[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 82.553044][ T30] audit: type=1800 audit(1567166675.608:25): pid=12207 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 82.579007][ T30] audit: type=1800 audit(1567166675.628:26): pid=12207 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 82.628922][ T30] audit: type=1800 audit(1567166675.658:27): pid=12207 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.86' (ECDSA) to the list of known hosts. 2019/08/30 12:04:48 fuzzer started 2019/08/30 12:04:54 dialing manager at 10.128.0.26:40947 2019/08/30 12:04:54 syscalls: 2376 2019/08/30 12:04:54 code coverage: enabled 2019/08/30 12:04:54 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/08/30 12:04:54 extra coverage: enabled 2019/08/30 12:04:54 setuid sandbox: enabled 2019/08/30 12:04:54 namespace sandbox: enabled 2019/08/30 12:04:54 Android sandbox: /sys/fs/selinux/policy does not exist 2019/08/30 12:04:54 fault injection: enabled 2019/08/30 12:04:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/08/30 12:04:54 net packet injection: enabled 2019/08/30 12:04:54 net device setup: enabled syzkaller login: [ 138.462107][T12369] ================================================================== [ 138.470329][T12369] BUG: KMSAN: uninit-value in kmem_cache_free+0x3df/0x2b70 [ 138.477533][T12369] CPU: 1 PID: 12369 Comm: syz-fuzzer Not tainted 5.3.0-rc6+ #18 [ 138.485157][T12369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 138.495318][T12369] Call Trace: [ 138.498664][T12369] dump_stack+0x191/0x1f0 [ 138.503025][T12369] kmsan_report+0x162/0x2d0 [ 138.507555][T12369] __msan_warning+0x75/0xe0 [ 138.512070][T12369] kmem_cache_free+0x3df/0x2b70 [ 138.516927][T12369] ? kfree_skb+0x473/0x4c0 [ 138.521356][T12369] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 138.527434][T12369] kfree_skb+0x473/0x4c0 [ 138.531663][T12369] ? packet_rcv_spkt+0x719/0x840 [ 138.536590][T12369] packet_rcv_spkt+0x719/0x840 [ 138.541528][T12369] ? packet_rcv+0x2190/0x2190 [ 138.546195][T12369] dev_queue_xmit_nit+0x1125/0x1200 [ 138.551391][T12369] dev_hard_start_xmit+0x21e/0xab0 [ 138.556507][T12369] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 138.562479][T12369] sch_direct_xmit+0x56c/0x18c0 [ 138.567317][T12369] ? kmsan_set_origin+0x26d/0x340 [ 138.575370][T12369] __dev_queue_xmit+0x1e53/0x4270 [ 138.580424][T12369] dev_queue_xmit+0x4b/0x60 [ 138.585527][T12369] ip_finish_output2+0x20c6/0x25d0 [ 138.590763][T12369] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 138.596829][T12369] ? nf_ct_deliver_cached_events+0x4d5/0x6e0 [ 138.602806][T12369] __ip_finish_output+0xaf8/0xda0 [ 138.607817][T12369] ip_finish_output+0x2db/0x420 [ 138.612718][T12369] ip_output+0x541/0x610 [ 138.616978][T12369] ? ip_mc_finish_output+0x6d0/0x6d0 [ 138.622245][T12369] ? ip_finish_output+0x420/0x420 [ 138.627253][T12369] __ip_queue_xmit+0x1caf/0x21f0 [ 138.632259][T12369] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 138.638227][T12369] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 138.644306][T12369] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 138.650370][T12369] ip_queue_xmit+0xcc/0xf0 [ 138.654874][T12369] ? tcp_v4_inbound_md5_hash+0xd10/0xd10 [ 138.660495][T12369] __tcp_transmit_skb+0x409e/0x5c60 [ 138.665712][T12369] __tcp_send_ack+0x701/0x840 [ 138.670377][T12369] tcp_send_ack+0x68/0x90 [ 138.674735][T12369] tcp_cleanup_rbuf+0x764/0x800 [ 138.679654][T12369] tcp_recvmsg+0x334d/0x4ff0 [ 138.684318][T12369] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 138.690285][T12369] ? tcp_mmap+0x150/0x150 [ 138.694594][T12369] ? tcp_mmap+0x150/0x150 [ 138.698907][T12369] inet_recvmsg+0x237/0x7d0 [ 138.703413][T12369] ? inet_sendpage+0x2c0/0x2c0 [ 138.708163][T12369] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 