[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   77.557566][   T31] audit: type=1800 audit(1566476174.603:25): pid=11126 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   77.580669][   T31] audit: type=1800 audit(1566476174.623:26): pid=11126 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   77.607167][   T31] audit: type=1800 audit(1566476174.653:27): pid=11126 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.71' (ECDSA) to the list of known hosts.
2019/08/22 12:16:28 fuzzer started
2019/08/22 12:16:33 dialing manager at 10.128.0.26:46771
2019/08/22 12:16:33 syscalls: 2376
2019/08/22 12:16:33 code coverage: enabled
2019/08/22 12:16:33 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/08/22 12:16:33 extra coverage: enabled
2019/08/22 12:16:33 setuid sandbox: enabled
2019/08/22 12:16:33 namespace sandbox: enabled
2019/08/22 12:16:33 Android sandbox: /sys/fs/selinux/policy does not exist
2019/08/22 12:16:33 fault injection: enabled
2019/08/22 12:16:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/08/22 12:16:33 net packet injection: enabled
2019/08/22 12:16:33 net device setup: enabled
12:19:00 executing program 0:
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x50000}]})
r0 = accept$unix(0xffffffffffffffff, 0x0, 0x0)
getsockopt$SO_COOKIE(r0, 0x1, 0x39, 0x0, 0x0)

syzkaller login: [  243.342744][T11294] IPVS: ftp: loaded support on port[0] = 21
[  243.481274][T11294] chnl_net:caif_netlink_parms(): no params data found
[  243.535276][T11294] bridge0: port 1(bridge_slave_0) entered blocking state
[  243.542590][T11294] bridge0: port 1(bridge_slave_0) entered disabled state
[  243.551176][T11294] device bridge_slave_0 entered promiscuous mode
[  243.560842][T11294] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.568090][T11294] bridge0: port 2(bridge_slave_1) entered disabled state
[  243.576760][T11294] device bridge_slave_1 entered promiscuous mode
[  243.609609][T11294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  243.622159][T11294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  243.653891][T11294] team0: Port device team_slave_0 added
[  243.663339][T11294] team0: Port device team_slave_1 added
[  243.966462][T11294] device hsr_slave_0 entered promiscuous mode
[  244.042781][T11294] device hsr_slave_1 entered promiscuous mode
[  244.323275][T11294] bridge0: port 2(bridge_slave_1) entered blocking state
[  244.330505][T11294] bridge0: port 2(bridge_slave_1) entered forwarding state
[  244.338290][T11294] bridge0: port 1(bridge_slave_0) entered blocking state
[  244.345499][T11294] bridge0: port 1(bridge_slave_0) entered forwarding state
[  244.422405][T11294] 8021q: adding VLAN 0 to HW filter on device bond0
[  244.442402][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  244.454548][   T50] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.464319][   T50] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.481271][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  244.500157][T11294] 8021q: adding VLAN 0 to HW filter on device team0
[  244.515013][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  244.524275][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  244.534240][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[  244.541406][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[  244.557688][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  244.567118][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  244.576115][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  244.583296][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  244.598480][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  244.614657][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  244.647341][T11294] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  244.657803][T11294] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  244.672516][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  244.682547][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  244.692011][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  244.701641][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  244.710833][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  244.719864][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  244.729289][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  244.738453][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  244.756484][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  244.765187][   T50] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  244.794641][T11294] 8021q: adding VLAN 0 to HW filter on device batadv0
12:19:02 executing program 0:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000eb8de108697a010036190000000109021200010000008009040000009be13600"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000400)={0x2c, &(0x7f00000001c0)={0x0, 0x0, 0x1, 'b'}, 0x0, 0x0, 0x0, 0x0})

[  245.432361][   T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  245.681895][   T12] usb 1-1: Using ep0 maxpacket: 8
[  245.802070][   T12] usb 1-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=19.36
[  245.811220][   T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.821944][   T12] usb 1-1: config 0 descriptor??
