[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   76.409483][   T30] audit: type=1800 audit(1566034128.453:25): pid=11188 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   76.432844][   T30] audit: type=1800 audit(1566034128.483:26): pid=11188 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   76.468312][   T30] audit: type=1800 audit(1566034128.503:27): pid=11188 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.178' (ECDSA) to the list of known hosts.
2019/08/17 09:29:01 fuzzer started
2019/08/17 09:29:07 dialing manager at 10.128.0.26:38533
2019/08/17 09:29:07 syscalls: 2376
2019/08/17 09:29:07 code coverage: enabled
2019/08/17 09:29:07 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/08/17 09:29:07 extra coverage: enabled
2019/08/17 09:29:07 setuid sandbox: enabled
2019/08/17 09:29:07 namespace sandbox: enabled
2019/08/17 09:29:07 Android sandbox: /sys/fs/selinux/policy does not exist
2019/08/17 09:29:07 fault injection: enabled
2019/08/17 09:29:07 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/08/17 09:29:07 net packet injection: enabled
2019/08/17 09:29:07 net device setup: enabled
09:31:33 executing program 0:
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f0000000240)=[{0x6, 0x0, 0x0, 0x50000}]})
r0 = socket$inet(0x2, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, 0x0)

syzkaller login: [  242.186363][T11353] IPVS: ftp: loaded support on port[0] = 21
[  242.320505][T11353] chnl_net:caif_netlink_parms(): no params data found
[  242.375059][T11353] bridge0: port 1(bridge_slave_0) entered blocking state
[  242.382383][T11353] bridge0: port 1(bridge_slave_0) entered disabled state
[  242.390854][T11353] device bridge_slave_0 entered promiscuous mode
[  242.400890][T11353] bridge0: port 2(bridge_slave_1) entered blocking state
[  242.408133][T11353] bridge0: port 2(bridge_slave_1) entered disabled state
[  242.416781][T11353] device bridge_slave_1 entered promiscuous mode
[  242.448560][T11353] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  242.461071][T11353] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  242.493181][T11353] team0: Port device team_slave_0 added
[  242.502629][T11353] team0: Port device team_slave_1 added
[  242.616177][T11353] device hsr_slave_0 entered promiscuous mode
[  242.792461][T11353] device hsr_slave_1 entered promiscuous mode
[  242.991771][T11353] bridge0: port 2(bridge_slave_1) entered blocking state
[  242.998989][T11353] bridge0: port 2(bridge_slave_1) entered forwarding state
[  243.006754][T11353] bridge0: port 1(bridge_slave_0) entered blocking state
[  243.013953][T11353] bridge0: port 1(bridge_slave_0) entered forwarding state
[  243.089653][T11353] 8021q: adding VLAN 0 to HW filter on device bond0
[  243.110312][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  243.121342][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  243.132131][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  243.143053][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  243.164090][T11353] 8021q: adding VLAN 0 to HW filter on device team0
[  243.180931][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  243.190513][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  243.197727][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  243.246594][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  243.255812][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.263015][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  243.273371][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  243.283276][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  243.292643][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  243.310854][T11353] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  243.323164][T11353] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  243.354625][T11353] 8021q: adding VLAN 0 to HW filter on device batadv0
[  243.366048][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  243.374866][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
09:31:35 executing program 0:
syz_emit_ethernet(0x25a, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd60d8652b02242900fe8000000000000040000000000000aafe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000091780000"], 0x0)

09:31:35 executing program 0:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000058ee108697a010036190000000109021200010000000009040000009be1360001e5e7eacb03c1f5ab1aef3f6f80cee23e8c7ea4af19cac32fa2da63a0c1154fccd932842137a49ce13c142eb54452d8619318f9e9f92d794528d7cdcb"], 0x0)
syz_usb_control_io$cdc_ethernet(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000580)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x21, 0x9, {0x9}}}, &(0x7f0000000740)={0x2c, &(0x7f00000005c0)={0x0, 0x0, 0x1, "8d"}, 0x0, 0x0, 0x0, 0x0})

[  244.101911][  T825] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  244.342174][  T825] usb 1-1: Using ep0 maxpacket: 8
[  244.482563][  T825] usb 1-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=19.36
[  244.491666][  T825] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  244.503333][  T825] usb 1-1: config 0 descriptor??
