[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[  103.808654][   T31] audit: type=1800 audit(1565919768.862:25): pid=11857 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[  103.842290][   T31] audit: type=1800 audit(1565919768.892:26): pid=11857 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[  103.862549][   T31] audit: type=1800 audit(1565919768.902:27): pid=11857 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.10' (ECDSA) to the list of known hosts.
2019/08/16 01:43:03 fuzzer started
2019/08/16 01:43:09 dialing manager at 10.128.0.26:38533
2019/08/16 01:43:10 syscalls: 2376
2019/08/16 01:43:10 code coverage: enabled
2019/08/16 01:43:10 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/08/16 01:43:10 extra coverage: enabled
2019/08/16 01:43:10 setuid sandbox: enabled
2019/08/16 01:43:10 namespace sandbox: enabled
2019/08/16 01:43:10 Android sandbox: /sys/fs/selinux/policy does not exist
2019/08/16 01:43:10 fault injection: enabled
2019/08/16 01:43:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/08/16 01:43:10 net packet injection: enabled
2019/08/16 01:43:10 net device setup: enabled
syzkaller login: [  189.018919][T12008] ==================================================================
[  189.027061][T12008] BUG: KMSAN: uninit-value in kmem_cache_free+0x3df/0x2b70
[  189.034795][T12008] CPU: 0 PID: 12008 Comm: syz-fuzzer Not tainted 5.3.0-rc3+ #17
[  189.042430][T12008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  189.052499][T12008] Call Trace:
[  189.055818][T12008]  dump_stack+0x191/0x1f0
[  189.060184][T12008]  kmsan_report+0x162/0x2d0
[  189.064720][T12008]  __msan_warning+0x75/0xe0
[  189.069261][T12008]  kmem_cache_free+0x3df/0x2b70
[  189.074124][T12008]  ? kfree_skb+0x473/0x4c0
[  189.078545][T12008]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  189.084949][T12008]  kfree_skb+0x473/0x4c0
[  189.089278][T12008]  ? packet_rcv_spkt+0x719/0x840
[  189.094575][T12008]  packet_rcv_spkt+0x719/0x840
[  189.099344][T12008]  ? packet_rcv+0x2190/0x2190
[  189.104011][T12008]  dev_queue_xmit_nit+0x1125/0x1200
[  189.109253][T12008]  dev_hard_start_xmit+0x21e/0xab0
[  189.114374][T12008]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  189.120363][T12008]  sch_direct_xmit+0x56c/0x18c0
[  189.125208][T12008]  ? kmsan_set_origin+0x26d/0x340
[  189.130348][T12008]  __dev_queue_xmit+0x1e53/0x4270
[  189.135406][T12008]  dev_queue_xmit+0x4b/0x60
[  189.139904][T12008]  ip_finish_output2+0x20c6/0x25d0
[  189.145004][T12008]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  189.151056][T12008]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  189.157357][T12008]  __ip_finish_output+0xaf8/0xda0
[  189.163540][T12008]  ip_finish_output+0x2db/0x420
[  189.169097][T12008]  ip_output+0x541/0x610
[  189.173343][T12008]  ? ip_mc_finish_output+0x6d0/0x6d0
[  189.178618][T12008]  ? ip_finish_output+0x420/0x420
[  189.184327][T12008]  __ip_queue_xmit+0x1caf/0x21f0
[  189.189261][T12008]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  189.195236][T12008]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  189.201323][T12008]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  189.207417][T12008]  ip_queue_xmit+0xcc/0xf0
[  189.211847][T12008]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  189.217485][T12008]  __tcp_transmit_skb+0x409e/0x5c60
[  189.222730][T12008]  __tcp_send_ack+0x701/0x840
[  189.227432][T12008]  tcp_send_ack+0x68/0x90
[  189.232133][T12008]  tcp_cleanup_rbuf+0x764/0x800
[  189.236990][T12008]  tcp_recvmsg+0x334d/0x4ff0
[  189.241625][T12008]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  189.247598][T12008]  ? tcp_mmap+0x150/0x150
[  189.251971][T12008]  ? tcp_mmap+0x150/0x150
[  189.256288][T12008]  inet_recvmsg+0x237/0x7d0
[  189.260793][T12008]  ? inet_sendpage+0x2c0/0x2c0
[  189.265549][T12008]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  189.271809][T12008]  ? inet_sendpage+0x2c0/0x2c0
[  189.276746][T12008]  ? inet_sendpage+0x2c0/0x2c0
[  189.281519][T12008]  sock_read_iter+0x5be/0x660
[  189.286237][T12008]  ? kernel_sock_ip_overhead+0x340/0x340
[  189.291965][T12008]  __vfs_read+0xa67/0xc90
[  189.296324][T12008]  vfs_read+0x359/0x6f0
[  189.300777][T12008]  ksys_read+0x265/0x430
[  189.305033][T12008]  __se_sys_read+0x92/0xb0
