[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   99.270958][   T30] audit: type=1800 audit(1561979005.327:25): pid=12935 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   99.312085][   T30] audit: type=1800 audit(1561979005.357:26): pid=12935 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   99.332307][   T30] audit: type=1800 audit(1561979005.367:27): pid=12935 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.12' (ECDSA) to the list of known hosts.
2019/07/01 11:03:40 fuzzer started
2019/07/01 11:03:46 dialing manager at 10.128.0.26:39661
2019/07/01 11:03:46 syscalls: 2347
2019/07/01 11:03:46 code coverage: enabled
2019/07/01 11:03:46 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/07/01 11:03:46 extra coverage: enabled
2019/07/01 11:03:46 setuid sandbox: enabled
2019/07/01 11:03:46 namespace sandbox: enabled
2019/07/01 11:03:46 Android sandbox: /sys/fs/selinux/policy does not exist
2019/07/01 11:03:46 fault injection: enabled
2019/07/01 11:03:46 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/07/01 11:03:46 net packet injection: enabled
2019/07/01 11:03:46 net device setup: enabled
11:06:59 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8918, &(0x7f0000000040)={'veth1_to_bridge\x00'})

syzkaller login: [  314.037284][T13100] IPVS: ftp: loaded support on port[0] = 21
[  314.185031][T13100] chnl_net:caif_netlink_parms(): no params data found
[  314.246878][T13100] bridge0: port 1(bridge_slave_0) entered blocking state
[  314.254328][T13100] bridge0: port 1(bridge_slave_0) entered disabled state
[  314.263393][T13100] device bridge_slave_0 entered promiscuous mode
[  314.273688][T13100] bridge0: port 2(bridge_slave_1) entered blocking state
[  314.280988][T13100] bridge0: port 2(bridge_slave_1) entered disabled state
[  314.289986][T13100] device bridge_slave_1 entered promiscuous mode
[  314.324067][T13100] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  314.336774][T13100] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  314.370750][T13100] team0: Port device team_slave_0 added
[  314.381236][T13100] team0: Port device team_slave_1 added
[  314.526716][T13100] device hsr_slave_0 entered promiscuous mode
[  314.662343][T13100] device hsr_slave_1 entered promiscuous mode
[  314.853634][T13100] bridge0: port 2(bridge_slave_1) entered blocking state
[  314.860976][T13100] bridge0: port 2(bridge_slave_1) entered forwarding state
[  314.868773][T13100] bridge0: port 1(bridge_slave_0) entered blocking state
[  314.876180][T13100] bridge0: port 1(bridge_slave_0) entered forwarding state
[  314.960363][T13100] 8021q: adding VLAN 0 to HW filter on device bond0
[  314.981399][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  314.995771][    T5] bridge0: port 1(bridge_slave_0) entered disabled state
[  315.005072][    T5] bridge0: port 2(bridge_slave_1) entered disabled state
[  315.018608][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  315.038701][T13100] 8021q: adding VLAN 0 to HW filter on device team0
[  315.057207][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  315.066923][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  315.074318][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  315.128410][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  315.137553][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  315.144921][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  315.155869][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  315.165892][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  315.175371][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  315.194722][T13100] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  315.207087][T13100] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  315.244008][T13100] 8021q: adding VLAN 0 to HW filter on device batadv0
[  315.256171][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  315.265255][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
11:07:01 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x7f)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c)
shutdown(r1, 0x1)
accept4(r0, 0x0, 0x0, 0x0)

11:07:01 executing program 0:
setgroups(0x1, &(0x7f0000000040)=[0x0])

11:07:01 executing program 0:
r0 = socket$inet6(0xa, 0x3, 0xff)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8948, &(0x7f0000000080)={'bond0\x00'})

11:07:01 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="11dca500000000ec7be070")
r1 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r2=>0x0})
bind$can_raw(r1, &(0x7f0000000080)={0x1d, r2}, 0x10)
setsockopt(r1, 0x65, 0x1, 0x0, 0x0)

