Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. 2019/11/13 18:26:38 fuzzer started 2019/11/13 18:26:43 dialing manager at 10.128.0.26:37211 2019/11/13 18:26:43 syscalls: 2397 2019/11/13 18:26:43 code coverage: enabled 2019/11/13 18:26:43 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/11/13 18:26:43 extra coverage: enabled 2019/11/13 18:26:43 setuid sandbox: enabled 2019/11/13 18:26:43 namespace sandbox: enabled 2019/11/13 18:26:43 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/13 18:26:43 fault injection: enabled 2019/11/13 18:26:43 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/13 18:26:43 net packet injection: enabled 2019/11/13 18:26:43 net device setup: enabled 2019/11/13 18:26:43 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/13 18:26:43 devlink PCI setup: PCI device 0000:00:10.0 is not available syzkaller login: [ 271.749687][T12416] ===================================================== [ 271.756708][T12416] BUG: KMSAN: use-after-free in kmem_cache_free+0x3df/0x2b70 [ 271.764109][T12416] CPU: 1 PID: 12416 Comm: syz-fuzzer Not tainted 5.4.0-rc5+ #0 [ 271.771628][T12416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 271.781725][T12416] Call Trace: [ 271.785004][T12416] dump_stack+0x191/0x1f0 [ 271.789318][T12416] kmsan_report+0x128/0x220 [ 271.793844][T12416] __msan_warning+0x73/0xe0 [ 271.798326][T12416] kmem_cache_free+0x3df/0x2b70 [ 271.803170][T12416] ? kmsan_internal_set_origin+0x6a/0xb0 [ 271.808778][T12416] ? kfree_skb+0x473/0x4c0 [ 271.813187][T12416] ? kmsan_internal_unpoison_shadow+0x42/0x80 [ 271.819283][T12416] kfree_skb+0x473/0x4c0 [ 271.823513][T12416] ? packet_rcv_spkt+0x68d/0x7c0 [ 271.828433][T12416] packet_rcv_spkt+0x68d/0x7c0 [ 271.833205][T12416] ? packet_rcv+0x2110/0x2110 [ 271.837860][T12416] dev_queue_xmit_nit+0x1125/0x1200 [ 271.843310][T12416] dev_hard_start_xmit+0x21e/0xab0 [ 271.848410][T12416] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 271.854293][T12416] sch_direct_xmit+0x56c/0x18c0 [ 271.859131][T12416] __dev_queue_xmit+0x212d/0x4200 [ 271.864181][T12416] dev_queue_xmit+0x4b/0x60 [ 271.868673][T12416] ip_finish_output2+0x20d6/0x25d0 [ 271.873765][T12416] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 271.879807][T12416] ? nf_ct_deliver_cached_events+0x4d5/0x6e0 [ 271.885963][T12416] __ip_finish_output+0xaf8/0xda0 [ 271.890978][T12416] ip_finish_output+0x2db/0x420 [ 271.895821][T12416] ip_output+0x541/0x610 [ 271.900108][T12416] ? ip_mc_finish_output+0x6d0/0x6d0 [ 271.905397][T12416] ? ip_finish_output+0x420/0x420 [ 271.910406][T12416] __ip_queue_xmit+0x1caf/0x21f0 [ 271.915337][T12416] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 271.921212][T12416] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 271.927269][T12416] ip_queue_xmit+0xcc/0xf0 [ 271.931687][T12416] ? tcp_v4_inbound_md5_hash+0xd10/0xd10 [ 271.937305][T12416] __tcp_transmit_skb+0x40e3/0x5d90 [ 271.942500][T12416] __tcp_send_ack+0x701/0x840 [ 271.947161][T12416] tcp_send_ack+0x68/0x90 [ 271.951469][T12416] tcp_cleanup_rbuf+0x764/0x800 [ 271.956312][T12416] tcp_recvmsg+0x334d/0x4ff0 [ 271.960916][T12416] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 271.966787][T12416] ? tcp_mmap+0x150/0x150 [ 271.971090][T12416] ? tcp_mmap+0x150/0x150 [ 271.975408][T12416] inet_recvmsg+0x237/0x7d0 [ 271.979890][T12416] ? inet_sendpage+0x2c0/0x2c0 [ 271.984635][T12416] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 271.991297][T12416] ? inet_sendpage+0x2c0/0x2c0 [ 271.996050][T12416] ? inet_sendpage+0x2c0/0x2c0 [ 272.000909][T12416] sock_read_iter+0x5be/0x660 [ 272.005609][T12416] ? kernel_sock_ip_overhead+0x340/0x340 [ 272.011226][T12416] __vfs_read+0xa67/0xc90 [ 272.015564][T12416] vfs_read+0x359/0x6f0 [ 272.019707][T12416] ksys_read+0x265/0x430 [ 272.023931][T12416] __se_sys_read+0x92/0xb0 [ 272.028347][T12416] __x64_sys_read+0x4a/0x70 [ 272.032838][T12416] do_syscall_64+0xb6/0x160 [ 272.037332][T12416] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 272.043267][T12416] RIP: 0033:0x47fd44 [ 272.047147][T12416] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 272.067934][T12416] RSP: 002b:000000c4203ab760 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 272.076642][T12416] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44 [ 272.085923][T12416] RDX: 0000000000001000 RSI: 000000c420198000 RDI: 0000000000000003 [ 272.094318][T12416] RBP: 000000c4203ab7b0 R08: 0000000000000000 R09: 0000000000000000 [ 272.102372][T12416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 272.110555][T12416] R13: 0000000000000008 R14: 0000000000000002 R15: ffffffffffffffff [ 272.119077][T12416] [ 272.121405][T12416] Uninit was stored to memory at: [ 272.126517][T12416] kmsan_internal_chain_origin+0xbd/0x180 [ 272.132250][T12416] __msan_chain_origin+0x6b/0xd0 [ 272.137624][T12416] ___slab_alloc+0x1dbc/0x1fb0 [ 272.142578][T12416] kmem_cache_alloc+0xadf/0xd20 [ 272.148290][T12416] skb_clone+0x326/0x5d0 [ 272.152801][T12416] dev_queue_xmit_nit+0x539/0x1200 [ 272.157906][T12416] dev_hard_start_xmit+0x21e/0xab0 [ 272.163435][T12416] sch_direct_xmit+0x56c/0x18c0 [ 272.168262][T12416] __dev_queue_xmit+0x212d/0x4200 [ 272.173265][T12416] dev_queue_xmit+0x4b/0x60 [ 272.177835][T12416] ip_finish_output2+0x20d6/0x25d0 [ 272.183123][T12416] __ip_finish_output+0xaf8/0xda0 [ 272.188458][T12416] ip_finish_output+0x2db/0x420 [ 272.193306][T12416] ip_output+0x541/0x610 [ 272.197530][T12416] __ip_queue_xmit+0x1caf/0x21f0 [ 272.202440][T12416] ip_queue_xmit+0xcc/0xf0 [ 272.206853][T12416] __tcp_transmit_skb+0x40e3/0x5d90 [ 272.212026][T12416] __tcp_send_ack+0x701/0x840 [ 272.216698][T12416] tcp_send_ack+0x68/0x90 [ 272.221016][T12416] tcp_cleanup_rbuf+0x764/0x800 [ 272.227839][T12416] tcp_recvmsg+0x334d/0x4ff0 [ 272.232419][T12416] inet_recvmsg+0x237/0x7d0 [ 272.236929][T12416] sock_read_iter+0x5be/0x660 [ 