action+0x1908/0x1950 [ 254.088094][T12169] __do_softirq+0x4a1/0x83a [ 254.092583][T12169] irq_exit+0x230/0x280 [ 254.096719][T12169] do_IRQ+0x20d/0x3a0 [ 254.100684][T12169] ret_from_intr+0x0/0x33 [ 254.105005][T12169] default_idle+0x53/0x90 [ 254.109354][T12169] arch_cpu_idle+0x25/0x30 [ 254.113756][T12169] do_idle+0x1d7/0x790 [ 254.117807][T12169] cpu_startup_entry+0x45/0x50 [ 254.122568][T12169] start_secondary+0x370/0x470 [ 254.127312][T12169] secondary_startup_64+0xa4/0xb0 [ 254.132312][T12169] ================================================================== [ 254.140353][T12169] Disabling lock debugging due to kernel taint [ 254.146523][T12169] Kernel panic - not syncing: panic_on_warn set ... [ 254.153118][T12169] CPU: 1 PID: 12169 Comm: syz-fuzzer Tainted: G B 5.3.0-rc3+ #17 [ 254.162227][T12169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 254.172283][T12169] Call Trace: [ 254.175583][T12169] dump_stack+0x191/0x1f0 [ 254.179907][T12169] panic+0x3c9/0xc1e [ 254.183860][T12169] kmsan_report+0x2ca/0x2d0 [ 254.188362][T12169] __msan_warning+0x75/0xe0 [ 254.193033][T12169] kmem_cache_free+0x3df/0x2b70 [ 254.197896][T12169] ? kfree_skb+0x473/0x4c0 [ 254.202300][T12169] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 254.208380][T12169] kfree_skb+0x473/0x4c0 [ 254.212613][T12169] ? packet_rcv_spkt+0x719/0x840 [ 254.217542][T12169] packet_rcv_spkt+0x719/0x840 [ 254.222317][T12169] ? packet_rcv+0x2190/0x2190 [ 254.226989][T12169] dev_queue_xmit_nit+0x1125/0x1200 [ 254.232212][T12169] dev_hard_start_xmit+0x21e/0xab0 [ 254.237326][T12169] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 254.243310][T12169] sch_direct_xmit+0x56c/0x18c0 [ 254.248151][T12169] ? kmsan_set_origin+0x26d/0x340 [ 254.253192][T12169] __dev_queue_xmit+0x1e53/0x4270 [ 254.258244][T12169] dev_queue_xmit+0x4b/0x60 [ 254.262746][T12169] ip_finish_output2+0x20c6/0x25d0 [ 254.267845][T12169] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 254.273899][T12169] ? nf_ct_deliver_cached_events+0x4d5/0x6e0 [ 254.279894][T12169] __ip_finish_output+0xaf8/0xda0 [ 254.284920][T12169] ip_finish_output+0x2db/0x420 [ 254.289769][T12169] ip_output+0x541/0x610 [ 254.294030][T12169] ? ip_mc_finish_output+0x6d0/0x6d0 [ 254.299304][T12169] ? ip_finish_output+0x420/0x420 [ 254.304315][T12169] __ip_queue_xmit+0x1caf/0x21f0 [ 254.309246][T12169] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 254.315221][T12169] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 254.321286][T12169] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 254.327368][T12169] ip_queue_xmit+0xcc/0xf0 [ 254.331789][T12169] ? tcp_v4_inbound_md5_hash+0xd10/0xd10 [ 254.337413][T12169] __tcp_transmit_skb+0x409e/0x5c60 [ 254.342670][T12169] __tcp_send_ack+0x701/0x840 [ 254.347354][T12169] tcp_send_ack+0x68/0x90 [ 254.351680][T12169] tcp_cleanup_rbuf+0x764/0x800 [ 254.356530][T12169] tcp_recvmsg+0x334d/0x4ff0 [ 254.361167][T12169] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 254.367131][T12169] ? tcp_mmap+0x150/0x150 [ 254.371445][T12169] ? tcp_mmap+0x150/0x150 [ 254.375882][T12169] inet_recvmsg+0x237/0x7d0 [ 254.380375][T12169] ? inet_sendpage+0x2c0/0x2c0 [ 254.385129][T12169] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 254.391099][T12169] ? inet_sendpage+0x2c0/0x2c0 [ 254.395851][T12169] ? inet_sendpage+0x2c0/0x2c0 [ 254.400603][T12169] sock_read_iter+0x5be/0x660 [ 254.405312][T12169] ? kernel_sock_ip_overhead+0x340/0x340 [ 254.410962][T12169] __vfs_read+0xa67/0xc90 [ 254.415310][T12169] vfs_read+0x359/0x6f0 [ 254.419467][T12169] ksys_read+0x265/0x430 [ 254.423709][T12169] __se_sys_read+0x92/0xb0 [ 254.428132][T12169] __x64_sys_read+0x4a/0x70 [ 254.432628][T12169] do_syscall_64+0xbc/0xf0 [ 254.437056][T12169] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 254.442934][T12169] RIP: 0033:0x47fcb4 [ 254.446812][T12169] Code: ff ff cc cc cc cc e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 254.466419][T12169] RSP: 002b:000000c4201ab710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 254.474814][T12169] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcb4 [ 254.482774][T12169] RDX: 0000000000001000 RSI: 000000c4202c2000 RDI: 0000000000000003 [ 254.490727][T12169] RBP: 000000c4201ab760 R08: 0000000000000000 R09: 0000000000000000 [ 254.498715][T12169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 254.506687][T12169] R13: 0000000000000008 R14: 0000000000000004 R15: ffffffffffffffff [ 254.515814][T12169] Kernel Offset: disabled [ 254.520621][T12169] Rebooting in 86400 seconds..