[ 81.624657][ T30] audit: type=1800 audit(1563820501.678:25): pid=12213 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 81.648125][ T30] audit: type=1800 audit(1563820501.698:26): pid=12213 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 81.703232][ T30] audit: type=1800 audit(1563820501.728:27): pid=12213 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 83.302828][T12213] startpar (12213) used greatest stack depth: 53640 bytes left Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.20' (ECDSA) to the list of known hosts. 2019/07/22 18:35:17 fuzzer started 2019/07/22 18:35:22 dialing manager at 10.128.0.26:42295 2019/07/22 18:35:22 syscalls: 2350 2019/07/22 18:35:22 code coverage: enabled 2019/07/22 18:35:22 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/07/22 18:35:22 extra coverage: enabled 2019/07/22 18:35:22 setuid sandbox: enabled 2019/07/22 18:35:22 namespace sandbox: enabled 2019/07/22 18:35:22 Android sandbox: /sys/fs/selinux/policy does not exist 2019/07/22 18:35:22 fault injection: enabled 2019/07/22 18:35:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/07/22 18:35:22 net packet injection: enabled 2019/07/22 18:35:22 net device setup: enabled 18:37:39 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f0000000080)={0x0, {}, {0x2, 0x0, @multicast1}, {0x2, 0x0, @multicast2}, 0xab052ebbe6fbd52e, 0x0, 0x0, 0x0, 0xfffffffffffffffd}) syzkaller login: [ 239.705712][T12379] IPVS: ftp: loaded support on port[0] = 21 [ 239.848963][T12379] chnl_net:caif_netlink_parms(): no params data found [ 239.905826][T12379] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.913096][T12379] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.921832][T12379] device bridge_slave_0 entered promiscuous mode [ 239.931922][T12379] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.939365][T12379] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.948212][T12379] device bridge_slave_1 entered promiscuous mode [ 239.980213][T12379] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 239.992357][T12379] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 240.024841][T12379] team0: Port device team_slave_0 added [ 240.034283][T12379] team0: Port device team_slave_1 added [ 240.217506][T12379] device hsr_slave_0 entered promiscuous mode [ 240.383717][T12379] device hsr_slave_1 entered promiscuous mode [ 240.653471][T12379] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.660876][T12379] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.668908][T12379] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.676591][T12379] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.757306][T12379] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.777886][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 240.789332][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.799743][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.811694][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 240.833868][T12379] 8021q: adding VLAN 0 to HW filter on device team0 [ 240.859176][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 240.868909][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.876833][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.885710][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 240.894879][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.902042][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.945880][T12379] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 240.956502][T12379] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 240.991190][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 241.001302][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 