[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   82.900670][   T32] audit: type=1800 audit(1570203043.948:25): pid=11825 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   82.925477][   T32] audit: type=1800 audit(1570203043.978:26): pid=11825 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   82.961514][   T32] audit: type=1800 audit(1570203044.008:27): pid=11825 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.246' (ECDSA) to the list of known hosts.
2019/10/04 15:30:59 fuzzer started
2019/10/04 15:31:03 dialing manager at 10.128.0.26:42457
2019/10/04 15:31:04 syscalls: 2412
2019/10/04 15:31:04 code coverage: enabled
2019/10/04 15:31:04 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/10/04 15:31:04 extra coverage: enabled
2019/10/04 15:31:04 setuid sandbox: enabled
2019/10/04 15:31:04 namespace sandbox: enabled
2019/10/04 15:31:04 Android sandbox: /sys/fs/selinux/policy does not exist
2019/10/04 15:31:04 fault injection: enabled
2019/10/04 15:31:04 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/10/04 15:31:04 net packet injection: enabled
2019/10/04 15:31:04 net device setup: enabled
2019/10/04 15:31:04 concurrency sanitizer: /proc/kcsaninfo does not exist
syzkaller login: [  133.715929][T11979] =====================================================
[  133.722944][T11979] BUG: KMSAN: uninit-value in kfree_skb+0x473/0x4c0
[  133.729543][T11979] CPU: 1 PID: 11979 Comm: syz-fuzzer Not tainted 5.3.0-rc7+ #0
[  133.737085][T11979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  133.747143][T11979] Call Trace:
[  133.750530][T11979]  dump_stack+0x191/0x1f0
[  133.754854][T11979]  kmsan_report+0x13a/0x2b0
[  133.759336][T11979]  __msan_warning+0x73/0xe0
[  133.763821][T11979]  kmem_cache_free+0x3df/0x2b70
[  133.768650][T11979]  ? kmsan_internal_set_origin+0x6a/0xb0
[  133.774269][T11979]  ? kfree_skb+0x473/0x4c0
[  133.778669][T11979]  ? kmsan_internal_unpoison_shadow+0x42/0x80
[  133.784723][T11979]  kfree_skb+0x473/0x4c0
[  133.789029][T11979]  ? packet_rcv_spkt+0x719/0x840
[  133.793947][T11979]  packet_rcv_spkt+0x719/0x840
[  133.798701][T11979]  ? packet_rcv+0x2190/0x2190
[  133.803361][T11979]  dev_queue_xmit_nit+0x1125/0x1200
[  133.808557][T11979]  dev_hard_start_xmit+0x21e/0xab0
[  133.813665][T11979]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  133.819547][T11979]  sch_direct_xmit+0x56c/0x18c0
[  133.824395][T11979]  __dev_queue_xmit+0x1e53/0x4270
[  133.829411][T11979]  dev_queue_xmit+0x4b/0x60
[  133.833897][T11979]  ip_finish_output2+0x20c6/0x25d0
[  133.838987][T11979]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  133.845030][T11979]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  133.850999][T11979]  __ip_finish_output+0xaf8/0xda0
[  133.856023][T11979]  ip_finish_output+0x2db/0x420
[  133.860854][T11979]  ip_output+0x541/0x610
[  133.865081][T11979]  ? ip_mc_finish_output+0x6d0/0x6d0
