[ 72.861611][ T30] audit: type=1800 audit(1561465088.912:25): pid=11394 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 72.885675][ T30] audit: type=1800 audit(1561465088.942:26): pid=11394 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 72.919218][ T30] audit: type=1800 audit(1561465088.962:27): pid=11394 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] startpar: service(s) returned failure: rsyslog ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts. 2019/06/25 12:18:21 fuzzer started 2019/06/25 12:18:27 dialing manager at 10.128.0.26:36485 2019/06/25 12:18:27 syscalls: 2347 2019/06/25 12:18:27 code coverage: enabled 2019/06/25 12:18:27 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/06/25 12:18:27 extra coverage: enabled 2019/06/25 12:18:27 setuid sandbox: enabled 2019/06/25 12:18:27 namespace sandbox: enabled 2019/06/25 12:18:27 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/25 12:18:27 fault injection: enabled 2019/06/25 12:18:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/25 12:18:27 net packet injection: enabled 2019/06/25 12:18:27 net device setup: enabled 12:20:39 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) memfd_create(&(0x7f00000001c0)='\x00', 0x3) socket(0x11, 0x0, 0x80000001) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='memory.events\x00', 0x0, 0x0) ioctl$BLKBSZSET(0xffffffffffffffff, 0x40081271, 0x0) r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000000340)={0x2, 0x4e23, @empty}, 0x10) r2 = accept4(r0, 0x0, 0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(0xffffffffffffffff, 0xc0045520, 0x0) sendmmsg(r1, &(0x7f0000000040), 0x1, 0x0) sendmmsg(r2, &(0x7f0000000c00), 0x4000000000001e6, 0x0) syzkaller login: [ 224.052352][T11579] IPVS: ftp: loaded support on port[0] = 21 [ 224.181530][T11579] chnl_net:caif_netlink_parms(): no params data found [ 224.232793][T11579] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.240132][T11579] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.248926][T11579] device bridge_slave_0 entered promiscuous mode [ 224.258919][T11579] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.266242][T11579] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.275071][T11579] device bridge_slave_1 entered promiscuous mode [ 224.305238][T11579] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 224.316842][T11579] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 224.346078][T11579] team0: Port device team_slave_0 added [ 224.355009][T11579] team0: Port device team_slave_1 added [ 224.435946][T11579] device hsr_slave_0 entered promiscuous mode [ 224.592345][T11579] device hsr_slave_1 entered promiscuous mode [ 224.868928][T11579] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.876374][T11579] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.889623][T11579] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.896914][T11579] bridge0: port 1(bridge_slave_0) entered forwarding state [ 224.964702][T11579] 8021q: adding VLAN 0 to HW filter on device bond0 [ 224.983433][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 224.995023][ T4112] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.004192][ T4112] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.016544][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 225.036644][T11579] 8021q: adding VLAN 0 to HW filter on device team0 [ 225.052446][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.061838][ T4112] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.069043][ T4112] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.117006][T11579] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 225.127569][T11579] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 225.145191][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.154254][ T4112] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.161466][ T4112] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.170913][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.180716][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.190183][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 225.199417][ T4112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 225.213305][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 225.221268][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 225.246821][T11579] 8021q: adding VLAN 0 to HW filter on device batadv0 12:20:41 executing program 0: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x79, 0x1a, 0x78, 0x8, 0xb95, 0x772a, 