[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[  106.493738][   T31] audit: type=1800 audit(1564444046.540:25): pid=12212 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[  106.519064][   T31] audit: type=1800 audit(1564444046.570:26): pid=12212 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[  106.552758][   T31] audit: type=1800 audit(1564444046.590:27): pid=12212 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.59' (ECDSA) to the list of known hosts.
2019/07/29 23:47:40 fuzzer started
2019/07/29 23:47:46 dialing manager at 10.128.0.26:46103
2019/07/29 23:47:46 syscalls: 2365
2019/07/29 23:47:46 code coverage: enabled
2019/07/29 23:47:46 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/07/29 23:47:46 extra coverage: enabled
2019/07/29 23:47:46 setuid sandbox: enabled
2019/07/29 23:47:46 namespace sandbox: enabled
2019/07/29 23:47:46 Android sandbox: /sys/fs/selinux/policy does not exist
2019/07/29 23:47:46 fault injection: enabled
2019/07/29 23:47:46 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/07/29 23:47:46 net packet injection: enabled
2019/07/29 23:47:46 net device setup: enabled
23:50:09 executing program 0:

syzkaller login: [  269.936644][T12375] IPVS: ftp: loaded support on port[0] = 21
[  270.121808][T12375] chnl_net:caif_netlink_parms(): no params data found
[  270.192234][T12375] bridge0: port 1(bridge_slave_0) entered blocking state
[  270.199640][T12375] bridge0: port 1(bridge_slave_0) entered disabled state
[  270.208729][T12375] device bridge_slave_0 entered promiscuous mode
[  270.219892][T12375] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.227264][T12375] bridge0: port 2(bridge_slave_1) entered disabled state
[  270.236591][T12375] device bridge_slave_1 entered promiscuous mode
[  270.275390][T12375] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  270.289124][T12375] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  270.328593][T12375] team0: Port device team_slave_0 added
[  270.338981][T12375] team0: Port device team_slave_1 added
[  270.419020][T12375] device hsr_slave_0 entered promiscuous mode
[  270.543779][T12375] device hsr_slave_1 entered promiscuous mode
[  270.821495][T12375] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.828817][T12375] bridge0: port 2(bridge_slave_1) entered forwarding state
[  270.836817][T12375] bridge0: port 1(bridge_slave_0) entered blocking state
[  270.844310][T12375] bridge0: port 1(bridge_slave_0) entered forwarding state
[  270.955993][T12375] 8021q: adding VLAN 0 to HW filter on device bond0
[  270.980052][ T3979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  270.995165][ T3979] bridge0: port 1(bridge_slave_0) entered disabled state
[  271.007866][ T3979] bridge0: port 2(bridge_slave_1) entered disabled state
[  271.021728][ T3979] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  271.044134][T12375] 8021q: adding VLAN 0 to HW filter on device team0
[  271.067476][ T3979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  271.076966][ T3979] bridge0: port 1(bridge_slave_0) entered blocking state
[  271.084265][ T3979] bridge0: port 1(bridge_slave_0) entered forwarding state
[  271.137304][ T3979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  271.147271][ T3979] bridge0: port 2(bridge_slave_1) entered blocking state
[  271.154572][ T3979] bridge0: port 2(bridge_slave_1) entered forwarding state
[  271.167279][ T3979] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  271.178117][ T3979] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  271.194769][   T30] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  271.204230][   T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  271.213701][   T30] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  271.232348][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  271.242166][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  271.258311][T12375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  271.304572][T12375] 8021q: adding VLAN 0 to HW filter on device batadv0
23:50:11 executing program 0:
r0 = syz_usb_connect(0x0, 0x89, &(0x7f00000008c0)={{0x12, 0x1, 0x0, 0x72, 0x68, 0x34, 0x8, 0x424, 0x9908, 0x6a5e, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x80, 0x0, 0x2, 0xc2, 0x8b, 0xac, 0x0, [], [{{0x9, 0x5, 0xb, 0x2}}, {{0x9, 0x5, 0x8a, 0x2}}]}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000300)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000bc0)={0xcc, &(0x7f0000000340)={0x0, 0x0, 0x4, "ef73a90c"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000280)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000001040)={0xcc, &(0x7f0000001e00), 0x0, 0x0, &(0x7f00000006c0)={0x20, 0x81, 0x1, "e6"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a00)={0x40, 0xb, 0x2, "9654"}, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)={0x40, 0x1a, 0x2}, 0x0, 0x0, &(0x7f0000001000)={0x40, 0x21, 0x1}})

[  271.782882][   T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  272.052993][   T12] usb 1-1: Using ep0 maxpacket: 8
[  272.183845][   T12] usb 1-1: config 0 has an invalid interface number: 128 but max is 0
[  272.192221][   T12] usb 1-1: config 0 has no interface number 0
[  272.198685][   T12] usb 1-1: config 0 interface 128 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  272.209362][   T12] usb 1-1: config 0 interface 128 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 0
[  272.220303][   T12] usb 1-1: New USB device found, idVendor=0424, idProduct=9908, bcdDevice=6a.5e
[  272.229487][   T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  272.240829][   T12] usb 1-1: config 0 descriptor??
