[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   83.160628][   T30] audit: type=1800 audit(1565931284.213:25): pid=12186 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   83.184210][   T30] audit: type=1800 audit(1565931284.243:26): pid=12186 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   83.229782][   T30] audit: type=1800 audit(1565931284.273:27): pid=12186 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.103' (ECDSA) to the list of known hosts.
2019/08/16 04:54:56 fuzzer started
2019/08/16 04:55:02 dialing manager at 10.128.0.26:38533
2019/08/16 04:55:02 syscalls: 2376
2019/08/16 04:55:02 code coverage: enabled
2019/08/16 04:55:02 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/08/16 04:55:02 extra coverage: enabled
2019/08/16 04:55:02 setuid sandbox: enabled
2019/08/16 04:55:02 namespace sandbox: enabled
2019/08/16 04:55:02 Android sandbox: /sys/fs/selinux/policy does not exist
2019/08/16 04:55:02 fault injection: enabled
2019/08/16 04:55:02 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/08/16 04:55:02 net packet injection: enabled
2019/08/16 04:55:02 net device setup: enabled
04:57:21 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r2)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0x81a0ae8c, 0x0)

syzkaller login: [  241.087687][T12351] IPVS: ftp: loaded support on port[0] = 21
[  241.229656][T12351] chnl_net:caif_netlink_parms(): no params data found
[  241.286263][T12351] bridge0: port 1(bridge_slave_0) entered blocking state
[  241.293660][T12351] bridge0: port 1(bridge_slave_0) entered disabled state
[  241.302525][T12351] device bridge_slave_0 entered promiscuous mode
[  241.313185][T12351] bridge0: port 2(bridge_slave_1) entered blocking state
[  241.320375][T12351] bridge0: port 2(bridge_slave_1) entered disabled state
[  241.329164][T12351] device bridge_slave_1 entered promiscuous mode
[  241.363281][T12351] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  241.375923][T12351] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  241.408330][T12351] team0: Port device team_slave_0 added
[  241.417932][T12351] team0: Port device team_slave_1 added
[  241.597032][T12351] device hsr_slave_0 entered promiscuous mode
[  241.852764][T12351] device hsr_slave_1 entered promiscuous mode
[  242.042909][T12351] bridge0: port 2(bridge_slave_1) entered blocking state
[  242.050128][T12351] bridge0: port 2(bridge_slave_1) entered forwarding state
[  242.058013][T12351] bridge0: port 1(bridge_slave_0) entered blocking state
[  242.065435][T12351] bridge0: port 1(bridge_slave_0) entered forwarding state
[  242.150230][T12351] 8021q: adding VLAN 0 to HW filter on device bond0
[  242.170643][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  242.183824][   T31] bridge0: port 1(bridge_slave_0) entered disabled state
[  242.195430][   T31] bridge0: port 2(bridge_slave_1) entered disabled state
[  242.207507][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  242.227106][T12351] 8021q: adding VLAN 0 to HW filter on device team0
[  242.243430][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  242.253204][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  242.262543][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  242.269714][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  242.318526][T12351] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  242.329437][T12351] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  242.345728][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  242.355288][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  242.364682][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  242.371881][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  242.380360][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  242.390484][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  242.400494][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  242.410367][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  242.419895][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  242.429583][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  242.439301][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  242.448584][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  242.458177][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  242.467325][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  242.481395][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  242.490199][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  242.524849][T12351] 8021q: adding VLAN 0 to HW filter on device batadv0
[  242.653529][T12358] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
04:57:23 executing program 0:
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/psched\x00')
preadv(r0, &(0x7f00000017c0), 0x1be, 0x0)

04:57:23 executing program 0:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000bc0)={{0x12, 0x1, 0x0, 0xeb, 0x8d, 0xe1, 0x2008, 0x7a69, 0x1, 0x1936, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x9b, 0xe1, 0x36}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ethernet(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000800)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000001dc0)={0xac, &(0x7f0000000c00), 0x0, &(0x7f0000000880)={0x0, 0x8, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  243.201966][ T2874] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  243.441979][ T2874] usb 1-1: Using ep0 maxpacket: 8
[  243.572737][ T2874] usb 1-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=19.36
[  243.582433][ T2874] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  243.592404][ T2874] usb 1-1: config 0 descriptor??
