[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   76.301328][   T32] audit: type=1800 audit(1570609433.344:25): pid=10930 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   76.328930][   T32] audit: type=1800 audit(1570609433.374:26): pid=10930 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   76.372033][   T32] audit: type=1800 audit(1570609433.404:27): pid=10930 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.35' (ECDSA) to the list of known hosts.
2019/10/09 08:24:09 fuzzer started
2019/10/09 08:24:13 dialing manager at 10.128.0.26:43589
2019/10/09 08:24:13 syscalls: 2412
2019/10/09 08:24:13 code coverage: enabled
2019/10/09 08:24:13 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/10/09 08:24:13 extra coverage: enabled
2019/10/09 08:24:13 setuid sandbox: enabled
2019/10/09 08:24:13 namespace sandbox: enabled
2019/10/09 08:24:13 Android sandbox: /sys/fs/selinux/policy does not exist
2019/10/09 08:24:13 fault injection: enabled
2019/10/09 08:24:13 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/10/09 08:24:13 net packet injection: enabled
2019/10/09 08:24:13 net device setup: enabled
2019/10/09 08:24:13 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
syzkaller login: [  102.896661][T11078] =====================================================
[  102.903665][T11078] BUG: KMSAN: use-after-free in kfree_skb+0x473/0x4c0
[  102.910439][T11078] CPU: 1 PID: 11078 Comm: syz-fuzzer Not tainted 5.3.0-rc7+ #0
[  102.917975][T11078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  102.928028][T11078] Call Trace:
[  102.931335][T11078]  dump_stack+0x191/0x1f0
[  102.935692][T11078]  kmsan_report+0x17d/0x2f0
[  102.940204][T11078]  __msan_warning+0x73/0xe0
[  102.944720][T11078]  kmem_cache_free+0x3df/0x2b70
[  102.949591][T11078]  ? kmsan_internal_set_origin+0x6a/0xb0
[  102.955227][T11078]  ? kfree_skb+0x473/0x4c0
[  102.959675][T11078]  ? kmsan_internal_unpoison_shadow+0x42/0x80
[  102.965801][T11078]  kfree_skb+0x473/0x4c0
[  102.970061][T11078]  ? packet_rcv_spkt+0x719/0x840
[  102.974985][T11078]  packet_rcv_spkt+0x719/0x840
[  102.979780][T11078]  ? packet_rcv+0x2190/0x2190
[  102.984437][T11078]  dev_queue_xmit_nit+0x1125/0x1200
[  102.989623][T11078]  dev_hard_start_xmit+0x21e/0xab0
[  102.995209][T11078]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  103.001090][T11078]  sch_direct_xmit+0x56c/0x18c0
[  103.005934][T11078]  __dev_queue_xmit+0x1e53/0x4270
[  103.011063][T11078]  dev_queue_xmit+0x4b/0x60
[  103.015583][T11078]  ip_finish_output2+0x20c6/0x25d0
[  103.020687][T11078]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  103.026742][T11078]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  103.032722][T11078]  __ip_finish_output+0xaf8/0xda0
[  103.037733][T11078]  ip_finish_output+0x2db/0x420
[  103.042570][T11078]  ip_output+0x541/0x610
[  103.046793][T11078]  ? ip_mc_finish_output+0x6d0/0x6d0
[  103.052054][T11078]  ? ip_finish_output+0x420/0x420
[  103.057053][T11078]  __ip_queue_xmit+0x1caf/0x21f0
[  103.061990][T11078]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  103.067885][T11078]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  103.073941][T11078]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  103.080000][T11078]  ip_queue_xmit+0xcc/0xf0
[  103.084397][T11078]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  103.090007][T11078]  __tcp_transmit_skb+0x409e/0x5c60
[  103.095219][T11078]  __tcp_send_ack+0x701/0x840
[  103.099878][T11078]  tcp_send_ack+0x68/0x90
[  103.104187][T11078]  tcp_cleanup_rbuf+0x764/0x800
[  103.109019][T11078]  tcp_recvmsg+0x334d/0x4ff0
[  103.113609][T11078]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  103.119493][T11078]  ? tcp_mmap+0x150/0x150
[  103.123794][T11078]  ? tcp_mmap+0x150/0x150
[  103.128099][T11078]  inet_recvmsg+0x237/0x7d0
[  103.132584][T11078]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  103.138465][T11078]  ? inet_sendpage+0x2c0/0x2c0
[  103.143205][T11078]  ? inet_sendpage+0x2c0/0x2c0
[  103.147960][T11078]  sock_read_iter+0x5be/0x660