[  245.866775][   T12] usb 1-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
12:19:03 executing program 1:
r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGLED(r0, 0x80404519, &(0x7f0000000100)=""/201)

[  246.708310][T11308] IPVS: ftp: loaded support on port[0] = 21
[  246.853260][T11308] chnl_net:caif_netlink_parms(): no params data found
[  246.911398][T11308] bridge0: port 1(bridge_slave_0) entered blocking state
[  246.918691][T11308] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.927304][T11308] device bridge_slave_0 entered promiscuous mode
[  246.937788][T11308] bridge0: port 2(bridge_slave_1) entered blocking state
[  246.945090][T11308] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.953979][T11308] device bridge_slave_1 entered promiscuous mode
[  246.963217][   T12] ==================================================================
[  246.971324][   T12] BUG: KMSAN: uninit-value in friio_power_ctrl+0xb3e/0x1a70
[  246.978615][   T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.3.0-rc3+ #17
[  246.984606][T11308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  246.986081][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  246.998452][T11308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  247.005153][   T12] Workqueue: usb_hub_wq hub_event
[  247.005163][   T12] Call Trace:
[  247.005189][   T12]  dump_stack+0x191/0x1f0
[  247.005215][   T12]  kmsan_report+0x162/0x2d0
[  247.005256][   T12]  __msan_warning+0x75/0xe0
[  247.034724][T11308] team0: Port device team_slave_0 added
[  247.036366][   T12]  friio_power_ctrl+0xb3e/0x1a70
[  247.044966][T11308] team0: Port device team_slave_1 added
[  247.046838][   T12]  ? kasan_kmalloc+0xd/0x30
[  247.056861][   T12]  ? gl861_i2c_msg+0x6e0/0x6e0
[  247.061632][   T12]  dvb_usbv2_probe+0xd3d/0x5dd0
[  247.066499][   T12]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  247.072501][   T12]  ? usb_probe_interface+0xb69/0x1310
[  247.077881][   T12]  ? technisat_usb2_i2c_access+0x12a0/0x12a0
[  247.083872][   T12]  ? technisat_usb2_i2c_access+0x12a0/0x12a0
[  247.089861][   T12]  usb_probe_interface+0xd19/0x1310
[  247.095075][   T12]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  247.101061][   T12]  ? usb_register_driver+0x7d0/0x7d0
[  247.106353][   T12]  really_probe+0x1373/0x1dc0
[  247.111047][   T12]  driver_probe_device+0x1ba/0x510
[  247.116193][   T12]  __device_attach_driver+0x5b8/0x790
[  247.121569][   T12]  ? bus_for_each_drv+0x1d5/0x3b0
[  247.126597][   T12]  bus_for_each_drv+0x28e/0x3b0
[  247.131445][   T12]  ? deferred_probe_work_func+0x400/0x400
[  247.137173][   T12]  __device_attach+0x489/0x750
[  247.141950][   T12]  device_initial_probe+0x4a/0x60
[  247.146979][   T12]  bus_probe_device+0x131/0x390
[  247.151853][   T12]  device_add+0x25b5/0x2df0
[  247.156374][   T12]  ? usb_set_configuration+0x3036/0x3710
[  247.162010][   T12]  usb_set_configuration+0x309f/0x3710
[  247.167494][   T12]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  247.173577][   T12]  generic_probe+0xe7/0x280
[  247.178082][   T12]  ? usb_probe_device+0x104/0x200
[  247.183119][   T12]  ? usb_choose_configuration+0xae0/0xae0
[  247.188837][   T12]  usb_probe_device+0x146/0x200
[  247.193689][   T12]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  247.199672][   T12]  ? usb_register_device_driver+0x470/0x470
[  247.205564][   T12]  really_probe+0x1373/0x1dc0
[  247.210253][   T12]  driver_probe_device+0x1ba/0x510
[  247.215372][   T12]  __device_attach_driver+0x5b8/0x790
[  247.220749][   T12]  ? bus_for_each_drv+0x1d5/0x3b0
[  247.225774][   T12]  bus_for_each_drv+0x28e/0x3b0
[  247.230622][   T12]  ? deferred_probe_work_func+0x400/0x400
[  247.236347][   T12]  __device_attach+0x489/0x750
[  247.241128][   T12]  device_initial_probe+0x4a/0x60
[  247.246154][   T12]  bus_probe_device+0x131/0x390
[  247.251010][   T12]  device_add+0x25b5/0x2df0
[  247.255538][   T12]  usb_new_device+0x23e5/0x2fb0
[  247.260413][   T12]  hub_event+0x581d/0x72f0
[  247.264883][   T12]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  247.270865][   T12]  ? led_work+0x720/0x720
[  247.275194][   T12]  ? led_work+0x720/0x720
[  247.279532][   T12]  process_one_work+0x1572/0x1ef0
[  247.284578][   T12]  worker_thread+0x111b/0x2460
[  247.289364][   T12]  kthread+0x4b5/0x4f0
[  247.293428][   T12]  ? process_one_work+0x1ef0/0x1ef0
[  247.298634][   T12]  ? kthread_blkcg+0xf0/0xf0
[  247.303226][   T12]  ret_from_fork+0x35/0x40
[  247.307644][   T12] 
[  247.309964][   T12] Local variable description: ----rbuf.i@friio_power_ctrl
[  247.317054][   T12] Variable was created at:
[  247.321472][   T12]  friio_power_ctrl+0x92/0x1a70
[  247.326322][   T12]  dvb_usbv2_probe+0xd3d/0x5dd0
[  247.331160][   T12] ==================================================================
[  247.339209][   T12] Disabling lock debugging due to kernel taint
[  247.345354][   T12] Kernel panic - not syncing: panic_on_warn set ...
