[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   82.221954][   T32] audit: type=1800 audit(1572131152.291:25): pid=11577 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   82.246272][   T32] audit: type=1800 audit(1572131152.321:26): pid=11577 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   82.282531][   T32] audit: type=1800 audit(1572131152.341:27): pid=11577 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.44' (ECDSA) to the list of known hosts.
2019/10/26 23:06:08 fuzzer started
2019/10/26 23:06:13 dialing manager at 10.128.0.26:34985
2019/10/26 23:06:13 syscalls: 2424
2019/10/26 23:06:13 code coverage: enabled
2019/10/26 23:06:13 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/10/26 23:06:13 extra coverage: enabled
2019/10/26 23:06:13 setuid sandbox: enabled
2019/10/26 23:06:13 namespace sandbox: enabled
2019/10/26 23:06:13 Android sandbox: /sys/fs/selinux/policy does not exist
2019/10/26 23:06:13 fault injection: enabled
2019/10/26 23:06:13 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/10/26 23:06:13 net packet injection: enabled
2019/10/26 23:06:13 net device setup: enabled
2019/10/26 23:06:13 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
syzkaller login: [  256.091125][T11740] =====================================================
[  256.098276][T11740] BUG: KMSAN: use-after-free in kmem_cache_free+0x3df/0x2b70
[  256.106829][T11740] CPU: 1 PID: 11740 Comm: syz-fuzzer Not tainted 5.4.0-rc3+ #0
[  256.114383][T11740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  256.124554][T11740] Call Trace:
[  256.127868][T11740]  dump_stack+0x191/0x1f0
[  256.132330][T11740]  kmsan_report+0x128/0x220
[  256.136881][T11740]  __msan_warning+0x73/0xe0
[  256.141517][T11740]  kmem_cache_free+0x3df/0x2b70
[  256.147109][T11740]  ? kmsan_internal_set_origin+0x6a/0xb0
[  256.152878][T11740]  ? kfree_skb+0x473/0x4c0
[  256.157330][T11740]  ? kmsan_internal_unpoison_shadow+0x42/0x80
[  256.163442][T11740]  kfree_skb+0x473/0x4c0
[  256.167696][T11740]  ? packet_rcv_spkt+0x68d/0x7c0
[  256.172847][T11740]  packet_rcv_spkt+0x68d/0x7c0
[  256.177734][T11740]  ? packet_rcv+0x2110/0x2110
[  256.182427][T11740]  dev_queue_xmit_nit+0x1125/0x1200
[  256.187847][T11740]  dev_hard_start_xmit+0x21e/0xab0
[  256.193008][T11740]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  256.198927][T11740]  sch_direct_xmit+0x56c/0x18c0
[  256.203811][T11740]  __dev_queue_xmit+0x212d/0x4200
[  256.208913][T11740]  dev_queue_xmit+0x4b/0x60
[  256.213463][T11740]  ip_finish_output2+0x20d6/0x25d0
[  256.218726][T11740]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  256.224894][T11740]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  256.231096][T11740]  __ip_finish_output+0xaf8/0xda0
[  256.236125][T11740]  ip_finish_output+0x2db/0x420
[  256.240980][T11740]  ip_output+0x541/0x610
[  256.245223][T11740]  ? ip_mc_finish_output+0x6d0/0x6d0
[  256.250489][T11740]  ? ip_finish_output+0x420/0x420
[  256.255519][T11740]  __ip_queue_xmit+0x1caf/0x21f0
[  256.260454][T11740]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  256.266341][T11740]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  256.272583][T11740]  ? should_fail+0x1d2/0xa50
[  256.277638][T11740]  ip_queue_xmit+0xcc/0xf0
[  256.282470][T11740]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  256.288115][T11740]  __tcp_transmit_skb+0x40e3/0x5d90
[  256.293326][T11740]  __tcp_send_ack+0x701/0x840
[  256.297999][T11740]  tcp_send_ack+0x68/0x90
[  256.302321][T11740]  tcp_cleanup_rbuf+0x764/0x800
[  256.307172][T11740]  tcp_recvmsg+0x334d/0x4ff0
[  256.311875][T11740]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  256.317793][T11740]  ? tcp_mmap+0x150/0x150
[  256.322237][T11740]  ? tcp_mmap+0x150/0x150
[  256.326740][T11740]  inet_recvmsg+0x237/0x7d0
[  256.331275][T11740]  ? inet_sendpage+0x2c0/0x2c0
[  256.336264][T11740]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  256.342156][T11740]  ? inet_sendpage+0x2c0/0x2c0
[  256.347262][T11740]  ? inet_sendpage+0x2c0/0x2c0
[  256.352190][T11740]  sock_read_iter+0x5be/0x660
[  256.356867][T11740]  ? kernel_sock_ip_overhead+0x340/0x340
