[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   83.896909][   T31] audit: type=1800 audit(1572341546.942:25): pid=11805 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   83.920135][   T31] audit: type=1800 audit(1572341546.972:26): pid=11805 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   83.955933][   T31] audit: type=1800 audit(1572341546.992:27): pid=11805 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.112' (ECDSA) to the list of known hosts.
2019/10/29 09:33:16 parsed 1 programs
2019/10/29 09:33:23 executed programs: 0
syzkaller login: [  140.416348][T11970] IPVS: ftp: loaded support on port[0] = 21
[  140.498507][T11970] chnl_net:caif_netlink_parms(): no params data found
[  140.533408][T11970] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.540709][T11970] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.549246][T11970] device bridge_slave_0 entered promiscuous mode
[  140.557912][T11970] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.565734][T11970] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.574385][T11970] device bridge_slave_1 entered promiscuous mode
[  140.596030][T11970] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  140.608194][T11970] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  140.632463][T11970] team0: Port device team_slave_0 added
[  140.640389][T11970] team0: Port device team_slave_1 added
[  140.694847][T11970] device hsr_slave_0 entered promiscuous mode
[  140.732692][T11970] device hsr_slave_1 entered promiscuous mode
[  140.858917][T11970] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.866407][T11970] bridge0: port 2(bridge_slave_1) entered forwarding state
[  140.874222][T11970] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.881443][T11970] bridge0: port 1(bridge_slave_0) entered forwarding state
[  141.006101][T11970] 8021q: adding VLAN 0 to HW filter on device bond0
[  141.029488][ T2875] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  141.050856][ T2875] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.060434][ T2875] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.074541][ T2875] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  141.115501][T11970] 8021q: adding VLAN 0 to HW filter on device team0
[  141.142540][ T2875] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  141.151666][ T2875] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.159017][ T2875] bridge0: port 1(bridge_slave_0) entered forwarding state
[  141.246810][ T2875] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  141.256515][ T2875] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.264009][ T2875] bridge0: port 2(bridge_slave_1) entered forwarding state
[  141.275026][ T2875] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  141.285464][ T2875] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  141.295558][ T2875] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  141.314950][T11970] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  141.328037][T11970] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  141.376590][T11970] 8021q: adding VLAN 0 to HW filter on device batadv0
[  141.405962][ T2875] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  141.415398][ T2875] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  142.239490][T12070] =====================================================
[  142.246684][T12070] BUG: KMSAN: use-after-free in __list_add_valid+0x292/0x430
[  142.254474][T12070] CPU: 0 PID: 12070 Comm: syz-executor.0 Not tainted 5.4.0-rc5+ #0
[  142.262372][T12070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  142.272437][T12070] Call Trace:
[  142.275842][T12070]  dump_stack+0x191/0x1f0
[  142.280185][T12070]  kmsan_report+0x128/0x220
[  142.284892][T12070]  __msan_warning+0x73/0xe0
[  142.289419][T12070]  __list_add_valid+0x292/0x430
[  142.294290][T12070]  rdma_listen+0x623/0x10b0
[  142.298801][T12070]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  142.304688][T12070]  ucma_listen+0x36e/0x5e0
[  142.309217][T12070]  ? ucma_connect+0xa40/0xa40
[  142.313902][T12070]  ucma_write+0x5c5/0x640