[  189.309459][T12008]  __x64_sys_read+0x4a/0x70
[  189.313963][T12008]  do_syscall_64+0xbc/0xf0
[  189.318469][T12008]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  189.324377][T12008] RIP: 0033:0x47fcb4
[  189.328272][T12008] Code: ff ff cc cc cc cc e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  189.348234][T12008] RSP: 002b:000000c42014b710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  189.356668][T12008] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcb4
[  189.364655][T12008] RDX: 0000000000001000 RSI: 000000c4202c8000 RDI: 0000000000000003
[  189.372710][T12008] RBP: 000000c42014b760 R08: 0000000000000000 R09: 0000000000000000
[  189.380678][T12008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  189.388645][T12008] R13: 0000000000000008 R14: 0000000000000004 R15: ffffffffffffffff
[  189.396648][T12008] 
[  189.398988][T12008] Uninit was stored to memory at:
[  189.404025][T12008]  kmsan_internal_chain_origin+0xcc/0x150
[  189.409734][T12008]  __msan_chain_origin+0x6b/0xe0
[  189.414681][T12008]  ___slab_alloc+0x1dbc/0x1fb0
[  189.419436][T12008]  kmem_cache_alloc+0xade/0xd10
[  189.424292][T12008]  skb_clone+0x326/0x5d0
[  189.428528][T12008]  dev_queue_xmit_nit+0x539/0x1200
[  189.433639][T12008]  dev_hard_start_xmit+0x21e/0xab0
[  189.438737][T12008]  sch_direct_xmit+0x56c/0x18c0
[  189.443577][T12008]  __dev_queue_xmit+0x1e53/0x4270
[  189.448589][T12008]  dev_queue_xmit+0x4b/0x60
[  189.453079][T12008]  ip_finish_output2+0x20c6/0x25d0
[  189.458176][T12008]  __ip_finish_output+0xaf8/0xda0
[  189.463185][T12008]  ip_finish_output+0x2db/0x420
[  189.468032][T12008]  ip_output+0x541/0x610
[  189.472264][T12008]  __ip_queue_xmit+0x1caf/0x21f0
[  189.477192][T12008]  ip_queue_xmit+0xcc/0xf0
[  189.481627][T12008]  __tcp_transmit_skb+0x409e/0x5c60
[  189.486839][T12008]  __tcp_send_ack+0x701/0x840
[  189.491510][T12008]  tcp_send_ack+0x68/0x90
[  189.495824][T12008]  tcp_cleanup_rbuf+0x764/0x800
[  189.500665][T12008]  tcp_recvmsg+0x334d/0x4ff0
[  189.505248][T12008]  inet_recvmsg+0x237/0x7d0
[  189.509747][T12008]  sock_read_iter+0x5be/0x660
[  189.514417][T12008]  __vfs_read+0xa67/0xc90
[  189.518759][T12008]  vfs_read+0x359/0x6f0
[  189.522904][T12008]  ksys_read+0x265/0x430
[  189.527136][T12008]  __se_sys_read+0x92/0xb0
[  189.531542][T12008]  __x64_sys_read+0x4a/0x70
[  189.536037][T12008]  do_syscall_64+0xbc/0xf0
[  189.540443][T12008]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  189.546312][T12008] 
[  189.548640][T12008] Uninit was created at:
[  189.552895][T12008]  kmsan_internal_poison_shadow+0x53/0xa0
[  189.558605][T12008]  kmsan_slab_free+0x8d/0x100
[  189.563273][T12008]  kmem_cache_free_bulk+0x3ad9/0x3f50
[  189.568632][T12008]  __kfree_skb_flush+0xb0/0x100
[  189.573509][T12008]  net_rx_action+0x1908/0x1950
[  189.578288][T12008]  __do_softirq+0x4a1/0x83a
[  189.582869][T12008]  do_softirq_own_stack+0x49/0x80
[  189.587902][T12008]  __local_bh_enable_ip+0x184/0x1d0
[  189.593091][T12008]  local_bh_enable+0x36/0x40
[  189.597668][T12008]  ipt_do_table+0x2806/0x28e0
[  189.602333][T12008]  iptable_raw_hook+0xb5/0xe0
[  189.606999][T12008]  nf_hook_slow+0x18b/0x3f0
[  189.611502][T12008]  __ip_local_out+0x69b/0x800
[  189.616168][T12008]  __ip_queue_xmit+0x1bdc/0x21f0
[  189.621093][T12008]  ip_queue_xmit+0xcc/0xf0
[  189.625491][T12008]  __tcp_transmit_skb+0x409e/0x5c60
[  189.630764][T12008]  __tcp_send_ack+0x701/0x840
[  189.635464][T12008]  tcp_send_ack+0x68/0x90
[  189.639781][T12008]  tcp_cleanup_rbuf+0x764/0x800
[  189.644620][T12008]  tcp_recvmsg+0x334d/0x4ff0
[  189.649368][T12008]  inet_recvmsg+0x237/0x7d0
[  189.655439][T12008]  sock_read_iter+0x5be/0x660
[  189.660569][T12008]  __vfs_read+0xa67/0xc90
[  189.665483][T12008]  vfs_read+0x359/0x6f0
[  189.669644][T12008]  ksys_read+0x265/0x430
[  189.673879][T12008]  __se_sys_read+0x92/0xb0
[  189.678293][T12008]  __x64_sys_read+0x4a/0x70
[  189.682786][T12008]  do_syscall_64+0xbc/0xf0
[  189.687197][T12008]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  189.693162][T12008] ==================================================================
[  189.701208][T12008] Disabling lock debugging due to kernel taint
[  189.707356][T12008] Kernel panic - not syncing: panic_on_warn set ...
