[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   82.568236][   T32] audit: type=1800 audit(1570181327.617:25): pid=11377 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   82.615628][   T32] audit: type=1800 audit(1570181327.647:26): pid=11377 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   82.636343][   T32] audit: type=1800 audit(1570181327.657:27): pid=11377 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.106' (ECDSA) to the list of known hosts.
2019/10/04 09:29:00 fuzzer started
2019/10/04 09:29:05 dialing manager at 10.128.0.26:46029
2019/10/04 09:29:05 syscalls: 2412
2019/10/04 09:29:05 code coverage: enabled
2019/10/04 09:29:05 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/10/04 09:29:05 extra coverage: enabled
2019/10/04 09:29:05 setuid sandbox: enabled
2019/10/04 09:29:05 namespace sandbox: enabled
2019/10/04 09:29:05 Android sandbox: /sys/fs/selinux/policy does not exist
2019/10/04 09:29:05 fault injection: enabled
2019/10/04 09:29:05 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/10/04 09:29:05 net packet injection: enabled
2019/10/04 09:29:05 net device setup: enabled
syzkaller login: [  109.012532][T11538] =====================================================
[  109.019569][T11538] BUG: KMSAN: uninit-value in kfree_skb+0x473/0x4c0
[  109.026179][T11538] CPU: 0 PID: 11538 Comm: syz-fuzzer Not tainted 5.3.0-rc7+ #0
[  109.033724][T11538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  109.043797][T11538] Call Trace:
[  109.047115][T11538]  dump_stack+0x191/0x1f0
[  109.051462][T11538]  kmsan_report+0x13a/0x2b0
[  109.056088][T11538]  __msan_warning+0x73/0xe0
[  109.062851][T11538]  kmem_cache_free+0x3df/0x2b70
[  109.067715][T11538]  ? kmsan_internal_set_origin+0x6a/0xb0
[  109.073558][T11538]  ? kfree_skb+0x473/0x4c0
[  109.078020][T11538]  ? kmsan_internal_unpoison_shadow+0x42/0x80
[  109.084141][T11538]  kfree_skb+0x473/0x4c0
[  109.088502][T11538]  ? packet_rcv_spkt+0x719/0x840
[  109.096225][T11538]  packet_rcv_spkt+0x719/0x840
[  109.100977][T11538]  ? packet_rcv+0x2190/0x2190
[  109.105771][T11538]  dev_queue_xmit_nit+0x1125/0x1200
[  109.111167][T11538]  dev_hard_start_xmit+0x21e/0xab0
[  109.116280][T11538]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  109.122166][T11538]  sch_direct_xmit+0x56c/0x18c0
[  109.127103][T11538]  __dev_queue_xmit+0x1e53/0x4270
[  109.132125][T11538]  dev_queue_xmit+0x4b/0x60
[  109.136615][T11538]  ip_finish_output2+0x20c6/0x25d0
[  109.141704][T11538]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  109.147923][T11538]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  109.153894][T11538]  __ip_finish_output+0xaf8/0xda0
[  109.158906][T11538]  ip_finish_output+0x2db/0x420
[  109.163759][T11538]  ip_output+0x541/0x610
[  109.168002][T11538]  ? ip_mc_finish_output+0x6d0/0x6d0
[  109.173281][T11538]  ? ip_finish_output+0x420/0x420
[  109.178665][T11538]  __ip_queue_xmit+0x1caf/0x21f0
[  109.183591][T11538]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  109.191034][T11538]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  109.197255][T11538]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  109.203339][T11538]  ip_queue_xmit+0xcc/0xf0
[  109.207749][T11538]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  109.213404][T11538]  __tcp_transmit_skb+0x409e/0x5c60
[  109.218601][T11538]  __tcp_send_ack+0x701/0x840
[  109.223305][T11538]  tcp_send_ack+0x68/0x90
[  109.227755][T11538]  tcp_cleanup_rbuf+0x764/0x800
[  109.232602][T11538]  tcp_recvmsg+0x334d/0x4ff0
[  109.237206][T11538]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  109.243090][T11538]  ? tcp_mmap+0x150/0x150
[  109.247447][T11538]  ? tcp_mmap+0x150/0x150
[  109.251768][T11538]  inet_recvmsg+0x237/0x7d0
[  109.256279][T11538]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  109.262168][T11538]  ? inet_sendpage+0x2c0/0x2c0
[  109.266913][T11538]  ? inet_sendpage+0x2c0/0x2c0
[  109.271657][T11538]  sock_read_iter+0x5be/0x660
[  109.277133][T11538]  ? kernel_sock_ip_overhead+0x340/0x340
[  109.282786][T11538]  __vfs_read+0xa67/0xc90
[  109.287140][T11538]  vfs_read+0x359/0x6f0
