[   73.241532][   T30] audit: type=1800 audit(1562870092.295:25): pid=11428 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   73.264313][   T30] audit: type=1800 audit(1562870092.325:26): pid=11428 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   73.304166][   T30] audit: type=1800 audit(1562870092.345:27): pid=11428 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   74.382201][T11496] sshd (11496) used greatest stack depth: 53608 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.164' (ECDSA) to the list of known hosts.
2019/07/11 18:35:04 fuzzer started
2019/07/11 18:35:10 dialing manager at 10.128.0.26:32799
2019/07/11 18:35:10 syscalls: 2348
2019/07/11 18:35:10 code coverage: enabled
2019/07/11 18:35:10 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/07/11 18:35:10 extra coverage: enabled
2019/07/11 18:35:10 setuid sandbox: enabled
2019/07/11 18:35:10 namespace sandbox: enabled
2019/07/11 18:35:10 Android sandbox: /sys/fs/selinux/policy does not exist
2019/07/11 18:35:10 fault injection: enabled
2019/07/11 18:35:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/07/11 18:35:10 net packet injection: enabled
2019/07/11 18:35:10 net device setup: enabled
18:36:34 executing program 0:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x91, 0x14, 0x8f, 0x40, 0x411, 0x12, 0x565f, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xce, 0x0, 0x0, 0x54, 0x74, 0x24}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000002100)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000023c0)={0x54, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000110000000c5c15568454cdea21e54dc63c05d5359987095c03547f1c8349cff8001b7902d40b5b069ce6e4fbcfd2546082082c95ed557953e9442fcc4a83fa4a3dd9127323ee7ceb7dcc976c8b9c4b94e4b1a931b97302eb79e9d8fa455cc188ace117fa55ddad0fcbb42e4d5a0b018193838831d6a8d153b9642a4ce1e95848342b6133085debdddb497a685edd012b5800"/157], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

syzkaller login: [  175.672143][T11593] IPVS: ftp: loaded support on port[0] = 21
[  175.812338][T11593] chnl_net:caif_netlink_parms(): no params data found
[  175.864791][T11593] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.872134][T11593] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.880868][T11593] device bridge_slave_0 entered promiscuous mode
[  175.890420][T11593] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.897681][T11593] bridge0: port 2(bridge_slave_1) entered disabled state
[  175.906322][T11593] device bridge_slave_1 entered promiscuous mode
[  175.937128][T11593] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  175.948651][T11593] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  175.978683][T11593] team0: Port device team_slave_0 added
[  175.987686][T11593] team0: Port device team_slave_1 added
[  176.286290][T11593] device hsr_slave_0 entered promiscuous mode
[  176.322741][T11593] device hsr_slave_1 entered promiscuous mode
[  176.491920][T11593] bridge0: port 2(bridge_slave_1) entered blocking state
[  176.499127][T11593] bridge0: port 2(bridge_slave_1) entered forwarding state
[  176.507379][T11593] bridge0: port 1(bridge_slave_0) entered blocking state
[  176.514608][T11593] bridge0: port 1(bridge_slave_0) entered forwarding state
[  176.590025][T11593] 8021q: adding VLAN 0 to HW filter on device bond0
[  176.610251][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  176.621628][   T17] bridge0: port 1(bridge_slave_0) entered disabled state
[  176.634584][   T17] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.647354][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  176.665783][T11593] 8021q: adding VLAN 0 to HW filter on device team0
[  176.683048][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  176.692033][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  176.699174][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  176.756700][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  176.765949][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  176.773169][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  176.783713][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  176.793491][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  176.802846][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  176.811974][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  176.823613][T11593] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  176.833118][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  176.887322][T11593] 8021q: adding VLAN 0 to HW filter on device batadv0
[  177.272828][   T35] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  177.642410][   T35] usb 1-1: config 0 has an invalid interface number: 206 but max is 0
[  177.651461][   T35] usb 1-1: config 0 has no interface number 0
[  177.657709][   T35] usb 1-1: New USB device found, idVendor=0411, idProduct=0012, bcdDevice=56.5f
[  177.666864][   T35] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  177.677684][   T35] usb 1-1: config 0 descriptor??
