[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   97.969417][   T32] audit: type=1800 audit(1561651793.024:25): pid=12452 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   98.002638][   T32] audit: type=1800 audit(1561651793.054:26): pid=12452 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   98.047969][   T32] audit: type=1800 audit(1561651793.084:27): pid=12452 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.45' (ECDSA) to the list of known hosts.
2019/06/27 16:10:06 fuzzer started
2019/06/27 16:10:12 dialing manager at 10.128.0.26:33845
2019/06/27 16:10:12 syscalls: 2347
2019/06/27 16:10:12 code coverage: enabled
2019/06/27 16:10:12 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/06/27 16:10:12 extra coverage: enabled
2019/06/27 16:10:12 setuid sandbox: enabled
2019/06/27 16:10:12 namespace sandbox: enabled
2019/06/27 16:10:12 Android sandbox: /sys/fs/selinux/policy does not exist
2019/06/27 16:10:12 fault injection: enabled
2019/06/27 16:10:12 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/06/27 16:10:12 net packet injection: enabled
2019/06/27 16:10:12 net device setup: enabled
16:13:15 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r1 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x34, &(0x7f0000000000), 0x4)

syzkaller login: [  300.253188][T12615] IPVS: ftp: loaded support on port[0] = 21
[  300.408901][T12615] chnl_net:caif_netlink_parms(): no params data found
[  300.473020][T12615] bridge0: port 1(bridge_slave_0) entered blocking state
[  300.480377][T12615] bridge0: port 1(bridge_slave_0) entered disabled state
[  300.489826][T12615] device bridge_slave_0 entered promiscuous mode
[  300.500584][T12615] bridge0: port 2(bridge_slave_1) entered blocking state
[  300.508022][T12615] bridge0: port 2(bridge_slave_1) entered disabled state
[  300.517346][T12615] device bridge_slave_1 entered promiscuous mode
[  300.553109][T12615] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  300.566278][T12615] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  300.602720][T12615] team0: Port device team_slave_0 added
[  300.618784][T12615] team0: Port device team_slave_1 added
[  300.808020][T12615] device hsr_slave_0 entered promiscuous mode
[  300.933704][T12615] device hsr_slave_1 entered promiscuous mode
[  301.005585][T12615] bridge0: port 2(bridge_slave_1) entered blocking state
[  301.013040][T12615] bridge0: port 2(bridge_slave_1) entered forwarding state
[  301.020855][T12615] bridge0: port 1(bridge_slave_0) entered blocking state
[  301.028336][T12615] bridge0: port 1(bridge_slave_0) entered forwarding state
[  301.113290][T12615] 8021q: adding VLAN 0 to HW filter on device bond0
[  301.135888][ T3885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  301.148030][ T3885] bridge0: port 1(bridge_slave_0) entered disabled state
[  301.159606][ T3885] bridge0: port 2(bridge_slave_1) entered disabled state
[  301.171453][ T3885] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  301.200630][T12615] 8021q: adding VLAN 0 to HW filter on device team0
[  301.220682][ T3885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  301.231151][ T3885] bridge0: port 1(bridge_slave_0) entered blocking state
[  301.239504][ T3885] bridge0: port 1(bridge_slave_0) entered forwarding state
[  301.305404][ T3885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  301.314522][ T3885] bridge0: port 2(bridge_slave_1) entered blocking state
[  301.321862][ T3885] bridge0: port 2(bridge_slave_1) entered forwarding state
[  301.332565][ T3885] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  301.343382][ T3885] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  301.354920][ T3885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  301.364779][ T3885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  301.376425][T12615] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  301.386410][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  301.446143][T12615] 8021q: adding VLAN 0 to HW filter on device batadv0
16:13:16 executing program 0:
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
prctl$PR_GET_CHILD_SUBREAPER(0x25)
perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0)
r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
epoll_create(0x0)
getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000100), &(0x7f00000001c0)=0x4)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x1f)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0x1ff}, 0x0)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x0, 0x0, 0x7fffffd, 0x0, 0xd1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xcd84}, 0x800000200000000, 0x2}, 0x0, 0xd, 0xffffffffffffff9c, 0x0)
mount(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f00000003c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000))
openat$random(0xffffffffffffff9c, &(0x7f0000000300)='/dev/urandom\x00', 0x40000, 0x0)
clone(0x1000e00, 0x0, 0x0, 0x0, 0x0)

16:13:16 executing program 0:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x79, 0x1a, 0x78, 0x8, 0xb95, 0x772a, 0x55cd, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x77, 0x0, 0x0, 0x77, 0x2d, 0x35}}]}}]}}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000900)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000c40)={0x54, &(0x7f0000000940), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f00000003c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000700)={0x54, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000001680)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000019c0)={0x54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={0x40, 0x9, 0x3, "f085d2"}, 0x0})
syz_usb_control_io(r0, &(0x7f0000000800)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000001140)={0x54, &(0x7f0000000840), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000006b80)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000006ec0)={0x54, &(0x7f0000006bc0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000000880)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000011c0)={0x54, &(0x7f00000008c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000001600)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000001b40)={0x54, &(0x7f0000001800), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000000240)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000680)={0x54, &(0x7f0000000280), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  302.112557][   T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  302.352408][   T12] usb 1-1: Using ep0 maxpacket: 8
[  302.472651][   T12] usb 1-1: config 0 has an invalid interface number: 119 but max is 0
[  302.483442][   T12] usb 1-1: config 0 has no interface number 0
[  302.489843][   T12] usb 1-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=55.cd
[  302.499108][   T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  302.521495][   T12] usb 1-1: config 0 descriptor??
