[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   77.023723][   T31] audit: type=1800 audit(1569595237.086:25): pid=11172 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   77.047058][   T31] audit: type=1800 audit(1569595237.106:26): pid=11172 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   77.084770][   T31] audit: type=1800 audit(1569595237.126:27): pid=11172 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts.
2019/09/27 14:40:49 fuzzer started
2019/09/27 14:40:53 dialing manager at 10.128.0.26:37065
2019/09/27 14:40:54 syscalls: 2385
2019/09/27 14:40:54 code coverage: enabled
2019/09/27 14:40:54 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/09/27 14:40:54 extra coverage: enabled
2019/09/27 14:40:54 setuid sandbox: enabled
2019/09/27 14:40:54 namespace sandbox: enabled
2019/09/27 14:40:54 Android sandbox: /sys/fs/selinux/policy does not exist
2019/09/27 14:40:54 fault injection: enabled
2019/09/27 14:40:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/09/27 14:40:54 net packet injection: enabled
2019/09/27 14:40:54 net device setup: enabled
syzkaller login: [  136.083564][    C1] ==================================================================
[  136.091894][    C1] BUG: KMSAN: uninit-value in kmem_cache_alloc_node+0x5d0/0xe70
[  136.099512][    C1] CPU: 1 PID: 11321 Comm: syz-fuzzer Not tainted 5.3.0-rc7+ #0
[  136.107279][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  136.118191][    C1] Call Trace:
[  136.121467][    C1]  <IRQ>
[  136.124328][    C1]  dump_stack+0x191/0x1f0
[  136.128656][    C1]  kmsan_report+0x162/0x2d0
[  136.133142][    C1]  __msan_warning+0x75/0xe0
[  136.137642][    C1]  kmem_cache_alloc_node+0x5d0/0xe70
[  136.142918][    C1]  ? __alloc_skb+0x215/0xa10
[  136.147498][    C1]  __alloc_skb+0x215/0xa10
[  136.151907][    C1]  aoecmd_cfg+0x205/0xa80
[  136.156228][    C1]  discover_timer+0x86/0xa0
[  136.160800][    C1]  call_timer_fn+0x232/0x530
[  136.165520][    C1]  ? skbfree+0x4a0/0x4a0
[  136.169756][    C1]  __run_timers+0xcdc/0x11a0
[  136.174330][    C1]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  136.180388][    C1]  ? skbfree+0x4a0/0x4a0
[  136.184622][    C1]  ? timers_dead_cpu+0x9d0/0x9d0
[  136.189547][    C1]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  136.195419][    C1]  run_timer_softirq+0x2d/0x50
[  136.200159][    C1]  ? timers_dead_cpu+0x9d0/0x9d0
[  136.205077][    C1]  __do_softirq+0x4a1/0x83a
[  136.209570][    C1]  irq_exit+0x230/0x280
[  136.213706][    C1]  exiting_irq+0xe/0x10
[  136.217855][    C1]  smp_apic_timer_interrupt+0x48/0x70
[  136.223209][    C1]  apic_timer_interrupt+0x2e/0x40
[  136.228239][    C1]  </IRQ>
[  136.231180][    C1] RIP: 0010:kmsan_get_shadow_origin_ptr+0x150/0x4c0
[  136.237752][    C1] Code: 00 00 00 00 80 77 00 00 4c 89 f1 48 81 e9 00 00 00 80 48 89 4d d0 0f 83 12 03 00 00 4c 01 f0 48 39 c8 77 59 8a 0d f1 39 c3 0d <48> 89 c2 48 d3 ea 48 85 d2 75 48 48 89 c1 48 c1 e9 2e 75 3f 48 8b
[  136.257355][    C1] RSP: 0018:ffff8880b1e2f480 EFLAGS: 00000207 ORIG_RAX: ffffffffffffff13
[  136.265757][    C1] RAX: 00000000b92719bc RBX: ffff8880b92719bc RCX: ffff88813927192e
[  136.273722][    C1] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8880b92719bc