138.714129][T12369] ? inet_sendpage+0x2c0/0x2c0 [ 138.718872][T12369] ? inet_sendpage+0x2c0/0x2c0 [ 138.723641][T12369] sock_read_iter+0x5be/0x660 [ 138.728384][T12369] ? kernel_sock_ip_overhead+0x340/0x340 [ 138.734004][T12369] __vfs_read+0xa67/0xc90 [ 138.738332][T12369] vfs_read+0x359/0x6f0 [ 138.742477][T12369] ksys_read+0x265/0x430 [ 138.746710][T12369] __se_sys_read+0x92/0xb0 [ 138.751284][T12369] __x64_sys_read+0x4a/0x70 [ 138.755767][T12369] do_syscall_64+0xbc/0xf0 [ 138.760195][T12369] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 138.766357][T12369] RIP: 0033:0x47fcb4 [ 138.770323][T12369] Code: ff ff cc cc cc cc e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 138.790128][T12369] RSP: 002b:000000c4202e7760 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 138.798644][T12369] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcb4 [ 138.806627][T12369] RDX: 0000000000001000 RSI: 000000c4202ae000 RDI: 0000000000000003 [ 138.814580][T12369] RBP: 000000c4202e77b0 R08: 0000000000000000 R09: 0000000000000000 [ 138.822539][T12369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 138.830578][T12369] R13: 0000000000000004 R14: 0000000000000004 R15: ffffffffffffffff [ 138.839063][T12369] [ 138.841371][T12369] Uninit was stored to memory at: [ 138.846382][T12369] kmsan_internal_chain_origin+0xcc/0x150 [ 138.852078][T12369] __msan_chain_origin+0x6b/0xe0 [ 138.856989][T12369] ___slab_alloc+0x1dbc/0x1fb0 [ 138.861746][T12369] kmem_cache_alloc+0xade/0xd10 [ 138.866750][T12369] skb_clone+0x326/0x5d0 [ 138.870977][T12369] dev_queue_xmit_nit+0x539/0x1200 [ 138.876068][T12369] dev_hard_start_xmit+0x21e/0xab0 [ 138.881243][T12369] sch_direct_xmit+0x56c/0x18c0 [ 138.886093][T12369] __dev_queue_xmit+0x1e53/0x4270 [ 138.891100][T12369] dev_queue_xmit+0x4b/0x60 [ 138.895585][T12369] ip_finish_output2+0x20c6/0x25d0 [ 138.900677][T12369] __ip_finish_output+0xaf8/0xda0 [ 138.905683][T12369] ip_finish_output+0x2db/0x420 [ 138.910529][T12369] ip_output+0x541/0x610 [ 138.914774][T12369] __ip_queue_xmit+0x1caf/0x21f0 [ 138.919690][T12369] ip_queue_xmit+0xcc/0xf0 [ 138.924083][T12369] __tcp_transmit_skb+0x409e/0x5c60 [ 138.929259][T12369] __tcp_send_ack+0x701/0x840 [ 138.933913][T12369] tcp_send_ack+0x68/0x90 [ 138.938222][T12369] tcp_cleanup_rbuf+0x764/0x800 [ 138.943062][T12369] tcp_recvmsg+0x334d/0x4ff0 [ 138.947631][T12369] inet_recvmsg+0x237/0x7d0 [ 138.952133][T12369] sock_read_iter+0x5be/0x660 [ 138.956792][T12369] __vfs_read+0xa67/0xc90 [ 138.961187][T12369] vfs_read+0x359/0x6f0 [ 138.965323][T12369] ksys_read+0x265/0x430 [ 138.969557][T12369] __se_sys_read+0x92/0xb0 [ 138.973951][T12369] __x64_sys_read+0x4a/0x70 [ 138.978431][T12369] do_syscall_64+0xbc/0xf0 [ 138.982844][T12369] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 138.989002][T12369] [ 138.991311][T12369] Uninit was created at: [ 138.995561][T12369] kmsan_internal_poison_shadow+0x53/0xa0 [ 139.001254][T12369] kmsan_slab_free+0x8d/0x100 [ 139.006023][T12369] kmem_cache_free_bulk+0x3ad9/0x3f50 [ 139.011517][T12369] __kfree_skb_flush+0xb0/0x100 [ 139.016346][T12369] net_rx_action+0x1908/0x1950 [ 139.021114][T12369] __do_softirq+0x4a1/0x83a [ 139.025626][T12369] irq_exit+0x230/0x280 [ 139.029782][T12369] do_IRQ+0x20d/0x3a0 [ 139.033769][T12369] ret_from_intr+0x0/0x33 [ 139.038095][T12369] default_idle+0x53/0x90 [ 139.042428][T12369] arch_cpu_idle+0x25/0x30 [ 139.046831][T12369] do_idle+0x1d7/0x790 [ 139.050876][T12369] cpu_startup_entry+0x45/0x50 [ 139.055615][T12369] start_secondary+0x370/0x470 [ 139.060359][T12369] secondary_startup_64+0xa4/0xb0 [ 139.065360][T12369] ================================================================== [ 139.073488][T12369] Disabling lock debugging due to kernel taint [ 139.079614][T12369] Kernel panic - not syncing: panic_on_warn set ... [ 139.086204][T12369] CPU: 