[ 72.861611][ T30] audit: type=1800 audit(1561465088.912:25): pid=11394 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[ 72.885675][ T30] audit: type=1800 audit(1561465088.942:26): pid=11394 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 72.919218][ T30] audit: type=1800 audit(1561465088.962:27): pid=11394 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] startpar: service(s) returned failure: rsyslog ...�[?25l�[?1c�7�[1G[�[31mFAIL�[39;49m�8�[?25h�[?0c �[31mfailed!�[39;49m
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts.
2019/06/25 12:18:21 fuzzer started
2019/06/25 12:18:27 dialing manager at 10.128.0.26:36485
2019/06/25 12:18:27 syscalls: 2347
2019/06/25 12:18:27 code coverage: enabled
2019/06/25 12:18:27 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/06/25 12:18:27 extra coverage: enabled
2019/06/25 12:18:27 setuid sandbox: enabled
2019/06/25 12:18:27 namespace sandbox: enabled
2019/06/25 12:18:27 Android sandbox: /sys/fs/selinux/policy does not exist
2019/06/25 12:18:27 fault injection: enabled
2019/06/25 12:18:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/06/25 12:18:27 net packet injection: enabled
2019/06/25 12:18:27 net device setup: enabled
12:20:39 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
memfd_create(&(0x7f00000001c0)='\x00', 0x3)
socket(0x11, 0x0, 0x80000001)
openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='memory.events\x00', 0x0, 0x0)
ioctl$BLKBSZSET(0xffffffffffffffff, 0x40081271, 0x0)
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c)
listen(r0, 0x5eb857)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r1, &(0x7f0000000340)={0x2, 0x4e23, @empty}, 0x10)
r2 = accept4(r0, 0x0, 0x0, 0x0)
ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, 0x0)
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(0xffffffffffffffff, 0xc0045520, 0x0)
sendmmsg(r1, &(0x7f0000000040), 0x1, 0x0)
sendmmsg(r2, &(0x7f0000000c00), 0x4000000000001e6, 0x0)
syzkaller login: [ 224.052352][T11579] IPVS: ftp: loaded support on port[0] = 21
[ 224.181530][T11579] chnl_net:caif_netlink_parms(): no params data found
[ 224.232793][T11579] bridge0: port 1(bridge_slave_0) entered blocking state
[ 224.240132][T11579] bridge0: port 1(bridge_slave_0) entered disabled state
[ 224.248926][T11579] device bridge_slave_0 entered promiscuous mode
[ 224.258919][T11579] bridge0: port 2(bridge_slave_1) entered blocking state
[ 224.266242][T11579] bridge0: port 2(bridge_slave_1) entered disabled state
[ 224.275071][T11579] device bridge_slave_1 entered promiscuous mode
[ 224.305238][T11579] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 224.316842][T11579] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 224.346078][T11579] team0: Port device team_slave_0 added
[ 224.355009][T11579] team0: Port device team_slave_1 added
[ 224.435946][T11579] device hsr_slave_0 entered promiscuous mode
[ 224.592345][T11579] device hsr_slave_1 entered promiscuous mode
[ 224.868928][T11579] bridge0: port 2(bridge_slave_1) entered blocking state
[ 224.876374][T11579] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 224.889623][T11579] bridge0: port 1(bridge_slave_0) entered blocking state
[ 224.896914][T11579] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 224.964702][T11579] 8021q: adding VLAN 0 to HW filter on device bond0
[ 224.983433][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 224.995023][ T4112] bridge0: port 1(bridge_slave_0) entered disabled state
[ 225.004192][ T4112] bridge0: port 2(bridge_slave_1) entered disabled state
