[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   87.126140][   T31] audit: type=1800 audit(1572450295.177:25): pid=11794 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   87.149204][   T31] audit: type=1800 audit(1572450295.197:26): pid=11794 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   87.185165][   T31] audit: type=1800 audit(1572450295.227:27): pid=11794 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.16' (ECDSA) to the list of known hosts.
2019/10/30 15:45:09 fuzzer started
2019/10/30 15:45:13 dialing manager at 10.128.0.26:37669
2019/10/30 15:45:13 syscalls: 2431
2019/10/30 15:45:13 code coverage: enabled
2019/10/30 15:45:13 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/10/30 15:45:13 extra coverage: enabled
2019/10/30 15:45:13 setuid sandbox: enabled
2019/10/30 15:45:13 namespace sandbox: enabled
2019/10/30 15:45:13 Android sandbox: /sys/fs/selinux/policy does not exist
2019/10/30 15:45:13 fault injection: enabled
2019/10/30 15:45:13 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/10/30 15:45:13 net packet injection: enabled
2019/10/30 15:45:13 net device setup: enabled
2019/10/30 15:45:13 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
syzkaller login: [  112.657535][T11947] =====================================================
[  112.664549][T11947] BUG: KMSAN: use-after-free in kmem_cache_free+0x3df/0x2b70
[  112.671927][T11947] CPU: 0 PID: 11947 Comm: syz-fuzzer Not tainted 5.4.0-rc5+ #0
[  112.679464][T11947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  112.689521][T11947] Call Trace:
[  112.692822][T11947]  dump_stack+0x191/0x1f0
[  112.697171][T11947]  kmsan_report+0x128/0x220
[  112.701683][T11947]  __msan_warning+0x73/0xe0
[  112.706284][T11947]  kmem_cache_free+0x3df/0x2b70
[  112.711134][T11947]  ? kmsan_internal_set_origin+0x6a/0xb0
[  112.716745][T11947]  ? kfree_skb+0x473/0x4c0
[  112.721142][T11947]  ? kmsan_internal_unpoison_shadow+0x42/0x80
[  112.727196][T11947]  kfree_skb+0x473/0x4c0
[  112.731418][T11947]  ? packet_rcv_spkt+0x68d/0x7c0
[  112.736381][T11947]  packet_rcv_spkt+0x68d/0x7c0
[  112.741126][T11947]  ? packet_rcv+0x2110/0x2110
[  112.745796][T11947]  dev_queue_xmit_nit+0x1125/0x1200
[  112.750998][T11947]  dev_hard_start_xmit+0x21e/0xab0
[  112.756092][T11947]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  112.761967][T11947]  sch_direct_xmit+0x56c/0x18c0
[  112.766807][T11947]  __dev_queue_xmit+0x212d/0x4200
[  112.771823][T11947]  dev_queue_xmit+0x4b/0x60
[  112.777352][T11947]  ip_finish_output2+0x20d6/0x25d0
[  112.782459][T11947]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  112.788503][T11947]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  112.794476][T11947]  __ip_finish_output+0xaf8/0xda0
[  112.799489][T11947]  ip_finish_output+0x2db/0x420
[  112.804327][T11947]  ip_output+0x541/0x610
[  112.808570][T11947]  ? ip_mc_finish_output+0x6d0/0x6d0
[  112.813836][T11947]  ? ip_finish_output+0x420/0x420
[  112.819100][T11947]  __ip_queue_xmit+0x1caf/0x21f0
[  112.824019][T11947]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  112.829892][T11947]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  112.835946][T11947]  ip_queue_xmit+0xcc/0xf0
[  112.840340][T11947]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  112.845948][T11947]  __tcp_transmit_skb+0x40e3/0x5d90
[  112.851142][T11947]  __tcp_send_ack+0x701/0x840
[  112.855800][T11947]  tcp_send_ack+0x68/0x90
[  112.860109][T11947]  tcp_cleanup_rbuf+0x764/0x800
[  112.864940][T11947]  tcp_recvmsg+0x334d/0x4ff0
[  112.869533][T11947]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  112.875405][T11947]  ? tcp_mmap+0x150/0x150
[  112.879711][T11947]  ? tcp_mmap+0x150/0x150
[  112.884016][T11947]  inet_recvmsg+0x237/0x7d0
[  112.888495][T11947]  ? inet_sendpage+0x2c0/0x2c0
[  112.893236][T11947]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  112.899109][T11947]  ? inet_sendpage+0x2c0/0x2c0
[  112.903908][T11947]  ? inet_sendpage+0x2c0/0x2c0
[  112.908667][T11947]  sock_read_iter+0x5be/0x660
[  112.913334][T11947]  ? kernel_sock_ip_overhead+0x340/0x340
