[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[  113.337696][   T30] audit: type=1800 audit(1565904805.386:25): pid=12563 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[  113.361917][   T30] audit: type=1800 audit(1565904805.406:26): pid=12563 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[  113.402043][   T30] audit: type=1800 audit(1565904805.436:27): pid=12563 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.38' (ECDSA) to the list of known hosts.
2019/08/15 21:33:39 fuzzer started
2019/08/15 21:33:46 dialing manager at 10.128.0.26:36111
2019/08/15 21:33:46 syscalls: 2376
2019/08/15 21:33:46 code coverage: enabled
2019/08/15 21:33:46 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/08/15 21:33:46 extra coverage: enabled
2019/08/15 21:33:46 setuid sandbox: enabled
2019/08/15 21:33:46 namespace sandbox: enabled
2019/08/15 21:33:46 Android sandbox: /sys/fs/selinux/policy does not exist
2019/08/15 21:33:46 fault injection: enabled
2019/08/15 21:33:46 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/08/15 21:33:46 net packet injection: enabled
2019/08/15 21:33:46 net device setup: enabled
syzkaller login: [  306.788021][T12715] ==================================================================
[  306.796400][T12715] BUG: KMSAN: uninit-value in kmem_cache_free+0x3df/0x2b70
[  306.803655][T12715] CPU: 1 PID: 12715 Comm: syz-fuzzer Not tainted 5.3.0-rc3+ #17
[  306.811302][T12715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  306.821398][T12715] Call Trace:
[  306.824757][T12715]  dump_stack+0x191/0x1f0
[  306.829151][T12715]  kmsan_report+0x162/0x2d0
[  306.833699][T12715]  __msan_warning+0x75/0xe0
[  306.838535][T12715]  kmem_cache_free+0x3df/0x2b70
[  306.843457][T12715]  ? kfree_skb+0x473/0x4c0
[  306.847907][T12715]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  306.854055][T12715]  kfree_skb+0x473/0x4c0
[  306.858363][T12715]  ? packet_rcv_spkt+0x719/0x840
[  306.863437][T12715]  packet_rcv_spkt+0x719/0x840
[  306.868252][T12715]  ? packet_rcv+0x2190/0x2190
[  306.872976][T12715]  dev_queue_xmit_nit+0x1125/0x1200
[  306.878327][T12715]  dev_hard_start_xmit+0x21e/0xab0
[  306.883716][T12715]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  306.889716][T12715]  sch_direct_xmit+0x56c/0x18c0
[  306.894567][T12715]  ? kmsan_set_origin+0x26d/0x340
[  306.899642][T12715]  __dev_queue_xmit+0x1e53/0x4270
[  306.904706][T12715]  dev_queue_xmit+0x4b/0x60
[  306.909286][T12715]  ip_finish_output2+0x20c6/0x25d0
[  306.914400][T12715]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  306.920476][T12715]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  306.926496][T12715]  __ip_finish_output+0xaf8/0xda0
[  306.931540][T12715]  ip_finish_output+0x2db/0x420
[  306.936407][T12715]  ip_output+0x541/0x610
[  306.940663][T12715]  ? ip_mc_finish_output+0x6d0/0x6d0
[  306.945952][T12715]  ? ip_finish_output+0x420/0x420
[  306.950975][T12715]  __ip_queue_xmit+0x1caf/0x21f0
[  306.955913][T12715]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  306.962081][T12715]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  306.968201][T12715]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  306.974308][T12715]  ip_queue_xmit+0xcc/0xf0
[  306.978738][T12715]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  306.984374][T12715]  __tcp_transmit_skb+0x409e/0x5c60
[  306.989622][T12715]  __tcp_send_ack+0x701/0x840
[  306.994320][T12715]  tcp_send_ack+0x68/0x90
[  306.998657][T12715]  tcp_cleanup_rbuf+0x764/0x800
[  307.003520][T12715]  tcp_recvmsg+0x334d/0x4ff0
[  307.008270][T12715]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  307.014310][T12715]  ? tcp_mmap+0x150/0x150
[  307.018658][T12715]  ? tcp_mmap+0x150/0x150
[  307.023032][T12715]  inet_recvmsg+0x237/0x7d0
[  307.027547][T12715]  ? inet_sendpage+0x2c0/0x2c0
[  307.032316][T12715]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  307.038330][T12715]  ? inet_sendpage+0x2c0/0x2c0
[  307.043118][T12715]  ? inet_sendpage+0x2c0/0x2c0
[  307.047895][T12715]  sock_read_iter+0x5be/0x660
[  307.052587][T12715]  ? kernel_sock_ip_overhead+0x340/0x340
[  307.058237][T12715]  __vfs_read+0xa67/0xc90
[  307.062614][T12715]  vfs_read+0x359/0x6f0
[  307.066789][T12715]  ksys_read+0x265/0x430
[  307.072413][T12715]  __se_sys_read+0x92/0xb0
[  307.076863][T12715]  __x64_sys_read+0x4a/0x70
[  307.081591][T12715]  do_syscall_64+0xbc/0xf0
[  307.086021][T12715]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  307.091925][T12715] RIP: 0033:0x47fcb4
[  307.102450][T12715] Code: ff ff cc cc cc cc e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  307.126039][T12715] RSP: 002b:000000c420063710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  307.134462][T12715] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcb4
[  307.142433][T12715] RDX: 0000000000001000 RSI: 000000c4203e8000 RDI: 0000000000000003
[  307.151904][T12715] RBP: 000000c420063760 R08: 0000000000000000 R09: 0000000000000000
[  307.164214][T12715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  307.172196][T12715] R13: 0000000000000004 R14: 0000000000000004 R15: ffffffffffffffff
[  307.180175][T12715] 
[  307.182494][T12715] Uninit was stored to memory at:
[  307.187515][T12715]  kmsan_internal_chain_origin+0xcc/0x150
[  307.195505][T12715]  __msan_chain_origin+0x6b/0xe0
[  307.200480][T12715]  ___slab_alloc+0x1dbc/0x1fb0
[  307.205262][T12715]  kmem_cache_alloc+0xade/0xd10
[  307.210175][T12715]  skb_clone+0x326/0x5d0
[  307.214427][T12715]  dev_queue_xmit_nit+0x539/0x1200
[  307.219529][T12715]  dev_hard_start_xmit+0x21e/0xab0
[  307.226348][T12715]  sch_direct_xmit+0x56c/0x18c0
[  307.233025][T12715]  __dev_queue_xmit+0x1e53/0x4270
[  307.238391][T12715]  dev_queue_xmit+0x4b/0x60
[  307.242897][T12715]  ip_finish_output2+0x20c6/0x25d0
[  307.248002][T12715]  __ip_finish_output+0xaf8/0xda0
[  307.253041][T12715]  ip_finish_output+0x2db/0x420
[  307.257890][T12715]  ip_output+0x541/0x610
[  307.262127][T12715]  __ip_queue_xmit+0x1caf/0x21f0
[  307.267075][T12715]  ip_queue_xmit+0xcc/0xf0
[  307.271486][T12715]  __tcp_transmit_skb+0x409e/0x5c60
[  307.276677][T12715]  __tcp_send_ack+0x701/0x840
[  307.281344][T12715]  tcp_send_ack+0x68/0x90
[  307.285688][T12715]  tcp_cleanup_rbuf+0x764/0x800
[  307.290552][T12715]  tcp_recvmsg+0x334d/0x4ff0
[  307.295152][T12715]  inet_recvmsg+0x237/0x7d0
[  307.299671][T12715]  sock_read_iter+0x5be/0x660
[  307.304459][T12715]  __vfs_read+0xa67/0xc90
[  307.308802][T12715]  vfs_read+0x359/0x6f0
[  307.312956][T12715]  ksys_read+0x265/0x430
[  307.317208][T12715]  __se_sys_read+0x92/0xb0
[  307.321620][T12715]  __x64_sys_read+0x4a/0x70
[  307.326115][T12715]  do_syscall_64+0xbc/0xf0
[  307.330529][T12715]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  307.336397][T12715] 
[  307.338728][T12715] Uninit was created at:
[  307.342991][T12715]  kmsan_internal_poison_shadow+0x53/0xa0
[  307.348699][T12715]  kmsan_slab_free+0x8d/0x100
[  307.353363][T12715]  kmem_cache_free_bulk+0x3ad9/0x3f50
[  307.358725][T12715]  __kfree_skb_flush+0xb0/0x100
[  307.363566][T12715]  net_rx_action+0x1908/0x1950
[  307.368351][T12715]  __do_softirq+0x4a1/0x83a
[  307.373470][T12715]  irq_exit+0x230/0x280
[  307.377640][T12715]  do_IRQ+0x20d/0x3a0
[  307.381612][T12715]  ret_from_intr+0x0/0x33
[  307.385964][T12715]  kmsan_get_shadow_origin_ptr+0x159/0x3a0
[  307.391776][T12715]  __msan_metadata_ptr_for_store_4+0x13/0x20
[  307.397791][T12715]  iov_iter_init+0x12d/0x300
[  307.402388][T12715]  __vfs_read+0xa00/0xc90
[  307.406709][T12715]  vfs_read+0x359/0x6f0
[  307.410855][T12715]  ksys_read+0x265/0x430
[  307.415100][T12715]  __se_sys_read+0x92/0xb0
[  307.419502][T12715]  __x64_sys_read+0x4a/0x70
[  307.424003][T12715]  do_syscall_64+0xbc/0xf0
[  307.428409][T12715]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  307.434280][T12715] ==================================================================
[  307.442333][T12715] Disabling lock debugging due to kernel taint
[  307.448490][T12715] Kernel panic - not syncing: panic_on_warn set ...
[  307.455073][T12715] CPU: 1 PID: 12715 Comm: syz-fuzzer Tainted: G    B             5.3.0-rc3+ #17
[  307.464078][T12715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  307.474127][T12715] Call Trace:
[  307.477425][T12715]  dump_stack+0x191/0x1f0
[  307.481766][T12715]  panic+0x3c9/0xc1e
[  307.485701][T12715]  kmsan_report+0x2ca/0x2d0
[  307.490227][T12715]  __msan_warning+0x75/0xe0
[  307.494733][T12715]  kmem_cache_free+0x3df/0x2b70
[  307.499584][T12715]  ? kfree_skb+0x473/0x4c0
[  307.503999][T12715]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  307.510091][T12715]  kfree_skb+0x473/0x4c0
[  307.514332][T12715]  ? packet_rcv_spkt+0x719/0x840
[  307.519294][T12715]  packet_rcv_spkt+0x719/0x840
[  307.524084][T12715]  ? packet_rcv+0x2190/0x2190
[  307.528794][T12715]  dev_queue_xmit_nit+0x1125/0x1200
[  307.534025][T12715]  dev_hard_start_xmit+0x21e/0xab0
[  307.539147][T12715]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  307.545136][T12715]  sch_direct_xmit+0x56c/0x18c0
[  307.549989][T12715]  ? kmsan_set_origin+0x26d/0x340
[  307.555029][T12715]  __dev_queue_xmit+0x1e53/0x4270
[  307.560097][T12715]  dev_queue_xmit+0x4b/0x60
[  307.564613][T12715]  ip_finish_output2+0x20c6/0x25d0
[  307.569727][T12715]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  307.575796][T12715]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  307.581807][T12715]  __ip_finish_output+0xaf8/0xda0
[  307.586855][T12715]  ip_finish_output+0x2db/0x420
[  307.591717][T12715]  ip_output+0x541/0x610
[  307.595968][T12715]  ? ip_mc_finish_output+0x6d0/0x6d0
[  307.601300][T12715]  ? ip_finish_output+0x420/0x420
[  307.606349][T12715]  __ip_queue_xmit+0x1caf/0x21f0
[  307.611292][T12715]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  307.617283][T12715]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  307.623355][T12715]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  307.629462][T12715]  ip_queue_xmit+0xcc/0xf0
[  307.633977][T12715]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  307.639625][T12715]  __tcp_transmit_skb+0x409e/0x5c60
[  307.644871][T12715]  __tcp_send_ack+0x701/0x840
[  307.649563][T12715]  tcp_send_ack+0x68/0x90
[  307.653897][T12715]  tcp_cleanup_rbuf+0x764/0x800
[  307.658762][T12715]  tcp_recvmsg+0x334d/0x4ff0
[  307.663408][T12715]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  307.669412][T12715]  ? tcp_mmap+0x150/0x150
[  307.673736][T12715]  ? tcp_mmap+0x150/0x150
[  307.678087][T12715]  inet_recvmsg+0x237/0x7d0
[  307.682601][T12715]  ? inet_sendpage+0x2c0/0x2c0
[  307.687365][T12715]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  307.693343][T12715]  ? inet_sendpage+0x2c0/0x2c0
[  307.698107][T12715]  ? inet_sendpage+0x2c0/0x2c0
[  307.702875][T12715]  sock_read_iter+0x5be/0x660
[  307.707572][T12715]  ? kernel_sock_ip_overhead+0x340/0x340
[  307.713202][T12715]  __vfs_read+0xa67/0xc90
[  307.717558][T12715]  vfs_read+0x359/0x6f0
[  307.721724][T12715]  ksys_read+0x265/0x430
[  307.725981][T12715]  __se_sys_read+0x92/0xb0
[  307.730407][T12715]  __x64_sys_read+0x4a/0x70
[  307.734909][T12715]  do_syscall_64+0xbc/0xf0
[  307.739328][T12715]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  307.745215][T12715] RIP: 0033:0x47fcb4
[  307.749130][T12715] Code: ff ff cc cc cc cc e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  307.768741][T12715] RSP: 002b:000000c420063710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  307.777172][T12715] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcb4
[  307.785139][T12715] RDX: 0000000000001000 RSI: 000000c4203e8000 RDI: 0000000000000003
[  307.793101][T12715] RBP: 000000c420063760 R08: 0000000000000000 R09: 0000000000000000
[  307.801065][T12715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  307.809028][T12715] R13: 0000000000000004 R14: 0000000000000004 R15: ffffffffffffffff
[  307.817964][T12715] Kernel Offset: disabled
[  307.822333][T12715] Rebooting in 86400 seconds..