[ 225.016544][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 225.036644][T11579] 8021q: adding VLAN 0 to HW filter on device team0
[ 225.052446][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 225.061838][ T4112] bridge0: port 1(bridge_slave_0) entered blocking state
[ 225.069043][ T4112] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 225.117006][T11579] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 225.127569][T11579] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 225.145191][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 225.154254][ T4112] bridge0: port 2(bridge_slave_1) entered blocking state
[ 225.161466][ T4112] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 225.170913][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 225.180716][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 225.190183][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 225.199417][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 225.213305][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 225.221268][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 225.246821][T11579] 8021q: adding VLAN 0 to HW filter on device batadv0
12:20:41 executing program 0:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x79, 0x1a, 0x78, 0x8, 0xb95, 0x772a, 0x55cd, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x77, 0x0, 0x0, 0x77, 0x2d, 0x35}}]}}]}}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000400)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000840)={0x54, &(0x7f0000000440), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000000900)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000c40)={0x54, &(0x7f0000000940), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, &(0x7f0000000b80)={0x24, &(0x7f0000001080)={0x0, 0x0, 0x2, {0x2}}, 0x0, 0x0, 0x0}, &(0x7f0000000ec0)={0x24, &(0x7f0000000dc0), 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000000800)={0x5a47fb65, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000001000)={0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={0x40, 0x9, 0x3, "cc738d"}, 0x0})
[ 225.872423][ T38] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 226.111847][ T38] usb 1-1: Using ep0 maxpacket: 8
[ 226.232300][ T38] usb 1-1: config 0 has an invalid interface number: 119 but max is 0
[ 226.240695][ T38] usb 1-1: config 0 has no interface number 0
[ 226.246997][ T38] usb 1-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=55.cd
[ 226.257714][ T38] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 226.273558][ T38] usb 1-1: config 0 descriptor??
[ 226.511929][ T38] ==================================================================
[ 226.520038][ T38] BUG: KMSAN: uninit-value in ax88772_bind+0x93d/0x11e0
[ 226.527008][ T38] CPU: 1 PID: 38 Comm: kworker/1:1 Not tainted 5.2.0-rc4+ #6
[ 226.534522][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 226.544596][ T38] Workqueue: usb_hub_wq hub_event
[ 226.549653][ T38] Call Trace:
[ 226.552958][ T38] dump_stack+0x191/0x1f0
[ 226.557303][ T38] kmsan_report+0x162/0x2d0
[ 226.561937][ T38] __msan_warning+0x75/0xe0
[ 226.566449][ T38] ax88772_bind+0x93d/0x11e0
[ 226.571048][ T38] ? ax88178_change_mtu+0x650/0x650
[ 226.576254][ T38] usbnet_probe+0x10d3/0x3950
[ 226.580943][ T38] ? kmsan_internal_memset_shadow+0x104/0x3a0
[ 226.587040][ T38] ? usbnet_disconnect+0x660/0x660
[ 226.592162][ T38] usb_probe_interface+0xd19/0x1310
[ 226.597489][ T38] ? usb_register_driver+0x7d0/0x7d0
[ 226.602783][ T38] really_probe+0x1344/0x1d90
