[   62.731986][   T30] audit: type=1800 audit(1566241506.766:27): pid=10043 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   62.752326][   T30] audit: type=1800 audit(1566241506.776:28): pid=10043 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   64.128139][   T30] audit: type=1800 audit(1566241508.176:29): pid=10043 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   64.150590][   T30] audit: type=1800 audit(1566241508.206:30): pid=10043 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.40' (ECDSA) to the list of known hosts.
2019/08/19 19:05:19 fuzzer started
2019/08/19 19:05:24 dialing manager at 10.128.0.26:39317
2019/08/19 19:05:24 syscalls: 2376
2019/08/19 19:05:24 code coverage: enabled
2019/08/19 19:05:24 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/08/19 19:05:24 extra coverage: enabled
2019/08/19 19:05:24 setuid sandbox: enabled
2019/08/19 19:05:24 namespace sandbox: enabled
2019/08/19 19:05:24 Android sandbox: /sys/fs/selinux/policy does not exist
2019/08/19 19:05:24 fault injection: enabled
2019/08/19 19:05:24 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/08/19 19:05:24 net packet injection: enabled
2019/08/19 19:05:24 net device setup: enabled
19:07:26 executing program 0:
r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000008c0)={{0x12, 0x1, 0x0, 0xcc, 0xa0, 0xed, 0x8, 0x424, 0x7500, 0x8212, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xba, 0x0, 0x2, 0xf2, 0x23, 0x6b, 0x0, [], [{{0x9, 0x5, 0xb, 0x2}}, {{0x9, 0x5, 0x8a, 0x2}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000f40)={0xfffffdcc, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000001bc0)={0xb4, &(0x7f0000000fc0)={0x0, 0x0, 0x1, "f8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f00000003c0)={0xffffffffffffff9d, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000001000)={0xb4, &(0x7f0000000400), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000c00)={0x24, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000f00)={0x2c, &(0x7f0000000c40), 0x0, 0x0, 0x0, 0x0})

syzkaller login: [  202.442348][T10207] IPVS: ftp: loaded support on port[0] = 21
[  202.559447][T10207] chnl_net:caif_netlink_parms(): no params data found
[  202.606419][T10207] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.613614][T10207] bridge0: port 1(bridge_slave_0) entered disabled state
[  202.622067][T10207] device bridge_slave_0 entered promiscuous mode
[  202.631306][T10207] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.638539][T10207] bridge0: port 2(bridge_slave_1) entered disabled state
[  202.646903][T10207] device bridge_slave_1 entered promiscuous mode
[  202.674950][T10207] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  202.687015][T10207] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  202.715704][T10207] team0: Port device team_slave_0 added
[  202.724392][T10207] team0: Port device team_slave_1 added
[  202.895319][T10207] device hsr_slave_0 entered promiscuous mode
[  203.002497][T10207] device hsr_slave_1 entered promiscuous mode
[  203.077858][T10207] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.085145][T10207] bridge0: port 2(bridge_slave_1) entered forwarding state
[  203.092875][T10207] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.100064][T10207] bridge0: port 1(bridge_slave_0) entered forwarding state
[  203.166404][T10207] 8021q: adding VLAN 0 to HW filter on device bond0
[  203.183707][ T3117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  203.194019][ T3117] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.203556][ T3117] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.215429][ T3117] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  203.235140][T10207] 8021q: adding VLAN 0 to HW filter on device team0
[  203.249769][ T3117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  203.258920][ T3117] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.266094][ T3117] bridge0: port 1(bridge_slave_0) entered forwarding state
[  203.306880][ T3117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  203.315682][ T3117] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.322856][ T3117] bridge0: port 2(bridge_slave_1) entered forwarding state
[  203.332863][ T3117] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  203.342435][ T3117] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  203.351534][ T3117] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  203.363116][ T3117] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  203.374196][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  203.386287][T10207] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  203.424319][T10207] 8021q: adding VLAN 0 to HW filter on device batadv0
[  203.812301][   T34] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  204.052036][   T34] usb 1-1: Using ep0 maxpacket: 8
[  204.172401][   T34] usb 1-1: config 0 has an invalid interface number: 186 but max is 0
[  204.180691][   T34] usb 1-1: config 0 has no interface number 0
[  204.187147][   T34] usb 1-1: config 0 interface 186 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  204.197051][   T34] usb 1-1: config 0 interface 186 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 0
[  204.207032][   T34] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=82.12
[  204.216113][   T34] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.226923][   T34] usb 1-1: config 0 descriptor??