[  103.152630][T11078]  ? kernel_sock_ip_overhead+0x340/0x340
[  103.158239][T11078]  __vfs_read+0xa67/0xc90
[  103.162556][T11078]  vfs_read+0x359/0x6f0
[  103.166692][T11078]  ksys_read+0x265/0x430
[  103.170924][T11078]  __se_sys_read+0x92/0xb0
[  103.175322][T11078]  __x64_sys_read+0x4a/0x70
[  103.179810][T11078]  do_syscall_64+0xbc/0xf0
[  103.184206][T11078]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  103.190084][T11078] RIP: 0033:0x47fd44
[  103.193965][T11078] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  103.213642][T11078] RSP: 002b:000000c4203d1710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  103.222474][T11078] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44
[  103.230770][T11078] RDX: 0000000000001000 RSI: 000000c420378000 RDI: 0000000000000003
[  103.238719][T11078] RBP: 000000c4203d1760 R08: 0000000000000000 R09: 0000000000000000
[  103.246668][T11078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  103.254618][T11078] R13: 0000000000000008 R14: 0000000000000002 R15: ffffffffffffffff
[  103.262587][T11078] 
[  103.264890][T11078] Uninit was stored to memory at:
[  103.269907][T11078]  kmsan_internal_chain_origin+0xde/0x190
[  103.275600][T11078]  __msan_chain_origin+0x6b/0xe0
[  103.280517][T11078]  ___slab_alloc+0x1dbc/0x1fb0
[  103.285256][T11078]  kmem_cache_alloc+0xade/0xd10
[  103.290083][T11078]  skb_clone+0x326/0x5d0
[  103.294301][T11078]  dev_queue_xmit_nit+0x539/0x1200
[  103.299389][T11078]  dev_hard_start_xmit+0x21e/0xab0
[  103.304497][T11078]  sch_direct_xmit+0x56c/0x18c0
[  103.309326][T11078]  __dev_queue_xmit+0x1e53/0x4270
[  103.314325][T11078]  dev_queue_xmit+0x4b/0x60
[  103.319087][T11078]  ip_finish_output2+0x20c6/0x25d0
[  103.324195][T11078]  __ip_finish_output+0xaf8/0xda0
[  103.329201][T11078]  ip_finish_output+0x2db/0x420
[  103.334032][T11078]  ip_output+0x541/0x610
[  103.338259][T11078]  __ip_queue_xmit+0x1caf/0x21f0
[  103.343180][T11078]  ip_queue_xmit+0xcc/0xf0
[  103.347581][T11078]  __tcp_transmit_skb+0x409e/0x5c60
[  103.352756][T11078]  __tcp_send_ack+0x701/0x840
[  103.357410][T11078]  tcp_send_ack+0x68/0x90
[  103.361725][T11078]  tcp_cleanup_rbuf+0x764/0x800
[  103.366547][T11078]  tcp_recvmsg+0x334d/0x4ff0
[  103.371124][T11078]  inet_recvmsg+0x237/0x7d0
[  103.375602][T11078]  sock_read_iter+0x5be/0x660
[  103.380261][T11078]  __vfs_read+0xa67/0xc90
[  103.384563][T11078]  vfs_read+0x359/0x6f0
[  103.388702][T11078]  ksys_read+0x265/0x430
[  103.392930][T11078]  __se_sys_read+0x92/0xb0
[  103.397323][T11078]  __x64_sys_read+0x4a/0x70
[  103.401804][T11078]  do_syscall_64+0xbc/0xf0
[  103.406210][T11078]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  103.412083][T11078] 
[  103.414391][T11078] Uninit was created at:
[  103.418609][T11078]  kmsan_internal_poison_shadow+0x60/0x120
[  103.424405][T11078]  kmsan_slab_free+0x8d/0x100
[  103.429102][T11078]  kmem_cache_free_bulk+0x3ad9/0x3f50
[  103.434519][T11078]  __kfree_skb_flush+0xb0/0x100
[  103.439396][T11078]  net_rx_action+0x1908/0x1950
[  103.444157][T11078]  __do_softirq+0x4a1/0x83a
[  103.448649][T11078]  irq_exit+0x230/0x280
[  103.452784][T11078]  do_IRQ+0x20d/0x3a0
[  103.456792][T11078]  ret_from_intr+0x0/0x33
[  103.461100][T11078]  _raw_spin_unlock_irqrestore+0x4b/0x70
[  103.466709][T11078]  hrtimer_start_range_ns+0x1570/0x16b0
[  103.472230][T11078]  schedule_hrtimeout_range_clock+0x2e2/0x560
[  103.478269][T11078]  schedule_hrtimeout_range+0x97/0xb0
[  103.483619][T11078]  do_select+0x2c3c/0x2df0
[  103.488451][T11078]  core_sys_select+0x949/0xe90
[  103.493195][T11078]  __se_sys_pselect6+0x741/0x8e0
[  103.498158][T11078]  __x64_sys_pselect6+0x6e/0x90
[  103.502996][T11078]  do_syscall_64+0xbc/0xf0
[  103.507401][T11078]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  103.513269][T11078] =====================================================
[  103.520181][T11078] Disabling lock debugging due to kernel taint
[  103.526310][T11078] Kernel panic - not syncing: panic_on_warn set ...