[ 226.607477][ T38] driver_probe_device+0x1ba/0x510
[ 226.612648][ T38] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 226.618553][ T38] __device_attach_driver+0x5b8/0x790
[ 226.623947][ T38] bus_for_each_drv+0x28e/0x3b0
[ 226.628962][ T38] ? deferred_probe_work_func+0x400/0x400
[ 226.634703][ T38] __device_attach+0x489/0x750
[ 226.639491][ T38] device_initial_probe+0x4a/0x60
[ 226.644581][ T38] bus_probe_device+0x131/0x390
[ 226.649444][ T38] device_add+0x25b5/0x2df0
[ 226.653984][ T38] usb_set_configuration+0x309f/0x3710
[ 226.659594][ T38] ? __msan_metadata_ptr_for_load_1+0x10/0x20
[ 226.665692][ T38] generic_probe+0xe7/0x280
[ 226.670211][ T38] ? usb_choose_configuration+0xae0/0xae0
[ 226.675943][ T38] usb_probe_device+0x146/0x200
[ 226.680922][ T38] ? usb_register_device_driver+0x470/0x470
[ 226.686828][ T38] really_probe+0x1344/0x1d90
[ 226.691658][ T38] driver_probe_device+0x1ba/0x510
[ 226.696778][ T38] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 226.702687][ T38] __device_attach_driver+0x5b8/0x790
[ 226.708082][ T38] bus_for_each_drv+0x28e/0x3b0
[ 226.712939][ T38] ? deferred_probe_work_func+0x400/0x400
[ 226.724896][ T38] __device_attach+0x489/0x750
[ 226.729685][ T38] device_initial_probe+0x4a/0x60
[ 226.734724][ T38] bus_probe_device+0x131/0x390
[ 226.740478][ T38] device_add+0x25b5/0x2df0
[ 226.745987][ T38] usb_new_device+0x23e5/0x2fb0
[ 226.751778][ T38] hub_event+0x5853/0x7320
[ 226.766122][ T38] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 226.772128][ T38] ? led_work+0x720/0x720
[ 226.776458][ T38] ? led_work+0x720/0x720
[ 226.780798][ T38] process_one_work+0x1572/0x1f00
[ 226.785854][ T38] worker_thread+0x111b/0x2460
[ 226.790658][ T38] kthread+0x4b5/0x4f0
[ 226.794888][ T38] ? process_one_work+0x1f00/0x1f00
[ 226.800123][ T38] ? kthread_blkcg+0xf0/0xf0
[ 226.804717][ T38] ret_from_fork+0x35/0x40
[ 226.809166][ T38]
[ 226.811498][ T38] Local variable description: ----buf@ax88772_bind
[ 226.817999][ T38] Variable was created at:
[ 226.822507][ T38] ax88772_bind+0x5f/0x11e0
[ 226.827009][ T38] usbnet_probe+0x10d3/0x3950
[ 226.831676][ T38] ==================================================================
[ 226.839730][ T38] Disabling lock debugging due to kernel taint
[ 226.845884][ T38] Kernel panic - not syncing: panic_on_warn set ...
[ 226.852620][ T38] CPU: 1 PID: 38 Comm: kworker/1:1 Tainted: G B 5.2.0-rc4+ #6
[ 226.861377][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 226.871445][ T38] Workqueue: usb_hub_wq hub_event
[ 226.876471][ T38] Call Trace:
[ 226.879773][ T38] dump_stack+0x191/0x1f0
[ 226.884598][ T38] panic+0x3c9/0xc1e
[ 226.888533][ T38] kmsan_report+0x2ca/0x2d0
[ 226.893051][ T38] __msan_warning+0x75/0xe0
[ 226.897590][ T38] ax88772_bind+0x93d/0x11e0
[ 226.902192][ T38] ? ax88178_change_mtu+0x650/0x650
[ 226.907401][ T38] usbnet_probe+0x10d3/0x3950
[ 226.912090][ T38] ? kmsan_internal_memset_shadow+0x104/0x3a0
[ 226.918305][ T38] ? usbnet_disconnect+0x660/0x660
[ 226.923426][ T38] usb_probe_interface+0xd19/0x1310
[ 226.928645][ T38] ? usb_register_driver+0x7d0/0x7d0
[ 226.933940][ T38] really_probe+0x1344/0x1d90
[ 226.938637][ T38] driver_probe_device+0x1ba/0x510
[ 226.943758][ T38] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 226.949752][ T38] __device_attach_driver+0x5b8/0x790
[ 226.955142][ T38] bus_for_each_drv+0x28e/0x3b0
[ 226.960090][ T38] ? deferred_probe_work_func+0x400/0x400
[ 226.965829][ T38] __device_attach+0x489/0x750
[ 226.970610][ T38] device_initial_probe+0x4a/0x60