[  204.273441][   T34] smsc75xx v1.0.0
[  204.912408][   T34] ==================================================================
[  204.920486][   T34] BUG: KMSAN: uninit-value in smsc75xx_read_eeprom+0x203/0x920
[  204.928019][   T34] CPU: 1 PID: 34 Comm: kworker/1:1 Not tainted 5.3.0-rc3+ #17
[  204.935456][   T34] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  204.945505][   T34] Workqueue: usb_hub_wq hub_event
[  204.950511][   T34] Call Trace:
[  204.953793][   T34]  dump_stack+0x191/0x1f0
[  204.958144][   T34]  kmsan_report+0x162/0x2d0
19:07:29 executing program 1:
r0 = syz_usb_connect(0x0, 0x22b, &(0x7f0000000000)=ANY=[@ANYBLOB="120100000900e808d0062206e7850000000109022400010000000009043a00020300bb0009050b02e8ffff7f0009058302000000000019fa674a0dbe27c71d188289311f44a30800000000000000f0d4ef041a6cb1f62757280425d157d8886190e0"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

[  204.962646][   T34]  __msan_warning+0x75/0xe0
[  204.967151][   T34]  smsc75xx_read_eeprom+0x203/0x920
[  204.972366][   T34]  smsc75xx_bind+0x675/0x12d0
[  204.977046][   T34]  ? smsc75xx_write_wuff+0x9e0/0x9e0
[  204.982325][   T34]  usbnet_probe+0x10ae/0x3960
[  204.987017][   T34]  ? usbnet_disconnect+0x660/0x660
[  204.992121][   T34]  usb_probe_interface+0xd19/0x1310
[  204.997317][   T34]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  205.003288][   T34]  ? usb_register_driver+0x7d0/0x7d0
[  205.008576][   T34]  really_probe+0x1373/0x1dc0
[  205.013255][   T34]  driver_probe_device+0x1ba/0x510
[  205.018377][   T34]  __device_attach_driver+0x5b8/0x790
[  205.023750][   T34]  ? bus_for_each_drv+0x1d5/0x3b0
[  205.028765][   T34]  bus_for_each_drv+0x28e/0x3b0
[  205.033610][   T34]  ? deferred_probe_work_func+0x400/0x400
[  205.039328][   T34]  __device_attach+0x489/0x750
[  205.044091][   T34]  device_initial_probe+0x4a/0x60
[  205.049104][   T34]  bus_probe_device+0x131/0x390
[  205.053948][   T34]  device_add+0x25b5/0x2df0
[  205.058465][   T34]  ? usb_set_configuration+0x3036/0x3710
[  205.064100][   T34]  usb_set_configuration+0x309f/0x3710
[  205.069586][   T34]  generic_probe+0xe7/0x280
[  205.074077][   T34]  ? usb_probe_device+0x104/0x200
[  205.079095][   T34]  ? usb_choose_configuration+0xae0/0xae0
[  205.084813][   T34]  usb_probe_device+0x146/0x200
[  205.089652][   T34]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  205.095623][   T34]  ? usb_register_device_driver+0x470/0x470
[  205.101506][   T34]  really_probe+0x1373/0x1dc0
[  205.106184][   T34]  driver_probe_device+0x1ba/0x510
[  205.111302][   T34]  __device_attach_driver+0x5b8/0x790
[  205.116672][   T34]  ? bus_for_each_drv+0x1d5/0x3b0
[  205.121694][   T34]  bus_for_each_drv+0x28e/0x3b0
[  205.126538][   T34]  ? deferred_probe_work_func+0x400/0x400
[  205.132253][   T34]  __device_attach+0x489/0x750
[  205.137019][   T34]  device_initial_probe+0x4a/0x60
[  205.142031][   T34]  bus_probe_device+0x131/0x390
[  205.146880][   T34]  device_add+0x25b5/0x2df0
[  205.151399][   T34]  usb_new_device+0x23e5/0x2fb0
[  205.156252][   T34]  hub_event+0x581d/0x72f0
[  205.160676][   T34]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  205.166627][   T34]  ? led_work+0x720/0x720
[  205.170930][   T34]  ? led_work+0x720/0x720
[  205.175236][   T34]  process_one_work+0x1572/0x1ef0
[  205.180247][   T34]  worker_thread+0x111b/0x2460
[  205.185006][   T34]  kthread+0x4b5/0x4f0
[  205.189051][   T34]  ? process_one_work+0x1ef0/0x1ef0
[  205.194228][   T34]  ? kthread_blkcg+0xf0/0xf0
[  205.198802][   T34]  ret_from_fork+0x35/0x40
[  205.203199][   T34] 
[  205.205501][   T34] Local variable description: ----buf.i.i86@smsc75xx_read_eeprom
[  205.213183][   T34] Variable was created at:
[  205.217576][   T34]  smsc75xx_read_eeprom+0x109/0x920
[  205.222745][   T34]  smsc75xx_bind+0x675/0x12d0
[  205.227387][   T34] ==================================================================
[  205.235415][   T34] Disabling lock debugging due to kernel taint
[  205.241535][   T34] Kernel panic - not syncing: panic_on_warn set ...
