[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   82.866315][   T31] audit: type=1800 audit(1571303905.911:25): pid=11898 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   82.889322][   T31] audit: type=1800 audit(1571303905.931:26): pid=11898 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   82.925919][   T31] audit: type=1800 audit(1571303905.961:27): pid=11898 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.160' (ECDSA) to the list of known hosts.
2019/10/17 09:25:10 parsed 1 programs
2019/10/17 09:25:18 executed programs: 0
syzkaller login: [  495.056705][T12063] IPVS: ftp: loaded support on port[0] = 21
[  495.137651][T12063] chnl_net:caif_netlink_parms(): no params data found
[  495.172878][T12063] bridge0: port 1(bridge_slave_0) entered blocking state
[  495.180224][T12063] bridge0: port 1(bridge_slave_0) entered disabled state
[  495.188630][T12063] device bridge_slave_0 entered promiscuous mode
[  495.197079][T12063] bridge0: port 2(bridge_slave_1) entered blocking state
[  495.204310][T12063] bridge0: port 2(bridge_slave_1) entered disabled state
[  495.212346][T12063] device bridge_slave_1 entered promiscuous mode
[  495.233137][T12063] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  495.244717][T12063] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  495.266964][T12063] team0: Port device team_slave_0 added
[  495.274735][T12063] team0: Port device team_slave_1 added
[  495.335978][T12063] device hsr_slave_0 entered promiscuous mode
[  495.372797][T12063] device hsr_slave_1 entered promiscuous mode
[  495.434229][T12063] bridge0: port 2(bridge_slave_1) entered blocking state
[  495.441431][T12063] bridge0: port 2(bridge_slave_1) entered forwarding state
[  495.449212][T12063] bridge0: port 1(bridge_slave_0) entered blocking state
[  495.456414][T12063] bridge0: port 1(bridge_slave_0) entered forwarding state
[  495.503993][T12063] 8021q: adding VLAN 0 to HW filter on device bond0
[  495.518722][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  495.529151][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  495.538756][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  495.547374][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  495.561744][T12063] 8021q: adding VLAN 0 to HW filter on device team0
[  495.575487][   T30] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  495.584425][   T30] bridge0: port 1(bridge_slave_0) entered blocking state
[  495.591558][   T30] bridge0: port 1(bridge_slave_0) entered forwarding state
[  495.613223][ T2887] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  495.621987][ T2887] bridge0: port 2(bridge_slave_1) entered blocking state
[  495.629306][ T2887] bridge0: port 2(bridge_slave_1) entered forwarding state
[  495.644042][   T30] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  495.654014][   T30] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  495.668756][   T30] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  495.681927][ T2887] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  495.696114][   T30] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  495.708578][T12063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  495.732061][T12063] 8021q: adding VLAN 0 to HW filter on device batadv0
[  496.183005][ T1324] Bluetooth: Error in BCSP hdr checksum
[  496.442698][  T108] Bluetooth: Error in BCSP hdr checksum
[  497.943023][   T30] Bluetooth: hci0: command 0x1003 tx timeout
[  497.949190][T12080] Bluetooth: hci0: sending frame failed (-49)
[  500.022472][ T2887] Bluetooth: hci0: command 0x1001 tx timeout
[  500.028721][T12080] Bluetooth: hci0: sending frame failed (-49)
[  502.102494][   T30] Bluetooth: hci0: command 0x1009 tx timeout
[  506.024301][T12076] =====================================================
[  506.031432][T12076] BUG: KMSAN: use-after-free in kfree_skb+0x23c/0x4c0
[  506.038180][T12076] CPU: 0 PID: 12076 Comm: syz-executor.0 Not tainted 5.4.0-rc3+ #0
[  506.046045][T12076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  506.056079][T12076] Call Trace:
[  506.059381][T12076]  dump_stack+0x191/0x1f0
[  506.063758][T12076]  kmsan_report+0x14a/0x2f0
[  506.068246][T12076]  __msan_warning+0x73/0xf0
[  506.072730][T12076]  kfree_skb+0x23c/0x4c0
[  506.076952][T12076]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  506.082841][T12076]  bcsp_close+0x127/0x1e0
[  506.087160][T12076]  ? bcsp_open+0x5d0/0x5d0
[  506.091562][T12076]  hci_uart_tty_close+0x385/0x410
[  506.096576][T12076]  ? hci_uart_tty_open+0x5a0/0x5a0
[  506.101713][T12076]  tty_ldisc_release+0x5dd/0xd50
[  506.106639][T12076]  tty_release_struct+0x4f/0x1d0
[  506.111558][T12076]  ? tty_unlock+0x82/0x100
[  506.115962][T12076]  tty_release+0x1be2/0x1e80
[  506.120540][T12076]  ? tty_release_struct+0x1d0/0x1d0
[  506.125716][T12076]  __fput+0x4c9/0xba0
[  506.129695][T12076]  ____fput+0x37/0x40
[  506.133668][T12076]  ? fput_many+0x2a0/0x2a0
[  506.138071][T12076]  task_work_run+0x22e/0x2a0