[  302.763018][   T12] ==================================================================
[  302.771191][   T12] BUG: KMSAN: uninit-value in ax88772_bind+0x93d/0x11e0
[  302.778167][   T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.2.0-rc4+ #7
[  302.785547][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  302.795771][   T12] Workqueue: usb_hub_wq hub_event
[  302.800881][   T12] Call Trace:
[  302.804319][   T12]  dump_stack+0x191/0x1f0
[  302.808808][   T12]  kmsan_report+0x162/0x2d0
[  302.813371][   T12]  __msan_warning+0x75/0xe0
[  302.817927][   T12]  ax88772_bind+0x93d/0x11e0
[  302.822581][   T12]  ? ax88178_change_mtu+0x650/0x650
[  302.827817][   T12]  usbnet_probe+0x10d3/0x3950
[  302.832544][   T12]  ? kmsan_internal_memset_shadow+0x104/0x3a0
[  302.838983][   T12]  ? usbnet_disconnect+0x660/0x660
[  302.844148][   T12]  usb_probe_interface+0xd19/0x1310
[  302.849762][   T12]  ? usb_register_driver+0x7d0/0x7d0
[  302.855089][   T12]  really_probe+0x1344/0x1d90
[  302.861252][   T12]  driver_probe_device+0x1ba/0x510
[  302.866533][   T12]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  302.872594][   T12]  __device_attach_driver+0x5b8/0x790
[  302.878651][   T12]  bus_for_each_drv+0x28e/0x3b0
[  302.883657][   T12]  ? deferred_probe_work_func+0x400/0x400
[  302.890473][   T12]  __device_attach+0x489/0x750
[  302.895853][   T12]  device_initial_probe+0x4a/0x60
[  302.900962][   T12]  bus_probe_device+0x131/0x390
[  302.906093][   T12]  device_add+0x25b5/0x2df0
[  302.912926][   T12]  usb_set_configuration+0x309f/0x3710
[  302.918554][   T12]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  302.924705][   T12]  generic_probe+0xe7/0x280
[  302.929244][   T12]  ? usb_choose_configuration+0xae0/0xae0
[  302.935000][   T12]  usb_probe_device+0x146/0x200
[  302.940070][   T12]  ? usb_register_device_driver+0x470/0x470
[  302.945997][   T12]  really_probe+0x1344/0x1d90
[  302.950726][   T12]  driver_probe_device+0x1ba/0x510
[  302.955884][   T12]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  302.961815][   T12]  __device_attach_driver+0x5b8/0x790
[  302.967253][   T12]  bus_for_each_drv+0x28e/0x3b0
[  302.972128][   T12]  ? deferred_probe_work_func+0x400/0x400
[  302.977887][   T12]  __device_attach+0x489/0x750
[  302.982701][   T12]  device_initial_probe+0x4a/0x60
[  302.987756][   T12]  bus_probe_device+0x131/0x390
[  302.992654][   T12]  device_add+0x25b5/0x2df0
[  302.997225][   T12]  usb_new_device+0x23e5/0x2fb0
[  303.002176][   T12]  hub_event+0x5853/0x7320
[  303.006716][   T12]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  303.013412][   T12]  ? led_work+0x720/0x720
[  303.017758][   T12]  ? led_work+0x720/0x720
[  303.022118][   T12]  process_one_work+0x1572/0x1f00
[  303.027380][   T12]  worker_thread+0x111b/0x2460
[  303.032203][   T12]  kthread+0x4b5/0x4f0
[  303.036290][   T12]  ? process_one_work+0x1f00/0x1f00
[  303.041527][   T12]  ? kthread_blkcg+0xf0/0xf0
[  303.046210][   T12]  ret_from_fork+0x35/0x40
[  303.050686][   T12] 
[  303.053019][   T12] Local variable description: ----buf@ax88772_bind
[  303.059618][   T12] Variable was created at:
[  303.064067][   T12]  ax88772_bind+0x5f/0x11e0
[  303.068633][   T12]  usbnet_probe+0x10d3/0x3950
[  303.073333][   T12] ==================================================================
[  303.081413][   T12] Disabling lock debugging due to kernel taint
[  303.087755][   T12] Kernel panic - not syncing: panic_on_warn set ...