11:07:01 executing program 0:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xc9, 0x90, 0x4f, 0x8, 0x4bb, 0x930, 0xd24a, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x98, 0x0, 0x0, 0xd3, 0x4, 0xe8}}]}}]}}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000200)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000c80)={0x54, &(0x7f0000000a40), 0x0, 0x0, &(0x7f0000000440), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  316.121980][    T5] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  316.361823][    T5] usb 1-1: Using ep0 maxpacket: 8
[  316.481969][    T5] usb 1-1: config 0 has an invalid interface number: 152 but max is 0
[  316.490379][    T5] usb 1-1: config 0 has no interface number 0
[  316.496750][    T5] usb 1-1: New USB device found, idVendor=04bb, idProduct=0930, bcdDevice=d2.4a
[  316.505981][    T5] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  316.517546][    T5] usb 1-1: config 0 descriptor??
[  316.761850][    T5] ==================================================================
[  316.769989][    T5] BUG: KMSAN: uninit-value in ax88178_bind+0x635/0xad0
[  316.776862][    T5] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.2.0-rc4+ #7
[  316.784234][    T5] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  316.794310][    T5] Workqueue: usb_hub_wq hub_event
[  316.799341][    T5] Call Trace:
[  316.802663][    T5]  dump_stack+0x191/0x1f0
[  316.807112][    T5]  kmsan_report+0x162/0x2d0
[  316.811644][    T5]  __msan_warning+0x75/0xe0
[  316.816180][    T5]  ax88178_bind+0x635/0xad0
[  316.820716][    T5]  ? asix_get_link+0x60/0x60
[  316.825319][    T5]  usbnet_probe+0x10d3/0x3950
[  316.830021][    T5]  ? kmsan_internal_memset_shadow+0x104/0x3a0
[  316.836152][    T5]  ? usbnet_disconnect+0x660/0x660
[  316.841288][    T5]  usb_probe_interface+0xd19/0x1310
[  316.846530][    T5]  ? usb_register_driver+0x7d0/0x7d0
[  316.851837][    T5]  really_probe+0x1344/0x1d90
[  316.856556][    T5]  driver_probe_device+0x1ba/0x510
[  316.861694][    T5]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  316.867614][    T5]  __device_attach_driver+0x5b8/0x790
[  316.873026][    T5]  bus_for_each_drv+0x28e/0x3b0
[  316.877899][    T5]  ? deferred_probe_work_func+0x400/0x400
[  316.883646][    T5]  __device_attach+0x489/0x750
[  316.888450][    T5]  device_initial_probe+0x4a/0x60
[  316.893497][    T5]  bus_probe_device+0x131/0x390
[  316.898397][    T5]  device_add+0x25b5/0x2df0
[  316.902961][    T5]  usb_set_configuration+0x309f/0x3710
[  316.908486][    T5]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  316.914596][    T5]  generic_probe+0xe7/0x280
[  316.919116][    T5]  ? usb_choose_configuration+0xae0/0xae0
[  316.924858][    T5]  usb_probe_device+0x146/0x200
[  316.929772][    T5]  ? usb_register_device_driver+0x470/0x470
[  316.935683][    T5]  really_probe+0x1344/0x1d90
[  316.940398][    T5]  driver_probe_device+0x1ba/0x510
[  316.945534][    T5]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  316.951482][    T5]  __device_attach_driver+0x5b8/0x790
[  316.956892][    T5]  bus_for_each_drv+0x28e/0x3b0
[  316.961764][    T5]  ? deferred_probe_work_func+0x400/0x400
[  316.967516][    T5]  __device_attach+0x489/0x750
[  316.972316][    T5]  device_initial_probe+0x4a/0x60
[  316.977380][    T5]  bus_probe_device+0x131/0x390
[  316.982261][    T5]  device_add+0x25b5/0x2df0
[  316.986816][    T5]  usb_new_device+0x23e5/0x2fb0
[  316.991721][    T5]  hub_event+0x5853/0x7320
[  316.996244][    T5]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  317.002151][    T5]  ? led_work+0x720/0x720
[  317.006489][    T5]  ? led_work+0x720/0x720
[  317.010834][    T5]  process_one_work+0x1572/0x1f00