[  178.385442][   T35] ==================================================================
[  178.393592][   T35] BUG: KMSAN: uninit-value in _mix_pool_bytes+0x7de/0x960
[  178.400720][   T35] CPU: 1 PID: 35 Comm: kworker/1:1 Not tainted 5.2.0+ #14
[  178.407815][   T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  178.417897][   T35] Workqueue: usb_hub_wq hub_event
[  178.422916][   T35] Call Trace:
[  178.426217][   T35]  dump_stack+0x191/0x1f0
[  178.430562][   T35]  kmsan_report+0x162/0x2d0
18:36:37 executing program 1:
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa3, 0xe6, 0xf4, 0x8, 0xfd9, 0x8, 0xb08f, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1a, 0x0, 0x0, 0x1, 0x95, 0x30}}]}}]}}, 0x0)

[  178.435086][   T35]  __msan_warning+0x75/0xe0
[  178.439612][   T35]  _mix_pool_bytes+0x7de/0x960
[  178.444419][   T35]  ? register_netdevice+0x1eab/0x2690
[  178.449807][   T35]  add_device_randomness+0x776/0xfa0
[  178.455102][   T35]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  178.461173][   T35]  ? __kthread_should_park+0x9c/0x120
[  178.466558][   T35]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  178.472716][   T35]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  178.478615][   T35]  register_netdevice+0x1eab/0x2690
[  178.483831][   T35]  register_netdev+0x93/0xd0
[  178.488424][   T35]  rtl8150_probe+0x11f8/0x1550
[  178.493202][   T35]  ? __mii_op+0x2e0/0xe70
[  178.497532][   T35]  ? read_eprom_word+0xdd0/0xdd0
[  178.502473][   T35]  usb_probe_interface+0xd19/0x1310
[  178.508170][   T35]  ? usb_register_driver+0x7d0/0x7d0
[  178.513549][   T35]  really_probe+0x1344/0x1d90
[  178.518254][   T35]  driver_probe_device+0x1ba/0x510
[  178.523376][   T35]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  178.529290][   T35]  __device_attach_driver+0x5b8/0x790
[  178.534688][   T35]  bus_for_each_drv+0x28e/0x3b0
[  178.539548][   T35]  ? deferred_probe_work_func+0x400/0x400
[  178.545279][   T35]  __device_attach+0x489/0x750
[  178.550061][   T35]  device_initial_probe+0x4a/0x60
[  178.555088][   T35]  bus_probe_device+0x131/0x390
[  178.559950][   T35]  device_add+0x25b5/0x2df0
[  178.564482][   T35]  usb_set_configuration+0x309f/0x3710
[  178.569975][   T35]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  178.576063][   T35]  generic_probe+0xe7/0x280
[  178.580572][   T35]  ? usb_choose_configuration+0xae0/0xae0
[  178.586316][   T35]  usb_probe_device+0x146/0x200
[  178.591189][   T35]  ? usb_register_device_driver+0x470/0x470
[  178.597098][   T35]  really_probe+0x1344/0x1d90
[  178.601818][   T35]  driver_probe_device+0x1ba/0x510
[  178.606955][   T35]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  178.612892][   T35]  __device_attach_driver+0x5b8/0x790
[  178.618462][   T35]  bus_for_each_drv+0x28e/0x3b0
[  178.623306][   T35]  ? deferred_probe_work_func+0x400/0x400
[  178.629045][   T35]  __device_attach+0x489/0x750