[  109.292611][T11538]  ksys_read+0x265/0x430
[  109.296869][T11538]  __se_sys_read+0x92/0xb0
[  109.301278][T11538]  __x64_sys_read+0x4a/0x70
[  109.305983][T11538]  do_syscall_64+0xbc/0xf0
[  109.310386][T11538]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  109.316711][T11538] RIP: 0033:0x47fd44
[  109.321119][T11538] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  109.340999][T11538] RSP: 002b:000000c4201c5710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  109.349738][T11538] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44
[  109.357867][T11538] RDX: 0000000000001000 RSI: 000000c420358000 RDI: 0000000000000003
[  109.366100][T11538] RBP: 000000c4201c5760 R08: 0000000000000000 R09: 0000000000000000
[  109.374433][T11538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000080
[  109.382589][T11538] R13: 0000000000000080 R14: 0000000000000020 R15: ffffffffffffffff
[  109.390660][T11538] 
[  109.392991][T11538] Uninit was stored to memory at:
[  109.398026][T11538]  kmsan_internal_chain_origin+0xd2/0x170
[  109.403859][T11538]  __msan_chain_origin+0x6b/0xe0
[  109.408796][T11538]  ___slab_alloc+0x1dbc/0x1fb0
[  109.413906][T11538]  kmem_cache_alloc+0xade/0xd10
[  109.418778][T11538]  skb_clone+0x326/0x5d0
[  109.423456][T11538]  dev_queue_xmit_nit+0x539/0x1200
[  109.428784][T11538]  dev_hard_start_xmit+0x21e/0xab0
[  109.433917][T11538]  sch_direct_xmit+0x56c/0x18c0
[  109.439018][T11538]  __dev_queue_xmit+0x1e53/0x4270
[  109.444151][T11538]  dev_queue_xmit+0x4b/0x60
[  109.449336][T11538]  ip_finish_output2+0x20c6/0x25d0
[  109.454704][T11538]  __ip_finish_output+0xaf8/0xda0
[  109.459761][T11538]  ip_finish_output+0x2db/0x420
[  109.464950][T11538]  ip_output+0x541/0x610
[  109.469485][T11538]  __ip_queue_xmit+0x1caf/0x21f0
[  109.474674][T11538]  ip_queue_xmit+0xcc/0xf0
[  109.479075][T11538]  __tcp_transmit_skb+0x409e/0x5c60
[  109.484286][T11538]  __tcp_send_ack+0x701/0x840
[  109.489001][T11538]  tcp_send_ack+0x68/0x90
[  109.495549][T11538]  tcp_cleanup_rbuf+0x764/0x800
[  109.500420][T11538]  tcp_recvmsg+0x334d/0x4ff0
[  109.506422][T11538]  inet_recvmsg+0x237/0x7d0
[  109.511029][T11538]  sock_read_iter+0x5be/0x660
[  109.517027][T11538]  __vfs_read+0xa67/0xc90
[  109.521375][T11538]  vfs_read+0x359/0x6f0
[  109.526000][T11538]  ksys_read+0x265/0x430
[  109.530242][T11538]  __se_sys_read+0x92/0xb0
[  109.534673][T11538]  __x64_sys_read+0x4a/0x70
[  109.539170][T11538]  do_syscall_64+0xbc/0xf0
[  109.543669][T11538]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  109.549537][T11538] 
[  109.551846][T11538] Uninit was created at:
[  109.556096][T11538]  kmsan_internal_poison_shadow+0x53/0x100
[  109.562180][T11538]  kmsan_slab_free+0x8d/0x100
[  109.566975][T11538]  kmem_cache_free_bulk+0x3ad9/0x3f50
[  109.572350][T11538]  __kfree_skb_flush+0xb0/0x100
[  109.577186][T11538]  net_rx_action+0x1908/0x1950
[  109.581953][T11538]  __do_softirq+0x4a1/0x83a
[  109.586438][T11538]  irq_exit+0x230/0x280
[  109.590655][T11538]  do_IRQ+0x20d/0x3a0
[  109.594642][T11538]  ret_from_intr+0x0/0x33
[  109.599147][T11538]  update_stack_state+0x73/0xb40
[  109.604105][T11538]  unwind_next_frame+0x8a9/0xf70
[  109.609038][T11538]  arch_stack_walk+0x33a/0x3e0
[  109.613800][T11538]  stack_trace_save+0x11c/0x1b0
[  109.618648][T11538]  kmsan_internal_chain_origin+0xd2/0x170
[  109.624355][T11538]  kmsan_memcpy_memmove_metadata+0x25b/0x2d0
[  109.630314][T11538]  kmsan_memcpy_metadata+0xb/0x10
[  109.635317][T11538]  __msan_memcpy+0x56/0x70
[  109.639725][T11538]  sock_read_iter+0x47c/0x660
[  109.644379][T11538]  __vfs_read+0xa67/0xc90
[  109.648696][T11538]  vfs_read+0x359/0x6f0
[  109.652878][T11538]  ksys_read+0x265/0x430
[  109.657109][T11538]  __se_sys_read+0x92/0xb0
[  109.661513][T11538]  __x64_sys_read+0x4a/0x70
[  109.673735][T11538]  do_syscall_64+0xbc/0xf0
[  109.678134][T11538]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  109.686604][T11538] =====================================================
[  109.694355][T11538] Disabling lock debugging due to kernel taint
[  109.700559][T11538] Kernel panic - not syncing: panic_on_warn set ...