[  136.281679][    C1] RBP: ffff8880b1e2f4b0 R08: 00000000fe4001da R09: ffff8880b3011268
[  136.289641][    C1] R10: 0000000000000004 R11: ffffffff813ed6f0 R12: ffffffff902c1000
[  136.297594][    C1] R13: ffff8880b92719bc R14: ffff8880b92719bc R15: 0000000000000004
[  136.305578][    C1]  ? __set_cyc2ns_scale+0x3f0/0x3f0
[  136.310840][    C1]  __msan_metadata_ptr_for_load_4+0x10/0x20
[  136.316726][    C1]  tcp_event_data_recv+0x836/0x1710
[  136.321916][    C1]  tcp_rcv_established+0x2c33/0x31f0
[  136.327197][    C1]  tcp_v4_do_rcv+0x684/0xd70
[  136.331772][    C1]  ? inet_sk_rx_dst_set+0x250/0x250
[  136.336966][    C1]  __release_sock+0x448/0x640
[  136.341631][    C1]  release_sock+0x99/0x2a0
[  136.346040][    C1]  tcp_recvmsg+0x335f/0x4ff0
[  136.350664][    C1]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  136.356536][    C1]  ? tcp_mmap+0x150/0x150
[  136.362165][    C1]  ? tcp_mmap+0x150/0x150
[  136.366486][    C1]  inet_recvmsg+0x237/0x7d0
[  136.370974][    C1]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  136.376845][    C1]  ? inet_sendpage+0x2c0/0x2c0
[  136.381601][    C1]  ? inet_sendpage+0x2c0/0x2c0
[  136.386344][    C1]  sock_read_iter+0x5be/0x660
[  136.391009][    C1]  ? kernel_sock_ip_overhead+0x340/0x340
[  136.397059][    C1]  __vfs_read+0xa67/0xc90
[  136.401392][    C1]  vfs_read+0x359/0x6f0
[  136.405536][    C1]  ksys_read+0x265/0x430
[  136.409786][    C1]  __se_sys_read+0x92/0xb0
[  136.414186][    C1]  __x64_sys_read+0x4a/0x70
[  136.418671][    C1]  do_syscall_64+0xbc/0xf0
[  136.423071][    C1]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  136.429408][    C1] RIP: 0033:0x47fd44
[  136.433291][    C1] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  136.452894][    C1] RSP: 002b:000000c420355710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  136.461316][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44
[  136.469280][    C1] RDX: 0000000000001000 RSI: 000000c420142000 RDI: 0000000000000003
[  136.478013][    C1] RBP: 000000c420355760 R08: 0000000000000000 R09: 0000000000000000
[  136.485986][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  136.493954][    C1] R13: 0000000000000008 R14: 0000000000000002 R15: ffffffffffffffff
[  136.501931][    C1] 
[  136.504242][    C1] Uninit was stored to memory at:
[  136.509249][    C1]  kmsan_internal_chain_origin+0xcc/0x150
[  136.514947][    C1]  __msan_chain_origin+0x6b/0xe0
[  136.519869][    C1]  ___slab_alloc+0x1dbc/0x1fb0
[  136.524621][    C1]  kmem_cache_alloc_node+0x769/0xe70
[  136.529891][    C1]  __alloc_skb+0x215/0xa10
[  136.534302][    C1]  aoecmd_cfg+0x205/0xa80
[  136.538609][    C1]  discover_timer+0x86/0xa0
[  136.543104][    C1]  call_timer_fn+0x232/0x530
[  136.547668][    C1]  __run_timers+0xcdc/0x11a0
[  136.552238][    C1]  run_timer_softirq+0x2d/0x50
[  136.556988][    C1]  __do_softirq+0x4a1/0x83a
[  136.561480][    C1]  irq_exit+0x230/0x280
[  136.565615][    C1]  exiting_irq+0xe/0x10
[  136.569760][    C1]  smp_apic_timer_interrupt+0x48/0x70
[  136.575108][    C1]  apic_timer_interrupt+0x2e/0x40
[  136.580108][    C1]  kmsan_get_shadow_origin_ptr+0x150/0x4c0
[  136.585892][    C1]  __msan_metadata_ptr_for_load_4+0x10/0x20