[  112.918948][T11947]  __vfs_read+0xa67/0xc90
[  112.924048][T11947]  vfs_read+0x359/0x6f0
[  112.928188][T11947]  ksys_read+0x265/0x430
[  112.932424][T11947]  __se_sys_read+0x92/0xb0
[  112.936822][T11947]  __x64_sys_read+0x4a/0x70
[  112.941305][T11947]  do_syscall_64+0xb6/0x160
[  112.945790][T11947]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  112.951656][T11947] RIP: 0033:0x47fd44
[  112.955545][T11947] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  112.975139][T11947] RSP: 002b:000000c420399760 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  112.983548][T11947] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44
[  112.991538][T11947] RDX: 0000000000001000 RSI: 000000c42030e000 RDI: 0000000000000003
[  112.999506][T11947] RBP: 000000c4203997b0 R08: 0000000000000000 R09: 0000000000000000
[  113.007463][T11947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  113.015416][T11947] R13: 0000000000000004 R14: 0000000000000002 R15: ffffffffffffffff
[  113.023373][T11947] 
[  113.025679][T11947] Uninit was stored to memory at:
[  113.030685][T11947]  kmsan_internal_chain_origin+0xbd/0x180
[  113.036393][T11947]  __msan_chain_origin+0x6b/0xd0
[  113.041327][T11947]  ___slab_alloc+0x1dbc/0x1fb0
[  113.046071][T11947]  kmem_cache_alloc+0xadf/0xd20
[  113.050909][T11947]  skb_clone+0x326/0x5d0
[  113.055129][T11947]  dev_queue_xmit_nit+0x539/0x1200
[  113.060214][T11947]  dev_hard_start_xmit+0x21e/0xab0
[  113.065301][T11947]  sch_direct_xmit+0x56c/0x18c0
[  113.070130][T11947]  __dev_queue_xmit+0x212d/0x4200
[  113.075131][T11947]  dev_queue_xmit+0x4b/0x60
[  113.079613][T11947]  ip_finish_output2+0x20d6/0x25d0
[  113.084698][T11947]  __ip_finish_output+0xaf8/0xda0
[  113.089705][T11947]  ip_finish_output+0x2db/0x420
[  113.094531][T11947]  ip_output+0x541/0x610
[  113.098759][T11947]  __ip_queue_xmit+0x1caf/0x21f0
[  113.103673][T11947]  ip_queue_xmit+0xcc/0xf0
[  113.108062][T11947]  __tcp_transmit_skb+0x40e3/0x5d90
[  113.113235][T11947]  __tcp_send_ack+0x701/0x840
[  113.117900][T11947]  tcp_send_ack+0x68/0x90
[  113.122206][T11947]  tcp_cleanup_rbuf+0x764/0x800
[  113.127029][T11947]  tcp_recvmsg+0x334d/0x4ff0
[  113.131612][T11947]  inet_recvmsg+0x237/0x7d0
[  113.136091][T11947]  sock_read_iter+0x5be/0x660
[  113.140742][T11947]  __vfs_read+0xa67/0xc90
[  113.145217][T11947]  vfs_read+0x359/0x6f0
[  113.149362][T11947]  ksys_read+0x265/0x430
[  113.153578][T11947]  __se_sys_read+0x92/0xb0
[  113.157969][T11947]  __x64_sys_read+0x4a/0x70
[  113.162461][T11947]  do_syscall_64+0xb6/0x160
[  113.166941][T11947]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  113.172804][T11947] 
[  113.175108][T11947] Uninit was created at:
[  113.179327][T11947]  kmsan_internal_poison_shadow+0x60/0x120
[  113.185124][T11947]  kmsan_slab_free+0x8d/0xf0
[  113.189687][T11947]  kmem_cache_free_bulk+0x3ad9/0x3f10
[  113.195037][T11947]  __kfree_skb_flush+0xb0/0x100
[  113.199862][T11947]  net_rx_action+0x1a5e/0x1aa0
[  113.204603][T11947]  __do_softirq+0x4a1/0x83a
[  113.209079][T11947]  irq_exit+0x230/0x280
[  113.213211][T11947]  do_IRQ+0x123/0x360
[  113.217167][T11947]  ret_from_intr+0x0/0x33
[  113.221473][T11947]  kmsan_get_shadow_origin_ptr+0x19f/0x4b0
[  113.227257][T11947]  __msan_metadata_ptr_for_load_4+0x10/0x20
[  113.233127][T11947]  __skb_datagram_iter+0xde/0xe60
[  113.238125][T11947]  skb_copy_datagram_iter+0x29c/0x2b0
[  113.243472][T11947]  tcp_recvmsg+0x1e61/0x4ff0
[  113.248034][T11947]  inet_recvmsg+0x237/0x7d0
[  113.252511][T11947]  sock_read_iter+0x5be/0x660
[  113.257170][T11947]  __vfs_read+0xa67/0xc90
[  113.261472][T11947]  vfs_read+0x359/0x6f0
[  113.265616][T11947]  ksys_read+0x265/0x430
[  113.269832][T11947]  __se_sys_read+0x92/0xb0
[  113.274221][T11947]  __x64_sys_read+0x4a/0x70
[  113.278701][T11947]  do_syscall_64+0xb6/0x160
[  113.283183][T11947]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  113.289044][T11947] =====================================================
[  113.296028][T11947] Disabling lock debugging due to kernel taint
[  113.302182][T11947] Kernel panic - not syncing: panic_on_warn set ...