1 PID: 12369 Comm: syz-fuzzer Tainted: G B 5.3.0-rc6+ #18 [ 139.095203][T12369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 139.105233][T12369] Call Trace: [ 139.108509][T12369] dump_stack+0x191/0x1f0 [ 139.112839][T12369] panic+0x3c9/0xc1e [ 139.116742][T12369] kmsan_report+0x2ca/0x2d0 [ 139.121240][T12369] __msan_warning+0x75/0xe0 [ 139.125814][T12369] kmem_cache_free+0x3df/0x2b70 [ 139.130681][T12369] ? kfree_skb+0x473/0x4c0 [ 139.135076][T12369] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 139.141131][T12369] kfree_skb+0x473/0x4c0 [ 139.145360][T12369] ? packet_rcv_spkt+0x719/0x840 [ 139.150283][T12369] packet_rcv_spkt+0x719/0x840 [ 139.155032][T12369] ? packet_rcv+0x2190/0x2190 [ 139.159687][T12369] dev_queue_xmit_nit+0x1125/0x1200 [ 139.164878][T12369] dev_hard_start_xmit+0x21e/0xab0 [ 139.169990][T12369] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 139.175975][T12369] sch_direct_xmit+0x56c/0x18c0 [ 139.180802][T12369] ? kmsan_set_origin+0x26d/0x340 [ 139.185816][T12369] __dev_queue_xmit+0x1e53/0x4270 [ 139.190860][T12369] dev_queue_xmit+0x4b/0x60 [ 139.195370][T12369] ip_finish_output2+0x20c6/0x25d0 [ 139.200482][T12369] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 139.206537][T12369] ? nf_ct_deliver_cached_events+0x4d5/0x6e0 [ 139.212511][T12369] __ip_finish_output+0xaf8/0xda0 [ 139.217522][T12369] ip_finish_output+0x2db/0x420 [ 139.222450][T12369] ip_output+0x541/0x610 [ 139.226720][T12369] ? ip_mc_finish_output+0x6d0/0x6d0 [ 139.231984][T12369] ? ip_finish_output+0x420/0x420 [ 139.237015][T12369] __ip_queue_xmit+0x1caf/0x21f0 [ 139.241947][T12369] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 139.247919][T12369] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 139.253967][T12369] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 139.260022][T12369] ip_queue_xmit+0xcc/0xf0 [ 139.264426][T12369] ? tcp_v4_inbound_md5_hash+0xd10/0xd10 [ 139.270062][T12369] __tcp_transmit_skb+0x409e/0x5c60 [ 139.275264][T12369] __tcp_send_ack+0x701/0x840 [ 139.279929][T12369] tcp_send_ack+0x68/0x90 [ 139.284240][T12369] tcp_cleanup_rbuf+0x764/0x800 [ 139.289081][T12369] tcp_recvmsg+0x334d/0x4ff0 [ 139.293764][T12369] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 139.299727][T12369] ? tcp_mmap+0x150/0x150 [ 139.304035][T12369] ? tcp_mmap+0x150/0x150 [ 139.308344][T12369] inet_recvmsg+0x237/0x7d0 [ 139.312833][T12369] ? inet_sendpage+0x2c0/0x2c0 [ 139.317600][T12369] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 139.323706][T12369] ? inet_sendpage+0x2c0/0x2c0 [ 139.328465][T12369] ? inet_sendpage+0x2c0/0x2c0 [ 139.333228][T12369] sock_read_iter+0x5be/0x660 [ 139.337895][T12369] ? kernel_sock_ip_overhead+0x340/0x340 [ 139.343534][T12369] __vfs_read+0xa67/0xc90 [ 139.347866][T12369] vfs_read+0x359/0x6f0 [ 139.352011][T12369] ksys_read+0x265/0x430 [ 139.356242][T12369] __se_sys_read+0x92/0xb0 [ 139.360641][T12369] __x64_sys_read+0x4a/0x70 [ 139.365126][T12369] do_syscall_64+0xbc/0xf0 [ 139.369530][T12369] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 139.375397][T12369] RIP: 0033:0x47fcb4 [ 139.379298][T12369] Code: ff ff cc cc cc cc e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 139.398899][T12369] RSP: 002b:000000c4202e7760 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 139.407294][T12369] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcb4 [ 139.415249][T12369] RDX: 0000000000001000 RSI: 000000c4202ae000 RDI: 0000000000000003 [ 139.423221][T12369] RBP: 000000c4202e77b0 R08: 0000000000000000 R09: 0000000000000000 [ 139.431283][T12369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 139.439233][T12369] R13: 0000000000000004 R14: 0000000000000004 R15: ffffffffffffffff [ 139.448825][T12369] Kernel Offset: disabled [ 139.453177][T12369] Rebooting in 86400 seconds..