[  243.636146][ T2874] usb 1-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
04:57:25 executing program 1:
clone(0x2502001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f0000000040)='\x02@\x94\xb8\x03P\xcaC\x8a\xf9\x16.H\x80\'\xc5\x8d\xab\xf9\x1b@\xd6\xea\xd24\x95\x94\x165\x8f\x18H\xdc\xc9\x98M\xf9\x8d\xcdmp\xf8/\x86h\x8fZV\x16\x83\xf1\xa6-\x9347\xda\x1e\xe4Q\xe2\x8e\x05 \x8b]c\xcbQ#\'O\xb9\xbb\xe5\xf3P\xf1\x81\xf7\na\v:\xca\xdc\xe9yb\xb9\xc7p\x92\x8b\xe9\xfdEWW\xad\xd50\xd27\x13\xc1\x7fXo', 0x0)
write$binfmt_elf32(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000300006ced151eefb4e3e4000000000000ddff20000104"], 0x2e)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

[  244.433608][T12370] IPVS: ftp: loaded support on port[0] = 21
[  244.580386][T12370] chnl_net:caif_netlink_parms(): no params data found
[  244.639050][T12370] bridge0: port 1(bridge_slave_0) entered blocking state
[  244.646793][T12370] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.655573][T12370] device bridge_slave_0 entered promiscuous mode
[  244.667505][T12370] bridge0: port 2(bridge_slave_1) entered blocking state
[  244.674827][T12370] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.683783][T12370] device bridge_slave_1 entered promiscuous mode
[  244.716149][T12370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  244.729980][T12370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  244.742379][ T2874] ==================================================================
[  244.750500][ T2874] BUG: KMSAN: uninit-value in friio_power_ctrl+0xb3e/0x1a70
[  244.757893][ T2874] CPU: 0 PID: 2874 Comm: kworker/0:2 Not tainted 5.3.0-rc3+ #17
[  244.761039][T12370] team0: Port device team_slave_0 added
[  244.765518][ T2874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  244.765541][ T2874] Workqueue: usb_hub_wq hub_event
[  244.765551][ T2874] Call Trace:
[  244.765579][ T2874]  dump_stack+0x191/0x1f0
[  244.765604][ T2874]  kmsan_report+0x162/0x2d0
[  244.765626][ T2874]  __msan_warning+0x75/0xe0
[  244.765667][ T2874]  friio_power_ctrl+0xb3e/0x1a70
[  244.775838][T12370] team0: Port device team_slave_1 added
[  244.781449][ T2874]  ? kasan_kmalloc+0xd/0x30
[  244.818121][ T2874]  ? gl861_i2c_msg+0x6e0/0x6e0
[  244.823387][ T2874]  dvb_usbv2_probe+0xd3d/0x5dd0
[  244.828250][ T2874]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  244.834246][ T2874]  ? usb_probe_interface+0xb69/0x1310
[  244.839619][ T2874]  ? technisat_usb2_i2c_access+0x12a0/0x12a0
[  244.845599][ T2874]  ? technisat_usb2_i2c_access+0x12a0/0x12a0
[  244.851583][ T2874]  usb_probe_interface+0xd19/0x1310
[  244.856804][ T2874]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  244.862793][ T2874]  ? usb_register_driver+0x7d0/0x7d0
