[?25l[?1c7[ ok 8[?25h[?0c. [ 103.073676][ T30] audit: type=1800 audit(1564719408.126:25): pid=12166 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 103.097531][ T30] audit: type=1800 audit(1564719408.146:26): pid=12166 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 103.135999][ T30] audit: type=1800 audit(1564719408.176:27): pid=12166 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.228' (ECDSA) to the list of known hosts. 2019/08/02 04:17:01 fuzzer started 2019/08/02 04:17:08 dialing manager at 10.128.0.26:40455 2019/08/02 04:17:08 syscalls: 2367 2019/08/02 04:17:08 code coverage: enabled 2019/08/02 04:17:08 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/08/02 04:17:08 extra coverage: enabled 2019/08/02 04:17:08 setuid sandbox: enabled 2019/08/02 04:17:08 namespace sandbox: enabled 2019/08/02 04:17:08 Android sandbox: /sys/fs/selinux/policy does not exist 2019/08/02 04:17:08 fault injection: enabled 2019/08/02 04:17:08 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/08/02 04:17:08 net packet injection: enabled 2019/08/02 04:17:08 net device setup: enabled 04:20:32 executing program 0: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x91, 0x14, 0x8f, 0x40, 0x411, 0x12, 0x565f, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xce, 0x0, 0x0, 0x54, 0x74, 0x24}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000002100)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000023c0)={0xcc, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000110000000c5c155684"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x85, 0x3}, &(0x7f0000000000), &(0x7f0000000000)={0x20, 0x1, 0x1}, &(0x7f0000000000)={0x20, 0x0, 0x1}, &(0x7f0000000000)={0x20, 0x0, 0x4}, &(0x7f0000000000)={0x20, 0x0, 0x4}, &(0x7f0000000000)={0x20, 0x80, 0x1c}, &(0x7f0000000000)={0x40, 0x7, 0x2}, &(0x7f0000000000)={0x40, 0x9, 0x1}, &(0x7f0000000000)={0x40, 0xb, 0x2}, &(0x7f0000000000)={0x40, 0xf, 0x2}, &(0x7f0000000000)={0x40, 0x13, 0x6}, &(0x7f0000000000)={0x40, 0x17, 0x6}, &(0x7f0000000000)={0x40, 0x19, 0x2}, &(0x7f0000000000)={0x40, 0x1a, 0x2}, &(0x7f0000000000)={0x40, 0x1c, 0x1}, &(0x7f0000000000)={0x40, 0x1e, 0x1}, &(0x7f0000000000)={0x40, 0x21, 0x1}}) syzkaller login: [ 327.789920][T12334] IPVS: ftp: loaded support on port[0] = 21 [ 327.977490][T12334] chnl_net:caif_netlink_parms(): no params data found [ 328.045567][T12334] bridge0: port 1(bridge_slave_0) entered blocking state [ 328.052883][T12334] bridge0: port 1(bridge_slave_0) entered disabled state [ 328.062054][T12334] device bridge_slave_0 entered promiscuous mode [ 328.072763][T12334] bridge0: port 2(bridge_slave_1) entered blocking state [ 328.079994][T12334] bridge0: port 2(bridge_slave_1) entered disabled state [ 328.089117][T12334] device bridge_slave_1 entered promiscuous mode [ 328.127841][T12334] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 328.141937][T12334] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 328.179997][T12334] team0: Port device team_slave_0 added [ 328.190900][T12334] team0: Port device team_slave_1 added [ 328.378320][T12334] device hsr_slave_0 entered promiscuous mode [ 328.542764][T12334] device hsr_slave_1 entered promiscuous mode [ 328.830167][T12334] bridge0: port 2(bridge_slave_1) entered blocking state [ 328.837525][T12334] bridge0: port 2(bridge_slave_1) entered forwarding state [ 328.847927][T12334] bridge0: port 1(bridge_slave_0) entered blocking state [ 328.855253][T12334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 328.966454][T12334] 8021q: adding VLAN 0 to HW filter on device bond0 [ 328.977357][ T3357] bridge0: port 1(bridge_slave_0) entered disabled state [ 328.988026][ T3357] bridge0: port 2(bridge_slave_1) entered disabled state [ 329.001182][ T3357] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 329.032483][T12337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 329.041471][T12337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 329.058921][T12334] 8021q: adding VLAN 0 to HW filter on device team0 [ 329.076706][T12337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 329.086943][T12337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 329.097564][T12337] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.104905][T12337] bridge0: port 1(bridge_slave_0) entered forwarding state [ 329.168211][T12334] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 329.179438][T12334] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 329.196474][T12337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 329.206808][T12337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 329.216973][T12337] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.224284][T12337] bridge0: port 2(bridge_slave_1) entered forwarding state [ 329.232941][T12337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 329.244542][T12337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 329.255038][T12337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 329.265413][T12337] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 329.275500][T12337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 329.285935][T12337] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 329.296011][T12337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 329.305767][T12337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 329.315861][T12337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 329.326800][T12337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 329.344277][T12337] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 329.353518][T12337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 329.399453][T12334] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 329.813290][T12337] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 330.173791][T12337] usb 1-1: config 0 has an invalid interface number: 206 but max is 0 [ 330.182718][T12337] usb 1-1: config 0 has no interface number 0 [ 330.188943][T12337] usb 1-1: New USB device found, idVendor=0411, idProduct=0012, bcdDevice=56.5f [ 330.198272][T12337] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.210491][T12337] usb 1-1: config 0 descriptor?? [ 330.916120][T12337] ================================================================== [ 330.924342][T12337] BUG: KMSAN: uninit-value in _mix_pool_bytes+0x7de/0x960 [ 330.931571][T12337] CPU: 0 PID: 12337 Comm: kworker/0:0 Not tainted 5.2.0+ #15 [ 330.938956][T12337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 330.949244][T12337] Workqueue: usb_hub_wq hub_event [ 330.954290][T12337] Call Trace: [ 330.957669][T12337] dump_stack+0x191/0x1f0 [ 330.962071][T12337] kmsan_report+0x162/0x2d0 [ 330.966626][T12337] __msan_warning+0x75/0xe0 [ 330.971341][T12337] _mix_pool_bytes+0x7de/0x960 [ 330.976181][T12337] ? register_netdevice+0x1eab/0x2690 [ 330.981609][T12337] add_device_randomness+0x776/0xfa0 [ 330.986960][T12337] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 330.993154][T12337] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 330.999096][T12337] register_netdevice+0x1eab/0x2690 [ 331.004367][T12337] register_netdev+0x93/0xd0 [ 331.009025][T12337] rtl8150_probe+0x11f8/0x1550 [ 331.013964][T12337] ? __mii_op+0x2e0/0xe70 [ 331.018314][T12337] ? read_eprom_word+0xdd0/0xdd0 [ 331.023342][T12337] usb_probe_interface+0xd19/0x1310 [ 331.028591][T12337] ? usb_register_driver+0x7d0/0x7d0 [ 331.033910][T12337] really_probe+0x1344/0x1d90 [ 331.038839][T12337] driver_probe_device+0x1ba/0x510 [ 331.043982][T12337] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 331.049912][T12337] __device_attach_driver+0x5b8/0x790 [ 331.055333][T12337] bus_for_each_drv+0x28e/0x3b0 [ 331.060212][T12337] ? deferred_probe_work_func+0x400/0x400 [ 331.065970][T12337] __device_attach+0x489/0x750 [ 331.070783][T12337] device_initial_probe+0x4a/0x60 [ 331.075921][T12337] bus_probe_device+0x131/0x390 [ 331.080805][T12337] device_add+0x25b5/0x2df0 [ 331.085372][T12337] usb_set_configuration+0x309f/0x3710 [ 331.090915][T12337] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 331.097039][T12337] generic_probe+0xe7/0x280 [ 331.101569][T12337] ? usb_choose_configuration+0xae0/0xae0 [ 331.107318][T12337] usb_probe_device+0x146/0x200 [ 331.112203][T12337] ? usb_register_device_driver+0x470/0x470 [ 331.118144][T12337] really_probe+0x1344/0x1d90 [ 331.122872][T12337] driver_probe_device+0x1ba/0x510 [ 331.128103][T12337] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 331.134053][T12337] __device_attach_driver+0x5b8/0x790 [ 331.140410][T12337] bus_for_each_drv+0x28e/0x3b0 [ 331.145313][T12337] ? deferred_probe_work_func+0x400/0x400 [ 331.151086][T12337] __device_attach+0x489/0x750 [ 331.155902][T12337] device_initial_probe+0x4a/0x60 [ 331.160955][T12337] bus_probe_device+0x131/0x390 [ 331.165843][T12337] device_add+0x25b5/0x2df0 [ 331.170397][T12337] usb_new_device+0x23e5/0x2fb0 [ 331.175296][T12337] hub_event+0x5853/0x7320 [ 331.179818][T12337] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 331.185733][T12337] ? led_work+0x720/0x720 [ 331.190081][T12337] ? led_work+0x720/0x720 [ 331.194459][T12337] process_one_work+0x1572/0x1f00 [ 331.199539][T12337] worker_thread+0x111b/0x2460 [ 331.204371][T12337] kthread+0x4b5/0x4f0 [ 331.208447][T12337] ? process_one_work+0x1f00/0x1f00 [ 331.213668][T12337] ? kthread_blkcg+0xf0/0xf0 [ 331.218453][T12337] ret_from_fork+0x35/0x40 [ 331.222981][T12337] [ 331.225316][T12337] Uninit was stored to memory at: [ 331.230443][T12337] kmsan_internal_chain_origin+0xcc/0x150 [ 331.236295][T12337] kmsan_memcpy_memmove_metadata+0x9f9/0xe00 [ 331.242328][T12337] kmsan_memcpy_metadata+0xb/0x10 [ 331.247471][T12337] __msan_memcpy+0x56/0x70 [ 331.251901][T12337] rtl8150_probe+0x114c/0x1550 [ 331.256684][T12337] usb_probe_interface+0xd19/0x1310 [ 331.261904][T12337] really_probe+0x1344/0x1d90 [ 331.266593][T12337] driver_probe_device+0x1ba/0x510 [ 331.271720][T12337] __device_attach_driver+0x5b8/0x790 [ 331.277100][T12337] bus_for_each_drv+0x28e/0x3b0 [ 331.282050][T12337] __device_attach+0x489/0x750 [ 331.286833][T12337] device_initial_probe+0x4a/0x60 [ 331.291910][T12337] bus_probe_device+0x131/0x390 [ 331.296778][T12337] device_add+0x25b5/0x2df0 [ 331.301389][T12337] usb_set_configuration+0x309f/0x3710 [ 331.306955][T12337] generic_probe+0xe7/0x280 [ 331.311481][T12337] usb_probe_device+0x146/0x200 [ 331.316345][T12337] really_probe+0x1344/0x1d90 [ 331.321053][T12337] driver_probe_device+0x1ba/0x510 [ 331.326184][T12337] __device_attach_driver+0x5b8/0x790 [ 331.331582][T12337] bus_for_each_drv+0x28e/0x3b0 [ 331.336536][T12337] __device_attach+0x489/0x750 [ 331.341320][T12337] device_initial_probe+0x4a/0x60 [ 331.346376][T12337] bus_probe_device+0x131/0x390 [ 331.351244][T12337] device_add+0x25b5/0x2df0 [ 331.355764][T12337] usb_new_device+0x23e5/0x2fb0 [ 331.360622][T12337] hub_event+0x5853/0x7320 [ 331.365059][T12337] process_one_work+0x1572/0x1f00 [ 331.370099][T12337] worker_thread+0x111b/0x2460 [ 331.374876][T12337] kthread+0x4b5/0x4f0 [ 331.378953][T12337] ret_from_fork+0x35/0x40 [ 331.383367][T12337] [ 331.385709][T12337] Local variable description: ----node_id.i@rtl8150_probe [ 331.392812][T12337] Variable was created at: [ 331.397243][T12337] rtl8150_probe+0xdce/0x1550 [ 331.402292][T12337] usb_probe_interface+0xd19/0x1310 [ 331.407481][T12337] ================================================================== [ 331.415656][T12337] Disabling lock debugging due to kernel taint [ 331.421844][T12337] Kernel panic - not syncing: panic_on_warn set ... [ 331.428456][T12337] CPU: 0 PID: 12337 Comm: kworker/0:0 Tainted: G B 5.2.0+ #15 [ 331.437221][T12337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 331.447313][T12337] Workqueue: usb_hub_wq hub_event [ 331.452344][T12337] Call Trace: [ 331.455665][T12337] dump_stack+0x191/0x1f0 [ 331.460111][T12337] panic+0x3c9/0xc1e [ 331.464080][T12337] kmsan_report+0x2ca/0x2d0 [ 331.468617][T12337] __msan_warning+0x75/0xe0 [ 331.473152][T12337] _mix_pool_bytes+0x7de/0x960 [ 331.477981][T12337] ? register_netdevice+0x1eab/0x2690 [ 331.483379][T12337] add_device_randomness+0x776/0xfa0 [ 331.488712][T12337] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 331.494891][T12337] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 331.500814][T12337] register_netdevice+0x1eab/0x2690 [ 331.506078][T12337] register_netdev+0x93/0xd0 [ 331.510707][T12337] rtl8150_probe+0x11f8/0x1550 [ 331.515506][T12337] ? __mii_op+0x2e0/0xe70 [ 331.519856][T12337] ? read_eprom_word+0xdd0/0xdd0 [ 331.524907][T12337] usb_probe_interface+0xd19/0x1310 [ 331.530418][T12337] ? usb_register_driver+0x7d0/0x7d0 [ 331.535732][T12337] really_probe+0x1344/0x1d90 [ 331.540450][T12337] driver_probe_device+0x1ba/0x510 [ 331.545594][T12337] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 331.551512][T12337] __device_attach_driver+0x5b8/0x790 [ 331.556929][T12337] bus_for_each_drv+0x28e/0x3b0 [ 331.561799][T12337] ? deferred_probe_work_func+0x400/0x400 [ 331.567547][T12337] __device_attach+0x489/0x750 [ 331.572353][T12337] device_initial_probe+0x4a/0x60 [ 331.577421][T12337] bus_probe_device+0x131/0x390 [ 331.582303][T12337] device_add+0x25b5/0x2df0 [ 331.586870][T12337] usb_set_configuration+0x309f/0x3710 [ 331.592392][T12337] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 331.598505][T12337] generic_probe+0xe7/0x280 [ 331.603046][T12337] ? usb_choose_configuration+0xae0/0xae0 [ 331.608789][T12337] usb_probe_device+0x146/0x200 [ 331.613933][T12337] ? usb_register_device_driver+0x470/0x470 [ 331.619852][T12337] really_probe+0x1344/0x1d90 [ 331.624577][T12337] driver_probe_device+0x1ba/0x510 [ 331.629715][T12337] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 331.635817][T12337] __device_attach_driver+0x5b8/0x790 [ 331.641228][T12337] bus_for_each_drv+0x28e/0x3b0 [ 331.646117][T12337] ? deferred_probe_work_func+0x400/0x400 [ 331.651873][T12337] __device_attach+0x489/0x750 [ 331.656677][T12337] device_initial_probe+0x4a/0x60 [ 331.661734][T12337] bus_probe_device+0x131/0x390 [ 331.666617][T12337] device_add+0x25b5/0x2df0 [ 331.671171][T12337] usb_new_device+0x23e5/0x2fb0 [ 331.676102][T12337] hub_event+0x5853/0x7320 [ 331.680647][T12337] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 331.686586][T12337] ? led_work+0x720/0x720 [ 331.690927][T12337] ? led_work+0x720/0x720 [ 331.695275][T12337] process_one_work+0x1572/0x1f00 [ 331.700439][T12337] worker_thread+0x111b/0x2460 [ 331.705266][T12337] kthread+0x4b5/0x4f0 [ 331.709363][T12337] ? process_one_work+0x1f00/0x1f00 [ 331.714598][T12337] ? kthread_blkcg+0xf0/0xf0 [ 331.719299][T12337] ret_from_fork+0x35/0x40 [ 331.724861][T12337] Kernel Offset: disabled [ 331.729373][T12337] Rebooting in 86400 seconds..