[  506.142668][T12076]  prepare_exit_to_usermode+0x39d/0x4d0
[  506.148267][T12076]  syscall_return_slowpath+0x90/0x610
[  506.153632][T12076]  do_syscall_64+0xdc/0x160
[  506.158186][T12076]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  506.164059][T12076] RIP: 0033:0x413741
[  506.167942][T12076] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  506.187962][T12076] RSP: 002b:00007ffcdafe2c30 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  506.196423][T12076] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000413741
[  506.204374][T12076] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  506.212331][T12076] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[  506.220377][T12076] R10: 00007ffcdafe2d10 R11: 0000000000000293 R12: 000000000075c9a0
[  506.228541][T12076] R13: 000000000075c9a0 R14: 00000000007603c0 R15: 000000000075bfd4
[  506.236499][T12076] 
[  506.238814][T12076] Uninit was created at:
[  506.243099][T12076]  kmsan_internal_poison_shadow+0x60/0x110
[  506.248881][T12076]  kmsan_slab_free+0x8d/0x100
[  506.254402][T12076]  kmem_cache_free+0x2d1/0x2b70
[  506.259240][T12076]  __kfree_skb+0x1dd/0x210
[  506.263640][T12076]  consume_skb+0x2b0/0x2e0
[  506.268065][T12076]  __dev_kfree_skb_any+0x32e/0x360
[  506.273164][T12076]  team_dummy_transmit+0x44/0x60
[  506.278084][T12076]  team_xmit+0x676/0x8c0
[  506.283965][T12076]  dev_hard_start_xmit+0x51a/0xab0
[  506.289050][T12076]  __dev_queue_xmit+0x35b6/0x4200
[  506.294054][T12076]  dev_queue_xmit+0x4b/0x60
[  506.298611][T12076]  ip6_finish_output2+0x2089/0x2670
[  506.303789][T12076]  __ip6_finish_output+0x83d/0x8f0
[  506.308885][T12076]  ip6_finish_output+0x2db/0x420
[  506.313810][T12076]  ip6_output+0x5d3/0x720
[  506.318166][T12076]  ndisc_send_skb+0x1083/0x15e0
[  506.322993][T12076]  ndisc_send_rs+0xb5d/0xb90
[  506.327563][T12076]  addrconf_rs_timer+0x847/0xc20
[  506.332479][T12076]  call_timer_fn+0x232/0x530
[  506.337057][T12076]  __run_timers+0xd60/0x1270
[  506.341631][T12076]  run_timer_softirq+0x2d/0x50
[  506.346373][T12076]  __do_softirq+0x4a1/0x83a
[  506.350852][T12076]  irq_exit+0x230/0x280
[  506.354997][T12076]  exiting_irq+0xe/0x10
[  506.359134][T12076]  smp_apic_timer_interrupt+0x48/0x70
[  506.364482][T12076]  apic_timer_interrupt+0x2e/0x40
[  506.369483][T12076]  default_idle+0x53/0x90
[  506.373788][T12076]  arch_cpu_idle+0x25/0x30
[  506.378189][T12076]  do_idle+0x1d5/0x780
[  506.382242][T12076]  cpu_startup_entry+0x45/0x50
[  506.387015][T12076]  start_secondary+0x389/0x480
[  506.391757][T12076]  secondary_startup_64+0xa4/0xb0
[  506.396751][T12076] =====================================================
[  506.403655][T12076] Disabling lock debugging due to kernel taint
[  506.409780][T12076] Kernel panic - not syncing: panic_on_warn set ...
[  506.416358][T12076] CPU: 0 PID: 12076 Comm: syz-executor.0 Tainted: G    B             5.4.0-rc3+ #0
[  506.425623][T12076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  506.435666][T12076] Call Trace:
[  506.438943][T12076]  dump_stack+0x191/0x1f0
[  506.443255][T12076]  panic+0x3c9/0xc1e
[  506.447145][T12076]  kmsan_report+0x2e8/0x2f0
[  506.451628][T12076]  __msan_warning+0x73/0xf0
[  506.456114][T12076]  kfree_skb+0x23c/0x4c0
[  506.460336][T12076]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  506.466212][T12076]  bcsp_close+0x127/0x1e0
[  506.470517][T12076]  ? bcsp_open+0x5d0/0x5d0
[  506.474911][T12076]  hci_uart_tty_close+0x385/0x410
[  506.479917][T12076]  ? hci_uart_tty_open+0x5a0/0x5a0
[  506.485009][T12076]  tty_ldisc_release+0x5dd/0xd50
[  506.489949][T12076]  tty_release_struct+0x4f/0x1d0
[  506.494931][T12076]  ? tty_unlock+0x82/0x100
[  506.499597][T12076]  tty_release+0x1be2/0x1e80
[  506.504285][T12076]  ? tty_release_struct+0x1d0/0x1d0
[  506.509622][T12076]  __fput+0x4c9/0xba0
[  506.513598][T12076]  ____fput+0x37/0x40
[  506.517569][T12076]  ? fput_many+0x2a0/0x2a0
[  506.521974][T12076]  task_work_run+0x22e/0x2a0
[  506.526551][T12076]  prepare_exit_to_usermode+0x39d/0x4d0
[  506.532081][T12076]  syscall_return_slowpath+0x90/0x610
[  506.537437][T12076]  do_syscall_64+0xdc/0x160
[  506.541922][T12076]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  506.547934][T12076] RIP: 0033:0x413741
[  506.551807][T12076] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  506.572786][T12076] RSP: 002b:00007ffcdafe2c30 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  506.581185][T12076] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000413741
[  506.589136][T12076] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  506.597092][T12076] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[  506.605042][T12076] R10: 00007ffcdafe2d10 R11: 0000000000000293 R12: 000000000075c9a0
[  506.612993][T12076] R13: 000000000075c9a0 R14: 00000000007603c0 R15: 000000000075bfd4
[  506.622313][T12076] Kernel Offset: disabled
[  506.626637][T12076] Rebooting in 86400 seconds..