[  189.713954][T12008] CPU: 0 PID: 12008 Comm: syz-fuzzer Tainted: G    B             5.3.0-rc3+ #17
[  189.722971][T12008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  189.733021][T12008] Call Trace:
[  189.736315][T12008]  dump_stack+0x191/0x1f0
[  189.740660][T12008]  panic+0x3c9/0xc1e
[  189.744580][T12008]  kmsan_report+0x2ca/0x2d0
[  189.749096][T12008]  __msan_warning+0x75/0xe0
[  189.754093][T12008]  kmem_cache_free+0x3df/0x2b70
[  189.758957][T12008]  ? kfree_skb+0x473/0x4c0
[  189.763386][T12008]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  189.769505][T12008]  kfree_skb+0x473/0x4c0
[  189.774065][T12008]  ? packet_rcv_spkt+0x719/0x840
[  189.779010][T12008]  packet_rcv_spkt+0x719/0x840
[  189.783785][T12008]  ? packet_rcv+0x2190/0x2190
[  189.788474][T12008]  dev_queue_xmit_nit+0x1125/0x1200
[  189.793695][T12008]  dev_hard_start_xmit+0x21e/0xab0
[  189.798812][T12008]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  189.804811][T12008]  sch_direct_xmit+0x56c/0x18c0
[  189.810094][T12008]  ? kmsan_set_origin+0x26d/0x340
[  189.815135][T12008]  __dev_queue_xmit+0x1e53/0x4270
[  189.820187][T12008]  dev_queue_xmit+0x4b/0x60
[  189.824701][T12008]  ip_finish_output2+0x20c6/0x25d0
[  189.829810][T12008]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  189.835878][T12008]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  189.841883][T12008]  __ip_finish_output+0xaf8/0xda0
[  189.846920][T12008]  ip_finish_output+0x2db/0x420
[  189.851780][T12008]  ip_output+0x541/0x610
[  189.856356][T12008]  ? ip_mc_finish_output+0x6d0/0x6d0
[  189.861642][T12008]  ? ip_finish_output+0x420/0x420
[  189.866664][T12008]  __ip_queue_xmit+0x1caf/0x21f0
[  189.871607][T12008]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  189.877592][T12008]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  189.883668][T12008]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  189.889772][T12008]  ip_queue_xmit+0xcc/0xf0
[  189.894193][T12008]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  189.899825][T12008]  __tcp_transmit_skb+0x409e/0x5c60
[  189.905063][T12008]  __tcp_send_ack+0x701/0x840
[  189.909753][T12008]  tcp_send_ack+0x68/0x90
[  189.914086][T12008]  tcp_cleanup_rbuf+0x764/0x800
[  189.918942][T12008]  tcp_recvmsg+0x334d/0x4ff0
[  189.923602][T12008]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  189.929581][T12008]  ? tcp_mmap+0x150/0x150
[  189.933919][T12008]  ? tcp_mmap+0x150/0x150
[  189.938254][T12008]  inet_recvmsg+0x237/0x7d0
[  189.942772][T12008]  ? inet_sendpage+0x2c0/0x2c0
[  189.947530][T12008]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  189.953518][T12008]  ? inet_sendpage+0x2c0/0x2c0
[  189.958301][T12008]  ? inet_sendpage+0x2c0/0x2c0
[  189.963180][T12008]  sock_read_iter+0x5be/0x660
[  189.967886][T12008]  ? kernel_sock_ip_overhead+0x340/0x340
[  189.973589][T12008]  __vfs_read+0xa67/0xc90
[  189.977945][T12008]  vfs_read+0x359/0x6f0
[  189.982114][T12008]  ksys_read+0x265/0x430
[  189.986365][T12008]  __se_sys_read+0x92/0xb0
[  189.990784][T12008]  __x64_sys_read+0x4a/0x70
[  189.995289][T12008]  do_syscall_64+0xbc/0xf0
[  189.999707][T12008]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  190.005610][T12008] RIP: 0033:0x47fcb4
[  190.009528][T12008] Code: ff ff cc cc cc cc e8 2b 41 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  190.029235][T12008] RSP: 002b:000000c42014b710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  190.038684][T12008] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fcb4
[  190.046762][T12008] RDX: 0000000000001000 RSI: 000000c4202c8000 RDI: 0000000000000003
[  190.063461][T12008] RBP: 000000c42014b760 R08: 0000000000000000 R09: 0000000000000000
[  190.071457][T12008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  190.079527][T12008] R13: 0000000000000008 R14: 0000000000000004 R15: ffffffffffffffff
[  190.088672][T12008] Kernel Offset: disabled
[  190.093008][T12008] Rebooting in 86400 seconds..