[  205.248097][   T34] CPU: 1 PID: 34 Comm: kworker/1:1 Tainted: G    B             5.3.0-rc3+ #17
[  205.256908][   T34] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  205.266940][   T34] Workqueue: usb_hub_wq hub_event
[  205.271932][   T34] Call Trace:
[  205.275195][   T34]  dump_stack+0x191/0x1f0
[  205.279504][   T34]  panic+0x3c9/0xc1e
[  205.283394][   T34]  kmsan_report+0x2ca/0x2d0
[  205.287875][   T34]  __msan_warning+0x75/0xe0
[  205.292360][   T34]  smsc75xx_read_eeprom+0x203/0x920
[  205.297541][   T34]  smsc75xx_bind+0x675/0x12d0
[  205.302199][   T34]  ? smsc75xx_write_wuff+0x9e0/0x9e0
[  205.307457][   T34]  usbnet_probe+0x10ae/0x3960
[  205.312125][   T34]  ? usbnet_disconnect+0x660/0x660
[  205.317219][   T34]  usb_probe_interface+0xd19/0x1310
[  205.322400][   T34]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  205.328355][   T34]  ? usb_register_driver+0x7d0/0x7d0
[  205.333615][   T34]  really_probe+0x1373/0x1dc0
[  205.338279][   T34]  driver_probe_device+0x1ba/0x510
[  205.343377][   T34]  __device_attach_driver+0x5b8/0x790
[  205.348730][   T34]  ? bus_for_each_drv+0x1d5/0x3b0
[  205.353730][   T34]  bus_for_each_drv+0x28e/0x3b0
[  205.358558][   T34]  ? deferred_probe_work_func+0x400/0x400
[  205.364259][   T34]  __device_attach+0x489/0x750
[  205.369008][   T34]  device_initial_probe+0x4a/0x60
[  205.374006][   T34]  bus_probe_device+0x131/0x390
[  205.378839][   T34]  device_add+0x25b5/0x2df0
[  205.383335][   T34]  ? usb_set_configuration+0x3036/0x3710
[  205.388942][   T34]  usb_set_configuration+0x309f/0x3710
[  205.394404][   T34]  generic_probe+0xe7/0x280
[  205.398884][   T34]  ? usb_probe_device+0x104/0x200
[  205.403887][   T34]  ? usb_choose_configuration+0xae0/0xae0
[  205.409580][   T34]  usb_probe_device+0x146/0x200
[  205.414407][   T34]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  205.420366][   T34]  ? usb_register_device_driver+0x470/0x470
[  205.426234][   T34]  really_probe+0x1373/0x1dc0
[  205.431050][   T34]  driver_probe_device+0x1ba/0x510
[  205.436154][   T34]  __device_attach_driver+0x5b8/0x790
[  205.441505][   T34]  ? bus_for_each_drv+0x1d5/0x3b0
[  205.446508][   T34]  bus_for_each_drv+0x28e/0x3b0
[  205.451330][   T34]  ? deferred_probe_work_func+0x400/0x400
[  205.457030][   T34]  __device_attach+0x489/0x750
[  205.461781][   T34]  device_initial_probe+0x4a/0x60
[  205.466784][   T34]  bus_probe_device+0x131/0x390
[  205.471614][   T34]  device_add+0x25b5/0x2df0
[  205.476105][   T34]  usb_new_device+0x23e5/0x2fb0
[  205.480943][   T34]  hub_event+0x581d/0x72f0
[  205.485366][   T34]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  205.491323][   T34]  ? led_work+0x720/0x720
[  205.495628][   T34]  ? led_work+0x720/0x720
[  205.499936][   T34]  process_one_work+0x1572/0x1ef0
[  205.504951][   T34]  worker_thread+0x111b/0x2460
[  205.509702][   T34]  kthread+0x4b5/0x4f0
[  205.513745][   T34]  ? process_one_work+0x1ef0/0x1ef0
[  205.518922][   T34]  ? kthread_blkcg+0xf0/0xf0
[  205.523496][   T34]  ret_from_fork+0x35/0x40
[  205.528997][   T34] Kernel Offset: disabled
[  205.533306][   T34] Rebooting in 86400 seconds..