[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   80.319423][   T30] audit: type=1800 audit(1572031197.369:25): pid=11476 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   80.342428][   T30] audit: type=1800 audit(1572031197.389:26): pid=11476 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   80.377433][   T30] audit: type=1800 audit(1572031197.419:27): pid=11476 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.220' (ECDSA) to the list of known hosts.
2019/10/25 19:20:10 fuzzer started
2019/10/25 19:20:15 dialing manager at 10.128.0.26:45117
2019/10/25 19:20:15 syscalls: 2424
2019/10/25 19:20:15 code coverage: enabled
2019/10/25 19:20:15 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/10/25 19:20:15 extra coverage: enabled
2019/10/25 19:20:15 setuid sandbox: enabled
2019/10/25 19:20:15 namespace sandbox: enabled
2019/10/25 19:20:15 Android sandbox: /sys/fs/selinux/policy does not exist
2019/10/25 19:20:15 fault injection: enabled
2019/10/25 19:20:15 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/10/25 19:20:15 net packet injection: enabled
2019/10/25 19:20:15 net device setup: enabled
2019/10/25 19:20:15 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
syzkaller login: [  157.150949][T11625] =====================================================
[  157.158210][T11625] BUG: KMSAN: use-after-free in kmem_cache_free+0x3df/0x2b70
[  157.165586][T11625] CPU: 0 PID: 11625 Comm: syz-fuzzer Not tainted 5.4.0-rc3+ #0
[  157.173122][T11625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  157.183292][T11625] Call Trace:
[  157.186586][T11625]  dump_stack+0x191/0x1f0
[  157.191971][T11625]  kmsan_report+0x128/0x220
[  157.197820][T11625]  __msan_warning+0x73/0xe0
[  157.203186][T11625]  kmem_cache_free+0x3df/0x2b70
[  157.208315][T11625]  ? kmsan_internal_set_origin+0x6a/0xb0
[  157.214093][T11625]  ? kfree_skb+0x473/0x4c0
[  157.218523][T11625]  ? kmsan_internal_unpoison_shadow+0x42/0x80
[  157.224594][T11625]  kfree_skb+0x473/0x4c0
[  157.228991][T11625]  ? packet_rcv_spkt+0x68d/0x7c0
[  157.234197][T11625]  packet_rcv_spkt+0x68d/0x7c0
[  157.238945][T11625]  ? packet_rcv+0x2110/0x2110
[  157.243604][T11625]  dev_queue_xmit_nit+0x1125/0x1200
[  157.248838][T11625]  dev_hard_start_xmit+0x21e/0xab0
[  157.253936][T11625]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  157.259863][T11625]  sch_direct_xmit+0x56c/0x18c0
[  157.264783][T11625]  __dev_queue_xmit+0x212d/0x4200
[  157.269959][T11625]  dev_queue_xmit+0x4b/0x60
[  157.274467][T11625]  ip_finish_output2+0x20d6/0x25d0
[  157.279562][T11625]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  157.285609][T11625]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  157.291652][T11625]  __ip_finish_output+0xaf8/0xda0
[  157.296693][T11625]  ip_finish_output+0x2db/0x420
[  157.301554][T11625]  ip_output+0x541/0x610
[  157.305815][T11625]  ? ip_mc_finish_output+0x6d0/0x6d0
[  157.311105][T11625]  ? ip_finish_output+0x420/0x420
[  157.316135][T11625]  __ip_queue_xmit+0x1caf/0x21f0
[  157.321064][T11625]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  157.326943][T11625]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  157.332992][T11625]  ? should_fail+0x1d2/0xa50
[  157.337812][T11625]  ip_queue_xmit+0xcc/0xf0
[  157.342222][T11625]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  157.347863][T11625]  __tcp_transmit_skb+0x40e3/0x5d90
[  157.353067][T11625]  __tcp_send_ack+0x701/0x840
[  157.357753][T11625]  tcp_send_ack+0x68/0x90
[  157.362073][T11625]  tcp_cleanup_rbuf+0x764/0x800
[  157.366927][T11625]  tcp_recvmsg+0x334d/0x4ff0
[  157.371554][T11625]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  157.377432][T11625]  ? tcp_mmap+0x150/0x150
[  157.381751][T11625]  ? tcp_mmap+0x150/0x150
[  157.386342][T11625]  inet_recvmsg+0x237/0x7d0
[  157.392301][T11625]  ? inet_sendpage+0x2c0/0x2c0
[  157.397200][T11625]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  157.403542][T11625]  ? inet_sendpage+0x2c0/0x2c0
[  157.408299][T11625]  ? inet_sendpage+0x2c0/0x2c0
[  157.413079][T11625]  sock_read_iter+0x5be/0x660
[  157.417985][T11625]  ? kernel_sock_ip_overhead+0x340/0x340
[  157.423637][T11625]  __vfs_read+0xa67/0xc90
