[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[  105.879827][   T30] audit: type=1800 audit(1565818646.928:25): pid=11598 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[  105.922445][   T30] audit: type=1800 audit(1565818646.958:26): pid=11598 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[  105.946009][   T30] audit: type=1800 audit(1565818646.968:27): pid=11598 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.15' (ECDSA) to the list of known hosts.
2019/08/14 21:37:40 fuzzer started
2019/08/14 21:37:46 dialing manager at 10.128.0.26:45075
2019/08/14 21:37:47 syscalls: 2374
2019/08/14 21:37:47 code coverage: enabled
2019/08/14 21:37:47 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/08/14 21:37:47 extra coverage: enabled
2019/08/14 21:37:47 setuid sandbox: enabled
2019/08/14 21:37:47 namespace sandbox: enabled
2019/08/14 21:37:47 Android sandbox: /sys/fs/selinux/policy does not exist
2019/08/14 21:37:47 fault injection: enabled
2019/08/14 21:37:47 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/08/14 21:37:47 net packet injection: enabled
2019/08/14 21:37:47 net device setup: enabled
syzkaller login: [  157.517775][T11759] ==================================================================
[  157.525929][T11759] BUG: KMSAN: uninit-value in kmem_cache_free+0x3df/0x2b70
[  157.533155][T11759] CPU: 0 PID: 11759 Comm: syz-fuzzer Not tainted 5.3.0-rc3+ #17
[  157.540788][T11759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  157.550863][T11759] Call Trace:
[  157.554196][T11759]  dump_stack+0x191/0x1f0
[  157.558572][T11759]  kmsan_report+0x162/0x2d0
[  157.563120][T11759]  __msan_warning+0x75/0xe0
[  157.567671][T11759]  kmem_cache_free+0x3df/0x2b70
[  157.572567][T11759]  ? kfree_skb+0x473/0x4c0
[  157.577018][T11759]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  157.583162][T11759]  kfree_skb+0x473/0x4c0
[  157.587433][T11759]  ? packet_rcv_spkt+0x719/0x840
[  157.592412][T11759]  packet_rcv_spkt+0x719/0x840
[  157.597215][T11759]  ? packet_rcv+0x2190/0x2190
[  157.601905][T11759]  dev_queue_xmit_nit+0x1125/0x1200
[  157.607148][T11759]  dev_hard_start_xmit+0x21e/0xab0
[  157.612272][T11759]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  157.618251][T11759]  sch_direct_xmit+0x56c/0x18c0
[  157.623094][T11759]  ? kmsan_set_origin+0x26d/0x340
[  157.628262][T11759]  __dev_queue_xmit+0x1e53/0x4270
[  157.633319][T11759]  dev_queue_xmit+0x4b/0x60
[  157.637856][T11759]  ip_finish_output2+0x20c6/0x25d0
[  157.642963][T11759]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  157.649033][T11759]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  157.655053][T11759]  __ip_finish_output+0xaf8/0xda0
[  157.660091][T11759]  ip_finish_output+0x2db/0x420
[  157.664945][T11759]  ip_output+0x541/0x610
[  157.669192][T11759]  ? ip_mc_finish_output+0x6d0/0x6d0
[  157.674471][T11759]  ? ip_finish_output+0x420/0x420
[  157.679483][T11759]  __ip_queue_xmit+0x1caf/0x21f0
[  157.684413][T11759]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  157.690562][T11759]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  157.696658][T11759]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  157.702737][T11759]  ip_queue_xmit+0xcc/0xf0
[  157.707150][T11759]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  157.712787][T11759]  __tcp_transmit_skb+0x409e/0x5c60
[  157.718034][T11759]  __tcp_send_ack+0x701/0x840
[  157.722718][T11759]  tcp_send_ack+0x68/0x90
[  157.727038][T11759]  tcp_cleanup_rbuf+0x764/0x800
[  157.731885][T11759]  tcp_recvmsg+0x334d/0x4ff0
[  157.736515][T11759]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  157.742483][T11759]  ? tcp_mmap+0x150/0x150
[  157.746814][T11759]  ? tcp_mmap+0x150/0x150
[  157.751142][T11759]  inet_recvmsg+0x237/0x7d0
[  157.755636][T11759]  ? inet_sendpage+0x2c0/0x2c0
[  157.760414][T11759]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  157.766387][T11759]  ? inet_sendpage+0x2c0/0x2c0
[  157.771133][T11759]  ? inet_sendpage+0x2c0/0x2c0
[  157.775888][T11759]  sock_read_iter+0x5be/0x660