[  244.546510][  T825] usb 1-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
09:31:37 executing program 1:
shmget(0x3, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil)

[  245.502050][T11370] IPVS: ftp: loaded support on port[0] = 21
[  245.632862][  T825] ==================================================================
[  245.641713][  T825] BUG: KMSAN: uninit-value in friio_power_ctrl+0xb3e/0x1a70
[  245.649001][  T825] CPU: 1 PID: 825 Comm: kworker/1:2 Not tainted 5.3.0-rc3+ #17
[  245.653660][T11370] chnl_net:caif_netlink_parms(): no params data found
[  245.656552][  T825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  245.673351][  T825] Workqueue: usb_hub_wq hub_event
[  245.678496][  T825] Call Trace:
[  245.681855][  T825]  dump_stack+0x191/0x1f0
[  245.686207][  T825]  kmsan_report+0x162/0x2d0
[  245.690720][  T825]  __msan_warning+0x75/0xe0
[  245.695234][  T825]  friio_power_ctrl+0xb3e/0x1a70
[  245.700177][  T825]  ? kasan_kmalloc+0xd/0x30
[  245.704686][  T825]  ? gl861_i2c_msg+0x6e0/0x6e0
[  245.709436][  T825]  dvb_usbv2_probe+0xd3d/0x5dd0
[  245.714305][  T825]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  245.720295][  T825]  ? usb_probe_interface+0xb69/0x1310
[  245.725650][  T825]  ? technisat_usb2_i2c_access+0x12a0/0x12a0
[  245.731609][  T825]  ? technisat_usb2_i2c_access+0x12a0/0x12a0
[  245.737576][  T825]  usb_probe_interface+0xd19/0x1310
[  245.742769][  T825]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  245.748735][  T825]  ? usb_register_driver+0x7d0/0x7d0
[  245.754002][  T825]  really_probe+0x1373/0x1dc0
[  245.758669][  T825]  driver_probe_device+0x1ba/0x510
[  245.763768][  T825]  __device_attach_driver+0x5b8/0x790
[  245.769127][  T825]  ? bus_for_each_drv+0x1d5/0x3b0
[  245.774132][  T825]  bus_for_each_drv+0x28e/0x3b0
[  245.778966][  T825]  ? deferred_probe_work_func+0x400/0x400
[  245.784672][  T825]  __device_attach+0x489/0x750
[  245.789431][  T825]  device_initial_probe+0x4a/0x60
[  245.794438][  T825]  bus_probe_device+0x131/0x390
[  245.799275][  T825]  device_add+0x25b5/0x2df0
[  245.803777][  T825]  ? usb_set_configuration+0x3036/0x3710
[  245.809407][  T825]  usb_set_configuration+0x309f/0x3710
[  245.814867][  T825]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  245.820935][  T825]  generic_probe+0xe7/0x280
[  245.825421][  T825]  ? usb_probe_device+0x104/0x200
[  245.830437][  T825]  ? usb_choose_configuration+0xae0/0xae0
[  245.836150][  T825]  usb_probe_device+0x146/0x200
[  245.840978][  T825]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  245.846940][  T825]  ? usb_register_device_driver+0x470/0x470
[  245.852831][  T825]  really_probe+0x1373/0x1dc0
[  245.857501][  T825]  driver_probe_device+0x1ba/0x510
[  245.862625][  T825]  __device_attach_driver+0x5b8/0x790
[  245.868001][  T825]  ? bus_for_each_drv+0x1d5/0x3b0
[  245.873011][  T825]  bus_for_each_drv+0x28e/0x3b0
[  245.877845][  T825]  ? deferred_probe_work_func+0x400/0x400
[  245.883557][  T825]  __device_attach+0x489/0x750
[  245.888316][  T825]  device_initial_probe+0x4a/0x60
[  245.893338][  T825]  bus_probe_device+0x131/0x390
[  245.898188][  T825]  device_add+0x25b5/0x2df0
[  245.902700][  T825]  usb_new_device+0x23e5/0x2fb0
[  245.907560][  T825]  hub_event+0x581d/0x72f0
[  245.911997][  T825]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  245.917955][  T825]  ? led_work+0x720/0x720
[  245.922265][  T825]  ? led_work+0x720/0x720
[  245.926583][  T825]  process_one_work+0x1572/0x1ef0
[  245.931602][  T825]  worker_thread+0x111b/0x2460
[  245.936363][  T825]  kthread+0x4b5/0x4f0
[  245.940415][  T825]  ? process_one_work+0x1ef0/0x1ef0
[  245.945600][  T825]  ? kthread_blkcg+0xf0/0xf0
[  245.950264][  T825]  ret_from_fork+0x35/0x40
[  245.954753][  T825] 
[  245.957062][  T825] Local variable description: ----rbuf.i@friio_power_ctrl
[  245.964140][  T825] Variable was created at:
[  245.968540][  T825]  friio_power_ctrl+0x92/0x1a70
[  245.973382][  T825]  dvb_usbv2_probe+0xd3d/0x5dd0
[  245.978206][  T825] ==================================================================
[  245.986243][  T825] Disabling lock debugging due to kernel taint
[  245.992375][  T825] Kernel panic - not syncing: panic_on_warn set ...
