[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 82.562116][ T31] audit: type=1800 audit(1568115588.644:25): pid=11776 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 82.586443][ T31] audit: type=1800 audit(1568115588.674:26): pid=11776 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 82.625811][ T31] audit: type=1800 audit(1568115588.704:27): pid=11776 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts. 2019/09/10 11:40:03 parsed 1 programs 2019/09/10 11:40:10 executed programs: 0 syzkaller login: [ 103.999248][T11942] IPVS: ftp: loaded support on port[0] = 21 [ 104.080977][T11942] chnl_net:caif_netlink_parms(): no params data found [ 104.117707][T11942] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.124973][T11942] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.133131][T11942] device bridge_slave_0 entered promiscuous mode [ 104.141780][T11942] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.149278][T11942] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.157965][T11942] device bridge_slave_1 entered promiscuous mode [ 104.180782][T11942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.192256][T11942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.215525][T11942] team0: Port device team_slave_0 added [ 104.223281][T11942] team0: Port device team_slave_1 added [ 104.287469][T11942] device hsr_slave_0 entered promiscuous mode [ 104.335156][T11942] device hsr_slave_1 entered promiscuous mode [ 104.387822][T11942] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.395126][T11942] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.402652][T11942] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.410066][T11942] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.456646][T11942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.471624][ T2878] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 104.482212][ T2878] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.491817][ T2878] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.500996][ T2878] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 104.516088][T11942] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.537168][ T4889] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 104.547194][ T4889] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.554451][ T4889] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.562449][ T4889] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 104.571563][ T4889] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.578809][ T4889] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.606141][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 104.616531][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 104.626339][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 104.636427][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 104.651442][T11942] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 104.663630][T11942] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 104.673248][ T4889] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 104.699387][T11942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.106114][ T332] Bluetooth: Error in BCSP hdr checksum [ 105.364789][ T110] Bluetooth: Error in BCSP hdr checksum [ 106.854406][ T4889] Bluetooth: hci0: command 0x1003 tx timeout [ 106.860755][T11956] Bluetooth: hci0: sending frame failed (-49) [ 108.934535][ T4889] Bluetooth: hci0: command 0x1001 tx timeout [ 108.941124][T11956] Bluetooth: hci0: sending frame failed (-49) [ 111.014482][ T5] Bluetooth: hci0: command 0x1009 tx timeout [ 114.937150][T11952] ================================================================== [ 114.945330][T11952] BUG: KMSAN: uninit-value in kfree_skb+0x23c/0x4c0 [ 114.951916][T11952] CPU: 1 PID: 11952 Comm: syz-executor.0 Not tainted 5.3.0-rc7+ #0 [ 114.959840][T11952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.969880][T11952] Call Trace: [ 114.973171][T11952] dump_stack+0x191/0x1f0 [ 114.977725][T11952] kmsan_report+0x162/0x2d0 [ 114.982403][T11952] __msan_warning+0x75/0xe0 [ 114.986910][T11952] kfree_skb+0x23c/0x4c0 [ 114.992186][T11952] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 114.998170][T11952] bcsp_close+0x127/0x1e0 [ 115.002496][T11952] ? bcsp_open+0x5d0/0x5d0 [ 115.006912][T11952] hci_uart_tty_close+0x385/0x410 [ 