[  109.708665][T11538] CPU: 0 PID: 11538 Comm: syz-fuzzer Tainted: G    B             5.3.0-rc7+ #0
[  109.718106][T11538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  109.732272][T11538] Call Trace:
[  109.735568][T11538]  dump_stack+0x191/0x1f0
[  109.739894][T11538]  panic+0x3c9/0xc1e
[  109.743804][T11538]  kmsan_report+0x2a2/0x2b0
[  109.748680][T11538]  __msan_warning+0x73/0xe0
[  109.753185][T11538]  kmem_cache_free+0x3df/0x2b70
[  109.758029][T11538]  ? kmsan_internal_set_origin+0x6a/0xb0
[  109.763658][T11538]  ? kfree_skb+0x473/0x4c0
[  109.768069][T11538]  ? kmsan_internal_unpoison_shadow+0x42/0x80
[  109.774128][T11538]  kfree_skb+0x473/0x4c0
[  109.778361][T11538]  ? packet_rcv_spkt+0x719/0x840
[  109.783635][T11538]  packet_rcv_spkt+0x719/0x840
[  109.788380][T11538]  ? packet_rcv+0x2190/0x2190
[  109.793052][T11538]  dev_queue_xmit_nit+0x1125/0x1200
[  109.798241][T11538]  dev_hard_start_xmit+0x21e/0xab0
[  109.803556][T11538]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  109.809472][T11538]  sch_direct_xmit+0x56c/0x18c0
[  109.814338][T11538]  __dev_queue_xmit+0x1e53/0x4270
[  109.819377][T11538]  dev_queue_xmit+0x4b/0x60
[  109.823871][T11538]  ip_finish_output2+0x20c6/0x25d0
[  109.829050][T11538]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  109.835100][T11538]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  109.841246][T11538]  __ip_finish_output+0xaf8/0xda0
[  109.846269][T11538]  ip_finish_output+0x2db/0x420
[  109.851301][T11538]  ip_output+0x541/0x610
[  109.855634][T11538]  ? ip_mc_finish_output+0x6d0/0x6d0
[  109.861150][T11538]  ? ip_finish_output+0x420/0x420
[  109.866250][T11538]  __ip_queue_xmit+0x1caf/0x21f0
[  109.871272][T11538]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  109.877613][T11538]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  109.883671][T11538]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  109.889740][T11538]  ip_queue_xmit+0xcc/0xf0
[  109.894231][T11538]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  109.899975][T11538]  __tcp_transmit_skb+0x409e/0x5c60
[  109.905427][T11538]  __tcp_send_ack+0x701/0x840
[  109.910115][T11538]  tcp_send_ack+0x68/0x90
[  109.914554][T11538]  tcp_cleanup_rbuf+0x764/0x800
[  109.919392][T11538]  tcp_recvmsg+0x334d/0x4ff0
[  109.923986][T11538]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  109.929858][T11538]  ? tcp_mmap+0x150/0x150
[  109.934171][T11538]  ? tcp_mmap+0x150/0x150
[  109.938484][T11538]  inet_recvmsg+0x237/0x7d0
[  109.942986][T11538]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  109.948876][T11538]  ? inet_sendpage+0x2c0/0x2c0
[  109.953642][T11538]  ? inet_sendpage+0x2c0/0x2c0
[  109.958400][T11538]  sock_read_iter+0x5be/0x660
[  109.963063][T11538]  ? kernel_sock_ip_overhead+0x340/0x340
[  109.968903][T11538]  __vfs_read+0xa67/0xc90
[  109.973244][T11538]  vfs_read+0x359/0x6f0
[  109.977425][T11538]  ksys_read+0x265/0x430
[  109.981667][T11538]  __se_sys_read+0x92/0xb0
[  109.986077][T11538]  __x64_sys_read+0x4a/0x70
[  109.991628][T11538]  do_syscall_64+0xbc/0xf0
[  109.996054][T11538]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  110.002055][T11538] RIP: 0033:0x47fd44
[  110.005959][T11538] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  110.025675][T11538] RSP: 002b:000000c4201c5710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  110.034086][T11538] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44
[  110.042049][T11538] RDX: 0000000000001000 RSI: 000000c420358000 RDI: 0000000000000003
[  110.050023][T11538] RBP: 000000c4201c5760 R08: 0000000000000000 R09: 0000000000000000
[  110.057997][T11538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000080
[  110.066015][T11538] R13: 0000000000000080 R14: 0000000000000020 R15: ffffffffffffffff
[  110.075805][T11538] Kernel Offset: disabled
[  110.080441][T11538] Rebooting in 86400 seconds..