[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   86.587297][   T32] audit: type=1800 audit(1573235938.637:25): pid=11935 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   86.611051][   T32] audit: type=1800 audit(1573235938.657:26): pid=11935 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   86.658786][   T32] audit: type=1800 audit(1573235938.687:27): pid=11935 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.15' (ECDSA) to the list of known hosts.
2019/11/08 17:59:12 parsed 1 programs
2019/11/08 17:59:20 executed programs: 0
syzkaller login: [  108.576319][T12101] IPVS: ftp: loaded support on port[0] = 21
[  108.656434][T12101] chnl_net:caif_netlink_parms(): no params data found
[  108.690807][T12101] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.698008][T12101] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.706334][T12101] device bridge_slave_0 entered promiscuous mode
[  108.714506][T12101] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.721588][T12101] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.729698][T12101] device bridge_slave_1 entered promiscuous mode
[  108.751132][T12101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  108.762671][T12101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  108.785382][T12101] team0: Port device team_slave_0 added
[  108.793714][T12101] team0: Port device team_slave_1 added
[  108.855241][T12101] device hsr_slave_0 entered promiscuous mode
[  108.902562][T12101] device hsr_slave_1 entered promiscuous mode
[  109.044772][T12101] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.052123][T12101] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.059898][T12101] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.067158][T12101] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.329255][T12101] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.389911][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  109.414194][ T3378] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.433990][ T3378] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.454689][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  109.502883][T12101] 8021q: adding VLAN 0 to HW filter on device team0
[  109.534177][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  109.543864][ T3378] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.551071][ T3378] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.559764][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  109.569385][ T3378] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.576648][ T3378] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.673962][T12101] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  109.684480][T12101] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  109.723349][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  109.734071][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  109.744862][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  109.754782][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  109.822515][T12101] 8021q: adding VLAN 0 to HW filter on device batadv0
[  109.854372][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  109.864707][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  109.873467][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  109.881235][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  110.245712][T12167] =====================================================
[  110.252746][T12167] BUG: KMSAN: use-after-free in __list_add_valid+0x292/0x430
[  110.260126][T12167] CPU: 0 PID: 12167 Comm: syz-executor.0 Not tainted 5.4.0-rc5+ #0
[  110.268026][T12167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  110.278130][T12167] Call Trace:
[  110.281420][T12167]  dump_stack+0x191/0x1f0
[  110.285753][T12167]  kmsan_report+0x128/0x220
[  110.290241][T12167]  __msan_warning+0x73/0xe0
[  110.294749][T12167]  __list_add_valid+0x292/0x430
[  110.299606][T12167]  rdma_listen+0x623/0x10b0
[  110.304551][T12167]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  110.310533][T12167]  ucma_listen+0x36e/0x5e0
[  110.314935][T12167]  ? ucma_connect+0xa40/0xa40
[  110.319599][T12167]  ucma_write+0x5c5/0x640
[  110.323920][T12167]  ? ucma_get_global_nl_info+0xe0/0xe0
[  110.329383][T12167]  __vfs_write+0x1a9/0xcb0
[  110.333794][T12167]  ? rw_verify_area+0x3a5/0x5e0
[  110.338674][T12167]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  110.344557][T12167]  vfs_write+0x481/0x920
[  110.348796][T12167]  ksys_write+0x265/0x430
[  110.353112][T12167]  __se_sys_write+0x92/0xb0
[  110.357595][T12167]  __x64_sys_write+0x4a/0x70
[  110.362165][T12167]  do_syscall_64+0xb6/0x160
[  110.366656][T12167]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  110.372524][T12167] RIP: 0033:0x45a219
[  110.376400][T12167] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  110.395981][T12167] RSP: 002b:00007fca427adc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  110.404371][T12167] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219
[  110.412322][T12167] RDX: 0000000000000010 RSI: 00000000200001c0 RDI: 0000000000000003
[  110.420272][T12167] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  110.428221][T12167] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fca427ae6d4
[  110.436183][T12167] R13: 00000000004ca93f R14: 00000000004e2ce8 R15: 00000000ffffffff
[  110.444142][T12167] 
[  110.446445][T12167] Uninit was created at:
[  110.450675][T12167]  kmsan_internal_poison_shadow+0x60/0x120
[  110.456458][T12167]  kmsan_slab_free+0x8d/0xf0
[  110.461022][T12167]  kfree+0x4c1/0x2e70
[  110.464985][T12167]  rdma_destroy_id+0x1c10/0x1c80
[  110.469901][T12167]  ucma_close+0x344/0x4c0
[  110.474207][T12167]  __fput+0x4c9/0xba0
[  110.478176][T12167]  ____fput+0x37/0x40
[  110.482490][T12167]  task_work_run+0x22e/0x2a0
[  110.487056][T12167]  prepare_exit_to_usermode+0x39d/0x4d0
[  110.492591][T12167]  syscall_return_slowpath+0x90/0x610
[  110.497937][T12167]  do_syscall_64+0xdc/0x160
[  110.502417][T12167]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  110.508279][T12167] =====================================================
[  110.515205][T12167] Disabling lock debugging due to kernel taint
[  110.521334][T12167] Kernel panic - not syncing: panic_on_warn set ...
[  110.527900][T12167] CPU: 0 PID: 12167 Comm: syz-executor.0 Tainted: G    B             5.4.0-rc5+ #0
[  110.537152][T12167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  110.547184][T12167] Call Trace:
[  110.550461][T12167]  dump_stack+0x191/0x1f0
[  110.554782][T12167]  panic+0x3c9/0xc1e
[  110.558672][T12167]  kmsan_report+0x215/0x220
[  110.563159][T12167]  __msan_warning+0x73/0xe0
[  110.567646][T12167]  __list_add_valid+0x292/0x430
[  110.572482][T12167]  rdma_listen+0x623/0x10b0
[  110.576967][T12167]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  110.582843][T12167]  ucma_listen+0x36e/0x5e0
[  110.587253][T12167]  ? ucma_connect+0xa40/0xa40
[  110.591919][T12167]  ucma_write+0x5c5/0x640
[  110.596246][T12167]  ? ucma_get_global_nl_info+0xe0/0xe0
[  110.601679][T12167]  __vfs_write+0x1a9/0xcb0
[  110.606089][T12167]  ? rw_verify_area+0x3a5/0x5e0
[  110.610920][T12167]  ? kmsan_get_shadow_origin_ptr+0x91/0x4b0
[  110.616966][T12167]  vfs_write+0x481/0x920
[  110.621202][T12167]  ksys_write+0x265/0x430
[  110.625514][T12167]  __se_sys_write+0x92/0xb0
[  110.629997][T12167]  __x64_sys_write+0x4a/0x70
[  110.634566][T12167]  do_syscall_64+0xb6/0x160
[  110.639058][T12167]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  110.645793][T12167] RIP: 0033:0x45a219
[  110.649672][T12167] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  110.669271][T12167] RSP: 002b:00007fca427adc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  110.677669][T12167] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219
[  110.685618][T12167] RDX: 0000000000000010 RSI: 00000000200001c0 RDI: 0000000000000003
[  110.693566][T12167] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  110.701518][T12167] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fca427ae6d4
[  110.709483][T12167] R13: 00000000004ca93f R14: 00000000004e2ce8 R15: 00000000ffffffff
[  110.718962][T12167] Kernel Offset: disabled
[  110.723345][T12167] Rebooting in 86400 seconds..