[  136.591773][    C1]  tcp_event_data_recv+0x836/0x1710
[  136.596944][    C1]  tcp_rcv_established+0x2c33/0x31f0
[  136.602208][    C1]  tcp_v4_do_rcv+0x684/0xd70
[  136.606778][    C1]  __release_sock+0x448/0x640
[  136.611438][    C1]  release_sock+0x99/0x2a0
[  136.615834][    C1]  tcp_recvmsg+0x335f/0x4ff0
[  136.620414][    C1]  inet_recvmsg+0x237/0x7d0
[  136.624895][    C1]  sock_read_iter+0x5be/0x660
[  136.629555][    C1]  __vfs_read+0xa67/0xc90
[  136.633952][    C1]  vfs_read+0x359/0x6f0
[  136.638084][    C1]  ksys_read+0x265/0x430
[  136.642301][    C1]  __se_sys_read+0x92/0xb0
[  136.646715][    C1]  __x64_sys_read+0x4a/0x70
[  136.651203][    C1]  do_syscall_64+0xbc/0xf0
[  136.655598][    C1]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  136.661462][    C1] 
[  136.663792][    C1] Uninit was created at:
[  136.668028][    C1]  kmsan_internal_poison_shadow+0x58/0xb0
[  136.673723][    C1]  kmsan_slab_free+0x8d/0x100
[  136.678380][    C1]  kmem_cache_free_bulk+0x3ad9/0x3f50
[  136.683816][    C1]  napi_consume_skb+0x593/0x5d0
[  136.688681][    C1]  free_old_xmit_skbs+0x1a1/0x450
[  136.693704][    C1]  virtnet_poll_tx+0x24c/0x4c0
[  136.698539][    C1]  net_rx_action+0x74b/0x1950
[  136.703198][    C1]  __do_softirq+0x4a1/0x83a
[  136.707679][    C1]  irq_exit+0x230/0x280
[  136.711811][    C1]  do_IRQ+0x20d/0x3a0
[  136.715769][    C1]  ret_from_intr+0x0/0x33
[  136.720074][    C1]  default_idle+0x53/0x90
[  136.724383][    C1]  arch_cpu_idle+0x25/0x30
[  136.728776][    C1]  do_idle+0x1d7/0x790
[  136.732820][    C1]  cpu_startup_entry+0x45/0x50
[  136.737574][    C1]  start_secondary+0x370/0x470
[  136.742315][    C1]  secondary_startup_64+0xa4/0xb0
[  136.747333][    C1] ==================================================================
[  136.755389][    C1] Disabling lock debugging due to kernel taint
[  136.763599][    C1] Kernel panic - not syncing: panic_on_warn set ...
[  136.770167][    C1] CPU: 1 PID: 11321 Comm: syz-fuzzer Tainted: G    B             5.3.0-rc7+ #0
[  136.779073][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  136.789106][    C1] Call Trace:
[  136.792385][    C1]  <IRQ>
[  136.795223][    C1]  dump_stack+0x191/0x1f0
[  136.799537][    C1]  panic+0x3c9/0xc1e
[  136.803428][    C1]  kmsan_report+0x2ca/0x2d0
[  136.807924][    C1]  __msan_warning+0x75/0xe0
[  136.812412][    C1]  kmem_cache_alloc_node+0x5d0/0xe70
[  136.817682][    C1]  ? __alloc_skb+0x215/0xa10
[  136.822263][    C1]  __alloc_skb+0x215/0xa10
[  136.826675][    C1]  aoecmd_cfg+0x205/0xa80
[  136.831206][    C1]  discover_timer+0x86/0xa0
[  136.835697][    C1]  call_timer_fn+0x232/0x530
[  136.840273][    C1]  ? skbfree+0x4a0/0x4a0
[  136.844521][    C1]  __run_timers+0xcdc/0x11a0
[  136.849093][    C1]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  136.855138][    C1]  ? skbfree+0x4a0/0x4a0
[  136.859450][    C1]  ? timers_dead_cpu+0x9d0/0x9d0
[  136.864372][    C1]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  136.870245][    C1]  run_timer_softirq+0x2d/0x50
[  136.874984][    C1]  ? timers_dead_cpu+0x9d0/0x9d0
[  136.879897][    C1]  __do_softirq+0x4a1/0x83a
[  136.884404][    C1]  irq_exit+0x230/0x280