[  157.428091][T11625]  vfs_read+0x359/0x6f0
[  157.432235][T11625]  ksys_read+0x265/0x430
[  157.436460][T11625]  __se_sys_read+0x92/0xb0
[  157.440894][T11625]  __x64_sys_read+0x4a/0x70
[  157.445394][T11625]  do_syscall_64+0xb6/0x160
[  157.449889][T11625]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  157.455809][T11625] RIP: 0033:0x47fd44
[  157.459692][T11625] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  157.479289][T11625] RSP: 002b:000000c420353710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  157.487701][T11625] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44
[  157.495673][T11625] RDX: 0000000000001000 RSI: 000000c420364000 RDI: 0000000000000003
[  157.503646][T11625] RBP: 000000c420353760 R08: 0000000000000000 R09: 0000000000000000
[  157.511602][T11625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  157.519553][T11625] R13: 0000000000000004 R14: 0000000000000002 R15: ffffffffffffffff
[  157.527766][T11625] 
[  157.530389][T11625] Uninit was stored to memory at:
[  157.535443][T11625]  kmsan_internal_chain_origin+0xbd/0x180
[  157.541610][T11625]  __msan_chain_origin+0x6b/0xd0
[  157.546669][T11625]  ___slab_alloc+0x1dbc/0x1fb0
[  157.551741][T11625]  kmem_cache_alloc+0xade/0xd10
[  157.556578][T11625]  skb_clone+0x326/0x5d0
[  157.560803][T11625]  dev_queue_xmit_nit+0x539/0x1200
[  157.566012][T11625]  dev_hard_start_xmit+0x21e/0xab0
[  157.571454][T11625]  sch_direct_xmit+0x56c/0x18c0
[  157.576415][T11625]  __dev_queue_xmit+0x212d/0x4200
[  157.581446][T11625]  dev_queue_xmit+0x4b/0x60
[  157.585940][T11625]  ip_finish_output2+0x20d6/0x25d0
[  157.591056][T11625]  __ip_finish_output+0xaf8/0xda0
[  157.596182][T11625]  ip_finish_output+0x2db/0x420
[  157.601040][T11625]  ip_output+0x541/0x610
[  157.605399][T11625]  __ip_queue_xmit+0x1caf/0x21f0
[  157.610633][T11625]  ip_queue_xmit+0xcc/0xf0
[  157.615302][T11625]  __tcp_transmit_skb+0x40e3/0x5d90
[  157.620989][T11625]  __tcp_send_ack+0x701/0x840
[  157.625680][T11625]  tcp_send_ack+0x68/0x90
[  157.630018][T11625]  tcp_cleanup_rbuf+0x764/0x800
[  157.634867][T11625]  tcp_recvmsg+0x334d/0x4ff0
[  157.639639][T11625]  inet_recvmsg+0x237/0x7d0
[  157.644381][T11625]  sock_read_iter+0x5be/0x660
[  157.649347][T11625]  __vfs_read+0xa67/0xc90
[  157.653662][T11625]  vfs_read+0x359/0x6f0
[  157.657799][T11625]  ksys_read+0x265/0x430
[  157.662018][T11625]  __se_sys_read+0x92/0xb0
[  157.666412][T11625]  __x64_sys_read+0x4a/0x70
[  157.670895][T11625]  do_syscall_64+0xb6/0x160
[  157.675393][T11625]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  157.681255][T11625] 
[  157.683558][T11625] Uninit was created at:
[  157.687808][T11625]  kmsan_internal_poison_shadow+0x60/0x120
[  157.693767][T11625]  kmsan_slab_free+0x8d/0xf0
[  157.698332][T11625]  kmem_cache_free_bulk+0x3ad9/0x3f10
[  157.703710][T11625]  __kfree_skb_flush+0xb0/0x100
[  157.709004][T11625]  net_rx_action+0x1a5e/0x1aa0
[  157.713780][T11625]  __do_softirq+0x4a1/0x83a
[  157.718276][T11625]  irq_exit+0x230/0x280
[  157.723013][T11625]  do_IRQ+0x123/0x360
[  157.727122][T11625]  ret_from_intr+0x0/0x33
[  157.731472][T11625]  metadata_is_contiguous+0x259/0x270
[  157.736832][T11625]  kmsan_get_shadow_origin_ptr+0x6e/0x4b0
[  157.742633][T11625]  __msan_metadata_ptr_for_load_4+0x10/0x20
[  157.749496][T11625]  __tcp_transmit_skb+0xf48/0x5d90
[  157.756578][T11625]  __tcp_send_ack+0x701/0x840
[  157.762130][T11625]  tcp_send_ack+0x68/0x90
[  157.768280][T11625]  tcp_cleanup_rbuf+0x764/0x800
[  157.773298][T11625]  tcp_recvmsg+0x334d/0x4ff0
[  157.778493][T11625]  inet_recvmsg+0x237/0x7d0
[  157.784735][T11625]  sock_read_iter+0x5be/0x660
[  157.789430][T11625]  __vfs_read+0xa67/0xc90
[  157.793865][T11625]  vfs_read+0x359/0x6f0
[  157.798021][T11625]  ksys_read+0x265/0x430
[  157.802309][T11625]  __se_sys_read+0x92/0xb0
[  157.807097][T11625]  __x64_sys_read+0x4a/0x70
[  157.812094][T11625]  do_syscall_64+0xb6/0x160
[  157.819100][T11625]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  157.825834][T11625] =====================================================
[  157.834061][T11625] Disabling lock debugging due to kernel taint
[  157.843589][T11625] Kernel panic - not syncing: panic_on_warn set ...