[  272.286347][   T12] smsc95xx v1.0.6
[  273.142898][   T12] ==================================================================
[  273.151170][   T12] BUG: KMSAN: uninit-value in smsc95xx_wait_eeprom+0x1fb/0x3d0
[  273.158748][   T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.2.0+ #15
[  273.165862][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  273.176106][   T12] Workqueue: usb_hub_wq hub_event
[  273.181149][   T12] Call Trace:
[  273.184556][   T12]  dump_stack+0x191/0x1f0
[  273.188982][   T12]  kmsan_report+0x162/0x2d0
[  273.193612][   T12]  __msan_warning+0x75/0xe0
[  273.198153][   T12]  smsc95xx_wait_eeprom+0x1fb/0x3d0
[  273.203483][   T12]  smsc95xx_read_eeprom+0x3c2/0x920
[  273.208726][   T12]  smsc95xx_bind+0x467/0x1690
[  273.213449][   T12]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  273.219372][   T12]  ? smsc95xx_mdio_write+0xc10/0xc10
[  273.224679][   T12]  usbnet_probe+0x10d3/0x3950
[  273.229398][   T12]  ? kmsan_internal_memset_shadow+0x104/0x3a0
[  273.235530][   T12]  ? usbnet_disconnect+0x660/0x660
[  273.240669][   T12]  usb_probe_interface+0xd19/0x1310
[  273.245912][   T12]  ? usb_register_driver+0x7d0/0x7d0
[  273.251397][   T12]  really_probe+0x1344/0x1d90
[  273.256134][   T12]  driver_probe_device+0x1ba/0x510
[  273.261276][   T12]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  273.267201][   T12]  __device_attach_driver+0x5b8/0x790
[  273.272627][   T12]  bus_for_each_drv+0x28e/0x3b0
[  273.277494][   T12]  ? deferred_probe_work_func+0x400/0x400
[  273.283255][   T12]  __device_attach+0x489/0x750
[  273.288088][   T12]  device_initial_probe+0x4a/0x60
[  273.293138][   T12]  bus_probe_device+0x131/0x390
[  273.298023][   T12]  device_add+0x25b5/0x2df0
[  273.302596][   T12]  usb_set_configuration+0x309f/0x3710
[  273.308382][   T12]  generic_probe+0xe7/0x280
[  273.312925][   T12]  ? usb_choose_configuration+0xae0/0xae0
[  273.318680][   T12]  usb_probe_device+0x146/0x200
[  273.323568][   T12]  ? usb_register_device_driver+0x470/0x470
[  273.329491][   T12]  really_probe+0x1344/0x1d90
[  273.334213][   T12]  driver_probe_device+0x1ba/0x510
[  273.339359][   T12]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  273.345298][   T12]  __device_attach_driver+0x5b8/0x790
[  273.350723][   T12]  bus_for_each_drv+0x28e/0x3b0
[  273.355596][   T12]  ? deferred_probe_work_func+0x400/0x400
[  273.361391][   T12]  __device_attach+0x489/0x750
[  273.366207][   T12]  device_initial_probe+0x4a/0x60
[  273.371264][   T12]  bus_probe_device+0x131/0x390
[  273.376157][   T12]  device_add+0x25b5/0x2df0
[  273.380746][   T12]  usb_new_device+0x23e5/0x2fb0
[  273.385671][   T12]  hub_event+0x5853/0x7320
23:50:13 executing program 1:

[  273.390204][   T12]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  273.396115][   T12]  ? led_work+0x720/0x720
[  273.400475][   T12]  ? led_work+0x720/0x720
[  273.404886][   T12]  process_one_work+0x1572/0x1f00
[  273.410478][   T12]  worker_thread+0x111b/0x2460
[  273.415359][   T12]  kthread+0x4b5/0x4f0
[  273.419626][   T12]  ? process_one_work+0x1f00/0x1f00
[  273.424862][   T12]  ? kthread_blkcg+0xf0/0xf0
[  273.429518][   T12]  ret_from_fork+0x35/0x40
[  273.433966][   T12] 
[  273.436315][   T12] Local variable description: ----buf.i.i@smsc95xx_wait_eeprom
[  273.443859][   T12] Variable was created at:
[  273.448305][   T12]  smsc95xx_wait_eeprom+0xb6/0x3d0
[  273.453439][   T12]  smsc95xx_read_eeprom+0x3c2/0x920
[  273.458638][   T12] ==================================================================
[  273.466705][   T12] Disabling lock debugging due to kernel taint
[  273.472869][   T12] Kernel panic - not syncing: panic_on_warn set ...