[  133.870344][T11979]  ? ip_finish_output+0x420/0x420
[  133.875357][T11979]  __ip_queue_xmit+0x1caf/0x21f0
[  133.880325][T11979]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  133.886207][T11979]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  133.892278][T11979]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  133.898348][T11979]  ip_queue_xmit+0xcc/0xf0
[  133.902751][T11979]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  133.908362][T11979]  __tcp_transmit_skb+0x409e/0x5c60
[  133.913562][T11979]  __tcp_send_ack+0x701/0x840
[  133.918227][T11979]  tcp_send_ack+0x68/0x90
[  133.922849][T11979]  tcp_cleanup_rbuf+0x764/0x800
[  133.927687][T11979]  tcp_recvmsg+0x334d/0x4ff0
[  133.932290][T11979]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  133.938361][T11979]  ? tcp_mmap+0x150/0x150
[  133.942673][T11979]  ? tcp_mmap+0x150/0x150
[  133.946984][T11979]  inet_recvmsg+0x237/0x7d0
[  133.951535][T11979]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  133.957437][T11979]  ? inet_sendpage+0x2c0/0x2c0
[  133.962190][T11979]  ? inet_sendpage+0x2c0/0x2c0
[  133.966938][T11979]  sock_read_iter+0x5be/0x660
[  133.971605][T11979]  ? kernel_sock_ip_overhead+0x340/0x340
[  133.977270][T11979]  __vfs_read+0xa67/0xc90
[  133.981601][T11979]  vfs_read+0x359/0x6f0
[  133.985741][T11979]  ksys_read+0x265/0x430
[  133.989968][T11979]  __se_sys_read+0x92/0xb0
[  133.994368][T11979]  __x64_sys_read+0x4a/0x70
[  133.998855][T11979]  do_syscall_64+0xbc/0xf0
[  134.003255][T11979]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  134.009142][T11979] RIP: 0033:0x47fd44
[  134.013048][T11979] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  134.033009][T11979] RSP: 002b:000000c420195710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  134.041419][T11979] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44
[  134.049369][T11979] RDX: 0000000000001000 RSI: 000000c4203e6000 RDI: 0000000000000003
[  134.057480][T11979] RBP: 000000c420195760 R08: 0000000000000000 R09: 0000000000000000
[  134.065452][T11979] R10: 0000000000000000 R11: 0000000000000246 R12: 000000c423511358
[  134.073516][T11979] R13: 0000000000000007 R14: 0000000000c29320 R15: 0000000000000180
[  134.082182][T11979] 
[  134.084502][T11979] Uninit was stored to memory at:
[  134.089540][T11979]  kmsan_internal_chain_origin+0xd2/0x170
[  134.095375][T11979]  __msan_chain_origin+0x6b/0xe0
[  134.100317][T11979]  ___slab_alloc+0x1dbc/0x1fb0
[  134.105070][T11979]  kmem_cache_alloc+0xade/0xd10
[  134.110015][T11979]  skb_clone+0x326/0x5d0
[  134.114259][T11979]  dev_queue_xmit_nit+0x539/0x1200
[  134.119358][T11979]  dev_hard_start_xmit+0x21e/0xab0
[  134.124450][T11979]  sch_direct_xmit+0x56c/0x18c0
[  134.129280][T11979]  __dev_queue_xmit+0x1e53/0x4270
[  134.134284][T11979]  dev_queue_xmit+0x4b/0x60