241.011300][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 241.021727][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 241.031440][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 241.041361][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 241.050882][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 241.060321][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 241.070122][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 241.079512][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 241.094520][T12379] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 241.102069][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 241.111008][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 18:37:41 executing program 0: r0 = socket$netlink(0x10, 0x3, 0xa) sendmsg$TIPC_CMD_SET_NODE_ADDR(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)={0xa, 0x0, 0x0, 0x0, 0x0, {{}, 0x0, 0x8001, 0x0, {0xfffffe97}}}, 0x24}}, 0x0) 18:37:41 executing program 0: r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5f00fe01b2a4a280930206000100000001000000003900060035000c020300000019000b4001000000000022dc1338d54400209b84136ef75afb83de4411000500e03ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) 18:37:41 executing program 0: r0 = syz_usb_connect(0x0, 0x181, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x97, 0x34, 0x13, 0x8, 0xc72, 0xd, 0xdad3, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xf1, 0x0, 0x0, 0xa, 0x72, 0x24}}]}}]}}, 0x0) syz_usb_control_io(r0, &(0x7f0000000340)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000680)={0xcc, &(0x7f0000000380), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, &(0x7f0000001f80)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002280)={0xcc, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) [ 241.368311][T12392] netlink: 'syz-executor.0': attribute type 6 has an invalid length. [ 241.734331][ T32] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 241.982822][ T32] usb 1-1: Using ep0 maxpacket: 8 [ 242.106020][ T32] usb 1-1: config 0 has an invalid interface number: 241 but max is 0 [ 242.115444][ T32] usb 1-1: config 0 has no interface number 0 [ 242.121946][ T32] usb 1-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=da.d3 [ 242.131467][ T32] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.143906][ T32] usb 1-1: config 0 descriptor?? [ 242.613955][ T32] ================================================================== [ 242.622511][ T32] BUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x7ef/0x1f50 [ 242.630756][ T32] CPU: 1 PID: 32 Comm: kworker/1:1 Not tainted 5.2.0+ #15 [ 242.638270][ T32] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 242.649064][ T32] Workqueue: usb_hub_wq hub_event [ 242.654311][ T32] Call Trace: [ 242.657720][ T32] dump_stack+0x191/0x1f0 [ 242.662085][ T32] kmsan_report+0x162/0x2d0 [ 242.667153][ T32] kmsan_internal_check_memory+0x974/0xa80 [ 242.673159][ T32] ? process_one_work+0x1572/0x1f00 [ 242.679177][ T32] ? worker_thread+0x111b/0x2460 [ 242.684755][ T32] ? kthread+0x4b5/0x4f0 [ 242.689775][ T32] ? ret_from_fork+0x35/0x40 [ 242.694829][ T32] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 242.701185][ T32] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 242.707546][ T32] kmsan_handle_urb+0x28/0x40 [ 242.712450][ T32] usb_submit_urb+0x7ef/0x1f50 [ 242.717888][ T32] usb_start_wait_urb+0x143/0x410 [ 242.723161][ T32] usb_control_msg+0x49f/0x7f0 [ 242.728043][ T32] pcan_usb_pro_init+0x1319/0x1720 [ 242.734061][ T32] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 242.740502][ T32] ? pcan_usb_pro_probe+0x250/0x250 [ 242.746108][ T32] peak_usb_probe+0x1416/0x1b20 [ 242.751178][ T32] ? peak_usb_do_device_exit+0x240/0x240 [ 242.757280][ T32] usb_probe_interface+0xd19/0x1310 [ 242.763007][ T32] ? usb_register_driver+0x7d0/0x7d0 [ 242.768646][ T32] really_probe+0x1344/0x1d90 [ 242.773362][ T32] driver_probe_device+0x1ba/0x510 [ 242.778961][ T32] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 242.785915][ T32] __device_attach_driver+0x5b8/0x790 [ 242.791634][ T32] bus_for_each_drv+0x28e/0x3b0 [ 242.796513][ T32] ? deferred_probe_work_func+0x400/0x400 [ 242.802271][ T32] __device_attach+0x489/0x750 [ 242.807968][ T32] device_initial_probe+0x4a/0x60 [ 242.813299][ T32] bus_probe_device+0x131/0x390 [ 242.818526][ T32] device_add+0x25b5/0x2df0 [ 242.823335][ T32] usb_set_configuration+0x309f/0x3710 [ 242.829537][ T32] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 242.836184][ T32] generic_probe+0xe7/0x280 [ 242.840854][ T32] ? usb_choose_configuration+0xae0/0xae0 [ 242.847536][ T32] usb_probe_device+0x146/0x200 [ 242.853855][ T32] ? usb_register_device_driver+0x470/0x470 [ 242.860243][ T32] really_probe+0x1344/0x1d90 [ 242.865377][ T32] driver_probe_device+0x1ba/0x510 [ 242.870771][ T32] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 242.877595][ T32] __device_attach_driver+0x5b8/0x790 [ 242.883135][ T32] bus_for_each_drv+0x28e/0x3b0 [ 242.888198][ T32] ? deferred_probe_work_func+0x400/0x400 [ 242.894145][ T32] __device_attach+0x489/0x750 [ 242.898964][ T32] device_initial_probe+0x4a/0x60 [ 242.904263][ T32] bus_probe_device+0x131/0x390 [ 242.909550][ T32] device_add+0x25b5/0x2df0 [ 242.915022][ T32] usb_new_device+0x23e5/0x2fb0 [ 242.921178][ T32] hub_event+0x5853/0x7320 [ 242.926344][ T32] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 242.935407][ T32] ? led_work+0x720/0x720 [ 242.940613][ T32] ? led_work+0x720/0x720 [ 242.945934][ T32] process_one_work+0x1572/0x1f00 [ 242.952169][ T32] worker_thread+0x111b/0x2460 [ 242.957543][ T32] kthread+0x4b5/0x4f0 [ 242.961844][ T32] ? process_one_work+0x1f00/0x1f00 [ 242.967425][ T32] ? kthread_blkcg+0xf0/0xf0 [ 242.972585][ T32] ret_from_fork+0x35/0x40 [ 242.977043][ T32] [ 242.979919][ T32] Uninit was created at: [ 242.984169][ T32] kmsan_internal_poison_shadow+0x53/0xa0 [ 242.990250][ T32] kmsan_slab_alloc+0xaa/0x120 [ 242.996089][ T32] kmem_cache_alloc_trace+0x873/0xa50 [ 243.001750][ T32] pcan_usb_pro_init+0xe96/0x1720 [ 243.006888][ T32] peak_usb_probe+0x1416/0x1b20 [ 243.012210][ T32] usb_probe_interface+0xd19/0x1310 [ 243.017643][ T32] really_probe+0x1344/0x1d90 [ 243.022477][ T32] driver_probe_device+0x1ba/0x510 [ 243.028592][ T32] __device_attach_driver+0x5b8/0x790 [ 243.034052][ T32] bus_for_each_drv+0x28e/0x3b0 [ 243.038911][ T32] __device_attach+0x489/0x750 [ 243.043679][ T32] device_initial_probe+0x4a/0x60 [ 243.049038][ T32] bus_probe_device+0x131/0x390 [ 243.054011][ T32] device_add+0x25b5/0x2df0 [ 243.058748][ T32] usb_set_configuration+0x309f/0x3710 [ 243.064548][ T32] generic_probe+0xe7/0x280 [ 243.069164][ T32] usb_probe_device+0x146/0x200 [ 243.074284][ T32] really_probe+0x1344/0x1d90 [ 243.079447][ T32] driver_probe_device+0x1ba/0x510 [ 243.085091][ T32] __device_attach_driver+0x5b8/0x790 [ 243.090726][ T32] bus_for_each_drv+0x28e/0x3b0 [ 243.096365][ T32] __device_attach+0x489/0x750 [ 243.101595][ T32] device_initial_probe+0x4a/0x60 [ 243.106954][ T32] bus_probe_device+0x131/0x390 [ 243.111959][ T32] device_add+0x25b5/0x2df0 [ 243.116555][ T32] usb_new_device+0x23e5/0x2fb0 [ 243.121491][ T32] hub_event+0x5853/0x7320 [ 243.126011][ T32] process_one_work+0x1572/0x1f00 [ 243.131298][ T32] worker_thread+0x111b/0x2460 [ 243.136238][ T32] kthread+0x4b5/0x4f0 [ 243.140482][ T32] ret_from_fork+0x35/0x40 [ 243.145680][ T32] [ 