[  256.362824][T11740]  __vfs_read+0xa67/0xc90
[  256.367176][T11740]  vfs_read+0x359/0x6f0
[  256.371342][T11740]  ksys_read+0x265/0x430
[  256.375587][T11740]  __se_sys_read+0x92/0xb0
[  256.380923][T11740]  __x64_sys_read+0x4a/0x70
[  256.386032][T11740]  do_syscall_64+0xb6/0x160
[  256.390652][T11740]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  256.396631][T11740] RIP: 0033:0x47fd44
[  256.400523][T11740] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  256.420124][T11740] RSP: 002b:000000c42039f710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  256.428524][T11740] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44
[  256.436589][T11740] RDX: 0000000000001000 RSI: 000000c420352000 RDI: 0000000000000003
[  256.444699][T11740] RBP: 000000c42039f760 R08: 0000000000000000 R09: 0000000000000000
[  256.453558][T11740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  256.462673][T11740] R13: 0000000000000008 R14: 0000000000000040 R15: ffffffffffffffff
[  256.470654][T11740] 
[  256.472964][T11740] Uninit was stored to memory at:
[  256.478012][T11740]  kmsan_internal_chain_origin+0xbd/0x180
[  256.483757][T11740]  __msan_chain_origin+0x6b/0xd0
[  256.488767][T11740]  ___slab_alloc+0x1dbc/0x1fb0
[  256.493513][T11740]  kmem_cache_alloc+0xade/0xd10
[  256.498459][T11740]  skb_clone+0x326/0x5d0
[  256.502734][T11740]  dev_queue_xmit_nit+0x539/0x1200
[  256.507853][T11740]  dev_hard_start_xmit+0x21e/0xab0
[  256.512968][T11740]  sch_direct_xmit+0x56c/0x18c0
[  256.517997][T11740]  __dev_queue_xmit+0x212d/0x4200
[  256.523064][T11740]  dev_queue_xmit+0x4b/0x60
[  256.527636][T11740]  ip_finish_output2+0x20d6/0x25d0
[  256.533266][T11740]  __ip_finish_output+0xaf8/0xda0
[  256.538586][T11740]  ip_finish_output+0x2db/0x420
[  256.543529][T11740]  ip_output+0x541/0x610
[  256.547796][T11740]  __ip_queue_xmit+0x1caf/0x21f0
[  256.552736][T11740]  ip_queue_xmit+0xcc/0xf0
[  256.557246][T11740]  __tcp_transmit_skb+0x40e3/0x5d90
[  256.562440][T11740]  __tcp_send_ack+0x701/0x840
[  256.567123][T11740]  tcp_send_ack+0x68/0x90
[  256.571447][T11740]  tcp_cleanup_rbuf+0x764/0x800
[  256.576576][T11740]  tcp_recvmsg+0x334d/0x4ff0
[  256.581349][T11740]  inet_recvmsg+0x237/0x7d0
[  256.585860][T11740]  sock_read_iter+0x5be/0x660
[  256.590519][T11740]  __vfs_read+0xa67/0xc90
[  256.594827][T11740]  vfs_read+0x359/0x6f0
[  256.598959][T11740]  ksys_read+0x265/0x430
[  256.603175][T11740]  __se_sys_read+0x92/0xb0
[  256.607565][T11740]  __x64_sys_read+0x4a/0x70
[  256.612053][T11740]  do_syscall_64+0xb6/0x160
[  256.616781][T11740]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  256.623013][T11740] 
[  256.626153][T11740] Uninit was created at:
[  256.630436][T11740]  kmsan_internal_poison_shadow+0x60/0x120
[  256.637146][T11740]  kmsan_slab_free+0x8d/0xf0
[  256.641728][T11740]  kmem_cache_free_bulk+0x3ad9/0x3f10
[  256.647214][T11740]  __kfree_skb_flush+0xb0/0x100
[  256.652245][T11740]  net_rx_action+0x1a5e/0x1aa0
[  256.657002][T11740]  __do_softirq+0x4a1/0x83a
[  256.661490][T11740]  irq_exit+0x230/0x280
[  256.666116][T11740]  do_IRQ+0x123/0x360
[  256.670085][T11740]  ret_from_intr+0x0/0x33
[  256.674425][T11740]  kmsan_get_shadow_origin_ptr+0x3c5/0x4b0
[  256.680224][T11740]  __msan_metadata_ptr_for_load_8+0x10/0x20
[  256.686107][T11740]  kmem_cache_free+0x476/0x2b70
[  256.690974][T11740]  __kfree_skb+0x1dd/0x210
[  256.695407][T11740]  tcp_recvmsg+0x27a6/0x4ff0
[  256.699977][T11740]  inet_recvmsg+0x237/0x7d0
[  256.704463][T11740]  sock_read_iter+0x5be/0x660
[  256.709133][T11740]  __vfs_read+0xa67/0xc90
[  256.713757][T11740]  vfs_read+0x359/0x6f0
[  256.717920][T11740]  ksys_read+0x265/0x430
[  256.722162][T11740]  __se_sys_read+0x92/0xb0
[  256.726585][T11740]  __x64_sys_read+0x4a/0x70
[  256.731264][T11740]  do_syscall_64+0xb6/0x160
[  256.735803][T11740]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  256.741922][T11740] =====================================================
[  256.748955][T11740] Disabling lock debugging due to kernel taint
[  256.755096][T11740] Kernel panic - not syncing: panic_on_warn set ...