[  157.780592][T11759]  ? kernel_sock_ip_overhead+0x340/0x340
[  157.786234][T11759]  __vfs_read+0xa67/0xc90
[  157.790579][T11759]  vfs_read+0x359/0x6f0
[  157.794740][T11759]  ksys_read+0x265/0x430
[  157.798999][T11759]  __se_sys_read+0x92/0xb0
[  157.803419][T11759]  __x64_sys_read+0x4a/0x70
[  157.807927][T11759]  do_syscall_64+0xbc/0xf0
[  157.812889][T11759]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  157.819595][T11759] RIP: 0033:0x47fcb4
[  157.823483][T11759] Code: ff ff cc cc cc cc e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  157.843088][T11759] RSP: 002b:000000c4201d1710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  157.851497][T11759] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcb4
[  157.859455][T11759] RDX: 0000000000001000 RSI: 000000c420216000 RDI: 0000000000000003
[  157.867420][T11759] RBP: 000000c4201d1760 R08: 0000000000000000 R09: 0000000000000000
[  157.875482][T11759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000010
[  157.883442][T11759] R13: 0000000000000010 R14: 0000000000000002 R15: ffffffffffffffff
[  157.891416][T11759] 
[  157.893746][T11759] Uninit was stored to memory at:
[  157.898765][T11759]  kmsan_internal_chain_origin+0xcc/0x150
[  157.904485][T11759]  __msan_chain_origin+0x6b/0xe0
[  157.909426][T11759]  ___slab_alloc+0x1dbc/0x1fb0
[  157.914186][T11759]  kmem_cache_alloc+0xade/0xd10
[  157.919048][T11759]  skb_clone+0x326/0x5d0
[  157.923280][T11759]  dev_queue_xmit_nit+0x539/0x1200
[  157.928379][T11759]  dev_hard_start_xmit+0x21e/0xab0
[  157.933676][T11759]  sch_direct_xmit+0x56c/0x18c0
[  157.938519][T11759]  __dev_queue_xmit+0x1e53/0x4270
[  157.943528][T11759]  dev_queue_xmit+0x4b/0x60
[  157.948018][T11759]  ip_finish_output2+0x20c6/0x25d0
[  157.953117][T11759]  __ip_finish_output+0xaf8/0xda0
[  157.958130][T11759]  ip_finish_output+0x2db/0x420
[  157.962976][T11759]  ip_output+0x541/0x610
[  157.967204][T11759]  __ip_queue_xmit+0x1caf/0x21f0
[  157.972132][T11759]  ip_queue_xmit+0xcc/0xf0
[  157.976545][T11759]  __tcp_transmit_skb+0x409e/0x5c60
[  157.981731][T11759]  __tcp_send_ack+0x701/0x840
[  157.986395][T11759]  tcp_send_ack+0x68/0x90
[  157.990714][T11759]  tcp_cleanup_rbuf+0x764/0x800
[  157.995551][T11759]  tcp_recvmsg+0x334d/0x4ff0
[  158.000130][T11759]  inet_recvmsg+0x237/0x7d0
[  158.004633][T11759]  sock_read_iter+0x5be/0x660
[  158.009296][T11759]  __vfs_read+0xa67/0xc90
[  158.013622][T11759]  vfs_read+0x359/0x6f0
[  158.017762][T11759]  ksys_read+0x265/0x430
[  158.021991][T11759]  __se_sys_read+0x92/0xb0
[  158.026398][T11759]  __x64_sys_read+0x4a/0x70
[  158.030891][T11759]  do_syscall_64+0xbc/0xf0
[  158.035294][T11759]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  158.041178][T11759] 
[  158.043488][T11759] Uninit was created at:
[  158.047719][T11759]  kmsan_internal_poison_shadow+0x53/0xa0
[  158.053420][T11759]  kmsan_slab_free+0x8d/0x100
[  158.058102][T11759]  kmem_cache_free_bulk+0x3ad9/0x3f50
[  158.063464][T11759]  napi_consume_skb+0x593/0x5d0
[  158.068314][T11759]  free_old_xmit_skbs+0x1a1/0x450
[  158.073319][T11759]  virtnet_poll_tx+0x24c/0x4c0
[  158.078065][T11759]  net_rx_action+0x74b/0x1950
[  158.082729][T11759]  __do_softirq+0x4a1/0x83a
[  158.087248][T11759]  irq_exit+0x230/0x280
[  158.091390][T11759]  do_IRQ+0x20d/0x3a0
[  158.095354][T11759]  ret_from_intr+0x0/0x33
[  158.099683][T11759]  default_idle+0x53/0x90
[  158.104009][T11759]  arch_cpu_idle+0x25/0x30
[  158.108406][T11759]  do_idle+0x1d7/0x790
[  158.112458][T11759]  cpu_startup_entry+0x45/0x50
[  158.117221][T11759]  rest_init+0x1be/0x1f0
[  158.121450][T11759]  arch_call_rest_init+0x13/0x15
[  158.126383][T11759]  start_kernel+0x991/0xb61
[  158.130867][T11759]  x86_64_start_reservations+0x18/0x2e
[  158.136307][T11759]  x86_64_start_kernel+0x81/0x84
[  158.141233][T11759]  secondary_startup_64+0xa4/0xb0
[  158.146235][T11759] ==================================================================
[  158.154280][T11759] Disabling lock debugging due to kernel taint
[  158.160422][T11759] Kernel panic - not syncing: panic_on_warn set ...