243.148304][ T32] Bytes 2-15 of 16 are uninitialized [ 243.154170][ T32] Memory access of size 16 starts at ffff888061cdd4a0 [ 243.161444][ T32] ================================================================== [ 243.169921][ T32] Disabling lock debugging due to kernel taint [ 243.176999][ T32] Kernel panic - not syncing: panic_on_warn set ... [ 243.184330][ T32] CPU: 1 PID: 32 Comm: kworker/1:1 Tainted: G B 5.2.0+ #15 [ 243.193090][ T32] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 243.203853][ T32] Workqueue: usb_hub_wq hub_event [ 243.209280][ T32] Call Trace: [ 243.212765][ T32] dump_stack+0x191/0x1f0 [ 243.217184][ T32] panic+0x3c9/0xc1e [ 243.221309][ T32] kmsan_report+0x2ca/0x2d0 [ 243.226383][ T32] kmsan_internal_check_memory+0x974/0xa80 [ 243.232639][ T32] ? process_one_work+0x1572/0x1f00 [ 243.238373][ T32] ? worker_thread+0x111b/0x2460 [ 243.243564][ T32] ? kthread+0x4b5/0x4f0 [ 243.247891][ T32] ? ret_from_fork+0x35/0x40 [ 243.252569][ T32] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 243.258561][ T32] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 243.264815][ T32] kmsan_handle_urb+0x28/0x40 [ 243.269760][ T32] usb_submit_urb+0x7ef/0x1f50 [ 243.274544][ T32] usb_start_wait_urb+0x143/0x410 [ 243.279841][ T32] usb_control_msg+0x49f/0x7f0 [ 243.285473][ T32] pcan_usb_pro_init+0x1319/0x1720 [ 243.290819][ T32] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 243.297142][ T32] ? pcan_usb_pro_probe+0x250/0x250 [ 243.302521][ T32] peak_usb_probe+0x1416/0x1b20 [ 243.308155][ T32] ? peak_usb_do_device_exit+0x240/0x240 [ 243.313983][ T32] usb_probe_interface+0xd19/0x1310 [ 243.319554][ T32] ? usb_register_driver+0x7d0/0x7d0 [ 243.325192][ T32] really_probe+0x1344/0x1d90 [ 243.330390][ T32] driver_probe_device+0x1ba/0x510 [ 243.335988][ T32] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 243.342002][ T32] __device_attach_driver+0x5b8/0x790 [ 243.347885][ T32] bus_for_each_drv+0x28e/0x3b0 [ 243.353256][ T32] ? deferred_probe_work_func+0x400/0x400 [ 243.359265][ T32] __device_attach+0x489/0x750 [ 243.364753][ T32] device_initial_probe+0x4a/0x60 [ 243.370246][ T32] bus_probe_device+0x131/0x390 [ 243.375308][ T32] device_add+0x25b5/0x2df0 [ 243.381017][ T32] usb_set_configuration+0x309f/0x3710 [ 243.386794][ T32] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 243.393181][ T32] generic_probe+0xe7/0x280 [ 243.397878][ T32] ? usb_choose_configuration+0xae0/0xae0 [ 243.404004][ T32] usb_probe_device+0x146/0x200 [ 243.409301][ T32] ? usb_register_device_driver+0x470/0x470 [ 243.415284][ T32] really_probe+0x1344/0x1d90 [ 243.420593][ T32] driver_probe_device+0x1ba/0x510 [ 243.425990][ T32] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 243.432457][ T32] __device_attach_driver+0x5b8/0x790 [ 243.438382][ T32] bus_for_each_drv+0x28e/0x3b0 [ 243.443330][ T32] ? deferred_probe_work_func+0x400/0x400 [ 243.449547][ T32] __device_attach+0x489/0x750 [ 243.454721][ T32] device_initial_probe+0x4a/0x60 [ 243.460019][ T32] bus_probe_device+0x131/0x390 [ 243.465096][ T32] device_add+0x25b5/0x2df0 [ 243.470394][ T32] usb_new_device+0x23e5/0x2fb0 [ 243.475678][ T32] hub_event+0x5853/0x7320 [ 243.480138][ T32] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 243.486734][ T32] ? led_work+0x720/0x720 [ 243.491075][ T32] ? led_work+0x720/0x720 [ 243.495592][ T32] process_one_work+0x1572/0x1f00 [ 243.501290][ T32] worker_thread+0x111b/0x2460 [ 243.506428][ T32] kthread+0x4b5/0x4f0 [ 243.511282][ T32] ? process_one_work+0x1f00/0x1f00 [ 243.517836][ T32] ? kthread_blkcg+0xf0/0xf0 [ 243.523619][ T32] ret_from_fork+0x35/0x40 [ 243.532729][ T32] Kernel Offset: disabled [ 243.539606][ T32] Rebooting in 86400 seconds..