[  256.761683][T11740] CPU: 1 PID: 11740 Comm: syz-fuzzer Tainted: G    B             5.4.0-rc3+ #0
[  256.770761][T11740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  256.780850][T11740] Call Trace:
[  256.784149][T11740]  dump_stack+0x191/0x1f0
[  256.788477][T11740]  panic+0x3c9/0xc1e
[  256.792485][T11740]  kmsan_report+0x215/0x220
[  256.797355][T11740]  __msan_warning+0x73/0xe0
[  256.801853][T11740]  kmem_cache_free+0x3df/0x2b70
[  256.807380][T11740]  ? kmsan_internal_set_origin+0x6a/0xb0
[  256.816543][T11740]  ? kfree_skb+0x473/0x4c0
[  256.821139][T11740]  ? kmsan_internal_unpoison_shadow+0x42/0x80
[  256.827756][T11740]  kfree_skb+0x473/0x4c0
[  256.832242][T11740]  ? packet_rcv_spkt+0x68d/0x7c0
[  256.837189][T11740]  packet_rcv_spkt+0x68d/0x7c0
[  256.842239][T11740]  ? packet_rcv+0x2110/0x2110
[  256.847120][T11740]  dev_queue_xmit_nit+0x1125/0x1200
[  256.852322][T11740]  dev_hard_start_xmit+0x21e/0xab0
[  256.858058][T11740]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  256.863971][T11740]  sch_direct_xmit+0x56c/0x18c0
[  256.868823][T11740]  __dev_queue_xmit+0x212d/0x4200
[  256.873875][T11740]  dev_queue_xmit+0x4b/0x60
[  256.878460][T11740]  ip_finish_output2+0x20d6/0x25d0
[  256.883566][T11740]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  256.889625][T11740]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  256.895613][T11740]  __ip_finish_output+0xaf8/0xda0
[  256.900850][T11740]  ip_finish_output+0x2db/0x420
[  256.905709][T11740]  ip_output+0x541/0x610
[  256.910037][T11740]  ? ip_mc_finish_output+0x6d0/0x6d0
[  256.915785][T11740]  ? ip_finish_output+0x420/0x420
[  256.920818][T11740]  __ip_queue_xmit+0x1caf/0x21f0
[  256.925768][T11740]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  256.931924][T11740]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  256.937977][T11740]  ? should_fail+0x1d2/0xa50
[  256.942563][T11740]  ip_queue_xmit+0xcc/0xf0
[  256.946969][T11740]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  256.952612][T11740]  __tcp_transmit_skb+0x40e3/0x5d90
[  256.957844][T11740]  __tcp_send_ack+0x701/0x840
[  256.962900][T11740]  tcp_send_ack+0x68/0x90
[  256.967227][T11740]  tcp_cleanup_rbuf+0x764/0x800
[  256.972075][T11740]  tcp_recvmsg+0x334d/0x4ff0
[  256.976861][T11740]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  256.983000][T11740]  ? tcp_mmap+0x150/0x150
[  256.987308][T11740]  ? tcp_mmap+0x150/0x150
[  256.991645][T11740]  inet_recvmsg+0x237/0x7d0
[  256.996263][T11740]  ? inet_sendpage+0x2c0/0x2c0
[  257.001039][T11740]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  257.006925][T11740]  ? inet_sendpage+0x2c0/0x2c0
[  257.011674][T11740]  ? inet_sendpage+0x2c0/0x2c0
[  257.016440][T11740]  sock_read_iter+0x5be/0x660
[  257.021240][T11740]  ? kernel_sock_ip_overhead+0x340/0x340
[  257.026864][T11740]  __vfs_read+0xa67/0xc90
[  257.031382][T11740]  vfs_read+0x359/0x6f0
[  257.035543][T11740]  ksys_read+0x265/0x430
[  257.039774][T11740]  __se_sys_read+0x92/0xb0
[  257.044744][T11740]  __x64_sys_read+0x4a/0x70
[  257.049239][T11740]  do_syscall_64+0xb6/0x160
[  257.053743][T11740]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  257.059628][T11740] RIP: 0033:0x47fd44
[  257.063532][T11740] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  257.083316][T11740] RSP: 002b:000000c42039f710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  257.091768][T11740] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44
[  257.100011][T11740] RDX: 0000000000001000 RSI: 000000c420352000 RDI: 0000000000000003
[  257.108316][T11740] RBP: 000000c42039f760 R08: 0000000000000000 R09: 0000000000000000
[  257.116395][T11740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  257.124632][T11740] R13: 0000000000000008 R14: 0000000000000040 R15: ffffffffffffffff
[  257.134690][T11740] Kernel Offset: disabled
[  257.139174][T11740] Rebooting in 86400 seconds..