[  103.532906][T11078] CPU: 1 PID: 11078 Comm: syz-fuzzer Tainted: G    B             5.3.0-rc7+ #0
[  103.541833][T11078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  103.551873][T11078] Call Trace:
[  103.555155][T11078]  dump_stack+0x191/0x1f0
[  103.559651][T11078]  panic+0x3c9/0xc1e
[  103.563547][T11078]  kmsan_report+0x2e5/0x2f0
[  103.568031][T11078]  __msan_warning+0x73/0xe0
[  103.572521][T11078]  kmem_cache_free+0x3df/0x2b70
[  103.577346][T11078]  ? kmsan_internal_set_origin+0x6a/0xb0
[  103.582952][T11078]  ? kfree_skb+0x473/0x4c0
[  103.587431][T11078]  ? kmsan_internal_unpoison_shadow+0x42/0x80
[  103.593492][T11078]  kfree_skb+0x473/0x4c0
[  103.597715][T11078]  ? packet_rcv_spkt+0x719/0x840
[  103.602632][T11078]  packet_rcv_spkt+0x719/0x840
[  103.607389][T11078]  ? packet_rcv+0x2190/0x2190
[  103.612051][T11078]  dev_queue_xmit_nit+0x1125/0x1200
[  103.617249][T11078]  dev_hard_start_xmit+0x21e/0xab0
[  103.623140][T11078]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  103.629016][T11078]  sch_direct_xmit+0x56c/0x18c0
[  103.633859][T11078]  __dev_queue_xmit+0x1e53/0x4270
[  103.638876][T11078]  dev_queue_xmit+0x4b/0x60
[  103.643362][T11078]  ip_finish_output2+0x20c6/0x25d0
[  103.648450][T11078]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  103.654494][T11078]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  103.660462][T11078]  __ip_finish_output+0xaf8/0xda0
[  103.665471][T11078]  ip_finish_output+0x2db/0x420
[  103.670306][T11078]  ip_output+0x541/0x610
[  103.674541][T11078]  ? ip_mc_finish_output+0x6d0/0x6d0
[  103.679806][T11078]  ? ip_finish_output+0x420/0x420
[  103.684806][T11078]  __ip_queue_xmit+0x1caf/0x21f0
[  103.689722][T11078]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  103.695601][T11078]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  103.701640][T11078]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  103.707702][T11078]  ip_queue_xmit+0xcc/0xf0
[  103.712099][T11078]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  103.717712][T11078]  __tcp_transmit_skb+0x409e/0x5c60
[  103.722906][T11078]  __tcp_send_ack+0x701/0x840
[  103.727577][T11078]  tcp_send_ack+0x68/0x90
[  103.731896][T11078]  tcp_cleanup_rbuf+0x764/0x800
[  103.736725][T11078]  tcp_recvmsg+0x334d/0x4ff0
[  103.741316][T11078]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  103.747190][T11078]  ? tcp_mmap+0x150/0x150
[  103.751493][T11078]  ? tcp_mmap+0x150/0x150
[  103.755804][T11078]  inet_recvmsg+0x237/0x7d0
[  103.760292][T11078]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  103.766164][T11078]  ? inet_sendpage+0x2c0/0x2c0
[  103.770904][T11078]  ? inet_sendpage+0x2c0/0x2c0
[  103.775644][T11078]  sock_read_iter+0x5be/0x660
[  103.780307][T11078]  ? kernel_sock_ip_overhead+0x340/0x340
[  103.785927][T11078]  __vfs_read+0xa67/0xc90
[  103.790245][T11078]  vfs_read+0x359/0x6f0
[  103.794393][T11078]  ksys_read+0x265/0x430
[  103.798618][T11078]  __se_sys_read+0x92/0xb0
[  103.803013][T11078]  __x64_sys_read+0x4a/0x70
[  103.807501][T11078]  do_syscall_64+0xbc/0xf0
[  103.811897][T11078]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  103.817766][T11078] RIP: 0033:0x47fd44
[  103.821644][T11078] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  103.842006][T11078] RSP: 002b:000000c4203d1710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  103.850493][T11078] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44
[  103.858452][T11078] RDX: 0000000000001000 RSI: 000000c420378000 RDI: 0000000000000003
[  103.866412][T11078] RBP: 000000c4203d1760 R08: 0000000000000000 R09: 0000000000000000
[  103.874361][T11078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  103.882315][T11078] R13: 0000000000000008 R14: 0000000000000002 R15: ffffffffffffffff
[  103.891628][T11078] Kernel Offset: disabled
[  103.895954][T11078] Rebooting in 86400 seconds..