[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 92.229802][ T32] audit: type=1800 audit(1573535939.271:25): pid=13487 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[ 92.267928][ T32] audit: type=1800 audit(1573535939.301:26): pid=13487 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 92.288244][ T32] audit: type=1800 audit(1573535939.301:27): pid=13487 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.244' (ECDSA) to the list of known hosts.
2019/11/12 05:19:12 parsed 1 programs
2019/11/12 05:19:19 executed programs: 0
syzkaller login: [ 112.926045][T13654] IPVS: ftp: loaded support on port[0] = 21
[ 113.004932][T13654] chnl_net:caif_netlink_parms(): no params data found
[ 113.040308][T13654] bridge0: port 1(bridge_slave_0) entered blocking state
[ 113.047700][T13654] bridge0: port 1(bridge_slave_0) entered disabled state
[ 113.056160][T13654] device bridge_slave_0 entered promiscuous mode
[ 113.064714][T13654] bridge0: port 2(bridge_slave_1) entered blocking state
[ 113.071807][T13654] bridge0: port 2(bridge_slave_1) entered disabled state
[ 113.080026][T13654] device bridge_slave_1 entered promiscuous mode
[ 113.102148][T13654] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 113.114092][T13654] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 113.136401][T13654] team0: Port device team_slave_0 added
[ 113.144549][T13654] team0: Port device team_slave_1 added
[ 113.205262][T13654] device hsr_slave_0 entered promiscuous mode
[ 113.252898][T13654] device hsr_slave_1 entered promiscuous mode
[ 113.386324][T13654] bridge0: port 2(bridge_slave_1) entered blocking state
[ 113.393628][T13654] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 113.401339][T13654] bridge0: port 1(bridge_slave_0) entered blocking state
[ 113.408616][T13654] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 113.571681][T13654] 8021q: adding VLAN 0 to HW filter on device bond0
[ 113.621571][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 113.644138][ T31] bridge0: port 1(bridge_slave_0) entered disabled state
[ 113.665044][ T31] bridge0: port 2(bridge_slave_1) entered disabled state
[ 113.684905][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 113.728959][T13654] 8021q: adding VLAN 0 to HW filter on device team0
[ 113.760910][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 113.771079][ T31] bridge0: port 1(bridge_slave_0) entered blocking state
[ 113.778338][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 113.863671][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 113.872754][ T31] bridge0: port 2(bridge_slave_1) entered blocking state
[ 113.879931][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 113.890445][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 113.900917][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 113.910477][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 113.919517][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 113.933915][T13654] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 113.999608][T13654] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 114.064298][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 114.071980][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 114.081095][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 114.682852][ T268] Bluetooth: Error in BCSP hdr checksum
[ 114.942654][ T110] Bluetooth: Error in BCSP hdr checksum
[ 116.492415][ T31] Bluetooth: hci0: command 0x1003 tx timeout
[ 116.498651][T13698] Bluetooth: hci0: sending frame failed (-49)
[ 118.572398][ T31] Bluetooth: hci0: command 0x1001 tx timeout
[ 118.578585][T13698] Bluetooth: hci0: sending frame failed (-49)
[ 120.652446][ T12] Bluetooth: hci0: command 0x1009 tx timeout
[ 124.574151][T13694] =====================================================
[ 124.581146][T13694] BUG: KMSAN: use-after-free in kfree_skb+0x23c/0x4c0
[ 124.587956][T13694] CPU: 0 PID: 13694 Comm: syz-executor.0 Not tainted 5.4.0-rc5+ #0
[ 124.595873][T13694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 124.606050][T13694] Call Trace:
[ 124.609376][T13694] dump_stack+0x191/0x1f0
[ 124.613696][T13694] kmsan_report+0x128/0x220
[ 124.618187][T13694] __msan_warning+0x73/0xe0
[ 124.622685][T13694] kfree_skb+0x23c/0x4c0
[ 124.626941][T13694] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[ 124.632832][T13694] bcsp_close+0x127/0x1e0
[ 124.637148][T13694] ? bcsp_open+0x5d0/0x5d0
[ 124.641594][T13694] hci_uart_tty_close+0x385/0x410
[ 124.646652][T13694] ? hci_uart_tty_open+0x5a0/0x5a0