[  158.167008][T11759] CPU: 0 PID: 11759 Comm: syz-fuzzer Tainted: G    B             5.3.0-rc3+ #17
[  158.176188][T11759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  158.186236][T11759] Call Trace:
[  158.189533][T11759]  dump_stack+0x191/0x1f0
[  158.193862][T11759]  panic+0x3c9/0xc1e
[  158.197779][T11759]  kmsan_report+0x2ca/0x2d0
[  158.202277][T11759]  __msan_warning+0x75/0xe0
[  158.206773][T11759]  kmem_cache_free+0x3df/0x2b70
[  158.211626][T11759]  ? kfree_skb+0x473/0x4c0
[  158.216033][T11759]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  158.222206][T11759]  kfree_skb+0x473/0x4c0
[  158.226451][T11759]  ? packet_rcv_spkt+0x719/0x840
[  158.231382][T11759]  packet_rcv_spkt+0x719/0x840
[  158.236147][T11759]  ? packet_rcv+0x2190/0x2190
[  158.240811][T11759]  dev_queue_xmit_nit+0x1125/0x1200
[  158.246022][T11759]  dev_hard_start_xmit+0x21e/0xab0
[  158.251135][T11759]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  158.257109][T11759]  sch_direct_xmit+0x56c/0x18c0
[  158.261949][T11759]  ? kmsan_set_origin+0x26d/0x340
[  158.266986][T11759]  __dev_queue_xmit+0x1e53/0x4270
[  158.272032][T11759]  dev_queue_xmit+0x4b/0x60
[  158.276551][T11759]  ip_finish_output2+0x20c6/0x25d0
[  158.281667][T11759]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  158.287738][T11759]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  158.293740][T11759]  __ip_finish_output+0xaf8/0xda0
[  158.298774][T11759]  ip_finish_output+0x2db/0x420
[  158.303633][T11759]  ip_output+0x541/0x610
[  158.307893][T11759]  ? ip_mc_finish_output+0x6d0/0x6d0
[  158.313168][T11759]  ? ip_finish_output+0x420/0x420
[  158.318192][T11759]  __ip_queue_xmit+0x1caf/0x21f0
[  158.323124][T11759]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  158.329102][T11759]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  158.335163][T11759]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  158.341251][T11759]  ip_queue_xmit+0xcc/0xf0
[  158.345823][T11759]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  158.351465][T11759]  __tcp_transmit_skb+0x409e/0x5c60
[  158.357177][T11759]  __tcp_send_ack+0x701/0x840
[  158.361865][T11759]  tcp_send_ack+0x68/0x90
[  158.366189][T11759]  tcp_cleanup_rbuf+0x764/0x800
[  158.371042][T11759]  tcp_recvmsg+0x334d/0x4ff0
[  158.375684][T11759]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  158.381668][T11759]  ? tcp_mmap+0x150/0x150
[  158.385987][T11759]  ? tcp_mmap+0x150/0x150
[  158.390304][T11759]  inet_recvmsg+0x237/0x7d0
[  158.394890][T11759]  ? inet_sendpage+0x2c0/0x2c0
[  158.399746][T11759]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  158.405718][T11759]  ? inet_sendpage+0x2c0/0x2c0
[  158.410465][T11759]  ? inet_sendpage+0x2c0/0x2c0
[  158.415219][T11759]  sock_read_iter+0x5be/0x660
[  158.419901][T11759]  ? kernel_sock_ip_overhead+0x340/0x340
[  158.425541][T11759]  __vfs_read+0xa67/0xc90
[  158.429895][T11759]  vfs_read+0x359/0x6f0
[  158.434079][T11759]  ksys_read+0x265/0x430
[  158.438328][T11759]  __se_sys_read+0x92/0xb0
[  158.442948][T11759]  __x64_sys_read+0x4a/0x70
[  158.447614][T11759]  do_syscall_64+0xbc/0xf0
[  158.452122][T11759]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  158.458003][T11759] RIP: 0033:0x47fcb4
[  158.461883][T11759] Code: ff ff cc cc cc cc e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  158.481478][T11759] RSP: 002b:000000c4201d1710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  158.489884][T11759] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcb4
[  158.497847][T11759] RDX: 0000000000001000 RSI: 000000c420216000 RDI: 0000000000000003
[  158.505807][T11759] RBP: 000000c4201d1760 R08: 0000000000000000 R09: 0000000000000000
[  158.513772][T11759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000010
[  158.521735][T11759] R13: 0000000000000010 R14: 0000000000000002 R15: ffffffffffffffff
[  158.530889][T11759] Kernel Offset: disabled
[  158.535321][T11759] Rebooting in 86400 seconds..