[  247.351941][   T12] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G    B             5.3.0-rc3+ #17
[  247.360772][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  247.370835][   T12] Workqueue: usb_hub_wq hub_event
[  247.375854][   T12] Call Trace:
[  247.379154][   T12]  dump_stack+0x191/0x1f0
[  247.383519][   T12]  panic+0x3c9/0xc1e
[  247.387455][   T12]  kmsan_report+0x2ca/0x2d0
[  247.391959][   T12]  __msan_warning+0x75/0xe0
[  247.396469][   T12]  friio_power_ctrl+0xb3e/0x1a70
[  247.401407][   T12]  ? kasan_kmalloc+0xd/0x30
[  247.405924][   T12]  ? gl861_i2c_msg+0x6e0/0x6e0
[  247.410687][   T12]  dvb_usbv2_probe+0xd3d/0x5dd0
[  247.415556][   T12]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  247.421553][   T12]  ? usb_probe_interface+0xb69/0x1310
[  247.426927][   T12]  ? technisat_usb2_i2c_access+0x12a0/0x12a0
[  247.432904][   T12]  ? technisat_usb2_i2c_access+0x12a0/0x12a0
[  247.438907][   T12]  usb_probe_interface+0xd19/0x1310
[  247.444120][   T12]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  247.450109][   T12]  ? usb_register_driver+0x7d0/0x7d0
[  247.455412][   T12]  really_probe+0x1373/0x1dc0
[  247.460112][   T12]  driver_probe_device+0x1ba/0x510
[  247.465237][   T12]  __device_attach_driver+0x5b8/0x790
[  247.470618][   T12]  ? bus_for_each_drv+0x1d5/0x3b0
[  247.475646][   T12]  bus_for_each_drv+0x28e/0x3b0
[  247.480525][   T12]  ? deferred_probe_work_func+0x400/0x400
[  247.486253][   T12]  __device_attach+0x489/0x750
[  247.491029][   T12]  device_initial_probe+0x4a/0x60
[  247.496055][   T12]  bus_probe_device+0x131/0x390
[  247.500914][   T12]  device_add+0x25b5/0x2df0
[  247.505436][   T12]  ? usb_set_configuration+0x3036/0x3710
[  247.511101][   T12]  usb_set_configuration+0x309f/0x3710
[  247.516597][   T12]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  247.522680][   T12]  generic_probe+0xe7/0x280
[  247.527182][   T12]  ? usb_probe_device+0x104/0x200
[  247.532206][   T12]  ? usb_choose_configuration+0xae0/0xae0
[  247.537934][   T12]  usb_probe_device+0x146/0x200
[  247.542787][   T12]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  247.548769][   T12]  ? usb_register_device_driver+0x470/0x470
[  247.554667][   T12]  really_probe+0x1373/0x1dc0
[  247.559362][   T12]  driver_probe_device+0x1ba/0x510
[  247.564486][   T12]  __device_attach_driver+0x5b8/0x790
[  247.569862][   T12]  ? bus_for_each_drv+0x1d5/0x3b0
[  247.574890][   T12]  bus_for_each_drv+0x28e/0x3b0
[  247.579741][   T12]  ? deferred_probe_work_func+0x400/0x400
[  247.585468][   T12]  __device_attach+0x489/0x750
[  247.590241][   T12]  device_initial_probe+0x4a/0x60
[  247.595270][   T12]  bus_probe_device+0x131/0x390
[  247.600127][   T12]  device_add+0x25b5/0x2df0
[  247.604651][   T12]  usb_new_device+0x23e5/0x2fb0
[  247.609525][   T12]  hub_event+0x581d/0x72f0
[  247.613995][   T12]  ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0
[  247.619973][   T12]  ? led_work+0x720/0x720
[  247.624303][   T12]  ? led_work+0x720/0x720
[  247.628639][   T12]  process_one_work+0x1572/0x1ef0
[  247.633684][   T12]  worker_thread+0x111b/0x2460
[  247.638472][   T12]  kthread+0x4b5/0x4f0
[  247.642541][   T12]  ? process_one_work+0x1ef0/0x1ef0
[  247.647748][   T12]  ? kthread_blkcg+0xf0/0xf0
[  247.652341][   T12]  ret_from_fork+0x35/0x40
[  247.657968][   T12] Kernel Offset: disabled
[  247.662294][   T12] Rebooting in 86400 seconds..