272.241587][T12416] __vfs_read+0xa67/0xc90 [ 272.245980][T12416] vfs_read+0x359/0x6f0 [ 272.250134][T12416] ksys_read+0x265/0x430 [ 272.254353][T12416] __se_sys_read+0x92/0xb0 [ 272.258917][T12416] __x64_sys_read+0x4a/0x70 [ 272.263397][T12416] do_syscall_64+0xb6/0x160 [ 272.268877][T12416] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 272.274746][T12416] [ 272.277137][T12416] Uninit was created at: [ 272.281386][T12416] kmsan_internal_poison_shadow+0x60/0x120 [ 272.287366][T12416] kmsan_slab_free+0x8d/0xf0 [ 272.292064][T12416] kmem_cache_free_bulk+0x3ad9/0x3f10 [ 272.297772][T12416] __kfree_skb_flush+0xb0/0x100 [ 272.302607][T12416] net_rx_action+0x1a5e/0x1aa0 [ 272.307348][T12416] __do_softirq+0x4a1/0x83a [ 272.311839][T12416] do_softirq_own_stack+0x49/0x80 [ 272.316839][T12416] __local_bh_enable_ip+0x184/0x1d0 [ 272.322015][T12416] _raw_spin_unlock_bh+0x4b/0x60 [ 272.326934][T12416] nf_conntrack_tcp_packet+0x54a0/0x7650 [ 272.332652][T12416] nf_conntrack_in+0x1064/0x2664 [ 272.337590][T12416] ipv4_conntrack_local+0x1b7/0x300 [ 272.342769][T12416] nf_hook_slow+0x18b/0x3f0 [ 272.347257][T12416] __ip_local_out+0x69b/0x800 [ 272.351915][T12416] __ip_queue_xmit+0x1bdc/0x21f0 [ 272.356828][T12416] ip_queue_xmit+0xcc/0xf0 [ 272.361220][T12416] __tcp_transmit_skb+0x40e3/0x5d90 [ 272.366395][T12416] __tcp_send_ack+0x701/0x840 [ 272.371046][T12416] tcp_send_ack+0x68/0x90 [ 272.375358][T12416] tcp_cleanup_rbuf+0x764/0x800 [ 272.380194][T12416] tcp_recvmsg+0x334d/0x4ff0 [ 272.384756][T12416] inet_recvmsg+0x237/0x7d0 [ 272.389235][T12416] sock_read_iter+0x5be/0x660 [ 272.393887][T12416] __vfs_read+0xa67/0xc90 [ 272.398188][T12416] vfs_read+0x359/0x6f0 [ 272.402328][T12416] ksys_read+0x265/0x430 [ 272.406544][T12416] __se_sys_read+0x92/0xb0 [ 272.410934][T12416] __x64_sys_read+0x4a/0x70 [ 272.415414][T12416] do_syscall_64+0xb6/0x160 [ 272.419895][T12416] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 272.425772][T12416] ===================================================== [ 272.432678][T12416] Disabling lock debugging due to kernel taint [ 272.438818][T12416] Kernel panic - not syncing: panic_on_warn set ... [ 272.445490][T12416] CPU: 1 PID: 12416 Comm: syz-fuzzer Tainted: G B 5.4.0-rc5+ #0 [ 272.454408][T12416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 272.464660][T12416] Call Trace: [ 272.467946][T12416] dump_stack+0x191/0x1f0 [ 272.472260][T12416] panic+0x3c9/0xc1e [ 272.476148][T12416] kmsan_report+0x215/0x220 [ 272.480634][T12416] __msan_warning+0x73/0xe0 [ 272.485135][T12416] kmem_cache_free+0x3df/0x2b70 [ 272.489965][T12416] ? kmsan_internal_set_origin+0x6a/0xb0 [ 272.495577][T12416] ? kfree_skb+0x473/0x4c0 [ 272.500002][T12416] ? kmsan_internal_unpoison_shadow+0x42/0x80 [ 272.506072][T12416] kfree_skb+0x473/0x4c0 [ 272.510302][T12416] ? packet_rcv_spkt+0x68d/0x7c0 [ 272.515221][T12416] packet_rcv_spkt+0x68d/0x7c0 [ 272.519966][T12416] ? packet_rcv+0x2110/0x2110 [ 