[  136.888541][    C1]  exiting_irq+0xe/0x10
[  136.892679][    C1]  smp_apic_timer_interrupt+0x48/0x70
[  136.898031][    C1]  apic_timer_interrupt+0x2e/0x40
[  136.903030][    C1]  </IRQ>
[  136.905957][    C1] RIP: 0010:kmsan_get_shadow_origin_ptr+0x150/0x4c0
[  136.912521][    C1] Code: 00 00 00 00 80 77 00 00 4c 89 f1 48 81 e9 00 00 00 80 48 89 4d d0 0f 83 12 03 00 00 4c 01 f0 48 39 c8 77 59 8a 0d f1 39 c3 0d <48> 89 c2 48 d3 ea 48 85 d2 75 48 48 89 c1 48 c1 e9 2e 75 3f 48 8b
[  136.932121][    C1] RSP: 0018:ffff8880b1e2f480 EFLAGS: 00000207 ORIG_RAX: ffffffffffffff13
[  136.940514][    C1] RAX: 00000000b92719bc RBX: ffff8880b92719bc RCX: ffff88813927192e
[  136.948471][    C1] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8880b92719bc
[  136.956437][    C1] RBP: ffff8880b1e2f4b0 R08: 00000000fe4001da R09: ffff8880b3011268
[  136.964399][    C1] R10: 0000000000000004 R11: ffffffff813ed6f0 R12: ffffffff902c1000
[  136.972505][    C1] R13: ffff8880b92719bc R14: ffff8880b92719bc R15: 0000000000000004
[  136.980475][    C1]  ? __set_cyc2ns_scale+0x3f0/0x3f0
[  136.985668][    C1]  __msan_metadata_ptr_for_load_4+0x10/0x20
[  136.991540][    C1]  tcp_event_data_recv+0x836/0x1710
[  136.996818][    C1]  tcp_rcv_established+0x2c33/0x31f0
[  137.002097][    C1]  tcp_v4_do_rcv+0x684/0xd70
[  137.006674][    C1]  ? inet_sk_rx_dst_set+0x250/0x250
[  137.011855][    C1]  __release_sock+0x448/0x640
[  137.016517][    C1]  release_sock+0x99/0x2a0
[  137.020918][    C1]  tcp_recvmsg+0x335f/0x4ff0
[  137.025514][    C1]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  137.031399][    C1]  ? tcp_mmap+0x150/0x150
[  137.035726][    C1]  ? tcp_mmap+0x150/0x150
[  137.040036][    C1]  inet_recvmsg+0x237/0x7d0
[  137.044540][    C1]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[  137.050431][    C1]  ? inet_sendpage+0x2c0/0x2c0
[  137.055174][    C1]  ? inet_sendpage+0x2c0/0x2c0
[  137.059920][    C1]  sock_read_iter+0x5be/0x660
[  137.064588][    C1]  ? kernel_sock_ip_overhead+0x340/0x340
[  137.070202][    C1]  __vfs_read+0xa67/0xc90
[  137.074527][    C1]  vfs_read+0x359/0x6f0
[  137.078667][    C1]  ksys_read+0x265/0x430
[  137.082895][    C1]  __se_sys_read+0x92/0xb0
[  137.087296][    C1]  __x64_sys_read+0x4a/0x70
[  137.091779][    C1]  do_syscall_64+0xbc/0xf0
[  137.096179][    C1]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  137.102048][    C1] RIP: 0033:0x47fd44
[  137.105947][    C1] Code: ff ff cc cc cc cc e8 9b 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 45 31 d2 45 31 c0 45 31 c9 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
[  137.125534][    C1] RSP: 002b:000000c420355710 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  137.133936][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd44
[  137.142249][    C1] RDX: 0000000000001000 RSI: 000000c420142000 RDI: 0000000000000003
[  137.150221][    C1] RBP: 000000c420355760 R08: 0000000000000000 R09: 0000000000000000
[  137.158181][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  137.166134][    C1] R13: 0000000000000008 R14: 0000000000000002 R15: ffffffffffffffff
[  137.175660][    C1] Kernel Offset: disabled
[  137.180049][    C1] Rebooting in 86400 seconds..