[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 85.964841][ T30] audit: type=1800 audit(1570914724.015:25): pid=11987 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 85.990097][ T30] audit: type=1800 audit(1570914724.035:26): pid=11987 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 86.026454][ T30] audit: type=1800 audit(1570914724.065:27): pid=11987 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.123' (ECDSA) to the list of known hosts. 2019/10/12 21:12:17 fuzzer started 2019/10/12 21:12:22 dialing manager at 10.128.0.26:43783 2019/10/12 21:12:22 syscalls: 2412 2019/10/12 21:12:22 code coverage: enabled 2019/10/12 21:12:22 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/10/12 21:12:22 extra coverage: enabled 2019/10/12 21:12:22 setuid sandbox: enabled 2019/10/12 21:12:22 namespace sandbox: enabled 2019/10/12 21:12:22 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/12 21:12:22 fault injection: enabled 2019/10/12 21:12:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/12 21:12:22 net packet injection: enabled 2019/10/12 21:12:22 net device setup: enabled 2019/10/12 21:12:22 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist syzkaller login: [ 199.374776][ C1] ===================================================== [ 199.381813][ C1] BUG: KMSAN: use-after-free in kmem_cache_free+0x3df/0x2b70 [ 199.389208][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.4.0-rc2+ #0 [ 199.396616][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.406695][ C1] Call Trace: [ 199.410016][ C1] dump_stack+0x191/0x1f0 [ 199.414568][ C1] kmsan_report+0x14e/0x2c0 [ 199.419108][ C1] __msan_warning+0x73/0xe0 [ 199.423639][ C1] kmem_cache_free+0x3df/0x2b70 [ 199.428514][ C1] ? kmsan_internal_set_origin+0x6a/0xb0 [ 199.434171][ C1] ? kfree_skb+0x473/0x4c0 [ 199.439078][ C1] ? kmsan_internal_unpoison_shadow+0x42/0x80 [ 199.445168][ C1] kfree_skb+0x473/0x4c0 [ 199.449510][ C1] ? packet_rcv_spkt+0x68d/0x7c0 [ 199.454450][ C1] packet_rcv_spkt+0x68d/0x7c0 [ 199.461720][ C1] ? packet_rcv+0x2110/0x2110 [ 199.466396][ C1] __netif_receive_skb_core+0x3aed/0x51a0 [ 199.472123][ C1] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 199.478260][ C1] netif_receive_skb_internal+0x3cc/0xc20 [ 199.483979][ C1] napi_gro_receive+0x67f/0xbb0 [ 199.488819][ C1] receive_buf+0x653b/0x8810 [ 199.493757][ C1] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 199.499631][ C1] virtnet_poll+0x666/0x1a10 [ 199.504217][ C1] ? refill_work+0x470/0x470 [ 199.508799][ C1] net_rx_action+0x7a6/0x1aa0 [ 199.513464][ C1] ? net_tx_action+0xc40/0xc40 [ 199.518556][ C1] __do_softirq+0x4a1/0x83a [ 199.523062][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 199.528239][ C1] ? takeover_tasklets+0x900/0x900 [ 199.533329][ C1] run_ksoftirqd+0x25/0x40 [ 199.537740][ C1] smpboot_thread_fn+0x4a3/0x990 [ 199.542664][ C1] kthread+0x4b5/0x4f0 [ 199.546711][ C1] ? cpu_report_death+0x190/0x190 [ 199.551719][ C1] ? kthread_blkcg+0xf0/0xf0 [ 199.556291][ C1] ret_from_fork+0x35/0x40 [ 199.560688][ C1] [ 199.562999][ C1] Uninit was stored to memory at: [ 199.568016][ C1] kmsan_internal_chain_origin+0xbd/0x170 [ 199.573711][ C1] __msan_chain_origin+0x6b/0xe0 [ 199.578623][ C1] ___slab_alloc+0x1dbc/0x1fb0 [ 199.583366][ C1] kmem_cache_alloc+0xade/0xd10 [ 199.588194][ C1] skb_clone+0x326/0x5d0 [ 199.592428][ C1] packet_rcv_spkt+0x23f/0x7c0 [ 199.597171][ C1] __netif_receive_skb_core+0x3aed/0x51a0 [ 199.602870][ C1] netif_receive_skb_internal+0x3cc/0xc20 [ 199.608581][ C1] napi_gro_receive+0x67f/0xbb0 [ 199.613436][ C1] receive_buf+0x653b/0x8810 [ 199.618040][ C1] virtnet_poll+0x666/0x1a10 [ 199.622628][ C1] net_rx_action+0x7a6/0x1aa0 [ 199.627287][ C1] __do_softirq+0x4a1/0x83a [ 199.631781][ C1] run_ksoftirqd+0x25/0x40 [ 199.636184][ C1] smpboot_thread_fn+0x4a3/0x990 [ 199.641118][ C1] kthread+0x4b5/0x4f0 [ 199.645192][ C1] ret_from_fork+0x35/0x40 [ 199.649591][ C1] [ 199.651913][ C1] Uninit was created at: [ 199.656236][ C1] kmsan_internal_poison_shadow+0x60/0x120 [ 199.662037][ C1] kmsan_slab_free+0x8d/0x100 [ 199.666708][ C1] kmem_cache_free_bulk+0x3ad9/0x3f10 [ 199.672059][ C1] __kfree_skb_flush+0xb0/0x100 [ 199.676887][ C1] net_rx_action+0x1a5e/0x1aa0 [ 199.681629][ C1] __do_softirq+0x4a1/0x83a [ 199.686111][ C1] irq_exit+0x230/0x280 [ 199.690246][ C1] do_IRQ+0x123/0x360 [ 199.694230][ C1] ret_from_intr+0x0/0x33 [ 199.698551][ C1] default_idle+0x53/0x90 [ 199.702860][ C1] arch_cpu_idle+0x25/0x30 [ 199.707253][ C1] do_idle+0x1d5/0x780 [ 199.711299][ C1] cpu_startup_entry+0x45/0x50 [ 199.716055][ C1] rest_init+0x1be/0x1f0 [ 199.720282][ C1] arch_call_rest_init+0x13/0x15 [ 199.725200][ C1] start_kernel+0x987/0xb57 [ 199.729680][ C1] x86_64_start_reservations+0x18/0x2e [ 199.735135][ C1] x86_64_start_kernel+0x81/0x84 [ 199.740053][ C1] secondary_startup_64+0xa4/0xb0 [ 199.745051][ C1] ===================================================== [ 199.751957][ C1] Disabling lock debugging due to kernel taint [ 199.758087][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 199.764655][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G B 5.4.0-rc2+ #0 [ 199.773386][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.783432][ C1] Call Trace: [ 199.786719][ C1] dump_stack+0x191/0x1f0 [ 199.791033][ C1] panic+0x3c9/0xc1e [ 199.794942][ C1] kmsan_report+0x2b6/0x2c0 [ 199.799446][ C1] __msan_warning+0x73/0xe0 [ 199.803936][ C1] kmem_cache_free+0x3df/0x2b70 [ 199.808766][ C1] ? kmsan_internal_set_origin+0x6a/0xb0 [ 199.814400][ C1] ? kfree_skb+0x473/0x4c0 [ 199.818798][ C1] ? kmsan_internal_unpoison_shadow+0x42/0x80 [ 199.824866][ C1] kfree_skb+0x473/0x4c0 [ 199.829091][ C1] ? packet_rcv_spkt+0x68d/0x7c0 [ 199.834010][ C1] packet_rcv_spkt+0x68d/0x7c0 [ 199.838846][ C1] ? packet_rcv+0x2110/0x2110 [ 199.843510][ C1] __netif_receive_skb_core+0x3aed/0x51a0 [ 199.849256][ C1] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 199.855151][ C1] netif_receive_skb_internal+0x3cc/0xc20 [ 199.860880][ C1] napi_gro_receive+0x67f/0xbb0 [ 199.865723][ C1] receive_buf+0x653b/0x8810 [ 199.870315][ C1] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 199.876300][ C1] virtnet_poll+0x666/0x1a10 [ 199.880894][ C1] ? refill_work+0x470/0x470 [ 199.885472][ C1] net_rx_action+0x7a6/0x1aa0 [ 199.890140][ C1] ? net_tx_action+0xc40/0xc40 [ 199.894887][ C1] __do_softirq+0x4a1/0x83a [ 199.899379][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 199.904557][ C1] ? takeover_tasklets+0x900/0x900 [ 199.909649][ C1] run_ksoftirqd+0x25/0x40 [ 199.914047][ C1] smpboot_thread_fn+0x4a3/0x990 [ 199.919003][ C1] kthread+0x4b5/0x4f0 [ 199.923068][ C1] ? cpu_report_death+0x190/0x190 [ 199.928087][ C1] ? kthread_blkcg+0xf0/0xf0 [ 199.932694][ C1] ret_from_fork+0x35/0x40 [ 199.938649][ C1] Kernel Offset: disabled [ 199.942990][ C1] Rebooting in 86400 seconds..