[  303.094363][   T12] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G    B             5.2.0-rc4+ #7
[  303.103147][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  303.114033][   T12] Workqueue: usb_hub_wq hub_event
[  303.119443][   T12] Call Trace:
[  303.122780][   T12]  dump_stack+0x191/0x1f0
[  303.127159][   T12]  panic+0x3c9/0xc1e
[  303.131314][   T12]  kmsan_report+0x2ca/0x2d0
[  303.135960][   T12]  __msan_warning+0x75/0xe0
[  303.140601][   T12]  ax88772_bind+0x93d/0x11e0
[  303.145241][   T12]  ? ax88178_change_mtu+0x650/0x650
[  303.150494][   T12]  usbnet_probe+0x10d3/0x3950
[  303.155225][   T12]  ? kmsan_internal_memset_shadow+0x104/0x3a0
[  303.161349][   T12]  ? usbnet_disconnect+0x660/0x660
[  303.166486][   T12]  usb_probe_interface+0xd19/0x1310
[  303.171732][   T12]  ? usb_register_driver+0x7d0/0x7d0
[  303.177071][   T12]  really_probe+0x1344/0x1d90
[  303.181795][   T12]  driver_probe_device+0x1ba/0x510
[  303.186933][   T12]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  303.192865][   T12]  __device_attach_driver+0x5b8/0x790
[  303.198285][   T12]  bus_for_each_drv+0x28e/0x3b0
[  303.203165][   T12]  ? deferred_probe_work_func+0x400/0x400
[  303.209888][   T12]  __device_attach+0x489/0x750
[  303.214723][   T12]  device_initial_probe+0x4a/0x60
[  303.219784][   T12]  bus_probe_device+0x131/0x390
[  303.224682][   T12]  device_add+0x25b5/0x2df0
[  303.229264][   T12]  usb_set_configuration+0x309f/0x3710
[  303.234798][   T12]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  303.240956][   T12]  generic_probe+0xe7/0x280
[  303.245489][   T12]  ? usb_choose_configuration+0xae0/0xae0
[  303.251228][   T12]  usb_probe_device+0x146/0x200
[  303.256103][   T12]  ? usb_register_device_driver+0x470/0x470
[  303.262022][   T12]  really_probe+0x1344/0x1d90
[  303.266741][   T12]  driver_probe_device+0x1ba/0x510
[  303.271880][   T12]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  303.277983][   T12]  __device_attach_driver+0x5b8/0x790
[  303.283407][   T12]  bus_for_each_drv+0x28e/0x3b0
[  303.288278][   T12]  ? deferred_probe_work_func+0x400/0x400
[  303.294039][   T12]  __device_attach+0x489/0x750
[  303.298849][   T12]  device_initial_probe+0x4a/0x60
[  303.303951][   T12]  bus_probe_device+0x131/0x390
[  303.308954][   T12]  device_add+0x25b5/0x2df0
[  303.313528][   T12]  usb_new_device+0x23e5/0x2fb0
[  303.318456][   T12]  hub_event+0x5853/0x7320
[  303.323539][   T12]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  303.329498][   T12]  ? led_work+0x720/0x720
[  303.334307][   T12]  ? led_work+0x720/0x720
[  303.338666][   T12]  process_one_work+0x1572/0x1f00
[  303.343869][   T12]  worker_thread+0x111b/0x2460
[  303.348703][   T12]  kthread+0x4b5/0x4f0
[  303.352819][   T12]  ? process_one_work+0x1f00/0x1f00
[  303.358057][   T12]  ? kthread_blkcg+0xf0/0xf0
[  303.362670][   T12]  ret_from_fork+0x35/0x40
[  303.368259][   T12] Kernel Offset: disabled
[  303.372605][   T12] Rebooting in 86400 seconds..