[ 226.975640][ T38] bus_probe_device+0x131/0x390
[ 226.980620][ T38] device_add+0x25b5/0x2df0
[ 226.985155][ T38] usb_set_configuration+0x309f/0x3710
[ 226.990646][ T38] ? __msan_metadata_ptr_for_load_1+0x10/0x20
[ 226.996732][ T38] generic_probe+0xe7/0x280
[ 227.001245][ T38] ? usb_choose_configuration+0xae0/0xae0
[ 227.006983][ T38] usb_probe_device+0x146/0x200
[ 227.011844][ T38] ? usb_register_device_driver+0x470/0x470
[ 227.017744][ T38] really_probe+0x1344/0x1d90
[ 227.022440][ T38] driver_probe_device+0x1ba/0x510
[ 227.027560][ T38] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 227.033490][ T38] __device_attach_driver+0x5b8/0x790
[ 227.038979][ T38] bus_for_each_drv+0x28e/0x3b0
[ 227.043839][ T38] ? deferred_probe_work_func+0x400/0x400
[ 227.049572][ T38] __device_attach+0x489/0x750
[ 227.054353][ T38] device_initial_probe+0x4a/0x60
[ 227.059384][ T38] bus_probe_device+0x131/0x390
12:20:43 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getgroups(0x4c9, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0)
r0 = openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$VIDIOC_G_DV_TIMINGS(0xffffffffffffffff, 0xc0845658, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_subtree(r0, 0x0, 0x2, 0x0)
openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0)
stat(0x0, &(0x7f0000000200))
getuid()
setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x2, &(0x7f0000000900)='}^]', 0x3)
geteuid()
lsetxattr$system_posix_acl(&(0x7f0000000380)='./file0\x00', &(0x7f0000000080)='system.posix_acl_default\x00', &(0x7f0000000a40)=ANY=[@ANYRES32=0x0], 0x1, 0x0)
getdents(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$sndpcmp(0x0, 0x0, 0x200000)
ioctl$TIOCSERGETLSR(r0, 0x5459, &(0x7f00000002c0))
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000280)={0x0, 0x55, 0xfa00, {0x3, &(0x7f0000000000)={<r2=>0xffffffffffffffff}, 0x20000111}}, 0x24c)
r3 = request_key(&(0x7f0000000300)='.request_key_auth\x00', &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000600)='}^]', 0xfffffffffffffff8)
keyctl$get_security(0x11, r3, 0x0, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000400)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @dev, 0x4}, {0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}, r2}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0x2, 0x0, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0xc000000, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x700000000000000]}}, {0x2, 0x0, 0xfffffffffffffffd, @local}, r2}}, 0x48)
write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f0000000080)={0xc, 0x8, 0xfa00, {&(0x7f0000000480)}}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x6}, 0x10)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000001a001fff00000000000000001e000000001400000000000008000400150000002162ed2cd151f4e284fc0282d284c6c8"], 0x1}}, 0x0)
[ 227.064250][ T38] device_add+0x25b5/0x2df0
[ 227.068782][ T38] usb_new_device+0x23e5/0x2fb0
[ 227.073659][ T38] hub_event+0x5853/0x7320
[ 227.078153][ T38] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 227.084045][ T38] ? led_work+0x720/0x720
[ 227.088371][ T38] ? led_work+0x720/0x720
[ 227.092707][ T38] process_one_work+0x1572/0x1f00
[ 227.097757][ T38] worker_thread+0x111b/0x2460
[ 227.102565][ T38] kthread+0x4b5/0x4f0
[ 227.106807][ T38] ? process_one_work+0x1f00/0x1f00
[ 227.112028][ T38] ? kthread_blkcg+0xf0/0xf0
[ 227.116629][ T38] ret_from_fork+0x35/0x40
[ 227.123022][ T38] Kernel Offset: disabled
[ 227.127354][ T38] Rebooting in 86400 seconds..