[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   77.938598][   T32] audit: type=1800 audit(1569263088.982:25): pid=11571 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   77.972225][   T32] audit: type=1800 audit(1569263089.002:26): pid=11571 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   77.992405][   T32] audit: type=1800 audit(1569263089.012:27): pid=11571 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.151' (ECDSA) to the list of known hosts.
2019/09/23 18:25:03 fuzzer started
2019/09/23 18:25:07 dialing manager at 10.128.0.26:46743
2019/09/23 18:25:07 syscalls: 2382
2019/09/23 18:25:07 code coverage: enabled
2019/09/23 18:25:07 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/09/23 18:25:07 extra coverage: enabled
2019/09/23 18:25:07 setuid sandbox: enabled
2019/09/23 18:25:07 namespace sandbox: enabled
2019/09/23 18:25:07 Android sandbox: /sys/fs/selinux/policy does not exist
2019/09/23 18:25:07 fault injection: enabled
2019/09/23 18:25:07 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/09/23 18:25:07 net packet injection: enabled
2019/09/23 18:25:07 net device setup: enabled
18:27:45 executing program 0:
r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000008c0)={{0x12, 0x1, 0x0, 0xcc, 0xa0, 0xed, 0x8, 0x424, 0x7500, 0x8212, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xba, 0x0, 0x2, 0xf2, 0x23, 0x6b, 0x0, [], [{{0x9, 0x5, 0xb, 0x2}}, {{0x9, 0x5, 0x8a, 0x2}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001bc0)={0xac, &(0x7f0000000fc0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000001000)={0x94, &(0x7f0000000400)={0x0, 0x0, 0xffffffffffffff89}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000440)={0x34, &(0x7f00000004c0)={0x0, 0x0, 0x2, "72d4"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0xac, &(0x7f0000000200)={0x0, 0x0, 0x1, "84"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000c80)={0x2c, &(0x7f0000000b40), 0x0, 0x0, 0x0, 0x0})

syzkaller login: [  255.103940][T11734] IPVS: ftp: loaded support on port[0] = 21
[  255.251457][T11734] chnl_net:caif_netlink_parms(): no params data found
[  255.307779][T11734] bridge0: port 1(bridge_slave_0) entered blocking state
[  255.315071][T11734] bridge0: port 1(bridge_slave_0) entered disabled state
[  255.323775][T11734] device bridge_slave_0 entered promiscuous mode
[  255.333617][T11734] bridge0: port 2(bridge_slave_1) entered blocking state
[  255.342815][T11734] bridge0: port 2(bridge_slave_1) entered disabled state
[  255.351529][T11734] device bridge_slave_1 entered promiscuous mode
[  255.383287][T11734] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  255.395855][T11734] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  255.428236][T11734] team0: Port device team_slave_0 added
[  255.437478][T11734] team0: Port device team_slave_1 added
[  255.616486][T11734] device hsr_slave_0 entered promiscuous mode
[  255.783152][T11734] device hsr_slave_1 entered promiscuous mode
[  255.962440][T11734] bridge0: port 2(bridge_slave_1) entered blocking state
[  255.969696][T11734] bridge0: port 2(bridge_slave_1) entered forwarding state
[  255.977485][T11734] bridge0: port 1(bridge_slave_0) entered blocking state
[  255.984776][T11734] bridge0: port 1(bridge_slave_0) entered forwarding state
[  256.063338][T11734] 8021q: adding VLAN 0 to HW filter on device bond0
[  256.083827][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  256.096381][   T31] bridge0: port 1(bridge_slave_0) entered disabled state
[  256.105719][   T31] bridge0: port 2(bridge_slave_1) entered disabled state
[  256.119595][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  256.141903][T11734] 8021q: adding VLAN 0 to HW filter on device team0
[  256.159381][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  256.168423][   T31] bridge0: port 1(bridge_slave_0) entered blocking state
[  256.175665][   T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[  256.226475][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  256.235566][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[  256.242839][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[  256.253963][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  256.264238][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  256.273758][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  256.284810][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  256.301145][T11734] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  256.313340][T11734] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  256.322676][ T2921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  256.331885][ T2921] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  256.378832][T11734] 8021q: adding VLAN 0 to HW filter on device batadv0
[  256.742410][ T2921] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  256.982375][ T2921] usb 1-1: Using ep0 maxpacket: 8
[  257.102601][ T2921] usb 1-1: config 0 has an invalid interface number: 186 but max is 0
[  257.110915][ T2921] usb 1-1: config 0 has no interface number 0
[  257.117277][ T2921] usb 1-1: config 0 interface 186 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  257.127323][ T2921] usb 1-1: config 0 interface 186 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 0
[  257.137490][ T2921] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=82.12
[  257.146691][ T2921] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.157277][ T2921] usb 1-1: config 0 descriptor??