272.524621][T12416] dev_queue_xmit_nit+0x1125/0x1200 [ 272.529809][T12416] dev_hard_start_xmit+0x21e/0xab0 [ 272.534918][T12416] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 272.540815][T12416] sch_direct_xmit+0x56c/0x18c0 [ 272.545652][T12416] __dev_queue_xmit+0x212d/0x4200 [ 272.550679][T12416] dev_queue_xmit+0x4b/0x60 [ 272.555173][T12416] ip_finish_output2+0x20d6/0x25d0 [ 272.560955][T12416] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 272.566999][T12416] ? nf_ct_deliver_cached_events+0x4d5/0x6e0 [ 272.572966][T12416] __ip_finish_output+0xaf8/0xda0 [ 272.577974][T12416] ip_finish_output+0x2db/0x420 [ 272.583066][T12416] ip_output+0x541/0x610 [ 272.587290][T12416] ? ip_mc_finish_output+0x6d0/0x6d0 [ 272.593163][T12416] ? ip_finish_output+0x420/0x420 [ 272.598169][T12416] __ip_queue_xmit+0x1caf/0x21f0 [ 272.603092][T12416] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 272.608968][T12416] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 272.615021][T12416] ip_queue_xmit+0xcc/0xf0 [ 272.619417][T12416] ? tcp_v4_inbound_md5_hash+0xd10/0xd10 [ 272.625053][T12416] __tcp_transmit_skb+0x40e3/0x5d90 [ 272.630266][T12416] __tcp_send_ack+0x701/0x840 [ 272.634952][T12416] tcp_send_ack+0x68/0x90 [ 272.639261][T12416] tcp_cleanup_rbuf+0x764/0x800 [ 272.644211][T12416] tcp_recvmsg+0x334d/0x4ff0 [ 272.648831][T12416] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 272.654722][T12416] ? tcp_mmap+0x150/0x150 [ 272.659044][T12416] ? tcp_mmap+0x150/0x150 [ 272.663365][T12416] inet_recvmsg+0x237/0x7d0 [ 272.667852][T12416] ? inet_sendpage+0x2c0/0x2c0 [ 272.672599][T12416] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 272.678471][T12416] ? inet_sendpage+0x2c0/0x2c0 [ 272.683210][T12416] ? inet_sendpage+0x2c0/0x2c0 [ 272.687953][T12416] sock_read_iter+0x5be/0x660 [ 272.692625][T12416] ? kernel_sock_ip_overhead+0x340/0x340 [ 272.698326][T12416] __vfs_read+0xa67/0xc90 [ 272.702656][T12416] vfs_read+0x359/0x6f0 [ 272.706797][T12416] ksys_read+0x265/0x430 [ 272.711036][T12416] __se_sys_read+0x92/0xb0 [ 272.715436][T12416] __x64_sys_read+0x4a/0x70 [ 272.719921][T12416] do_syscall_64+0xb6/0x160 [ 272.724413][T12416] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 272.730290][T12416] RIP: 0033:0x47fd44 [ 272.734166][T12416] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 272.753759][T12416] RSP: 002b:000000c4203ab760 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 272.762144][T12416] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44 [ 272.770094][T12416] RDX: 0000000000001000 RSI: 000000c420198000 RDI: 0000000000000003 [ 272.778045][T12416] RBP: 000000c4203ab7b0 R08: 0000000000000000 R09: 0000000000000000 [ 272.786004][T12416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 272.793963][T12416] R13: 0000000000000008 R14: 0000000000000002 R15: ffffffffffffffff [ 272.803338][T12416] Kernel Offset: disabled [ 272.807701][T12416] Rebooting in 86400 seconds..