[  244.868082][ T2874]  really_probe+0x1373/0x1dc0
[  244.872793][ T2874]  driver_probe_device+0x1ba/0x510
[  244.877915][ T2874]  __device_attach_driver+0x5b8/0x790
[  244.883299][ T2874]  ? bus_for_each_drv+0x1d5/0x3b0
[  244.888342][ T2874]  bus_for_each_drv+0x28e/0x3b0
[  244.893202][ T2874]  ? deferred_probe_work_func+0x400/0x400
[  244.899027][ T2874]  __device_attach+0x489/0x750
[  244.903806][ T2874]  device_initial_probe+0x4a/0x60
[  244.908831][ T2874]  bus_probe_device+0x131/0x390
[  244.913691][ T2874]  device_add+0x25b5/0x2df0
[  244.918213][ T2874]  ? usb_set_configuration+0x3036/0x3710
[  244.923847][ T2874]  usb_set_configuration+0x309f/0x3710
[  244.929338][ T2874]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  244.935427][ T2874]  generic_probe+0xe7/0x280
[  244.939941][ T2874]  ? usb_probe_device+0x104/0x200
[  244.944972][ T2874]  ? usb_choose_configuration+0xae0/0xae0
[  244.954235][ T2874]  usb_probe_device+0x146/0x200
[  244.959095][ T2874]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  244.965091][ T2874]  ? usb_register_device_driver+0x470/0x470
[  244.971250][ T2874]  really_probe+0x1373/0x1dc0
[  244.975946][ T2874]  driver_probe_device+0x1ba/0x510
[  244.981154][ T2874]  __device_attach_driver+0x5b8/0x790
[  244.986533][ T2874]  ? bus_for_each_drv+0x1d5/0x3b0
[  244.991560][ T2874]  bus_for_each_drv+0x28e/0x3b0
[  244.996421][ T2874]  ? deferred_probe_work_func+0x400/0x400
[  245.002151][ T2874]  __device_attach+0x489/0x750
[  245.006959][ T2874]  device_initial_probe+0x4a/0x60
[  245.011988][ T2874]  bus_probe_device+0x131/0x390
[  245.016849][ T2874]  device_add+0x25b5/0x2df0
[  245.021386][ T2874]  usb_new_device+0x23e5/0x2fb0
[  245.026264][ T2874]  hub_event+0x581d/0x72f0
[  245.030738][ T2874]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  245.036717][ T2874]  ? led_work+0x720/0x720
[  245.041069][ T2874]  ? led_work+0x720/0x720
[  245.045403][ T2874]  process_one_work+0x1572/0x1ef0
[  245.050450][ T2874]  worker_thread+0x111b/0x2460
[  245.055248][ T2874]  kthread+0x4b5/0x4f0
[  245.059320][ T2874]  ? process_one_work+0x1ef0/0x1ef0
[  245.064553][ T2874]  ? kthread_blkcg+0xf0/0xf0
[  245.069167][ T2874]  ret_from_fork+0x35/0x40
[  245.073588][ T2874] 
[  245.075919][ T2874] Local variable description: ----rbuf.i@friio_power_ctrl
[  245.083018][ T2874] Variable was created at:
[  245.087449][ T2874]  friio_power_ctrl+0x92/0x1a70
[  245.092303][ T2874]  dvb_usbv2_probe+0xd3d/0x5dd0
[  245.097137][ T2874] ==================================================================
[  245.105191][ T2874] Disabling lock debugging due to kernel taint
[  245.111332][ T2874] Kernel panic - not syncing: panic_on_warn set ...