[ 124.651742][T13694] tty_ldisc_release+0x5dd/0xd50
[ 124.656704][T13694] tty_release_struct+0x4f/0x1d0
[ 124.661631][T13694] ? tty_unlock+0x82/0x100
[ 124.666026][T13694] tty_release+0x1be2/0x1e80
[ 124.670606][T13694] ? tty_release_struct+0x1d0/0x1d0
[ 124.675781][T13694] __fput+0x4c9/0xba0
[ 124.679747][T13694] ____fput+0x37/0x40
[ 124.683728][T13694] ? fput_many+0x2a0/0x2a0
[ 124.688122][T13694] task_work_run+0x22e/0x2a0
[ 124.692694][T13694] prepare_exit_to_usermode+0x39d/0x4d0
[ 124.698221][T13694] syscall_return_slowpath+0x90/0x610
[ 124.703585][T13694] do_syscall_64+0xdc/0x160
[ 124.708086][T13694] entry_SYSCALL_64_after_hwframe+0x63/0xe7
[ 124.713969][T13694] RIP: 0033:0x413db1
[ 124.717850][T13694] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[ 124.737634][T13694] RSP: 002b:00007fffa9cf4e10 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 124.746109][T13694] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000413db1
[ 124.754073][T13694] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[ 124.762028][T13694] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[ 124.770001][T13694] R10: 00007fffa9cf4ef0 R11: 0000000000000293 R12: 000000000075c9a0
[ 124.777954][T13694] R13: 000000000075c9a0 R14: 0000000000760290 R15: 000000000075bfd4
[ 124.785919][T13694]
[ 124.788267][T13694] Uninit was created at:
[ 124.792498][T13694] kmsan_internal_poison_shadow+0x60/0x120
[ 124.798282][T13694] kmsan_slab_free+0x8d/0xf0
[ 124.802859][T13694] kmem_cache_free+0x2d1/0x2b70
[ 124.807690][T13694] kfree_skb+0x473/0x4c0
[ 124.811910][T13694] __netif_receive_skb_core+0x4a5a/0x51a0
[ 124.817611][T13694] process_backlog+0x612/0x1410
[ 124.822450][T13694] net_rx_action+0x7a6/0x1aa0
[ 124.827203][T13694] __do_softirq+0x4a1/0x83a
[ 124.831682][T13694] irq_exit+0x230/0x280
[ 124.835835][T13694] exiting_irq+0xe/0x10
[ 124.839968][T13694] smp_apic_timer_interrupt+0x48/0x70
[ 124.845315][T13694] apic_timer_interrupt+0x2e/0x40
[ 124.850331][T13694] default_idle+0x53/0x90
[ 124.854668][T13694] arch_cpu_idle+0x25/0x30
[ 124.859059][T13694] do_idle+0x1d5/0x780
[ 124.863106][T13694] cpu_startup_entry+0x45/0x50
[ 124.867847][T13694] start_secondary+0x389/0x480
[ 124.872587][T13694] secondary_startup_64+0xa4/0xb0
[ 124.877592][T13694] =====================================================
[ 124.884515][T13694] Disabling lock debugging due to kernel taint
[ 124.890666][T13694] Kernel panic - not syncing: panic_on_warn set ...
[ 124.897230][T13694] CPU: 0 PID: 13694 Comm: syz-executor.0 Tainted: G B 5.4.0-rc5+ #0
[ 124.906506][T13694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 124.916552][T13694] Call Trace:
[ 124.919826][T13694] dump_stack+0x191/0x1f0
[ 124.924152][T13694] panic+0x3c9/0xc1e
[ 124.928040][T13694] kmsan_report+0x215/0x220
[ 124.932524][T13694] __msan_warning+0x73/0xe0
[ 124.937006][T13694] kfree_skb+0x23c/0x4c0
[ 124.941239][T13694] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[ 124.947114][T13694] bcsp_close+0x127/0x1e0
[ 124.951421][T13694] ? bcsp_open+0x5d0/0x5d0
[ 124.955816][T13694] hci_uart_tty_close+0x385/0x410
[ 124.960820][T13694] ? hci_uart_tty_open+0x5a0/0x5a0
[ 124.965916][T13694] tty_ldisc_release+0x5dd/0xd50
[ 124.971016][T13694] tty_release_struct+0x4f/0x1d0
[ 124.975937][T13694] ? tty_unlock+0x82/0x100
[ 124.980331][T13694] tty_release+0x1be2/0x1e80
[ 124.984924][T13694] ? tty_release_struct+0x1d0/0x1d0
[ 124.990107][T13694] __fput+0x4c9/0xba0
[ 124.994085][T13694] ____fput+0x37/0x40
[ 124.998054][T13694] ? fput_many+0x2a0/0x2a0
[ 125.002466][T13694] task_work_run+0x22e/0x2a0
[ 125.007054][T13694] prepare_exit_to_usermode+0x39d/0x4d0
[ 125.012582][T13694] syscall_return_slowpath+0x90/0x610
[ 125.018002][T13694] do_syscall_64+0xdc/0x160
[ 125.022528][T13694] entry_SYSCALL_64_after_hwframe+0x63/0xe7
[ 125.028443][T13694] RIP: 0033:0x413db1
[ 125.032338][T13694] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[ 125.051983][T13694] RSP: 002b:00007fffa9cf4e10 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 125.060415][T13694] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000413db1
[ 125.068456][T13694] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[ 125.076413][T13694] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[ 125.084383][T13694] R10: 00007fffa9cf4ef0 R11: 0000000000000293 R12: 000000000075c9a0
[ 125.092341][T13694] R13: 000000000075c9a0 R14: 0000000000760290 R15: 000000000075bfd4
[ 125.101844][T13694] Kernel Offset: disabled
[ 125.106181][T13694] Rebooting in 86400 seconds..