[  178.633806][   T35]  device_initial_probe+0x4a/0x60
[  178.638817][   T35]  bus_probe_device+0x131/0x390
[  178.643661][   T35]  device_add+0x25b5/0x2df0
[  178.648173][   T35]  usb_new_device+0x23e5/0x2fb0
[  178.653035][   T35]  hub_event+0x5853/0x7320
[  178.657481][   T35]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  178.663355][   T35]  ? led_work+0x720/0x720
[  178.667668][   T35]  ? led_work+0x720/0x720
[  178.671989][   T35]  process_one_work+0x1572/0x1f00
[  178.677017][   T35]  worker_thread+0x111b/0x2460
[  178.681806][   T35]  kthread+0x4b5/0x4f0
[  178.685857][   T35]  ? process_one_work+0x1f00/0x1f00
[  178.691043][   T35]  ? kthread_blkcg+0xf0/0xf0
[  178.695628][   T35]  ret_from_fork+0x35/0x40
[  178.700029][   T35] 
[  178.702336][   T35] Uninit was stored to memory at:
[  178.707341][   T35]  kmsan_internal_chain_origin+0xcc/0x150
[  178.713062][   T35]  kmsan_memcpy_memmove_metadata+0x9f9/0xe00
[  178.719024][   T35]  kmsan_memcpy_metadata+0xb/0x10
[  178.724033][   T35]  __msan_memcpy+0x56/0x70
[  178.728428][   T35]  rtl8150_probe+0x114c/0x1550
[  178.733180][   T35]  usb_probe_interface+0xd19/0x1310
[  178.738381][   T35]  really_probe+0x1344/0x1d90
[  178.743055][   T35]  driver_probe_device+0x1ba/0x510
[  178.748149][   T35]  __device_attach_driver+0x5b8/0x790
[  178.753510][   T35]  bus_for_each_drv+0x28e/0x3b0
[  178.758346][   T35]  __device_attach+0x489/0x750
[  178.763093][   T35]  device_initial_probe+0x4a/0x60
[  178.768111][   T35]  bus_probe_device+0x131/0x390
[  178.772967][   T35]  device_add+0x25b5/0x2df0
[  178.777456][   T35]  usb_set_configuration+0x309f/0x3710
[  178.782895][   T35]  generic_probe+0xe7/0x280
[  178.787465][   T35]  usb_probe_device+0x146/0x200
[  178.792305][   T35]  really_probe+0x1344/0x1d90
[  178.796965][   T35]  driver_probe_device+0x1ba/0x510
[  178.802086][   T35]  __device_attach_driver+0x5b8/0x790
[  178.807450][   T35]  bus_for_each_drv+0x28e/0x3b0
[  178.812287][   T35]  __device_attach+0x489/0x750
[  178.817037][   T35]  device_initial_probe+0x4a/0x60
[  178.822046][   T35]  bus_probe_device+0x131/0x390
[  178.826877][   T35]  device_add+0x25b5/0x2df0
[  178.831374][   T35]  usb_new_device+0x23e5/0x2fb0
[  178.836203][   T35]  hub_event+0x5853/0x7320
[  178.840602][   T35]  process_one_work+0x1572/0x1f00
[  178.845606][   T35]  worker_thread+0x111b/0x2460
[  178.850350][   T35]  kthread+0x4b5/0x4f0
[  178.854399][   T35]  ret_from_fork+0x35/0x40
[  178.858788][   T35] 
[  178.861096][   T35] Local variable description: ----node_id.i@rtl8150_probe
[  178.868180][   T35] Variable was created at:
[  178.872578][   T35]  rtl8150_probe+0xdce/0x1550
[  178.877237][   T35]  usb_probe_interface+0xd19/0x1310
[  178.882409][   T35] ==================================================================
[  178.890457][   T35] Disabling lock debugging due to kernel taint
[  178.896587][   T35] Kernel panic - not syncing: panic_on_warn set ...