[  273.479477][   T12] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G    B             5.2.0+ #15
[  273.487980][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  273.498068][   T12] Workqueue: usb_hub_wq hub_event
[  273.503222][   T12] Call Trace:
[  273.506664][   T12]  dump_stack+0x191/0x1f0
[  273.511157][   T12]  panic+0x3c9/0xc1e
[  273.515134][   T12]  kmsan_report+0x2ca/0x2d0
[  273.519852][   T12]  __msan_warning+0x75/0xe0
[  273.524391][   T12]  smsc95xx_wait_eeprom+0x1fb/0x3d0
[  273.529684][   T12]  smsc95xx_read_eeprom+0x3c2/0x920
[  273.534931][   T12]  smsc95xx_bind+0x467/0x1690
[  273.539646][   T12]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  273.545593][   T12]  ? smsc95xx_mdio_write+0xc10/0xc10
[  273.550911][   T12]  usbnet_probe+0x10d3/0x3950
[  273.555642][   T12]  ? kmsan_internal_memset_shadow+0x104/0x3a0
[  273.561856][   T12]  ? usbnet_disconnect+0x660/0x660
[  273.567006][   T12]  usb_probe_interface+0xd19/0x1310
[  273.572261][   T12]  ? usb_register_driver+0x7d0/0x7d0
[  273.577611][   T12]  really_probe+0x1344/0x1d90
[  273.582334][   T12]  driver_probe_device+0x1ba/0x510
[  273.587472][   T12]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  273.593399][   T12]  __device_attach_driver+0x5b8/0x790
[  273.598816][   T12]  bus_for_each_drv+0x28e/0x3b0
[  273.603768][   T12]  ? deferred_probe_work_func+0x400/0x400
[  273.609526][   T12]  __device_attach+0x489/0x750
[  273.614329][   T12]  device_initial_probe+0x4a/0x60
[  273.619375][   T12]  bus_probe_device+0x131/0x390
[  273.624254][   T12]  device_add+0x25b5/0x2df0
[  273.628810][   T12]  usb_set_configuration+0x309f/0x3710
[  273.634379][   T12]  generic_probe+0xe7/0x280
[  273.638905][   T12]  ? usb_choose_configuration+0xae0/0xae0
[  273.644647][   T12]  usb_probe_device+0x146/0x200
[  273.649521][   T12]  ? usb_register_device_driver+0x470/0x470
[  273.655442][   T12]  really_probe+0x1344/0x1d90
[  273.660163][   T12]  driver_probe_device+0x1ba/0x510
[  273.665297][   T12]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  273.671218][   T12]  __device_attach_driver+0x5b8/0x790
[  273.676630][   T12]  bus_for_each_drv+0x28e/0x3b0
[  273.681514][   T12]  ? deferred_probe_work_func+0x400/0x400
[  273.687264][   T12]  __device_attach+0x489/0x750
[  273.692061][   T12]  device_initial_probe+0x4a/0x60
[  273.697111][   T12]  bus_probe_device+0x131/0x390
[  273.701986][   T12]  device_add+0x25b5/0x2df0
[  273.706542][   T12]  usb_new_device+0x23e5/0x2fb0
[  273.711475][   T12]  hub_event+0x5853/0x7320
[  273.716083][   T12]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  273.721984][   T12]  ? led_work+0x720/0x720
[  273.726322][   T12]  ? led_work+0x720/0x720
[  273.730668][   T12]  process_one_work+0x1572/0x1f00
[  273.735923][   T12]  worker_thread+0x111b/0x2460
[  273.740790][   T12]  kthread+0x4b5/0x4f0
[  273.744882][   T12]  ? process_one_work+0x1f00/0x1f00
[  273.750200][   T12]  ? kthread_blkcg+0xf0/0xf0
[  273.754811][   T12]  ret_from_fork+0x35/0x40
[  273.760366][   T12] Kernel Offset: disabled
[  273.764781][   T12] Rebooting in 86400 seconds..