[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   79.038427][   T32] audit: type=1800 audit(1570568699.083:25): pid=11718 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   79.061327][   T32] audit: type=1800 audit(1570568699.103:26): pid=11718 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   79.106302][   T32] audit: type=1800 audit(1570568699.133:27): pid=11718 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.8' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   88.392708][  T684] Bluetooth: Error in BCSP hdr checksum
[   88.442533][ T1124] Bluetooth: Error in BCSP hdr checksum
[   88.462696][  T684] Bluetooth: Error in BCSP hdr checksum
[   88.468575][  T605] Bluetooth: Error in BCSP hdr checksum
[   88.475318][ T1124] Bluetooth: Error in BCSP hdr checksum
[   88.475373][ T1282] Bluetooth: Error in BCSP hdr checksum
[   88.652507][ T1282] Bluetooth: Error in BCSP hdr checksum
[   88.702715][ T1282] Bluetooth: Error in BCSP hdr checksum
[   88.722976][ T1124] Bluetooth: Error in BCSP hdr checksum
[   88.728698][ T1124] Bluetooth: Error in BCSP hdr checksum
[   88.734755][ T1579] Bluetooth: Error in BCSP hdr checksum
[   88.734812][  T684] Bluetooth: Error in BCSP hdr checksum
[   88.912657][  T684] Bluetooth: Error in BCSP hdr checksum
[   90.172132][ T2898] Bluetooth: hci0: command 0x1003 tx timeout
[   90.178384][T11891] Bluetooth: hci0: sending frame failed (-49)
[   90.252144][   T31] Bluetooth: hci1: command 0x1003 tx timeout
[   90.252159][ T2898] Bluetooth: hci5: command 0x1003 tx timeout
[   90.252322][T11891] Bluetooth: hci5: sending frame failed (-49)
[   90.270750][T11891] Bluetooth: hci1: sending frame failed (-49)
[   90.277116][ T2898] Bluetooth: hci4: command 0x1003 tx timeout
[   90.283360][T11892] Bluetooth: hci4: sending frame failed (-49)
[   90.283380][ T2898] Bluetooth: hci3: command 0x1003 tx timeout
[   90.289757][T11891] Bluetooth: hci3: sending frame failed (-49)
[   90.302273][ T2898] Bluetooth: hci2: command 0x1003 tx timeout
[   90.308503][T11891] Bluetooth: hci2: sending frame failed (-49)
[   92.252080][ T2898] Bluetooth: hci0: command 0x1001 tx timeout
[   92.258401][T11891] Bluetooth: hci0: sending frame failed (-49)
[   92.332132][   T31] Bluetooth: hci4: command 0x1001 tx timeout
[   92.332149][ T2898] Bluetooth: hci2: command 0x1001 tx timeout
[   92.332215][ T2898] Bluetooth: hci3: command 0x1001 tx timeout
[   92.338446][T11891] Bluetooth: hci2: sending frame failed (-49)
[   92.345105][ T2898] Bluetooth: hci1: command 0x1001 tx timeout
[   92.350563][T11892] Bluetooth: hci4: sending frame failed (-49)
[   92.358017][T11890] Bluetooth: hci3: sending frame failed (-49)
[   92.362780][T11891] Bluetooth: hci1: sending frame failed (-49)
[   92.368975][ T2898] Bluetooth: hci5: command 0x1001 tx timeout
[   92.387256][T11891] Bluetooth: hci5: sending frame failed (-49)
[   94.339916][   T31] Bluetooth: hci0: command 0x1009 tx timeout
[   94.412276][   T31] Bluetooth: hci5: command 0x1009 tx timeout
[   94.412293][ T2898] Bluetooth: hci3: command 0x1009 tx timeout
[   94.424700][   T31] Bluetooth: hci1: command 0x1009 tx timeout
[   94.430746][   T31] Bluetooth: hci4: command 0x1009 tx timeout
[   94.436889][   T31] Bluetooth: hci2: command 0x1009 tx timeout
executing program
executing program
executing program
[   98.350400][  T684] Bluetooth: Error in BCSP hdr checksum
[   98.356754][ T5280] =====================================================
[   98.363741][ T5280] BUG: KMSAN: use-after-free in copyout+0x16b/0x1f0
[   98.370339][ T5280] CPU: 1 PID: 5280 Comm: udevd Not tainted 5.3.0-rc7+ #0
[   98.377352][ T5280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   98.387390][ T5280] Call Trace:
[   98.390677][ T5280]  dump_stack+0x191/0x1f0
[   98.395005][ T5280]  kmsan_report+0x17d/0x2f0
[   98.399505][ T5280]  kmsan_internal_check_memory+0x3bb/0x4c0
[   98.405299][ T5280]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[   98.411361][ T5280]  kmsan_copy_to_user+0xa9/0xb0
[   98.416395][ T5280]  copyout+0x16b/0x1f0
[   98.420460][ T5280]  _copy_to_iter+0x366/0x26e0
[   98.425164][ T5280]  simple_copy_to_iter+0x92/0xb0
[   98.430094][ T5280]  __skb_datagram_iter+0x257/0xf00
[   98.435203][ T5280]  ? skb_copy_datagram_iter+0x2b0/0x2b0
[   98.440748][ T5280]  skb_copy_datagram_iter+0x29c/0x2b0
[   98.446117][ T5280]  netlink_recvmsg+0x68c/0x18e0
[   98.450971][ T5280]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[   98.456852][ T5280]  sock_recvmsg+0x3b3/0x3c0
[   98.461341][ T5280]  ? netlink_sendmsg+0x1330/0x1330
[   98.466445][ T5280]  ___sys_recvmsg+0x461/0x11e0
[   98.471213][ T5280]  ? unix_dgram_sendmsg+0x3900/0x3900
[   98.476580][ T5280]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[   98.482460][ T5280]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[   98.488514][ T5280]  ? __fget_light+0x1b8/0x710
[   98.493185][ T5280]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[   98.499085][ T5280]  __se_sys_recvmsg+0x2fa/0x450
[   98.503941][ T5280]  __x64_sys_recvmsg+0x4a/0x70
[   98.508694][ T5280]  do_syscall_64+0xbc/0xf0
[   98.513105][ T5280]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   98.518980][ T5280] RIP: 0033:0x7fe836bf4210
[   98.523381][ T5280] Code: 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 90 90 90 90 90 90 90 90 90 90 83 3d e5 d3 2a 00 00 75 10 b8 2f 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 6e bb 00 00 48 89 04 24
[   98.543059][ T5280] RSP: 002b:00007ffd65c95c28 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[   98.551453][ T5280] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fe836bf4210
[   98.559413][ T5280] RDX: 0000000000000000 RSI: 00007ffd65c95c90 RDI: 0000000000000004
[   98.567369][ T5280] RBP: 0000000001021f80 R08: 0000000000000000 R09: 0000000000000000
[   98.575326][ T5280] R10: 0000000000000040 R11: 0000000000000246 R12: 00007ffd65c95cf0
[   98.583283][ T5280] R13: 0000000000000000 R14: 000000000100d2d0 R15: 000000000100d250
[   98.591264][ T5280] 
[   98.593581][ T5280] Uninit was created at:
[   98.597816][ T5280]  kmsan_internal_poison_shadow+0x60/0x120
[   98.603608][ T5280]  kmsan_slab_free+0x8d/0x100
[   98.608278][ T5280]  kfree+0x4c1/0x2db0
[   98.612251][ T5280]  skb_release_data+0x7de/0x9d0
[   98.617093][ T5280]  kfree_skb+0x322/0x4c0
[   98.621329][ T5280]  bcsp_close+0x127/0x1e0
[   98.625651][ T5280]  hci_uart_tty_close+0x385/0x410
[   98.630668][ T5280]  tty_ldisc_release+0x5dd/0xdb0
[   98.635602][ T5280]  tty_release_struct+0x4f/0x1d0
[   98.640531][ T5280]  tty_release+0x1be2/0x1e80
[   98.645116][ T5280]  __fput+0x4c9/0xba0
[   98.649093][ T5280]  ____fput+0x37/0x40
[   98.653073][ T5280]  task_work_run+0x22e/0x2a0
[   98.657672][ T5280]  do_exit+0xf29/0x3aa0
[   98.661819][ T5280]  do_group_exit+0x18a/0x320
[   98.666404][ T5280]  __do_sys_exit_group+0x21/0x30
[   98.671344][ T5280]  __se_sys_exit_group+0x14/0x20
[   98.677229][ T5280]  __x64_sys_exit_group+0x1d/0x20
[   98.682594][ T5280]  do_syscall_64+0xbc/0xf0
[   98.687005][ T5280]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   98.692881][ T5280] 
[   98.695201][ T5280] Bytes 8-137 of 138 are uninitialized
[   98.700647][ T5280] Memory access of size 138 starts at ffff88810ab4e000
[   98.707476][ T5280] =====================================================
[   98.714482][ T5280] Disabling lock debugging due to kernel taint
[   98.720624][ T5280] Kernel panic - not syncing: panic_on_warn set ...