[  157.851475][T11625] CPU: 0 PID: 11625 Comm: syz-fuzzer Tainted: G    B             5.4.0-rc3+ #0
[  157.867802][T11625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  157.878314][T11625] Call Trace:
[  157.882033][T11625]  dump_stack+0x191/0x1f0
[  157.887111][T11625]  panic+0x3c9/0xc1e
[  157.892050][T11625]  kmsan_report+0x215/0x220
[  157.897894][T11625]  __msan_warning+0x73/0xe0
[  157.902545][T11625]  kmem_cache_free+0x3df/0x2b70
[  157.907383][T11625]  ? kmsan_internal_set_origin+0x6a/0xb0
[  157.915566][T11625]  ? kfree_skb+0x473/0x4c0
[  157.920074][T11625]  ? kmsan_internal_unpoison_shadow+0x42/0x80
[  157.926693][T11625]  kfree_skb+0x473/0x4c0
[  157.931808][T11625]  ? packet_rcv_spkt+0x68d/0x7c0
[  157.936818][T11625]  packet_rcv_spkt+0x68d/0x7c0
[  157.941575][T11625]  ? packet_rcv+0x2110/0x2110
[  157.946512][T11625]  dev_queue_xmit_nit+0x1125/0x1200
[  157.951759][T11625]  dev_hard_start_xmit+0x21e/0xab0
[  157.956864][T11625]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  157.962785][T11625]  sch_direct_xmit+0x56c/0x18c0
[  157.967677][T11625]  __dev_queue_xmit+0x212d/0x4200
[  157.972710][T11625]  dev_queue_xmit+0x4b/0x60
[  157.978182][T11625]  ip_finish_output2+0x20d6/0x25d0
[  157.983281][T11625]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  157.990295][T11625]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  157.996441][T11625]  __ip_finish_output+0xaf8/0xda0
[  158.002885][T11625]  ip_finish_output+0x2db/0x420
[  158.008229][T11625]  ip_output+0x541/0x610
[  158.012841][T11625]  ? ip_mc_finish_output+0x6d0/0x6d0
[  158.018122][T11625]  ? ip_finish_output+0x420/0x420
[  158.023399][T11625]  __ip_queue_xmit+0x1caf/0x21f0
[  158.028776][T11625]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  158.036245][T11625]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  158.043306][T11625]  ? should_fail+0x1d2/0xa50
[  158.050079][T11625]  ip_queue_xmit+0xcc/0xf0
[  158.054510][T11625]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  158.060268][T11625]  __tcp_transmit_skb+0x40e3/0x5d90
[  158.066168][T11625]  __tcp_send_ack+0x701/0x840
[  158.070855][T11625]  tcp_send_ack+0x68/0x90
[  158.075296][T11625]  tcp_cleanup_rbuf+0x764/0x800
[  158.081181][T11625]  tcp_recvmsg+0x334d/0x4ff0
[  158.088513][T11625]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  158.094760][T11625]  ? tcp_mmap+0x150/0x150
[  158.099483][T11625]  ? tcp_mmap+0x150/0x150
[  158.103795][T11625]  inet_recvmsg+0x237/0x7d0
[  158.108285][T11625]  ? inet_sendpage+0x2c0/0x2c0
[  158.113032][T11625]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  158.119293][T11625]  ? inet_sendpage+0x2c0/0x2c0
[  158.124040][T11625]  ? inet_sendpage+0x2c0/0x2c0
[  158.128785][T11625]  sock_read_iter+0x5be/0x660
[  158.133482][T11625]  ? kernel_sock_ip_overhead+0x340/0x340
[  158.139587][T11625]  __vfs_read+0xa67/0xc90
[  158.143929][T11625]  vfs_read+0x359/0x6f0
[  158.148125][T11625]  ksys_read+0x265/0x430
[  158.152361][T11625]  __se_sys_read+0x92/0xb0
[  158.156762][T11625]  __x64_sys_read+0x4a/0x70
[  158.161380][T11625]  do_syscall_64+0xb6/0x160
[  158.165893][T11625]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  158.171795][T11625] RIP: 0033:0x47fd44
[  158.175703][T11625] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  158.195514][T11625] RSP: 002b:000000c420353710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  158.204150][T11625] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44
[  158.212240][T11625] RDX: 0000000000001000 RSI: 000000c420364000 RDI: 0000000000000003
[  158.220227][T11625] RBP: 000000c420353760 R08: 0000000000000000 R09: 0000000000000000
[  158.228186][T11625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  158.236155][T11625] R13: 0000000000000004 R14: 0000000000000002 R15: ffffffffffffffff
[  158.245860][T11625] Kernel Offset: disabled
[  158.250291][T11625] Rebooting in 86400 seconds..