[  245.117927][ T2874] CPU: 0 PID: 2874 Comm: kworker/0:2 Tainted: G    B             5.3.0-rc3+ #17
[  245.127026][ T2874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  245.137091][ T2874] Workqueue: usb_hub_wq hub_event
[  245.142108][ T2874] Call Trace:
[  245.145424][ T2874]  dump_stack+0x191/0x1f0
[  245.149769][ T2874]  panic+0x3c9/0xc1e
[  245.153694][ T2874]  kmsan_report+0x2ca/0x2d0
[  245.158201][ T2874]  __msan_warning+0x75/0xe0
[  245.162717][ T2874]  friio_power_ctrl+0xb3e/0x1a70
[  245.167652][ T2874]  ? kasan_kmalloc+0xd/0x30
[  245.172170][ T2874]  ? gl861_i2c_msg+0x6e0/0x6e0
[  245.176940][ T2874]  dvb_usbv2_probe+0xd3d/0x5dd0
[  245.181809][ T2874]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  245.187811][ T2874]  ? usb_probe_interface+0xb69/0x1310
[  245.193185][ T2874]  ? technisat_usb2_i2c_access+0x12a0/0x12a0
[  245.199165][ T2874]  ? technisat_usb2_i2c_access+0x12a0/0x12a0
[  245.205148][ T2874]  usb_probe_interface+0xd19/0x1310
[  245.210359][ T2874]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  245.216340][ T2874]  ? usb_register_driver+0x7d0/0x7d0
[  245.221626][ T2874]  really_probe+0x1373/0x1dc0
[  245.226317][ T2874]  driver_probe_device+0x1ba/0x510
[  245.231437][ T2874]  __device_attach_driver+0x5b8/0x790
[  245.236814][ T2874]  ? bus_for_each_drv+0x1d5/0x3b0
[  245.241849][ T2874]  bus_for_each_drv+0x28e/0x3b0
[  245.246698][ T2874]  ? deferred_probe_work_func+0x400/0x400
[  245.252435][ T2874]  __device_attach+0x489/0x750
[  245.257213][ T2874]  device_initial_probe+0x4a/0x60
[  245.262241][ T2874]  bus_probe_device+0x131/0x390
[  245.267101][ T2874]  device_add+0x25b5/0x2df0
[  245.271689][ T2874]  ? usb_set_configuration+0x3036/0x3710
[  245.277330][ T2874]  usb_set_configuration+0x309f/0x3710
[  245.282825][ T2874]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  245.288912][ T2874]  generic_probe+0xe7/0x280
[  245.293592][ T2874]  ? usb_probe_device+0x104/0x200
[  245.298617][ T2874]  ? usb_choose_configuration+0xae0/0xae0
[  245.304343][ T2874]  usb_probe_device+0x146/0x200
[  245.309195][ T2874]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  245.315179][ T2874]  ? usb_register_device_driver+0x470/0x470
[  245.321164][ T2874]  really_probe+0x1373/0x1dc0
[  245.325864][ T2874]  driver_probe_device+0x1ba/0x510
[  245.331345][ T2874]  __device_attach_driver+0x5b8/0x790
[  245.336729][ T2874]  ? bus_for_each_drv+0x1d5/0x3b0
[  245.341767][ T2874]  bus_for_each_drv+0x28e/0x3b0
[  245.346615][ T2874]  ? deferred_probe_work_func+0x400/0x400
[  245.352338][ T2874]  __device_attach+0x489/0x750
[  245.357115][ T2874]  device_initial_probe+0x4a/0x60
[  245.362145][ T2874]  bus_probe_device+0x131/0x390
[  245.367011][ T2874]  device_add+0x25b5/0x2df0
[  245.371535][ T2874]  usb_new_device+0x23e5/0x2fb0
[  245.376414][ T2874]  hub_event+0x581d/0x72f0
[  245.380969][ T2874]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  245.386944][ T2874]  ? led_work+0x720/0x720
[  245.391362][ T2874]  ? led_work+0x720/0x720
[  245.395820][ T2874]  process_one_work+0x1572/0x1ef0
[  245.400871][ T2874]  worker_thread+0x111b/0x2460
[  245.405661][ T2874]  kthread+0x4b5/0x4f0
[  245.409728][ T2874]  ? process_one_work+0x1ef0/0x1ef0
[  245.414935][ T2874]  ? kthread_blkcg+0xf0/0xf0
[  245.419528][ T2874]  ret_from_fork+0x35/0x40
[  245.425634][ T2874] Kernel Offset: disabled
[  245.429963][ T2874] Rebooting in 86400 seconds..