[  245.999031][  T825] CPU: 1 PID: 825 Comm: kworker/1:2 Tainted: G    B             5.3.0-rc3+ #17
[  246.007937][  T825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  246.017980][  T825] Workqueue: usb_hub_wq hub_event
[  246.023002][  T825] Call Trace:
[  246.026273][  T825]  dump_stack+0x191/0x1f0
[  246.030587][  T825]  panic+0x3c9/0xc1e
[  246.034485][  T825]  kmsan_report+0x2ca/0x2d0
[  246.038978][  T825]  __msan_warning+0x75/0xe0
[  246.043470][  T825]  friio_power_ctrl+0xb3e/0x1a70
[  246.048387][  T825]  ? kasan_kmalloc+0xd/0x30
[  246.052880][  T825]  ? gl861_i2c_msg+0x6e0/0x6e0
[  246.057624][  T825]  dvb_usbv2_probe+0xd3d/0x5dd0
[  246.062462][  T825]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  246.068433][  T825]  ? usb_probe_interface+0xb69/0x1310
[  246.073804][  T825]  ? technisat_usb2_i2c_access+0x12a0/0x12a0
[  246.079767][  T825]  ? technisat_usb2_i2c_access+0x12a0/0x12a0
[  246.085730][  T825]  usb_probe_interface+0xd19/0x1310
[  246.090914][  T825]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  246.096875][  T825]  ? usb_register_driver+0x7d0/0x7d0
[  246.102144][  T825]  really_probe+0x1373/0x1dc0
[  246.106814][  T825]  driver_probe_device+0x1ba/0x510
[  246.111918][  T825]  __device_attach_driver+0x5b8/0x790
[  246.117279][  T825]  ? bus_for_each_drv+0x1d5/0x3b0
[  246.122292][  T825]  bus_for_each_drv+0x28e/0x3b0
[  246.127124][  T825]  ? deferred_probe_work_func+0x400/0x400
[  246.132827][  T825]  __device_attach+0x489/0x750
[  246.137607][  T825]  device_initial_probe+0x4a/0x60
[  246.142636][  T825]  bus_probe_device+0x131/0x390
[  246.147474][  T825]  device_add+0x25b5/0x2df0
[  246.151976][  T825]  ? usb_set_configuration+0x3036/0x3710
[  246.157594][  T825]  usb_set_configuration+0x309f/0x3710
[  246.163063][  T825]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  246.169123][  T825]  generic_probe+0xe7/0x280
[  246.173611][  T825]  ? usb_probe_device+0x104/0x200
[  246.178613][  T825]  ? usb_choose_configuration+0xae0/0xae0
[  246.184313][  T825]  usb_probe_device+0x146/0x200
[  246.189148][  T825]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  246.195110][  T825]  ? usb_register_device_driver+0x470/0x470
[  246.200983][  T825]  really_probe+0x1373/0x1dc0
[  246.205656][  T825]  driver_probe_device+0x1ba/0x510
[  246.210761][  T825]  __device_attach_driver+0x5b8/0x790
[  246.216122][  T825]  ? bus_for_each_drv+0x1d5/0x3b0
[  246.221128][  T825]  bus_for_each_drv+0x28e/0x3b0
[  246.225956][  T825]  ? deferred_probe_work_func+0x400/0x400
[  246.231669][  T825]  __device_attach+0x489/0x750
[  246.236426][  T825]  device_initial_probe+0x4a/0x60
[  246.241441][  T825]  bus_probe_device+0x131/0x390
[  246.246283][  T825]  device_add+0x25b5/0x2df0
[  246.250789][  T825]  usb_new_device+0x23e5/0x2fb0
[  246.255647][  T825]  hub_event+0x581d/0x72f0
[  246.260087][  T825]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  246.266054][  T825]  ? led_work+0x720/0x720
[  246.270360][  T825]  ? led_work+0x720/0x720
[  246.274672][  T825]  process_one_work+0x1572/0x1ef0
[  246.279696][  T825]  worker_thread+0x111b/0x2460
[  246.284458][  T825]  kthread+0x4b5/0x4f0
[  246.288509][  T825]  ? process_one_work+0x1ef0/0x1ef0
[  246.293688][  T825]  ? kthread_blkcg+0xf0/0xf0
[  246.298265][  T825]  ret_from_fork+0x35/0x40
[  246.303844][  T825] Kernel Offset: disabled
[  246.308163][  T825] Rebooting in 86400 seconds..