[ 78.209333][T11150] rsyslog (11150) used greatest stack depth: 53176 bytes left [ 78.221270][ T31] audit: type=1800 audit(1570292873.263:25): pid=11146 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 78.245014][ T31] audit: type=1800 audit(1570292873.293:26): pid=11146 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 78.286181][ T31] audit: type=1800 audit(1570292873.323:27): pid=11146 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.15' (ECDSA) to the list of known hosts. 2019/10/05 16:28:08 fuzzer started 2019/10/05 16:28:13 dialing manager at 10.128.0.26:41347 2019/10/05 16:28:13 syscalls: 2412 2019/10/05 16:28:13 code coverage: enabled 2019/10/05 16:28:13 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/10/05 16:28:13 extra coverage: enabled 2019/10/05 16:28:13 setuid sandbox: enabled 2019/10/05 16:28:13 namespace sandbox: enabled 2019/10/05 16:28:13 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/05 16:28:13 fault injection: enabled 2019/10/05 16:28:13 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/05 16:28:13 net packet injection: enabled 2019/10/05 16:28:13 net device setup: enabled 2019/10/05 16:28:13 concurrency sanitizer: /proc/kcsaninfo does not exist syzkaller login: [ 152.513295][T11309] ===================================================== [ 152.520312][T11309] BUG: KMSAN: uninit-value in kfree_skb+0x473/0x4c0 [ 152.526904][T11309] CPU: 1 PID: 11309 Comm: syz-fuzzer Not tainted 5.3.0-rc7+ #0 [ 152.534444][T11309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 152.544496][T11309] Call Trace: [ 152.547812][T11309] dump_stack+0x191/0x1f0 [ 152.552163][T11309] kmsan_report+0x13a/0x2b0 [ 152.556680][T11309] __msan_warning+0x73/0xe0 [ 152.561198][T11309] kmem_cache_free+0x3df/0x2b70 [ 152.566056][T11309] ? kmsan_internal_set_origin+0x6a/0xb0 [ 152.571711][T11309] ? kfree_skb+0x473/0x4c0 [ 152.576149][T11309] ? kmsan_internal_unpoison_shadow+0x42/0x80 [ 152.582249][T11309] kfree_skb+0x473/0x4c0 [ 152.586536][T11309] ? packet_rcv_spkt+0x719/0x840 [ 152.591512][T11309] packet_rcv_spkt+0x719/0x840 [ 152.596282][T11309] ? packet_rcv+0x2190/0x2190 [ 152.601073][T11309] dev_queue_xmit_nit+0x1125/0x1200 [ 152.606285][T11309] dev_hard_start_xmit+0x21e/0xab0 [ 152.611392][T11309] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 152.617271][T11309] sch_direct_xmit+0x56c/0x18c0 [ 152.622114][T11309] __dev_queue_xmit+0x1e53/0x4270 [ 152.627132][T11309] dev_queue_xmit+0x4b/0x60 [ 152.631616][T11309] ip_finish_output2+0x20c6/0x25d0 [ 152.636704][T11309] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 152.642835][T11309] ? nf_ct_deliver_cached_events+0x4d5/0x6e0 [ 152.648804][T11309] __ip_finish_output+0xaf8/0xda0 [ 152.653814][T11309] ip_finish_output+0x2db/0x420 [ 152.658644][T11309] ip_output+0x541/0x610 [ 152.662868][T11309] ? ip_mc_finish_output+0x6d0/0x6d0 [ 152.668132][T11309] ? ip_finish_output+0x420/0x420 [ 152.673134][T11309] __ip_queue_xmit+0x1caf/0x21f0 [ 152.678063][T11309] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 152.683934][T11309] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 152.689991][T11309] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 152.696042][T11309] ip_queue_xmit+0xcc/0xf0 [ 152.700440][T11309] ? tcp_v4_inbound_md5_hash+0xd10/0xd10 [ 152.706066][T11309] __tcp_transmit_skb+0x409e/0x5c60 [ 152.711461][T11309] __tcp_send_ack+0x701/0x840 [ 152.716129][T11309] tcp_send_ack+0x68/0x90 [ 152.720446][T11309] tcp_cleanup_rbuf+0x764/0x800 [ 152.725294][T11309] tcp_recvmsg+0x334d/0x4ff0 [ 152.730008][T11309] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 152.735879][T11309] ? tcp_mmap+0x150/0x150 [ 152.740218][T11309] ? tcp_mmap+0x150/0x150 [ 152.744533][T11309] inet_recvmsg+0x237/0x7d0 [ 152.749034][T11309] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 152.754914][T11309] ? inet_sendpage+0x2c0/0x2c0 [ 152.759658][T11309] ? inet_sendpage+0x2c0/0x2c0 [ 152.764422][T11309] sock_read_iter+0x5be/0x660 [ 152.769101][T11309] ? kernel_sock_ip_overhead+0x340/0x340 [ 152.774724][T11309] __vfs_read+0xa67/0xc90 [ 152.779059][T11309] vfs_read+0x359/0x6f0 [ 152.783204][T11309] ksys_read+0x265/0x430 [ 152.787447][T11309] __se_sys_read+0x92/0xb0 [ 152.791846][T11309] __x64_sys_read+0x4a/0x70 [ 152.796326][T11309] do_syscall_64+0xbc/0xf0 [ 152.800835][T11309] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 152.806716][T11309] RIP: 0033:0x47fd44 [ 152.810591][T11309] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 152.830173][T11309] RSP: 002b:000000c420293750 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 152.838558][T11309] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44 [ 152.846507][T11309] RDX: 0000000000001000 RSI: 000000c42003e000 RDI: 0000000000000003 [ 152.854471][T11309] RBP: 000000c4202937a0 R08: 0000000000000000 R09: 0000000000000000 [ 152.862419][T11309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 152.870380][T11309] R13: 0000000000000004 R14: 0000000000000002 R15: ffffffffffffffff [ 152.878348][T11309] [ 152.880651][T11309] Uninit was stored to memory at: [ 152.885654][T11309] kmsan_internal_chain_origin+0xd2/0x170 [ 152.891346][T11309] __msan_chain_origin+0x6b/0xe0 [ 152.896271][T11309] ___slab_alloc+0x1dbc/0x1fb0 [ 152.901012][T11309] kmem_cache_alloc+0xade/0xd10 [ 152.905835][T11309] skb_clone+0x326/0x5d0 [ 152.910051][T11309] dev_queue_xmit_nit+0x539/0x1200 [ 152.915136][T11309] dev_hard_start_xmit+0x21e/0xab0 [ 152.920221][T11309] sch_direct_xmit+0x56c/0x18c0 [ 152.925045][T11309] __dev_queue_xmit+0x1e53/0x4270 [ 152.930045][T11309] dev_queue_xmit+0x4b/0x60 [ 152.934527][T11309] ip_finish_output2+0x20c6/0x25d0 [ 152.939626][T11309] __ip_finish_output+0xaf8/0xda0 [ 152.944623][T11309] ip_finish_output+0x2db/0x420 [ 152.949447][T11309] ip_output+0x541/0x610 [ 152.953665][T11309] __ip_queue_xmit+0x1caf/0x21f0 [ 152.958591][T11309] ip_queue_xmit+0xcc/0xf0 [ 152.962982][T11309] __tcp_transmit_skb+0x409e/0x5c60 [ 152.968153][T11309] __tcp_send_ack+0x701/0x840 [ 152.972811][T11309] tcp_send_ack+0x68/0x90 [ 152.977113][T11309] tcp_cleanup_rbuf+0x764/0x800 [ 152.981937][T11309] tcp_recvmsg+0x334d/0x4ff0 [ 152.986516][T11309] inet_recvmsg+0x237/0x7d0 [ 152.991103][T11309] sock_read_iter+0x5be/0x660 [ 152.995755][T11309] __vfs_read+0xa67/0xc90 [ 153.000059][T11309] vfs_read+0x359/0x6f0 [ 153.004204][T11309] ksys_read+0x265/0x430 [ 153.008422][T11309] __se_sys_read+0x92/0xb0 [ 153.012820][T11309] __x64_sys_read+0x4a/0x70 [ 153.017300][T11309] do_syscall_64+0xbc/0xf0 [ 153.021694][T11309] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 153.027557][T11309] [ 153.029860][T11309] Uninit was created at: [ 153.034076][T11309] kmsan_internal_poison_shadow+0x53/0x100 [ 153.039944][T11309] kmsan_slab_free+0x8d/0x100 [ 153.044595][T11309] kmem_cache_free_bulk+0x3ad9/0x3f50 [ 153.049939][T11309] __kfree_skb_flush+0xb0/0x100 [ 153.054763][T11309] net_rx_action+0x1908/0x1950 [ 153.059499][T11309] __do_softirq+0x4a1/0x83a [ 153.063975][T11309] irq_exit+0x230/0x280 [ 153.068105][T11309] do_IRQ+0x20d/0x3a0 [ 153.072075][T11309] ret_from_intr+0x0/0x33 [ 153.076373][T11309] ===================================================== [ 153.083291][T11309] Disabling lock debugging due to kernel taint [ 153.089432][T11309] Kernel panic - not syncing: panic_on_warn set ... [ 153.095997][T11309] CPU: 1 PID: 11309 Comm: syz-fuzzer Tainted: G B 5.3.0-rc7+ #0 [ 153.104898][T11309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 153.115014][T11309] Call Trace: [ 153.118287][T11309] dump_stack+0x191/0x1f0 [ 153.122614][T11309] panic+0x3c9/0xc1e [ 153.126501][T11309] kmsan_report+0x2a2/0x2b0 [ 153.130998][T11309] __msan_warning+0x73/0xe0 [ 153.135506][T11309] kmem_cache_free+0x3df/0x2b70 [ 153.140482][T11309] ? kmsan_internal_set_origin+0x6a/0xb0 [ 153.146106][T11309] ? kfree_skb+0x473/0x4c0 [ 153.150509][T11309] ? kmsan_internal_unpoison_shadow+0x42/0x80 [ 153.156570][T11309] kfree_skb+0x473/0x4c0 [ 153.160796][T11309] ? packet_rcv_spkt+0x719/0x840 [ 153.165713][T11309] packet_rcv_spkt+0x719/0x840 [ 153.170458][T11309] ? packet_rcv+0x2190/0x2190 [ 153.175127][T11309] dev_queue_xmit_nit+0x1125/0x1200 [ 153.180315][T11309] dev_hard_start_xmit+0x21e/0xab0 [ 153.185410][T11309] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 153.191285][T11309] sch_direct_xmit+0x56c/0x18c0 [ 153.196122][T11309] __dev_queue_xmit+0x1e53/0x4270 [ 153.201138][T11309] dev_queue_xmit+0x4b/0x60 [ 153.205619][T11309] ip_finish_output2+0x20c6/0x25d0 [ 153.210724][T11309] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 153.216783][T11309] ? nf_ct_deliver_cached_events+0x4d5/0x6e0 [ 153.222773][T11309] __ip_finish_output+0xaf8/0xda0 [ 153.227840][T11309] ip_finish_output+0x2db/0x420 [ 153.232685][T11309] ip_output+0x541/0x610 [ 153.236918][T11309] ? ip_mc_finish_output+0x6d0/0x6d0 [ 153.242232][T11309] ? ip_finish_output+0x420/0x420 [ 153.247235][T11309] __ip_queue_xmit+0x1caf/0x21f0 [ 153.252153][T11309] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 153.258025][T11309] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 153.264067][T11309] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 153.270121][T11309] ip_queue_xmit+0xcc/0xf0 [ 153.274530][T11309] ? tcp_v4_inbound_md5_hash+0xd10/0xd10 [ 153.280139][T11309] __tcp_transmit_skb+0x409e/0x5c60 [ 153.285330][T11309] __tcp_send_ack+0x701/0x840 [ 153.289990][T11309] tcp_send_ack+0x68/0x90 [ 153.294312][T11309] tcp_cleanup_rbuf+0x764/0x800 [ 153.299155][T11309] tcp_recvmsg+0x334d/0x4ff0 [ 153.303749][T11309] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 153.309618][T11309] ? tcp_mmap+0x150/0x150 [ 153.313923][T11309] ? tcp_mmap+0x150/0x150 [ 153.318252][T11309] inet_recvmsg+0x237/0x7d0 [ 153.322836][T11309] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 153.328711][T11309] ? inet_sendpage+0x2c0/0x2c0 [ 153.333468][T11309] ? inet_sendpage+0x2c0/0x2c0 [ 153.338230][T11309] sock_read_iter+0x5be/0x660 [ 153.342905][T11309] ? kernel_sock_ip_overhead+0x340/0x340 [ 153.348567][T11309] __vfs_read+0xa67/0xc90 [ 153.352899][T11309] vfs_read+0x359/0x6f0 [ 153.357050][T11309] ksys_read+0x265/0x430 [ 153.361284][T11309] __se_sys_read+0x92/0xb0 [ 153.365686][T11309] __x64_sys_read+0x4a/0x70 [ 153.370204][T11309] do_syscall_64+0xbc/0xf0 [ 153.374662][T11309] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 153.380539][T11309] RIP: 0033:0x47fd44 [ 153.384419][T11309] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 153.404006][T11309] RSP: 002b:000000c420293750 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 153.412409][T11309] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44 [ 153.420366][T11309] RDX: 0000000000001000 RSI: 000000c42003e000 RDI: 0000000000000003 [ 153.428348][T11309] RBP: 000000c4202937a0 R08: 0000000000000000 R09: 0000000000000000 [ 153.436321][T11309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 153.444307][T11309] R13: 0000000000000004 R14: 0000000000000002 R15: ffffffffffffffff [ 153.453746][T11309] Kernel Offset: disabled [ 153.458102][T11309] Rebooting in 86400 seconds..