KMSAN: uninit-value in selinux_inet_conn_request ===================================================== BUG: KMSAN: uninit-value in selinux_inet_conn_request+0x354/0x550 selinux_inet_conn_request+0x354/0x550 security_inet_conn_request+0xaa/0x160 tcp_v4_route_req+0x3b8/0x4a0 tcp_conn_request+0x15c1/0x3390 tcp_v4_conn_request+0x143/0x1a0 tcp_rcv_state_process+0x1c7/0x1e80 tcp_v4_do_rcv+0x854/0xcc0 tcp_v4_rcv+0x35e6/0x3c50 ip_protocol_deliver_rcu+0x201/0x9b0 ip_local_deliver_finish+0x22f/0x320 ip_local_deliver+0x1dc/0x410 ip_sublist_rcv+0x11ed/0x1460 ip_list_rcv+0x8e6/0x920 __netif_receive_skb_list_core+0x1367/0x1400 __netif_receive_skb_list+0x5aa/0x680 netif_receive_skb_list_internal+0x70d/0xbe0 napi_complete_done+0x2ea/0x7d0 virtnet_poll+0x11e9/0x1ae0 __napi_poll+0xaf/0x770 net_rx_action+0x9c4/0x1900 __do_softirq+0x1dd/0x7f6 invoke_softirq+0x8f/0x100 irq_exit_rcu+0x50/0x100 common_interrupt+0xaf/0xd0 asm_common_interrupt+0x27/0x40 acpi_idle_enter+0x4f7/0x5c0 cpuidle_enter_state+0x64b/0x14b0 cpuidle_enter+0x7b/0xf0 do_idle+0x5e1/0x7d0 cpu_startup_entry+0x1d/0x20 rest_init+0x22a/0x2b0 start_kernel+0x0/0x9be start_kernel+0x810/0x9be x86_64_start_reservations+0x2a/0x2c x86_64_start_kernel+0x115/0x11a secondary_startup_64_no_verify+0xcf/0xdb Local variable nlbl_type.i created at: selinux_inet_conn_request+0xee/0x550 security_inet_conn_request+0xaa/0x160 CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 6.0.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 ===================================================== ===================================================== BUG: KMSAN: uninit-value in selinux_inet_conn_established+0x2dd/0x340 selinux_inet_conn_established+0x2dd/0x340 security_inet_conn_established+0x7b/0x100 tcp_finish_connect+0xb5/0x4b0 tcp_rcv_synsent_state_process+0x1798/0x1d30 tcp_rcv_state_process+0x2cb/0x1e80 tcp_v4_do_rcv+0x854/0xcc0 tcp_v4_rcv+0x3885/0x3c50 ip_protocol_deliver_rcu+0x201/0x9b0 ip_local_deliver_finish+0x22f/0x320 ip_local_deliver+0x1dc/0x410 ip_sublist_rcv+0x11ed/0x1460 ip_list_rcv+0x8e6/0x920 __netif_receive_skb_list_core+0x1367/0x1400 __netif_receive_skb_list+0x5aa/0x680 netif_receive_skb_list_internal+0x70d/0xbe0 napi_complete_done+0x2ea/0x7d0 virtnet_poll+0x11e9/0x1ae0 __napi_poll+0xaf/0x770 net_rx_action+0x9c4/0x1900 __do_softirq+0x1dd/0x7f6 invoke_softirq+0x8f/0x100 irq_exit_rcu+0x50/0x100 common_interrupt+0xaf/0xd0 asm_common_interrupt+0x27/0x40 finish_task_switch+0x1ea/0x870 __schedule+0x2687/0x2f90 schedule_idle+0x4e/0x80 do_idle+0x7a9/0x7d0 cpu_startup_entry+0x1d/0x20 start_secondary+0x103/0x130 secondary_startup_64_no_verify+0xcf/0xdb Local variable nlbl_type.i created at: selinux_inet_conn_established+0x135/0x340 security_inet_conn_established+0x7b/0x100 CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 6.0.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 ===================================================== audit: type=1400 audit(1661916380.474:73): avc: denied { getattr } for pid=1036 comm="syz-fuzzer" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 audit: type=1400 audit(1661916380.475:74): avc: denied { read } for pid=1036 comm="syz-fuzzer" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 audit: type=1400 audit(1661916380.476:75): avc: denied { open } for pid=1036 comm="syz-fuzzer" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 audit: type=1400 audit(1661916380.648:76): avc: denied { mounton } for pid=1044 comm="syz-executor0" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 audit: type=1400 audit(1661916380.649:77): avc: denied { mount } for pid=1044 comm="syz-executor0" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 audit: type=1400 audit(1661916380.658:78): avc: denied { mounton } for pid=1044 comm="syz-executor0" path="/syzcgroup/unified" dev="sda1" ino=1140 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 audit: type=1400 audit(1661916380.660:79): avc: denied { mount } for pid=1044 comm="syz-executor0" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 audit: type=1400 audit(1661916380.748:80): avc: denied { mounton } for pid=1044 comm="syz-executor0" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 audit: type=1400 audit(1661916380.750:81): avc: denied { mount } for pid=1044 comm="syz-executor0" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 audit: type=1400 audit(1661916380.773:82): avc: denied { sys_admin } for pid=1044 comm="syz-executor0" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 65.105798] ===================================================== [ 65.112273] BUG: KMSAN: uninit-value in selinux_inet_conn_request+0x354/0x550 [ 65.119684] selinux_inet_conn_request+0x354/0x550 [ 65.124738] security_inet_conn_request+0xaa/0x160 [ 65.129792] tcp_v4_route_req+0x3b8/0x4a0 [ 65.134106] tcp_conn_request+0x15c1/0x3390 [ 65.138547] tcp_v4_conn_request+0x143/0x1a0 [ 65.143087] tcp_rcv_state_process+0x1c7/0x1e80 [ 65.147877] tcp_v4_do_rcv+0x854/0xcc0 [ 65.151968] tcp_v4_rcv+0x35e6/0x3c50 [ 65.155896] ip_protocol_deliver_rcu+0x201/0x9b0 [ 65.160802] ip_local_deliver_finish+0x22f/0x320 [ 65.165717] ip_local_deliver+0x1dc/0x410 [ 65.169989] ip_sublist_rcv+0x11ed/0x1460 [ 65.174280] ip_list_rcv+0x8e6/0x920 [ 65.178169] __netif_receive_skb_list_core+0x1367/0x1400 [ 65.183772] __netif_receive_skb_list+0x5aa/0x680 [ 65.188734] netif_receive_skb_list_internal+0x70d/0xbe0 [ 65.194316] napi_complete_done+0x2ea/0x7d0 [ 65.198761] virtnet_poll+0x11e9/0x1ae0 [ 65.202928] __napi_poll+0xaf/0x770 [ 65.206673] net_rx_action+0x9c4/0x1900 [ 65.210949] __do_softirq+0x1dd/0x7f6 [ 65.214872] invoke_softirq+0x8f/0x100 [ 65.218892] irq_exit_rcu+0x50/0x100 [ 65.222734] common_interrupt+0xaf/0xd0 [ 65.226819] asm_common_interrupt+0x27/0x40 [ 65.231268] acpi_idle_enter+0x4f7/0x5c0 [ 65.235427] cpuidle_enter_state+0x64b/0x14b0 [ 65.240054] cpuidle_enter+0x7b/0xf0 [ 65.243948] do_idle+0x5e1/0x7d0 [ 65.247456] cpu_startup_entry+0x1d/0x20 [ 65.251655] rest_init+0x22a/0x2b0 [ 65.255326] start_kernel+0x0/0x9be [ 65.259105] start_kernel+0x810/0x9be [ 65.263054] x86_64_start_reservations+0x2a/0x2c [ 65.267974] x86_64_start_kernel+0x115/0x11a [ 65.272525] secondary_startup_64_no_verify+0xcf/0xdb [ 65.277851] [ 65.279533] Local variable nlbl_type.i created at: [ 65.284547] selinux_inet_conn_request+0xee/0x550 [ 65.289502] security_inet_conn_request+0xaa/0x160 [ 65.294538] [ 65.296216] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 6.0.0-rc2-syzkaller #0 [ 65.304984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 65.314523] ===================================================== Warning: Permanently added '10.128.1.107' (ECDSA) to the list of known hosts. 2022/08/31 03:26:19 fuzzer started 2022/08/31 03:26:20 connecting to host at 10.128.0.169:39515 [ 66.223499] ===================================================== [ 66.230080] BUG: KMSAN: uninit-value in selinux_inet_conn_established+0x2dd/0x340 [ 66.237867] selinux_inet_conn_established+0x2dd/0x340 [ 66.243357] security_inet_conn_established+0x7b/0x100 [ 66.248798] tcp_finish_connect+0xb5/0x4b0 [ 66.253134] tcp_rcv_synsent_state_process+0x1798/0x1d30 [ 66.258709] tcp_rcv_state_process+0x2cb/0x1e80 [ 66.263496] tcp_v4_do_rcv+0x854/0xcc0 [ 66.267487] tcp_v4_rcv+0x3885/0x3c50 [ 66.271375] ip_protocol_deliver_rcu+0x201/0x9b0 [ 66.276236] ip_local_deliver_finish+0x22f/0x320 [ 66.281095] ip_local_deliver+0x1dc/0x410 [ 66.285334] ip_sublist_rcv+0x11ed/0x1460 [ 66.289572] ip_list_rcv+0x8e6/0x920 [ 66.293401] __netif_receive_skb_list_core+0x1367/0x1400 [ 66.299025] __netif_receive_skb_list+0x5aa/0x680 [ 66.303963] netif_receive_skb_list_internal+0x70d/0xbe0 [ 66.309566] napi_complete_done+0x2ea/0x7d0 [ 66.314016] virtnet_poll+0x11e9/0x1ae0 [ 66.318102] __napi_poll+0xaf/0x770 [ 66.321838] net_rx_action+0x9c4/0x1900 [ 66.325909] __do_softirq+0x1dd/0x7f6 [ 66.329871] invoke_softirq+0x8f/0x100 [ 66.333858] irq_exit_rcu+0x50/0x100 [ 66.337661] common_interrupt+0xaf/0xd0 [ 66.341730] asm_common_interrupt+0x27/0x40 [ 66.346148] finish_task_switch+0x1ea/0x870 [ 66.350599] __schedule+0x2687/0x2f90 [ 66.354501] schedule_idle+0x4e/0x80 [ 66.358389] do_idle+0x7a9/0x7d0 [ 66.361860] cpu_startup_entry+0x1d/0x20 [ 66.366055] start_secondary+0x103/0x130 2022/08/31 03:26:20 checking revisions... [ 66.370232] secondary_startup_64_no_verify+0xcf/0xdb [ 66.375608] [ 66.377272] Local variable nlbl_type.i created at: [ 66.382259] selinux_inet_conn_established+0x135/0x340 [ 66.387711] security_inet_conn_established+0x7b/0x100 [ 66.393085] [ 66.394786] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 6.0.0-rc2-syzkaller #0 [ 66.403636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 66.413086] ===================================================== 2022/08/31 03:26:20 testing simple program... [ 66.467411] audit: type=1400 audit(1661916380.474:73): avc: denied { getattr } for pid=1036 comm="syz-fuzzer" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 66.492880] audit: type=1400 audit(1661916380.475:74): avc: denied { read } for pid=1036 comm="syz-fuzzer" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 66.513502] audit: type=1400 audit(1661916380.476:75): avc: denied { open } for pid=1036 comm="syz-fuzzer" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 66.640906] audit: type=1400 audit(1661916380.648:76): avc: denied { mounton } for pid=1044 comm="syz-executor0" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 66.664506] audit: type=1400 audit(1661916380.649:77): avc: denied { mount } for pid=1044 comm="syz-executor0" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 66.686382] audit: type=1400 audit(1661916380.658:78): avc: denied { mounton } for pid=1044 comm="syz-executor0" path="/syzcgroup/unified" dev="sda1" ino=1140 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 66.708753] audit: type=1400 audit(1661916380.660:79): avc: denied { mount } for pid=1044 comm="syz-executor0" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 66.741453] audit: type=1400 audit(1661916380.748:80): avc: denied { mounton } for pid=1044 comm="syz-executor0" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 66.766227] audit: type=1400 audit(1661916380.750:81): avc: denied { mount } for pid=1044 comm="syz-executor0" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 66.789228] audit: type=1400 audit(1661916380.773:82): avc: denied { sys_admin } for pid=1044 comm="syz-executor0" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 executing program executing program syzkaller build log: go env (err=) GO111MODULE="auto" GOARCH="amd64" GOBIN="" GOCACHE="/syzkaller/.cache/go-build" GOENV="/syzkaller/.config/go/env" GOEXE="" GOEXPERIMENT="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="linux" GOINSECURE="" GOMODCACHE="/syzkaller/jobs/linux/gopath/pkg/mod" GONOPROXY="" GONOSUMDB="" GOOS="linux" GOPATH="/syzkaller/jobs/linux/gopath" GOPRIVATE="" GOPROXY="https://proxy.golang.org,direct" GOROOT="/usr/local/go" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64" GOVCS="" GOVERSION="go1.17" GCCGO="gccgo" AR="ar" CC="gcc" CXX="g++" CGO_ENABLED="1" GOMOD="" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build1079259955=/tmp/go-build -gno-record-gcc-switches" git status (err=) HEAD detached at 1fb62d581 nothing to commit, working tree clean export HOSTOS=linux export HOSTARCH=amd64 export TARGETOS=linux export TARGETARCH=amd64 export TARGETVMARCH=amd64 export CC=gcc export ADDCFLAGS=-m64 -static export NCORES=64 export EXE= GOOS=linux GOARCH=amd64 go install ./syz-fuzzer make fuzzer execprog stress executor make[1]: Entering directory '/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller' export HOSTOS=linux export HOSTARCH=amd64 export TARGETOS=linux export TARGETARCH=amd64 export TARGETVMARCH=amd64 export CC=gcc export ADDCFLAGS=-m64 -static export NCORES=64 export EXE= make[1]: warning: -j64 forced in makefile: resetting jobserver mode. GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/sys.GitRevision=1fb62d581554435800ba339e7f7912cd81d619ba" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/sys.GitRevision=1fb62d581554435800ba339e7f7912cd81d619ba" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/sys.GitRevision=1fb62d581554435800ba339e7f7912cd81d619ba" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress mkdir -p ./bin/linux_amd64 gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \ -pthread -Wall -Wframe-larger-than=8192 -Wparentheses -Werror -O2 -m64 -static -fpermissive -w \ -DGOOS_linux=1 -DGOARCH_amd64=1 -DGIT_REVISION=\"1fb62d581554435800ba339e7f7912cd81d619ba\" make[1]: Leaving directory '/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller'