[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   87.133568][   T30] audit: type=1800 audit(1572222638.186:25): pid=12217 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   87.156895][   T30] audit: type=1800 audit(1572222638.206:26): pid=12217 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   87.192779][   T30] audit: type=1800 audit(1572222638.226:27): pid=12217 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.139' (ECDSA) to the list of known hosts.
2019/10/28 00:30:52 fuzzer started
2019/10/28 00:30:56 dialing manager at 10.128.0.26:34985
2019/10/28 00:30:57 syscalls: 2424
2019/10/28 00:30:57 code coverage: enabled
2019/10/28 00:30:57 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/10/28 00:30:57 extra coverage: enabled
2019/10/28 00:30:57 setuid sandbox: enabled
2019/10/28 00:30:57 namespace sandbox: enabled
2019/10/28 00:30:57 Android sandbox: /sys/fs/selinux/policy does not exist
2019/10/28 00:30:57 fault injection: enabled
2019/10/28 00:30:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/10/28 00:30:57 net packet injection: enabled
2019/10/28 00:30:57 net device setup: enabled
2019/10/28 00:30:57 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
syzkaller login: [  122.860816][T12370] =====================================================
[  122.867825][T12370] BUG: KMSAN: use-after-free in kmem_cache_free+0x3df/0x2b70
[  122.875201][T12370] CPU: 0 PID: 12370 Comm: syz-fuzzer Not tainted 5.4.0-rc3+ #0
[  122.882740][T12370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  122.892970][T12370] Call Trace:
[  122.896273][T12370]  dump_stack+0x191/0x1f0
[  122.900616][T12370]  kmsan_report+0x128/0x220
[  122.905114][T12370]  __msan_warning+0x73/0xe0
[  122.909595][T12370]  kmem_cache_free+0x3df/0x2b70
[  122.914423][T12370]  ? kmsan_internal_set_origin+0x6a/0xb0
[  122.920170][T12370]  ? kfree_skb+0x473/0x4c0
[  122.924587][T12370]  ? kmsan_internal_unpoison_shadow+0x42/0x80
[  122.930641][T12370]  kfree_skb+0x473/0x4c0
[  122.934862][T12370]  ? packet_rcv_spkt+0x68d/0x7c0
[  122.940734][T12370]  packet_rcv_spkt+0x68d/0x7c0
[  122.945481][T12370]  ? packet_rcv+0x2110/0x2110
[  122.950133][T12370]  dev_queue_xmit_nit+0x1125/0x1200
[  122.955320][T12370]  dev_hard_start_xmit+0x21e/0xab0
[  122.960415][T12370]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  122.966286][T12370]  sch_direct_xmit+0x56c/0x18c0
[  122.971126][T12370]  __dev_queue_xmit+0x212d/0x4200
[  122.976142][T12370]  dev_queue_xmit+0x4b/0x60
[  122.980624][T12370]  ip_finish_output2+0x20d6/0x25d0
[  122.985712][T12370]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  122.992362][T12370]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  122.998339][T12370]  __ip_finish_output+0xaf8/0xda0
[  123.003364][T12370]  ip_finish_output+0x2db/0x420
[  123.008204][T12370]  ip_output+0x541/0x610
[  123.012452][T12370]  ? ip_mc_finish_output+0x6d0/0x6d0
[  123.017731][T12370]  ? ip_finish_output+0x420/0x420
[  123.022762][T12370]  __ip_queue_xmit+0x1caf/0x21f0
[  123.027686][T12370]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  123.033852][T12370]  ip_queue_xmit+0xcc/0xf0
[  123.038251][T12370]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  123.043864][T12370]  __tcp_transmit_skb+0x40e3/0x5d90
[  123.049058][T12370]  __tcp_send_ack+0x701/0x840
[  123.053718][T12370]  tcp_send_ack+0x68/0x90
[  123.058036][T12370]  tcp_cleanup_rbuf+0x764/0x800
[  123.062878][T12370]  tcp_recvmsg+0x334d/0x4ff0
[  123.067472][T12370]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  123.073343][T12370]  ? tcp_mmap+0x150/0x150
[  123.077650][T12370]  ? tcp_mmap+0x150/0x150
[  123.081956][T12370]  inet_recvmsg+0x237/0x7d0
[  123.086455][T12370]  ? inet_sendpage+0x2c0/0x2c0
[  123.091207][T12370]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  123.097092][T12370]  ? inet_sendpage+0x2c0/0x2c0
[  123.101837][T12370]  ? inet_sendpage+0x2c0/0x2c0
[  123.106586][T12370]  sock_read_iter+0x5be/0x660
[  123.111278][T12370]  ? kernel_sock_ip_overhead+0x340/0x340
[  123.117502][T12370]  __vfs_read+0xa67/0xc90
[  123.121830][T12370]  vfs_read+0x359/0x6f0
[  123.125990][T12370]  ksys_read+0x265/0x430
[  123.130216][T12370]  __se_sys_read+0x92/0xb0
[  123.134623][T12370]  __x64_sys_read+0x4a/0x70
[  123.139114][T12370]  do_syscall_64+0xb6/0x160
[  123.143598][T12370]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  123.149467][T12370] RIP: 0033:0x47fd44
[  123.153354][T12370] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  123.172935][T12370] RSP: 002b:000000c420065710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  123.181331][T12370] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44
[  123.189280][T12370] RDX: 0000000000001000 RSI: 000000c420392000 RDI: 0000000000000003
[  123.197237][T12370] RBP: 000000c420065760 R08: 0000000000000000 R09: 0000000000000000
[  123.205185][T12370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  123.213134][T12370] R13: 0000000000000008 R14: 0000000000000004 R15: ffffffffffffffff
[  123.222911][T12370] 
[  123.225222][T12370] Uninit was stored to memory at:
[  123.230223][T12370]  kmsan_internal_chain_origin+0xbd/0x180
[  123.235918][T12370]  __msan_chain_origin+0x6b/0xd0
[  123.240826][T12370]  ___slab_alloc+0x1dbc/0x1fb0
[  123.245574][T12370]  kmem_cache_alloc+0xade/0xd10
[  123.250399][T12370]  skb_clone+0x326/0x5d0
[  123.254617][T12370]  dev_queue_xmit_nit+0x539/0x1200
[  123.259702][T12370]  dev_hard_start_xmit+0x21e/0xab0
[  123.264788][T12370]  sch_direct_xmit+0x56c/0x18c0
[  123.270132][T12370]  __dev_queue_xmit+0x212d/0x4200
[  123.275129][T12370]  dev_queue_xmit+0x4b/0x60
[  123.279610][T12370]  ip_finish_output2+0x20d6/0x25d0
[  123.284705][T12370]  __ip_finish_output+0xaf8/0xda0
[  123.289704][T12370]  ip_finish_output+0x2db/0x420
[  123.294531][T12370]  ip_output+0x541/0x610
[  123.298747][T12370]  __ip_queue_xmit+0x1caf/0x21f0
[  123.303669][T12370]  ip_queue_xmit+0xcc/0xf0
[  123.308057][T12370]  __tcp_transmit_skb+0x40e3/0x5d90
[  123.313226][T12370]  __tcp_send_ack+0x701/0x840
[  123.317883][T12370]  tcp_send_ack+0x68/0x90
[  123.322189][T12370]  tcp_cleanup_rbuf+0x764/0x800
[  123.327012][T12370]  tcp_recvmsg+0x334d/0x4ff0
[  123.331586][T12370]  inet_recvmsg+0x237/0x7d0
[  123.336065][T12370]  sock_read_iter+0x5be/0x660
[  123.340724][T12370]  __vfs_read+0xa67/0xc90
[  123.345028][T12370]  vfs_read+0x359/0x6f0
[  123.349155][T12370]  ksys_read+0x265/0x430
[  123.353372][T12370]  __se_sys_read+0x92/0xb0
[  123.357859][T12370]  __x64_sys_read+0x4a/0x70
[  123.362568][T12370]  do_syscall_64+0xb6/0x160
[  123.367050][T12370]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  123.372908][T12370] 
[  123.375211][T12370] Uninit was created at:
[  123.379435][T12370]  kmsan_internal_poison_shadow+0x60/0x120
[  123.385224][T12370]  kmsan_slab_free+0x8d/0xf0
[  123.389790][T12370]  kmem_cache_free_bulk+0x3ad9/0x3f10
[  123.395135][T12370]  __kfree_skb_flush+0xb0/0x100
[  123.399970][T12370]  net_rx_action+0x1a5e/0x1aa0
[  123.404707][T12370]  __do_softirq+0x4a1/0x83a
[  123.409190][T12370]  irq_exit+0x230/0x280
[  123.413317][T12370]  do_IRQ+0x123/0x360
[  123.417269][T12370]  ret_from_intr+0x0/0x33
[  123.421577][T12370]  ipv4_conntrack_defrag+0x221/0x7d0
[  123.426841][T12370]  nf_hook_slow+0x18b/0x3f0
[  123.431322][T12370]  __ip_local_out+0x69b/0x800
[  123.435972][T12370]  __ip_queue_xmit+0x1bdc/0x21f0
[  123.440889][T12370]  ip_queue_xmit+0xcc/0xf0
[  123.445277][T12370]  __tcp_transmit_skb+0x40e3/0x5d90
[  123.450457][T12370]  __tcp_send_ack+0x701/0x840
[  123.455109][T12370]  tcp_send_ack+0x68/0x90
[  123.459411][T12370]  tcp_cleanup_rbuf+0x764/0x800
[  123.464232][T12370]  tcp_recvmsg+0x334d/0x4ff0
[  123.468882][T12370]  inet_recvmsg+0x237/0x7d0
[  123.473358][T12370]  sock_read_iter+0x5be/0x660
[  123.478007][T12370]  __vfs_read+0xa67/0xc90
[  123.482307][T12370]  vfs_read+0x359/0x6f0
[  123.486435][T12370]  ksys_read+0x265/0x430
[  123.490648][T12370]  __se_sys_read+0x92/0xb0
[  123.495040][T12370]  __x64_sys_read+0x4a/0x70
[  123.499517][T12370]  do_syscall_64+0xb6/0x160
[  123.504010][T12370]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  123.509874][T12370] =====================================================
[  123.516790][T12370] Disabling lock debugging due to kernel taint
[  123.522919][T12370] Kernel panic - not syncing: panic_on_warn set ...
[  123.529487][T12370] CPU: 0 PID: 12370 Comm: syz-fuzzer Tainted: G    B             5.4.0-rc3+ #0
[  123.538388][T12370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  123.548415][T12370] Call Trace:
[  123.551686][T12370]  dump_stack+0x191/0x1f0
[  123.556689][T12370]  panic+0x3c9/0xc1e
[  123.560575][T12370]  kmsan_report+0x215/0x220
[  123.565058][T12370]  __msan_warning+0x73/0xe0
[  123.569537][T12370]  kmem_cache_free+0x3df/0x2b70
[  123.574364][T12370]  ? kmsan_internal_set_origin+0x6a/0xb0
[  123.579986][T12370]  ? kfree_skb+0x473/0x4c0
[  123.584388][T12370]  ? kmsan_internal_unpoison_shadow+0x42/0x80
[  123.590459][T12370]  kfree_skb+0x473/0x4c0
[  123.594688][T12370]  ? packet_rcv_spkt+0x68d/0x7c0
[  123.599614][T12370]  packet_rcv_spkt+0x68d/0x7c0
[  123.604369][T12370]  ? packet_rcv+0x2110/0x2110
[  123.609085][T12370]  dev_queue_xmit_nit+0x1125/0x1200
[  123.614282][T12370]  dev_hard_start_xmit+0x21e/0xab0
[  123.619386][T12370]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  123.625269][T12370]  sch_direct_xmit+0x56c/0x18c0
[  123.630107][T12370]  __dev_queue_xmit+0x212d/0x4200
[  123.635138][T12370]  dev_queue_xmit+0x4b/0x60
[  123.639623][T12370]  ip_finish_output2+0x20d6/0x25d0
[  123.644737][T12370]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  123.650803][T12370]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  123.656787][T12370]  __ip_finish_output+0xaf8/0xda0
[  123.661797][T12370]  ip_finish_output+0x2db/0x420
[  123.666648][T12370]  ip_output+0x541/0x610
[  123.670894][T12370]  ? ip_mc_finish_output+0x6d0/0x6d0
[  123.676152][T12370]  ? ip_finish_output+0x420/0x420
[  123.681154][T12370]  __ip_queue_xmit+0x1caf/0x21f0
[  123.686069][T12370]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[  123.692212][T12370]  ip_queue_xmit+0xcc/0xf0
[  123.696610][T12370]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  123.702218][T12370]  __tcp_transmit_skb+0x40e3/0x5d90
[  123.707406][T12370]  __tcp_send_ack+0x701/0x840
[  123.712073][T12370]  tcp_send_ack+0x68/0x90
[  123.716378][T12370]  tcp_cleanup_rbuf+0x764/0x800
[  123.721209][T12370]  tcp_recvmsg+0x334d/0x4ff0
[  123.725802][T12370]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  123.731669][T12370]  ? tcp_mmap+0x150/0x150
[  123.735970][T12370]  ? tcp_mmap+0x150/0x150
[  123.740276][T12370]  inet_recvmsg+0x237/0x7d0
[  123.744763][T12370]  ? inet_sendpage+0x2c0/0x2c0
[  123.749506][T12370]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  123.755373][T12370]  ? inet_sendpage+0x2c0/0x2c0
[  123.760109][T12370]  ? inet_sendpage+0x2c0/0x2c0
[  123.764850][T12370]  sock_read_iter+0x5be/0x660
[  123.769511][T12370]  ? kernel_sock_ip_overhead+0x340/0x340
[  123.775117][T12370]  __vfs_read+0xa67/0xc90
[  123.779451][T12370]  vfs_read+0x359/0x6f0
[  123.783765][T12370]  ksys_read+0x265/0x430
[  123.787989][T12370]  __se_sys_read+0x92/0xb0
[  123.792730][T12370]  __x64_sys_read+0x4a/0x70
[  123.797211][T12370]  do_syscall_64+0xb6/0x160
[  123.801694][T12370]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  123.807909][T12370] RIP: 0033:0x47fd44
[  123.811783][T12370] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  123.831451][T12370] RSP: 002b:000000c420065710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  123.839834][T12370] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44
[  123.847780][T12370] RDX: 0000000000001000 RSI: 000000c420392000 RDI: 0000000000000003
[  123.855726][T12370] RBP: 000000c420065760 R08: 0000000000000000 R09: 0000000000000000
[  123.863676][T12370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  123.871622][T12370] R13: 0000000000000008 R14: 0000000000000004 R15: ffffffffffffffff
[  123.881232][T12370] Kernel Offset: disabled
[  123.885558][T12370] Rebooting in 86400 seconds..