[  257.204432][ T2921] smsc75xx v1.0.0
[  257.642656][ T2921] ==================================================================
[  257.650779][ T2921] BUG: KMSAN: uninit-value in smsc75xx_bind+0x541/0x12d0
[  257.657814][ T2921] CPU: 0 PID: 2921 Comm: kworker/0:2 Not tainted 5.3.0-rc7+ #0
[  257.665357][ T2921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  257.675433][ T2921] Workqueue: usb_hub_wq hub_event
[  257.680469][ T2921] Call Trace:
[  257.683877][ T2921]  dump_stack+0x191/0x1f0
[  257.688227][ T2921]  kmsan_report+0x162/0x2d0
[  257.693029][ T2921]  __msan_warning+0x75/0xe0
[  257.697560][ T2921]  smsc75xx_bind+0x541/0x12d0
[  257.702254][ T2921]  ? smsc75xx_write_wuff+0x9e0/0x9e0
[  257.707573][ T2921]  usbnet_probe+0x10ae/0x3960
[  257.712262][ T2921]  ? kmsan_set_origin+0x6a/0xf0
[  257.717135][ T2921]  ? usbnet_disconnect+0x660/0x660
[  257.722259][ T2921]  usb_probe_interface+0xd19/0x1310
[  257.727477][ T2921]  ? usb_register_driver+0x7d0/0x7d0
[  257.732778][ T2921]  really_probe+0x1373/0x1dc0
[  257.737478][ T2921]  driver_probe_device+0x1ba/0x510
[  257.742617][ T2921]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  257.748539][ T2921]  __device_attach_driver+0x5b8/0x790
[  257.753937][ T2921]  bus_for_each_drv+0x28e/0x3b0
[  257.758815][ T2921]  ? deferred_probe_work_func+0x400/0x400
[  257.764551][ T2921]  __device_attach+0x489/0x750
[  257.769337][ T2921]  device_initial_probe+0x4a/0x60
[  257.774371][ T2921]  bus_probe_device+0x131/0x390
[  257.779232][ T2921]  device_add+0x25b5/0x2df0
[  257.783765][ T2921]  usb_set_configuration+0x309f/0x3710
[  257.789274][ T2921]  generic_probe+0xe7/0x280
[  257.793787][ T2921]  ? usb_choose_configuration+0xae0/0xae0
[  257.799528][ T2921]  usb_probe_device+0x146/0x200
[  257.804390][ T2921]  ? usb_register_device_driver+0x470/0x470
[  257.810293][ T2921]  really_probe+0x1373/0x1dc0
[  257.814995][ T2921]  driver_probe_device+0x1ba/0x510
[  257.820118][ T2921]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  257.826022][ T2921]  __device_attach_driver+0x5b8/0x790
[  257.831422][ T2921]  bus_for_each_drv+0x28e/0x3b0
[  257.836282][ T2921]  ? deferred_probe_work_func+0x400/0x400
[  257.842019][ T2921]  __device_attach+0x489/0x750
[  257.846808][ T2921]  device_initial_probe+0x4a/0x60
[  257.851844][ T2921]  bus_probe_device+0x131/0x390
[  257.856726][ T2921]  device_add+0x25b5/0x2df0
[  257.861256][ T2921]  usb_new_device+0x23e5/0x2fb0
[  257.866131][ T2921]  hub_event+0x581d/0x72f0
[  257.870611][ T2921]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  257.876527][ T2921]  ? led_work+0x720/0x720
[  257.880856][ T2921]  ? led_work+0x720/0x720
[  257.885189][ T2921]  process_one_work+0x1572/0x1ef0
[  257.890241][ T2921]  worker_thread+0x111b/0x2460
[  257.895035][ T2921]  kthread+0x4b5/0x4f0
[  257.899113][ T2921]  ? process_one_work+0x1ef0/0x1ef0
[  257.904326][ T2921]  ? kthread_blkcg+0xf0/0xf0
[  257.908951][ T2921]  ret_from_fork+0x35/0x40
[  257.913374][ T2921] 
[  257.915701][ T2921] Local variable description: ----buf.i93@smsc75xx_bind
[  257.922626][ T2921] Variable was created at:
[  257.927045][ T2921]  smsc75xx_bind+0x44c/0x12d0
[  257.931727][ T2921]  usbnet_probe+0x10ae/0x3960
[  257.936392][ T2921] ==================================================================
[  257.944475][ T2921] Disabling lock debugging due to kernel taint
[  257.950644][ T2921] Kernel panic - not syncing: panic_on_warn set ...