[  134.138784][T11979]  ip_finish_output2+0x20c6/0x25d0
[  134.143902][T11979]  __ip_finish_output+0xaf8/0xda0
[  134.148904][T11979]  ip_finish_output+0x2db/0x420
[  134.153739][T11979]  ip_output+0x541/0x610
[  134.157958][T11979]  __ip_queue_xmit+0x1caf/0x21f0
[  134.162903][T11979]  ip_queue_xmit+0xcc/0xf0
[  134.167297][T11979]  __tcp_transmit_skb+0x409e/0x5c60
[  134.172474][T11979]  __tcp_send_ack+0x701/0x840
[  134.177129][T11979]  tcp_send_ack+0x68/0x90
[  134.181436][T11979]  tcp_cleanup_rbuf+0x764/0x800
[  134.186267][T11979]  tcp_recvmsg+0x334d/0x4ff0
[  134.190854][T11979]  inet_recvmsg+0x237/0x7d0
[  134.195337][T11979]  sock_read_iter+0x5be/0x660
[  134.200008][T11979]  __vfs_read+0xa67/0xc90
[  134.204313][T11979]  vfs_read+0x359/0x6f0
[  134.208446][T11979]  ksys_read+0x265/0x430
[  134.212681][T11979]  __se_sys_read+0x92/0xb0
[  134.217680][T11979]  __x64_sys_read+0x4a/0x70
[  134.222179][T11979]  do_syscall_64+0xbc/0xf0
[  134.226734][T11979]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  134.232659][T11979] 
[  134.234982][T11979] Uninit was created at:
[  134.239271][T11979]  kmsan_internal_poison_shadow+0x53/0x100
[  134.245071][T11979]  kmsan_slab_free+0x8d/0x100
[  134.249767][T11979]  kmem_cache_free_bulk+0x3ad9/0x3f50
[  134.255212][T11979]  __kfree_skb_flush+0xb0/0x100
[  134.260093][T11979]  net_rx_action+0x1908/0x1950
[  134.265098][T11979]  __do_softirq+0x4a1/0x83a
[  134.269717][T11979]  do_softirq_own_stack+0x49/0x80
[  134.274757][T11979]  __local_bh_enable_ip+0x184/0x1d0
[  134.279961][T11979]  _raw_spin_unlock_bh+0x4b/0x60
[  134.284932][T11979]  nf_conntrack_tcp_packet+0x54a0/0x7650
[  134.290543][T11979]  nf_conntrack_in+0x1064/0x2664
[  134.295461][T11979]  ipv4_conntrack_local+0x1b7/0x300
[  134.300660][T11979]  nf_hook_slow+0x18b/0x3f0
[  134.305143][T11979]  __ip_local_out+0x69b/0x800
[  134.309822][T11979]  __ip_queue_xmit+0x1bdc/0x21f0
[  134.314759][T11979]  ip_queue_xmit+0xcc/0xf0
[  134.319303][T11979]  __tcp_transmit_skb+0x409e/0x5c60
[  134.324504][T11979]  __tcp_send_ack+0x701/0x840
[  134.329189][T11979]  tcp_send_ack+0x68/0x90
[  134.333509][T11979]  tcp_cleanup_rbuf+0x764/0x800
[  134.338499][T11979]  tcp_recvmsg+0x334d/0x4ff0
[  134.343222][T11979]  inet_recvmsg+0x237/0x7d0
[  134.347718][T11979]  sock_read_iter+0x5be/0x660
[  134.352381][T11979]  __vfs_read+0xa67/0xc90
[  134.356705][T11979]  vfs_read+0x359/0x6f0
[  134.360839][T11979]  ksys_read+0x265/0x430
[  134.365064][T11979]  __se_sys_read+0x92/0xb0
[  134.369456][T11979]  __x64_sys_read+0x4a/0x70
[  134.373939][T11979]  do_syscall_64+0xbc/0xf0
[  134.378422][T11979]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  134.384299][T11979] =====================================================
[  134.391225][T11979] Disabling lock debugging due to kernel taint
[  134.397354][T11979] Kernel panic - not syncing: panic_on_warn set ...