115.011961][T11952] ? hci_uart_tty_open+0x5a0/0x5a0 [ 115.017169][T11952] tty_ldisc_release+0x5dd/0xdb0 [ 115.022119][T11952] tty_release_struct+0x4f/0x1d0 [ 115.027057][T11952] ? tty_unlock+0x82/0x100 [ 115.031479][T11952] tty_release+0x1be2/0x1e80 [ 115.036083][T11952] ? tty_release_struct+0x1d0/0x1d0 [ 115.041371][T11952] __fput+0x4c9/0xba0 [ 115.045423][T11952] ____fput+0x37/0x40 [ 115.049400][T11952] ? fput_many+0x2a0/0x2a0 [ 115.053813][T11952] task_work_run+0x22e/0x2a0 [ 115.058409][T11952] prepare_exit_to_usermode+0x39d/0x4d0 [ 115.063950][T11952] syscall_return_slowpath+0x90/0x610 [ 115.069320][T11952] do_syscall_64+0xe2/0xf0 [ 115.073745][T11952] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 115.079638][T11952] RIP: 0033:0x4135d1 [ 115.083539][T11952] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 115.103163][T11952] RSP: 002b:00007ffdddafdd50 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 115.111566][T11952] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004135d1 [ 115.119547][T11952] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 115.127506][T11952] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff [ 115.135482][T11952] R10: 00007ffdddafde30 R11: 0000000000000293 R12: 000000000075c9a0 [ 115.143564][T11952] R13: 000000000075c9a0 R14: 00000000007603c0 R15: ffffffffffffffff [ 115.151589][T11952] [ 115.153995][T11952] Uninit was created at: [ 115.158507][T11952] kmsan_internal_poison_shadow+0x58/0xb0 [ 115.164370][T11952] kmsan_slab_free+0x8d/0x100 [ 115.169187][T11952] kmem_cache_free+0x2d1/0x2b70 [ 115.174039][T11952] kfree_skb+0x473/0x4c0 [ 115.178269][T11952] ip6_mc_input+0xec9/0x1470 [ 115.182848][T11952] ipv6_rcv+0x683/0x710 [ 115.186996][T11952] process_backlog+0x721/0x1410 [ 115.191859][T11952] net_rx_action+0x74b/0x1950 [ 115.196565][T11952] __do_softirq+0x4a1/0x83a [ 115.201072][T11952] run_ksoftirqd+0x25/0x40 [ 115.205560][T11952] smpboot_thread_fn+0x4a3/0x990 [ 115.210480][T11952] kthread+0x4b5/0x4f0 [ 115.214528][T11952] ret_from_fork+0x35/0x40 [ 115.218914][T11952] ================================================================== [ 115.226962][T11952] Disabling lock debugging due to kernel taint [ 115.233114][T11952] Kernel panic - not syncing: panic_on_warn set ... [ 115.239688][T11952] CPU: 1 PID: 11952 Comm: syz-executor.0 Tainted: G B 5.3.0-rc7+ #0 [ 115.248945][T11952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 115.259107][T11952] Call Trace: [ 115.262412][T11952] dump_stack+0x191/0x1f0 [ 115.266746][T11952] panic+0x3c9/0xc1e [ 115.270650][T11952] kmsan_report+0x2ca/0x2d0 [ 115.275136][T11952] __msan_warning+0x75/0xe0 [ 115.279646][T11952] kfree_skb+0x23c/0x4c0 [ 115.283868][T11952] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 115.289859][T11952] bcsp_close+0x127/0x1e0 [ 115.294220][T11952] ? bcsp_open+0x5d0/0x5d0 [ 115.298636][T11952] hci_uart_tty_close+0x385/0x410 [ 115.303719][T11952] ? hci_uart_tty_open+0x5a0/0x5a0 [ 115.308921][T11952] tty_ldisc_release+0x5dd/0xdb0 [ 115.313864][T11952] tty_release_struct+0x4f/0x1d0 [ 115.318803][T11952] ? tty_unlock+0x82/0x100 [ 115.323201][T11952] tty_release+0x1be2/0x1e80 [ 115.327785][T11952] ? tty_release_struct+0x1d0/0x1d0 [ 115.332996][T11952] __fput+0x4c9/0xba0 [ 115.336976][T11952] ____fput+0x37/0x40 [ 115.340946][T11952] ? fput_many+0x2a0/0x2a0 [ 115.345342][T11952] task_work_run+0x22e/0x2a0 [ 115.349932][T11952] prepare_exit_to_usermode+0x39d/0x4d0 [ 115.355501][T11952] syscall_return_slowpath+0x90/0x610 [ 115.360901][T11952] do_syscall_64+0xe2/0xf0 [ 115.365425][T11952] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 115.371598][T11952] RIP: 0033:0x4135d1 [ 115.375482][T11952] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 115.395075][T11952] RSP: 002b:00007ffdddafdd50 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 115.403470][T11952] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004135d1 [ 115.411451][T11952] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 115.419416][T11952] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff [ 115.427493][T11952] R10: 00007ffdddafde30 R11: 0000000000000293 R12: 000000000075c9a0 [ 115.435550][T11952] R13: 000000000075c9a0 R14: 00000000007603c0 R15: ffffffffffffffff [ 115.446936][T11952] Kernel Offset: disabled [ 115.451269][T11952] Rebooting in 86400 seconds..