[  142.318251][T12070]  ? ucma_get_global_nl_info+0xe0/0xe0
[  142.323711][T12070]  __vfs_write+0x1a9/0xcb0
[  142.328117][T12070]  ? rw_verify_area+0x3a5/0x5e0
[  142.332954][T12070]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  142.338878][T12070]  vfs_write+0x481/0x920
[  142.343129][T12070]  ksys_write+0x265/0x430
[  142.347455][T12070]  __se_sys_write+0x92/0xb0
[  142.352078][T12070]  __x64_sys_write+0x4a/0x70
[  142.356757][T12070]  do_syscall_64+0xb6/0x160
[  142.361267][T12070]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  142.367488][T12070] RIP: 0033:0x459f49
[  142.371720][T12070] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  142.392171][T12070] RSP: 002b:00007fb6f72e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  142.402546][T12070] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f49
[  142.411243][T12070] RDX: 0000000000000010 RSI: 00000000200001c0 RDI: 0000000000000003
[  142.420710][T12070] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  142.429011][T12070] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb6f72e26d4
[  142.437416][T12070] R13: 00000000004ca424 R14: 00000000004e2490 R15: 00000000ffffffff
[  142.446358][T12070] 
[  142.449082][T12070] Uninit was created at:
[  142.453920][T12070]  kmsan_internal_poison_shadow+0x60/0x120
[  142.460837][T12070]  kmsan_slab_free+0x8d/0xf0
[  142.465954][T12070]  kfree+0x4c1/0x2e70
[  142.470536][T12070]  rdma_destroy_id+0x1c10/0x1c80
[  142.477460][T12070]  ucma_close+0x344/0x4c0
[  142.482866][T12070]  __fput+0x4c9/0xba0
[  142.488037][T12070]  ____fput+0x37/0x40
[  142.492332][T12070]  task_work_run+0x22e/0x2a0
[  142.497225][T12070]  prepare_exit_to_usermode+0x39d/0x4d0
[  142.503033][T12070]  syscall_return_slowpath+0x90/0x610
[  142.509892][T12070]  do_syscall_64+0xdc/0x160
[  142.515595][T12070]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  142.522254][T12070] =====================================================
[  142.529655][T12070] Disabling lock debugging due to kernel taint
[  142.536546][T12070] Kernel panic - not syncing: panic_on_warn set ...
[  142.543531][T12070] CPU: 0 PID: 12070 Comm: syz-executor.0 Tainted: G    B             5.4.0-rc5+ #0
[  142.553993][T12070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  142.565758][T12070] Call Trace:
[  142.569676][T12070]  dump_stack+0x191/0x1f0
[  142.575100][T12070]  panic+0x3c9/0xc1e
[  142.580420][T12070]  kmsan_report+0x215/0x220
[  142.587144][T12070]  __msan_warning+0x73/0xe0
[  142.592200][T12070]  __list_add_valid+0x292/0x430
[  142.597133][T12070]  rdma_listen+0x623/0x10b0
[  142.601655][T12070]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  142.607785][T12070]  ucma_listen+0x36e/0x5e0
[  142.612331][T12070]  ? ucma_connect+0xa40/0xa40
[  142.616997][T12070]  ucma_write+0x5c5/0x640
[  142.621342][T12070]  ? ucma_get_global_nl_info+0xe0/0xe0
[  142.626808][T12070]  __vfs_write+0x1a9/0xcb0
[  142.631328][T12070]  ? rw_verify_area+0x3a5/0x5e0
[  142.636191][T12070]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  142.642091][T12070]  vfs_write+0x481/0x920
[  142.646352][T12070]  ksys_write+0x265/0x430
[  142.650913][T12070]  __se_sys_write+0x92/0xb0
[  142.655434][T12070]  __x64_sys_write+0x4a/0x70
[  142.660017][T12070]  do_syscall_64+0xb6/0x160
[  142.664511][T12070]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  142.670399][T12070] RIP: 0033:0x459f49
[  142.674278][T12070] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  142.694769][T12070] RSP: 002b:00007fb6f72e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  142.703947][T12070] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f49
[  142.712191][T12070] RDX: 0000000000000010 RSI: 00000000200001c0 RDI: 0000000000000003
[  142.720162][T12070] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  142.728158][T12070] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb6f72e26d4
[  142.736324][T12070] R13: 00000000004ca424 R14: 00000000004e2490 R15: 00000000ffffffff
[  142.745756][T12070] Kernel Offset: disabled
[  142.750094][T12070] Rebooting in 86400 seconds..