0x55cd, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x77, 0x0, 0x0, 0x77, 0x2d, 0x35}}]}}]}}, 0x0) syz_usb_control_io(r0, &(0x7f0000000400)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000840)={0x54, &(0x7f0000000440), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, &(0x7f0000000900)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000c40)={0x54, &(0x7f0000000940), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, &(0x7f0000000b80)={0x24, &(0x7f0000001080)={0x0, 0x0, 0x2, {0x2}}, 0x0, 0x0, 0x0}, &(0x7f0000000ec0)={0x24, &(0x7f0000000dc0), 0x0, 0x0, 0x0}) syz_usb_control_io(r0, &(0x7f0000000800)={0x5a47fb65, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000001000)={0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={0x40, 0x9, 0x3, "cc738d"}, 0x0}) [ 225.872423][ T38] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 226.111847][ T38] usb 1-1: Using ep0 maxpacket: 8 [ 226.232300][ T38] usb 1-1: config 0 has an invalid interface number: 119 but max is 0 [ 226.240695][ T38] usb 1-1: config 0 has no interface number 0 [ 226.246997][ T38] usb 1-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=55.cd [ 226.257714][ T38] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.273558][ T38] usb 1-1: config 0 descriptor?? [ 226.511929][ T38] ================================================================== [ 226.520038][ T38] BUG: KMSAN: uninit-value in ax88772_bind+0x93d/0x11e0 [ 226.527008][ T38] CPU: 1 PID: 38 Comm: kworker/1:1 Not tainted 5.2.0-rc4+ #6 [ 226.534522][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 226.544596][ T38] Workqueue: usb_hub_wq hub_event [ 226.549653][ T38] Call Trace: [ 226.552958][ T38] dump_stack+0x191/0x1f0 [ 226.557303][ T38] kmsan_report+0x162/0x2d0 [ 226.561937][ T38] __msan_warning+0x75/0xe0 [ 226.566449][ T38] ax88772_bind+0x93d/0x11e0 [ 226.571048][ T38] ? ax88178_change_mtu+0x650/0x650 [ 226.576254][ T38] usbnet_probe+0x10d3/0x3950 [ 226.580943][ T38] ? kmsan_internal_memset_shadow+0x104/0x3a0 [ 226.587040][ T38] ? usbnet_disconnect+0x660/0x660 [ 226.592162][ T38] usb_probe_interface+0xd19/0x1310 [ 226.597489][ T38] ? usb_register_driver+0x7d0/0x7d0 [ 226.602783][ T38] really_probe+0x1344/0x1d90 [ 226.607477][ T38] driver_probe_device+0x1ba/0x510 [ 226.612648][ T38] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 226.618553][ T38] __device_attach_driver+0x5b8/0x790 [ 226.623947][ T38] bus_for_each_drv+0x28e/0x3b0 [ 226.628962][ T38] ? deferred_probe_work_func+0x400/0x400 [ 226.634703][ T38] __device_attach+0x489/0x750 [ 226.639491][ T38] device_initial_probe+0x4a/0x60 [ 226.644581][ T38] bus_probe_device+0x131/0x390 [ 226.649444][ T38] device_add+0x25b5/0x2df0 [ 226.653984][ T38] usb_set_configuration+0x309f/0x3710 [ 226.659594][ T38] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 226.665692][ T38] generic_probe+0xe7/0x280 [ 226.670211][ T38] ? usb_choose_configuration+0xae0/0xae0 [ 226.675943][ T38] usb_probe_device+0x146/0x200 [ 226.680922][ T38] ? usb_register_device_driver+0x470/0x470 [ 226.686828][ T38] really_probe+0x1344/0x1d90 [ 226.691658][ T38] driver_probe_device+0x1ba/0x510 [ 226.696778][ T38] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 226.702687][ T38] __device_attach_driver+0x5b8/0x790 [ 226.708082][ T38] bus_for_each_drv+0x28e/0x3b0 [ 226.712939][ T38] ? deferred_probe_work_func+0x400/0x400 [ 226.724896][ T38] __device_attach+0x489/0x750 [ 226.729685][ T38] device_initial_probe+0x4a/0x60 [ 226.734724][ T38] bus_probe_device+0x131/0x390 [ 226.740478][ T38] device_add+0x25b5/0x2df0 [ 226.745987][ T38] usb_new_device+0x23e5/0x2fb0 [ 226.751778][ T38] hub_event+0x5853/0x7320 [ 226.766122][ T38] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 226.772128][ T38] ? led_work+0x720/0x720 [ 226.776458][ T38] ? led_work+0x720/0x720 [ 226.780798][ T38] process_one_work+0x1572/0x1f00 [ 226.785854][ T38] worker_thread+0x111b/0x2460 [ 226.790658][ T38] kthread+0x4b5/0x4f0 [ 226.794888][ T38] ? process_one_work+0x1f00/0x1f00 [ 226.800123][ T38] ? kthread_blkcg+0xf0/0xf0 [ 226.804717][ T38] ret_from_fork+0x35/0x40 [ 226.809166][ T38] [ 226.811498][ T38] Local variable description: ----buf@ax88772_bind [ 226.817999][ T38] Variable was created at: [ 226.822507][ T38] ax88772_bind+0x5f/0x11e0 [ 226.827009][ T38] usbnet_probe+0x10d3/0x3950 [ 226.831676][ T38] ================================================================== [ 226.839730][ T38] Disabling lock debugging due to kernel taint [ 226.845884][ T38] Kernel panic - not syncing: panic_on_warn set ... [ 226.852620][ T38] CPU: 1 PID: 38 Comm: kworker/1:1 Tainted: G B 5.2.0-rc4+ #6 [ 226.861377][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 226.871445][ T38] Workqueue: usb_hub_wq hub_event [ 226.876471][ T38] Call Trace: [ 226.879773][ T38] dump_stack+0x191/0x1f0 [ 226.884598][ T38] panic+0x3c9/0xc1e [ 226.888533][ T38] kmsan_report+0x2ca/0x2d0 [ 226.893051][ T38] __msan_warning+0x75/0xe0 [ 226.897590][ T38] ax88772_bind+0x93d/0x11e0 [ 226.902192][ T38] ? ax88178_change_mtu+0x650/0x650 [ 226.907401][ T38] usbnet_probe+0x10d3/0x3950 [ 226.912090][ T38] ? kmsan_internal_memset_shadow+0x104/0x3a0 [ 226.918305][ T38] ? usbnet_disconnect+0x660/0x660 [ 226.923426][ T38] usb_probe_interface+0xd19/0x1310 [ 226.928645][ T38] ? usb_register_driver+0x7d0/0x7d0 [ 226.933940][ T38] really_probe+0x1344/0x1d90 [ 226.938637][ T38] driver_probe_device+0x1ba/0x510 [ 226.943758][ T38] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 226.949752][ T38] __device_attach_driver+0x5b8/0x790 [ 226.955142][ T38] bus_for_each_drv+0x28e/0x3b0 [ 226.960090][ T38] ? deferred_probe_work_func+0x400/0x400 [ 226.965829][ T38] __device_attach+0x489/0x750 [ 226.970610][ T38] device_initial_probe+0x4a/0x60 [ 226.975640][ T38] bus_probe_device+0x131/0x390 [ 226.980620][ T38] device_add+0x25b5/0x2df0 [ 226.985155][ T38] usb_set_configuration+0x309f/0x3710 [ 226.990646][ T38] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 226.996732][ T38] generic_probe+0xe7/0x280 [ 227.001245][ T38] ? usb_choose_configuration+0xae0/0xae0 [ 227.006983][ T38] usb_probe_device+0x146/0x200 [ 227.011844][ T38] ? usb_register_device_driver+0x470/0x470 [ 227.017744][ T38] really_probe+0x1344/0x1d90 [ 227.022440][ T38] driver_probe_device+0x1ba/0x510 [ 227.027560][ T38] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 227.033490][ T38] __device_attach_driver+0x5b8/0x790 [ 227.038979][ T38] bus_for_each_drv+0x28e/0x3b0 [ 227.043839][ T38] ? deferred_probe_work_func+0x400/0x400 [ 227.049572][ T38] __device_attach+0x489/0x750 [ 227.054353][ T38] device_initial_probe+0x4a/0x60 [ 227.059384][ T38] bus_probe_device+0x131/0x390 12:20:43 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getgroups(0x4c9, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VIDIOC_G_DV_TIMINGS(0xffffffffffffffff, 0xc0845658, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0) stat(0x0, &(0x7f0000000200)) getuid() setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x2, &(0x7f0000000900)='}^]', 0x3) geteuid() lsetxattr$system_posix_acl(&(0x7f0000000380)='./file0\x00', &(0x7f0000000080)='system.posix_acl_default\x00', &(0x7f0000000a40)=ANY=[@ANYRES32=0x0], 0x1, 0x0) getdents(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x200000) ioctl$TIOCSERGETLSR(r0, 0x5459, &(0x7f00000002c0)) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000280)={0x0, 0x55, 0xfa00, {0x3, &(0x7f0000000000)={0xffffffffffffffff}, 0x20000111}}, 0x24c) r3 = request_key(&(0x7f0000000300)='.request_key_auth\x00', &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000600)='}^]', 0xfffffffffffffff8) keyctl$get_security(0x11, r3, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000400)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @dev, 0x4}, {0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}, r2}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0x2, 0x0, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0xc000000, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x700000000000000]}}, {0x2, 0x0, 0xfffffffffffffffd, @local}, r2}}, 0x48) write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f0000000080)={0xc, 0x8, 0xfa00, {&(0x7f0000000480)}}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x6}, 0x10) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000001a001fff00000000000000001e000000001400000000000008000400150000002162ed2cd151f4e284fc0282d284c6c8"], 0x1}}, 0x0) [ 227.064250][ T38] device_add+0x25b5/0x2df0 [ 227.068782][ T38] usb_new_device+0x23e5/0x2fb0 [ 227.073659][ T38] hub_event+0x5853/0x7320 [ 227.078153][ T38] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 227.084045][ T38] ? led_work+0x720/0x720 [ 227.088371][ T38] ? led_work+0x720/0x720 [ 227.092707][ T38] process_one_work+0x1572/0x1f00 [ 227.097757][ T38] worker_thread+0x111b/0x2460 [ 227.102565][ T38] kthread+0x4b5/0x4f0 [ 227.106807][ T38] ? process_one_work+0x1f00/0x1f00 [ 227.112028][ T38] ? kthread_blkcg+0xf0/0xf0 [ 227.116629][ T38] ret_from_fork+0x35/0x40 [ 227.123022][ T38] Kernel Offset: disabled [ 227.127354][ T38] Rebooting in 86400 seconds..