[   98.727219][ T5280] CPU: 1 PID: 5280 Comm: udevd Tainted: G    B             5.3.0-rc7+ #0
[   98.735619][ T5280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   98.745663][ T5280] Call Trace:
[   98.748961][ T5280]  dump_stack+0x191/0x1f0
[   98.753295][ T5280]  panic+0x3c9/0xc1e
[   98.757223][ T5280]  kmsan_report+0x2e5/0x2f0
[   98.761732][ T5280]  kmsan_internal_check_memory+0x3bb/0x4c0
[   98.767540][ T5280]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[   98.773616][ T5280]  kmsan_copy_to_user+0xa9/0xb0
[   98.778467][ T5280]  copyout+0x16b/0x1f0
[   98.782543][ T5280]  _copy_to_iter+0x366/0x26e0
[   98.787251][ T5280]  simple_copy_to_iter+0x92/0xb0
[   98.792197][ T5280]  __skb_datagram_iter+0x257/0xf00
[   98.797309][ T5280]  ? skb_copy_datagram_iter+0x2b0/0x2b0
[   98.802883][ T5280]  skb_copy_datagram_iter+0x29c/0x2b0
[   98.808266][ T5280]  netlink_recvmsg+0x68c/0x18e0
[   98.813145][ T5280]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[   98.819037][ T5280]  sock_recvmsg+0x3b3/0x3c0
[   98.823548][ T5280]  ? netlink_sendmsg+0x1330/0x1330
[   98.828666][ T5280]  ___sys_recvmsg+0x461/0x11e0
[   98.833445][ T5280]  ? unix_dgram_sendmsg+0x3900/0x3900
[   98.838834][ T5280]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[   98.844729][ T5280]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[   98.850792][ T5280]  ? __fget_light+0x1b8/0x710
[   98.855474][ T5280]  ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0
[   98.861381][ T5280]  __se_sys_recvmsg+0x2fa/0x450
[   98.866246][ T5280]  __x64_sys_recvmsg+0x4a/0x70
[   98.871006][ T5280]  do_syscall_64+0xbc/0xf0
[   98.875428][ T5280]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   98.881310][ T5280] RIP: 0033:0x7fe836bf4210
[   98.885821][ T5280] Code: 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 90 90 90 90 90 90 90 90 90 90 83 3d e5 d3 2a 00 00 75 10 b8 2f 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 6e bb 00 00 48 89 04 24
[   98.905431][ T5280] RSP: 002b:00007ffd65c95c28 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[   98.913869][ T5280] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fe836bf4210
[   98.921842][ T5280] RDX: 0000000000000000 RSI: 00007ffd65c95c90 RDI: 0000000000000004
[   98.929815][ T5280] RBP: 0000000001021f80 R08: 0000000000000000 R09: 0000000000000000
[   98.938040][ T5280] R10: 0000000000000040 R11: 0000000000000246 R12: 00007ffd65c95cf0
[   98.946004][ T5280] R13: 0000000000000000 R14: 000000000100d2d0 R15: 000000000100d250
[  100.266273][ T5280] Shutting down cpus with NMI
[  100.285764][ T5280] Kernel Offset: disabled
[  100.290162][ T5280] Rebooting in 86400 seconds..