[  317.015907][    T5]  worker_thread+0x111b/0x2460
[  317.020735][    T5]  kthread+0x4b5/0x4f0
[  317.024823][    T5]  ? process_one_work+0x1f00/0x1f00
[  317.030053][    T5]  ? kthread_blkcg+0xf0/0xf0
[  317.034655][    T5]  ret_from_fork+0x35/0x40
[  317.039093][    T5] 
[  317.041423][    T5] Local variable description: ----buf@ax88178_bind
[  317.047920][    T5] Variable was created at:
[  317.052343][    T5]  ax88178_bind+0x60/0xad0
[  317.056764][    T5]  usbnet_probe+0x10d3/0x3950
[  317.061434][    T5] ==================================================================
[  317.069490][    T5] Disabling lock debugging due to kernel taint
[  317.075642][    T5] Kernel panic - not syncing: panic_on_warn set ...
[  317.082242][    T5] CPU: 0 PID: 5 Comm: kworker/0:0 Tainted: G    B             5.2.0-rc4+ #7
[  317.090911][    T5] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  317.100998][    T5] Workqueue: usb_hub_wq hub_event
[  317.106066][    T5] Call Trace:
[  317.109380][    T5]  dump_stack+0x191/0x1f0
[  317.113742][    T5]  panic+0x3c9/0xc1e
[  317.117707][    T5]  kmsan_report+0x2ca/0x2d0
[  317.122240][    T5]  __msan_warning+0x75/0xe0
[  317.126767][    T5]  ax88178_bind+0x635/0xad0
[  317.131299][    T5]  ? asix_get_link+0x60/0x60
[  317.135905][    T5]  usbnet_probe+0x10d3/0x3950
[  317.140605][    T5]  ? kmsan_internal_memset_shadow+0x104/0x3a0
[  317.146722][    T5]  ? usbnet_disconnect+0x660/0x660
[  317.151857][    T5]  usb_probe_interface+0xd19/0x1310
[  317.157130][    T5]  ? usb_register_driver+0x7d0/0x7d0
[  317.162445][    T5]  really_probe+0x1344/0x1d90
[  317.167172][    T5]  driver_probe_device+0x1ba/0x510
[  317.172342][    T5]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  317.178262][    T5]  __device_attach_driver+0x5b8/0x790
[  317.183671][    T5]  bus_for_each_drv+0x28e/0x3b0
[  317.188537][    T5]  ? deferred_probe_work_func+0x400/0x400
[  317.194284][    T5]  __device_attach+0x489/0x750
[  317.199090][    T5]  device_initial_probe+0x4a/0x60
[  317.204159][    T5]  bus_probe_device+0x131/0x390
[  317.209048][    T5]  device_add+0x25b5/0x2df0
[  317.213610][    T5]  usb_set_configuration+0x309f/0x3710
[  317.219134][    T5]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  317.225244][    T5]  generic_probe+0xe7/0x280
[  317.229764][    T5]  ? usb_choose_configuration+0xae0/0xae0
[  317.235511][    T5]  usb_probe_device+0x146/0x200
[  317.240394][    T5]  ? usb_register_device_driver+0x470/0x470
[  317.246314][    T5]  really_probe+0x1344/0x1d90
[  317.251030][    T5]  driver_probe_device+0x1ba/0x510
[  317.256167][    T5]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  317.262092][    T5]  __device_attach_driver+0x5b8/0x790
[  317.267525][    T5]  bus_for_each_drv+0x28e/0x3b0
[  317.272402][    T5]  ? deferred_probe_work_func+0x400/0x400
[  317.278163][    T5]  __device_attach+0x489/0x750
[  317.282967][    T5]  device_initial_probe+0x4a/0x60
[  317.288035][    T5]  bus_probe_device+0x131/0x390
[  317.292921][    T5]  device_add+0x25b5/0x2df0
[  317.297481][    T5]  usb_new_device+0x23e5/0x2fb0
[  317.302389][    T5]  hub_event+0x5853/0x7320
[  317.306915][    T5]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  317.312823][    T5]  ? led_work+0x720/0x720
[  317.317172][    T5]  ? led_work+0x720/0x720
[  317.321519][    T5]  process_one_work+0x1572/0x1f00
[  317.326596][    T5]  worker_thread+0x111b/0x2460
[  317.331420][    T5]  kthread+0x4b5/0x4f0
[  317.335505][    T5]  ? process_one_work+0x1f00/0x1f00
[  317.340730][    T5]  ? kthread_blkcg+0xf0/0xf0
[  317.345341][    T5]  ret_from_fork+0x35/0x40
[  317.350792][    T5] Kernel Offset: disabled
[  317.355122][    T5] Rebooting in 86400 seconds..