[  113.308828][T11947] CPU: 0 PID: 11947 Comm: syz-fuzzer Tainted: G    B             5.4.0-rc5+ #0
[  113.317735][T11947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  113.327771][T11947] Call Trace:
[  113.331051][T11947]  dump_stack+0x191/0x1f0
[  113.335366][T11947]  panic+0x3c9/0xc1e
[  113.339258][T11947]  kmsan_report+0x215/0x220
[  113.343747][T11947]  __msan_warning+0x73/0xe0
[  113.348246][T11947]  kmem_cache_free+0x3df/0x2b70
[  113.353078][T11947]  ? kmsan_internal_set_origin+0x6a/0xb0
[  113.358687][T11947]  ? kfree_skb+0x473/0x4c0
[  113.363100][T11947]  ? kmsan_internal_unpoison_shadow+0x42/0x80
[  113.369180][T11947]  kfree_skb+0x473/0x4c0
[  113.373418][T11947]  ? packet_rcv_spkt+0x68d/0x7c0
[  113.378343][T11947]  packet_rcv_spkt+0x68d/0x7c0
[  113.383093][T11947]  ? packet_rcv+0x2110/0x2110
[  113.387750][T11947]  dev_queue_xmit_nit+0x1125/0x1200
[  113.392939][T11947]  dev_hard_start_xmit+0x21e/0xab0
[  113.398039][T11947]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  113.403915][T11947]  sch_direct_xmit+0x56c/0x18c0
[  113.408762][T11947]  __dev_queue_xmit+0x212d/0x4200
[  113.413781][T11947]  dev_queue_xmit+0x4b/0x60
[  113.418269][T11947]  ip_finish_output2+0x20d6/0x25d0
[  113.423363][T11947]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  113.429421][T11947]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  113.435407][T11947]  __ip_finish_output+0xaf8/0xda0
[  113.440420][T11947]  ip_finish_output+0x2db/0x420
[  113.445255][T11947]  ip_output+0x541/0x610
[  113.449484][T11947]  ? ip_mc_finish_output+0x6d0/0x6d0
[  113.454750][T11947]  ? ip_finish_output+0x420/0x420
[  113.459752][T11947]  __ip_queue_xmit+0x1caf/0x21f0
[  113.464670][T11947]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  113.470559][T11947]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  113.476617][T11947]  ip_queue_xmit+0xcc/0xf0
[  113.481026][T11947]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  113.486667][T11947]  __tcp_transmit_skb+0x40e3/0x5d90
[  113.491888][T11947]  __tcp_send_ack+0x701/0x840
[  113.496560][T11947]  tcp_send_ack+0x68/0x90
[  113.500888][T11947]  tcp_cleanup_rbuf+0x764/0x800
[  113.505729][T11947]  tcp_recvmsg+0x334d/0x4ff0
[  113.510329][T11947]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  113.516200][T11947]  ? tcp_mmap+0x150/0x150
[  113.520507][T11947]  ? tcp_mmap+0x150/0x150
[  113.524817][T11947]  inet_recvmsg+0x237/0x7d0
[  113.529319][T11947]  ? inet_sendpage+0x2c0/0x2c0
[  113.534067][T11947]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  113.539937][T11947]  ? inet_sendpage+0x2c0/0x2c0
[  113.544695][T11947]  ? inet_sendpage+0x2c0/0x2c0
[  113.549457][T11947]  sock_read_iter+0x5be/0x660
[  113.554135][T11947]  ? kernel_sock_ip_overhead+0x340/0x340
[  113.559755][T11947]  __vfs_read+0xa67/0xc90
[  113.564076][T11947]  vfs_read+0x359/0x6f0
[  113.568217][T11947]  ksys_read+0x265/0x430
[  113.572446][T11947]  __se_sys_read+0x92/0xb0
[  113.576845][T11947]  __x64_sys_read+0x4a/0x70
[  113.581370][T11947]  do_syscall_64+0xb6/0x160
[  113.585855][T11947]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  113.591724][T11947] RIP: 0033:0x47fd44
[  113.595606][T11947] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  113.615237][T11947] RSP: 002b:000000c420399760 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  113.623633][T11947] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44
[  113.631584][T11947] RDX: 0000000000001000 RSI: 000000c42030e000 RDI: 0000000000000003
[  113.639562][T11947] RBP: 000000c4203997b0 R08: 0000000000000000 R09: 0000000000000000
[  113.647519][T11947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  113.655487][T11947] R13: 0000000000000004 R14: 0000000000000002 R15: ffffffffffffffff
[  113.664810][T11947] Kernel Offset: disabled
[  113.669169][T11947] Rebooting in 86400 seconds..