[  178.903157][   T35] CPU: 1 PID: 35 Comm: kworker/1:1 Tainted: G    B             5.2.0+ #14
[  178.911630][   T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  178.921680][   T35] Workqueue: usb_hub_wq hub_event
[  178.926692][   T35] Call Trace:
[  178.929969][   T35]  dump_stack+0x191/0x1f0
[  178.934291][   T35]  panic+0x3c9/0xc1e
[  178.938194][   T35]  kmsan_report+0x2ca/0x2d0
[  178.942686][   T35]  __msan_warning+0x75/0xe0
[  178.947181][   T35]  _mix_pool_bytes+0x7de/0x960
[  178.951953][   T35]  ? register_netdevice+0x1eab/0x2690
[  178.957328][   T35]  add_device_randomness+0x776/0xfa0
[  178.962597][   T35]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  178.968661][   T35]  ? __kthread_should_park+0x9c/0x120
[  178.974029][   T35]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  178.980178][   T35]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  178.986059][   T35]  register_netdevice+0x1eab/0x2690
[  178.991258][   T35]  register_netdev+0x93/0xd0
[  178.995836][   T35]  rtl8150_probe+0x11f8/0x1550
[  179.000591][   T35]  ? __mii_op+0x2e0/0xe70
[  179.004905][   T35]  ? read_eprom_word+0xdd0/0xdd0
[  179.009832][   T35]  usb_probe_interface+0xd19/0x1310
[  179.015026][   T35]  ? usb_register_driver+0x7d0/0x7d0
[  179.020296][   T35]  really_probe+0x1344/0x1d90
[  179.024968][   T35]  driver_probe_device+0x1ba/0x510
[  179.030066][   T35]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  179.035956][   T35]  __device_attach_driver+0x5b8/0x790
[  179.041327][   T35]  bus_for_each_drv+0x28e/0x3b0
[  179.046166][   T35]  ? deferred_probe_work_func+0x400/0x400
[  179.051874][   T35]  __device_attach+0x489/0x750
[  179.056639][   T35]  device_initial_probe+0x4a/0x60
[  179.061650][   T35]  bus_probe_device+0x131/0x390
[  179.066502][   T35]  device_add+0x25b5/0x2df0
[  179.071012][   T35]  usb_set_configuration+0x309f/0x3710
[  179.076477][   T35]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  179.082539][   T35]  generic_probe+0xe7/0x280
[  179.087027][   T35]  ? usb_choose_configuration+0xae0/0xae0
[  179.092732][   T35]  usb_probe_device+0x146/0x200
[  179.097568][   T35]  ? usb_register_device_driver+0x470/0x470
[  179.103448][   T35]  really_probe+0x1344/0x1d90
[  179.108120][   T35]  driver_probe_device+0x1ba/0x510
[  179.113218][   T35]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  179.119102][   T35]  __device_attach_driver+0x5b8/0x790
[  179.124471][   T35]  bus_for_each_drv+0x28e/0x3b0
[  179.129310][   T35]  ? deferred_probe_work_func+0x400/0x400
[  179.135019][   T35]  __device_attach+0x489/0x750
[  179.139774][   T35]  device_initial_probe+0x4a/0x60
[  179.144785][   T35]  bus_probe_device+0x131/0x390
[  179.149634][   T35]  device_add+0x25b5/0x2df0
[  179.154143][   T35]  usb_new_device+0x23e5/0x2fb0
[  179.158999][   T35]  hub_event+0x5853/0x7320
[  179.163536][   T35]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  179.169412][   T35]  ? led_work+0x720/0x720
[  179.173726][   T35]  ? led_work+0x720/0x720
[  179.178044][   T35]  process_one_work+0x1572/0x1f00
[  179.183076][   T35]  worker_thread+0x111b/0x2460
[  179.187875][   T35]  kthread+0x4b5/0x4f0
[  179.192277][   T35]  ? process_one_work+0x1f00/0x1f00
[  179.197469][   T35]  ? kthread_blkcg+0xf0/0xf0
[  179.202047][   T35]  ret_from_fork+0x35/0x40
[  179.207622][   T35] Kernel Offset: disabled
[  179.211944][   T35] Rebooting in 86400 seconds..