[  257.957236][ T2921] CPU: 0 PID: 2921 Comm: kworker/0:2 Tainted: G    B             5.3.0-rc7+ #0
[  257.966168][ T2921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  257.976241][ T2921] Workqueue: usb_hub_wq hub_event
[  257.981265][ T2921] Call Trace:
[  257.984568][ T2921]  dump_stack+0x191/0x1f0
[  257.988919][ T2921]  panic+0x3c9/0xc1e
[  257.992848][ T2921]  kmsan_report+0x2ca/0x2d0
[  257.997368][ T2921]  __msan_warning+0x75/0xe0
[  258.001881][ T2921]  smsc75xx_bind+0x541/0x12d0
[  258.006578][ T2921]  ? smsc75xx_write_wuff+0x9e0/0x9e0
[  258.011864][ T2921]  usbnet_probe+0x10ae/0x3960
[  258.016549][ T2921]  ? kmsan_set_origin+0x6a/0xf0
[  258.021425][ T2921]  ? usbnet_disconnect+0x660/0x660
[  258.026550][ T2921]  usb_probe_interface+0xd19/0x1310
[  258.031776][ T2921]  ? usb_register_driver+0x7d0/0x7d0
[  258.037067][ T2921]  really_probe+0x1373/0x1dc0
[  258.041767][ T2921]  driver_probe_device+0x1ba/0x510
[  258.047410][ T2921]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  258.053324][ T2921]  __device_attach_driver+0x5b8/0x790
[  258.058721][ T2921]  bus_for_each_drv+0x28e/0x3b0
[  258.063573][ T2921]  ? deferred_probe_work_func+0x400/0x400
[  258.069306][ T2921]  __device_attach+0x489/0x750
[  258.074214][ T2921]  device_initial_probe+0x4a/0x60
[  258.079251][ T2921]  bus_probe_device+0x131/0x390
[  258.084124][ T2921]  device_add+0x25b5/0x2df0
[  258.088689][ T2921]  usb_set_configuration+0x309f/0x3710
18:27:49 executing program 1:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x802, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070")
write$binfmt_elf32(r0, 0x0, 0x0)

[  258.094205][ T2921]  generic_probe+0xe7/0x280
[  258.098720][ T2921]  ? usb_choose_configuration+0xae0/0xae0
[  258.104447][ T2921]  usb_probe_device+0x146/0x200
[  258.109310][ T2921]  ? usb_register_device_driver+0x470/0x470
[  258.115223][ T2921]  really_probe+0x1373/0x1dc0
[  258.119943][ T2921]  driver_probe_device+0x1ba/0x510
[  258.125077][ T2921]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  258.130993][ T2921]  __device_attach_driver+0x5b8/0x790
[  258.136399][ T2921]  bus_for_each_drv+0x28e/0x3b0
[  258.141264][ T2921]  ? deferred_probe_work_func+0x400/0x400
[  258.147007][ T2921]  __device_attach+0x489/0x750
[  258.151800][ T2921]  device_initial_probe+0x4a/0x60
[  258.156850][ T2921]  bus_probe_device+0x131/0x390
[  258.161729][ T2921]  device_add+0x25b5/0x2df0
[  258.166277][ T2921]  usb_new_device+0x23e5/0x2fb0
[  258.171172][ T2921]  hub_event+0x581d/0x72f0
[  258.175660][ T2921]  ? kmsan_get_shadow_origin_ptr+0x71/0x4c0
[  258.181567][ T2921]  ? led_work+0x720/0x720
[  258.185900][ T2921]  ? led_work+0x720/0x720
[  258.190243][ T2921]  process_one_work+0x1572/0x1ef0
[  258.195304][ T2921]  worker_thread+0x111b/0x2460
[  258.200107][ T2921]  kthread+0x4b5/0x4f0
[  258.204188][ T2921]  ? process_one_work+0x1ef0/0x1ef0
[  258.209398][ T2921]  ? kthread_blkcg+0xf0/0xf0
[  258.214016][ T2921]  ret_from_fork+0x35/0x40
[  258.220086][ T2921] Kernel Offset: disabled
[  258.224432][ T2921] Rebooting in 86400 seconds..