[   64.841320][   T31] audit: type=1800 audit(1566037478.889:27): pid=10575 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   64.881153][   T31] audit: type=1800 audit(1566037478.929:28): pid=10575 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   66.188389][   T31] audit: type=1800 audit(1566037480.239:29): pid=10575 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   66.221848][   T31] audit: type=1800 audit(1566037480.259:30): pid=10575 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.219' (ECDSA) to the list of known hosts.
2019/08/17 10:31:36 parsed 1 programs
2019/08/17 10:31:42 executed programs: 0
syzkaller login: [  488.101129][T10741] IPVS: ftp: loaded support on port[0] = 21
[  488.165709][T10741] chnl_net:caif_netlink_parms(): no params data found
[  488.195501][T10741] bridge0: port 1(bridge_slave_0) entered blocking state
[  488.202722][T10741] bridge0: port 1(bridge_slave_0) entered disabled state
[  488.210412][T10741] device bridge_slave_0 entered promiscuous mode
[  488.218417][T10741] bridge0: port 2(bridge_slave_1) entered blocking state
[  488.225838][T10741] bridge0: port 2(bridge_slave_1) entered disabled state
[  488.233966][T10741] device bridge_slave_1 entered promiscuous mode
[  488.252605][T10741] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  488.263508][T10741] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  488.282842][T10741] team0: Port device team_slave_0 added
[  488.290362][T10741] team0: Port device team_slave_1 added
[  488.344092][T10741] device hsr_slave_0 entered promiscuous mode
[  488.402203][T10741] device hsr_slave_1 entered promiscuous mode
[  488.460867][T10741] bridge0: port 2(bridge_slave_1) entered blocking state
[  488.467989][T10741] bridge0: port 2(bridge_slave_1) entered forwarding state
[  488.475595][T10741] bridge0: port 1(bridge_slave_0) entered blocking state
[  488.482809][T10741] bridge0: port 1(bridge_slave_0) entered forwarding state
[  488.521006][T10741] 8021q: adding VLAN 0 to HW filter on device bond0
[  488.535621][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  488.545467][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  488.554368][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  488.563256][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  488.576985][T10741] 8021q: adding VLAN 0 to HW filter on device team0
[  488.587858][ T3158] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  488.596410][ T3158] bridge0: port 1(bridge_slave_0) entered blocking state
[  488.603635][ T3158] bridge0: port 1(bridge_slave_0) entered forwarding state
[  488.615436][ T3985] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  488.624139][ T3985] bridge0: port 2(bridge_slave_1) entered blocking state
[  488.631195][ T3985] bridge0: port 2(bridge_slave_1) entered forwarding state
[  488.656406][ T3158] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  488.665551][ T3158] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  488.675014][ T3158] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  488.686793][ T3985] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  488.699951][T10741] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  488.711557][T10741] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  488.719996][ T3985] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  488.742442][T10741] 8021q: adding VLAN 0 to HW filter on device batadv0
[  490.720981][T11250] ==================================================================
[  490.729161][T11250] BUG: KMSAN: uninit-value in __list_add_valid+0x292/0x430
[  490.736459][T11250] CPU: 1 PID: 11250 Comm: syz-executor.0 Not tainted 5.3.0-rc3+ #17
[  490.744412][T11250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  490.754439][T11250] Call Trace:
[  490.757761][T11250]  dump_stack+0x191/0x1f0
[  490.762077][T11250]  kmsan_report+0x162/0x2d0
[  490.766650][T11250]  __msan_warning+0x75/0xe0
[  490.771129][T11250]  __list_add_valid+0x292/0x430
[  490.776002][T11250]  rdma_listen+0x623/0x10b0
[  490.780589][T11250]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  490.786578][T11250]  ucma_listen+0x36e/0x5e0
[  490.791084][T11250]  ? ucma_connect+0xa40/0xa40
[  490.795735][T11250]  ucma_write+0x5c5/0x640
[  490.800048][T11250]  ? ucma_get_global_nl_info+0xe0/0xe0
[  490.805488][T11250]  __vfs_write+0x1a9/0xcb0
[  490.809902][T11250]  ? rw_verify_area+0x3a5/0x5e0
[  490.814738][T11250]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  490.820706][T11250]  vfs_write+0x481/0x920
[  490.824936][T11250]  ksys_write+0x265/0x430
[  490.829256][T11250]  __se_sys_write+0x92/0xb0
[  490.833819][T11250]  __x64_sys_write+0x4a/0x70
[  490.838382][T11250]  do_syscall_64+0xbc/0xf0
[  490.842803][T11250]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  490.848667][T11250] RIP: 0033:0x459829
[  490.852549][T11250] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  490.872125][T11250] RSP: 002b:00007f3b0d92bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  490.880505][T11250] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[  490.888449][T11250] RDX: 0000000000000010 RSI: 00000000200000c0 RDI: 0000000000000003
[  490.896392][T11250] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[  490.904346][T11250] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3b0d92c6d4
[  490.912303][T11250] R13: 00000000004c9797 R14: 00000000004e0d10 R15: 00000000ffffffff
[  490.920254][T11250] 
[  490.922670][T11250] Uninit was created at:
[  490.926891][T11250]  kmsan_internal_poison_shadow+0x53/0xa0
[  490.932582][T11250]  kmsan_slab_free+0x8d/0x100
[  490.937230][T11250]  kfree+0x4c1/0x2db0
[  490.941181][T11250]  rdma_destroy_id+0x1c10/0x1c80
[  490.946085][T11250]  ucma_close+0x344/0x4c0
[  490.950393][T11250]  __fput+0x4c9/0xba0
[  490.954347][T11250]  ____fput+0x37/0x40
[  490.958398][T11250]  task_work_run+0x22e/0x2a0
[  490.962959][T11250]  prepare_exit_to_usermode+0x39d/0x4d0
[  490.968488][T11250]  syscall_return_slowpath+0x90/0x610
[  490.973831][T11250]  do_syscall_64+0xe2/0xf0
[  490.978225][T11250]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  490.984097][T11250] ==================================================================
[  490.992138][T11250] Disabling lock debugging due to kernel taint
[  490.998281][T11250] Kernel panic - not syncing: panic_on_warn set ...
[  491.004852][T11250] CPU: 1 PID: 11250 Comm: syz-executor.0 Tainted: G    B             5.3.0-rc3+ #17
[  491.014185][T11250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  491.024297][T11250] Call Trace:
[  491.027573][T11250]  dump_stack+0x191/0x1f0
[  491.031899][T11250]  panic+0x3c9/0xc1e
[  491.035778][T11250]  kmsan_report+0x2ca/0x2d0
[  491.040265][T11250]  __msan_warning+0x75/0xe0
[  491.044746][T11250]  __list_add_valid+0x292/0x430
[  491.049574][T11250]  rdma_listen+0x623/0x10b0
[  491.054068][T11250]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  491.060024][T11250]  ucma_listen+0x36e/0x5e0
[  491.064418][T11250]  ? ucma_connect+0xa40/0xa40
[  491.069065][T11250]  ucma_write+0x5c5/0x640
[  491.073369][T11250]  ? ucma_get_global_nl_info+0xe0/0xe0
[  491.078813][T11250]  __vfs_write+0x1a9/0xcb0
[  491.083204][T11250]  ? rw_verify_area+0x3a5/0x5e0
[  491.088026][T11250]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  491.093978][T11250]  vfs_write+0x481/0x920
[  491.098196][T11250]  ksys_write+0x265/0x430
[  491.102503][T11250]  __se_sys_write+0x92/0xb0
[  491.106980][T11250]  __x64_sys_write+0x4a/0x70
[  491.111542][T11250]  do_syscall_64+0xbc/0xf0
[  491.115932][T11250]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  491.121799][T11250] RIP: 0033:0x459829
[  491.125674][T11250] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  491.145259][T11250] RSP: 002b:00007f3b0d92bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  491.153638][T11250] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
[  491.161585][T11250] RDX: 0000000000000010 RSI: 00000000200000c0 RDI: 0000000000000003
[  491.169537][T11250] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[  491.177500][T11250] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3b0d92c6d4
[  491.185448][T11250] R13: 00000000004c9797 R14: 00000000004e0d10 R15: 00000000ffffffff
[  491.194593][T11250] Kernel Offset: disabled
[  491.198915][T11250] Rebooting in 86400 seconds..