[  134.403924][T11979] CPU: 1 PID: 11979 Comm: syz-fuzzer Tainted: G    B             5.3.0-rc7+ #0
[  134.412958][T11979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  134.423033][T11979] Call Trace:
[  134.426463][T11979]  dump_stack+0x191/0x1f0
[  134.431285][T11979]  panic+0x3c9/0xc1e
[  134.435200][T11979]  kmsan_report+0x2a2/0x2b0
[  134.439708][T11979]  __msan_warning+0x73/0xe0
[  134.444242][T11979]  kmem_cache_free+0x3df/0x2b70
[  134.449252][T11979]  ? kmsan_internal_set_origin+0x6a/0xb0
[  134.454897][T11979]  ? kfree_skb+0x473/0x4c0
[  134.459336][T11979]  ? kmsan_internal_unpoison_shadow+0x42/0x80
[  134.465575][T11979]  kfree_skb+0x473/0x4c0
[  134.469833][T11979]  ? packet_rcv_spkt+0x719/0x840
[  134.474779][T11979]  packet_rcv_spkt+0x719/0x840
[  134.479569][T11979]  ? packet_rcv+0x2190/0x2190
[  134.484384][T11979]  dev_queue_xmit_nit+0x1125/0x1200
[  134.489732][T11979]  dev_hard_start_xmit+0x21e/0xab0
[  134.494861][T11979]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  134.500764][T11979]  sch_direct_xmit+0x56c/0x18c0
[  134.505617][T11979]  __dev_queue_xmit+0x1e53/0x4270
[  134.510715][T11979]  dev_queue_xmit+0x4b/0x60
[  134.515361][T11979]  ip_finish_output2+0x20c6/0x25d0
[  134.520606][T11979]  ? __msan_metadata_ptr_for_load_2+0x10/0x20
[  134.526853][T11979]  ? nf_ct_deliver_cached_events+0x4d5/0x6e0
[  134.532848][T11979]  __ip_finish_output+0xaf8/0xda0
[  134.537881][T11979]  ip_finish_output+0x2db/0x420
[  134.542743][T11979]  ip_output+0x541/0x610
[  134.546994][T11979]  ? ip_mc_finish_output+0x6d0/0x6d0
[  134.552324][T11979]  ? ip_finish_output+0x420/0x420
[  134.557484][T11979]  __ip_queue_xmit+0x1caf/0x21f0
[  134.562428][T11979]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  134.568306][T11979]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  134.574361][T11979]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  134.580419][T11979]  ip_queue_xmit+0xcc/0xf0
[  134.584819][T11979]  ? tcp_v4_inbound_md5_hash+0xd10/0xd10
[  134.590462][T11979]  __tcp_transmit_skb+0x409e/0x5c60
[  134.595815][T11979]  __tcp_send_ack+0x701/0x840
[  134.600486][T11979]  tcp_send_ack+0x68/0x90
[  134.604799][T11979]  tcp_cleanup_rbuf+0x764/0x800
[  134.609632][T11979]  tcp_recvmsg+0x334d/0x4ff0
[  134.614276][T11979]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  134.620456][T11979]  ? tcp_mmap+0x150/0x150
[  134.624773][T11979]  ? tcp_mmap+0x150/0x150
[  134.629121][T11979]  inet_recvmsg+0x237/0x7d0
[  134.633647][T11979]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  134.639688][T11979]  ? inet_sendpage+0x2c0/0x2c0
[  134.644772][T11979]  ? inet_sendpage+0x2c0/0x2c0
[  134.649562][T11979]  sock_read_iter+0x5be/0x660
[  134.654268][T11979]  ? kernel_sock_ip_overhead+0x340/0x340
[  134.659899][T11979]  __vfs_read+0xa67/0xc90
[  134.664268][T11979]  vfs_read+0x359/0x6f0
[  134.668419][T11979]  ksys_read+0x265/0x430
[  134.672654][T11979]  __se_sys_read+0x92/0xb0
[  134.677091][T11979]  __x64_sys_read+0x4a/0x70
[  134.681780][T11979]  do_syscall_64+0xbc/0xf0
[  134.686195][T11979]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  134.692077][T11979] RIP: 0033:0x47fd44
[  134.695961][T11979] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  134.715882][T11979] RSP: 002b:000000c420195710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  134.724291][T11979] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44
[  134.732262][T11979] RDX: 0000000000001000 RSI: 000000c4203e6000 RDI: 0000000000000003
[  134.740264][T11979] RBP: 000000c420195760 R08: 0000000000000000 R09: 0000000000000000
[  134.748265][T11979] R10: 0000000000000000 R11: 0000000000000246 R12: 000000c423511358
[  134.756224][T11979] R13: 0000000000000007 R14: 0000000000c29320 R15: 0000000000000180
[  134.766077][T11979] Kernel Offset: disabled
[  134.771131][T11979] Rebooting in 86400 seconds..