[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 75.039082][ T30] audit: type=1800 audit(1562881923.099:25): pid=11187 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 75.062801][ T30] audit: type=1800 audit(1562881923.129:26): pid=11187 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 75.099167][ T30] audit: type=1800 audit(1562881923.149:27): pid=11187 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.217' (ECDSA) to the list of known hosts. 2019/07/11 21:52:16 fuzzer started 2019/07/11 21:52:22 dialing manager at 10.128.0.26:32799 2019/07/11 21:52:22 syscalls: 2348 2019/07/11 21:52:22 code coverage: enabled 2019/07/11 21:52:22 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/07/11 21:52:22 extra coverage: enabled 2019/07/11 21:52:22 setuid sandbox: enabled 2019/07/11 21:52:22 namespace sandbox: enabled 2019/07/11 21:52:22 Android sandbox: /sys/fs/selinux/policy does not exist 2019/07/11 21:52:22 fault injection: enabled 2019/07/11 21:52:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/07/11 21:52:22 net packet injection: enabled 2019/07/11 21:52:22 net device setup: enabled 21:53:48 executing program 0: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x79, 0x1a, 0x78, 0x8, 0xb95, 0x772a, 0x55cd, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x77, 0x0, 0x0, 0x77, 0x2d, 0x35}}]}}]}}, 0x0) syz_usb_control_io(r0, &(0x7f0000000900)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000c40)={0x54, &(0x7f0000000940), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, &(0x7f00000003c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000700)={0x54, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, &(0x7f0000001680)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000019c0)={0x54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={0x40, 0x9, 0x3}, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syzkaller login: [ 181.000196][T11353] IPVS: ftp: loaded support on port[0] = 21 [ 181.138180][T11353] chnl_net:caif_netlink_parms(): no params data found [ 181.196280][T11353] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.203528][T11353] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.212350][T11353] device bridge_slave_0 entered promiscuous mode [ 181.222042][T11353] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.229383][T11353] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.238125][T11353] device bridge_slave_1 entered promiscuous mode [ 181.270259][T11353] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.282285][T11353] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.312911][T11353] team0: Port device team_slave_0 added [ 181.322089][T11353] team0: Port device team_slave_1 added [ 181.496749][T11353] device hsr_slave_0 entered promiscuous mode [ 181.568839][T11353] device hsr_slave_1 entered promiscuous mode [ 181.842199][T11353] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.849766][T11353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.857575][T11353] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.864889][T11353] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.943416][T11353] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.963454][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 181.975249][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.989269][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.003426][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 182.022555][T11353] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.045395][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.054675][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.061959][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.070744][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.080198][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.087456][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.136668][T11353] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 182.147701][T11353] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 182.172691][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.183446][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.193808][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 182.203359][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 182.233502][T11353] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 182.249824][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 182.259427][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 182.652361][ T17] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 182.892351][ T17] usb 1-1: Using ep0 maxpacket: 8 [ 183.022676][ T17] usb 1-1: config 0 has an invalid interface number: 119 but max is 0 [ 183.031034][ T17] usb 1-1: config 0 has no interface number 0 [ 183.037285][ T17] usb 1-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=55.cd [ 183.046459][ T17] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.056891][ T17] usb 1-1: config 0 descriptor?? [ 183.322190][ T17] ================================================================== [ 183.330301][ T17] BUG: KMSAN: uninit-value in ax88772_bind+0x93d/0x11e0 [ 183.337245][ T17] CPU: 1 PID: 17 Comm: kworker/1:0 Not tainted 5.2.0+ #14 [ 183.344356][ T17] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.354434][ T17] Workqueue: usb_hub_wq hub_event [ 183.359458][ T17] Call Trace: [ 183.362757][ T17] dump_stack+0x191/0x1f0 [ 183.367095][ T17] kmsan_report+0x162/0x2d0 [ 183.371603][ T17] __msan_warning+0x75/0xe0 [ 183.376127][ T17] ax88772_bind+0x93d/0x11e0 [ 183.380735][ T17] ? ax88178_change_mtu+0x650/0x650 [ 183.385942][ T17] usbnet_probe+0x10d3/0x3950 [ 183.390652][ T17] ? kmsan_internal_memset_shadow+0x104/0x3a0 [ 183.396753][ T17] ? usbnet_disconnect+0x660/0x660 [ 183.401867][ T17] usb_probe_interface+0xd19/0x1310 [ 183.407286][ T17] ? usb_register_driver+0x7d0/0x7d0 [ 183.413037][ T17] really_probe+0x1344/0x1d90 [ 183.417733][ T17] driver_probe_device+0x1ba/0x510 [ 183.422860][ T17] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 183.428761][ T17] __device_attach_driver+0x5b8/0x790 [ 183.434235][ T17] bus_for_each_drv+0x28e/0x3b0 [ 183.439098][ T17] ? deferred_probe_work_func+0x400/0x400 [ 183.444830][ T17] __device_attach+0x489/0x750 [ 183.449613][ T17] device_initial_probe+0x4a/0x60 [ 183.454681][ T17] bus_probe_device+0x131/0x390 [ 183.459582][ T17] device_add+0x25b5/0x2df0 [ 183.464115][ T17] usb_set_configuration+0x309f/0x3710 [ 183.469611][ T17] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 183.475699][ T17] generic_probe+0xe7/0x280 [ 183.480218][ T17] ? usb_choose_configuration+0xae0/0xae0 [ 183.485951][ T17] usb_probe_device+0x146/0x200 [ 183.491598][ T17] ? usb_register_device_driver+0x470/0x470 [ 183.497495][ T17] really_probe+0x1344/0x1d90 [ 183.502188][ T17] driver_probe_device+0x1ba/0x510 [ 183.507309][ T17] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 183.513212][ T17] __device_attach_driver+0x5b8/0x790 [ 183.518604][ T17] bus_for_each_drv+0x28e/0x3b0 [ 183.523458][ T17] ? deferred_probe_work_func+0x400/0x400 [ 183.529193][ T17] __device_attach+0x489/0x750 [ 183.533983][ T17] device_initial_probe+0x4a/0x60 [ 183.539027][ T17] bus_probe_device+0x131/0x390 [ 183.543893][ T17] device_add+0x25b5/0x2df0 [ 183.548424][ T17] usb_new_device+0x23e5/0x2fb0 [ 183.553305][ T17] hub_event+0x5853/0x7320 [ 183.557783][ T17] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 183.563764][ T17] ? led_work+0x720/0x720 [ 183.568191][ T17] ? led_work+0x720/0x720 [ 183.572527][ T17] process_one_work+0x1572/0x1f00 [ 183.577569][ T17] worker_thread+0x111b/0x2460 [ 183.582361][ T17] kthread+0x4b5/0x4f0 [ 183.586429][ T17] ? process_one_work+0x1f00/0x1f00 [ 183.591639][ T17] ? kthread_blkcg+0xf0/0xf0 [ 183.596352][ T17] ret_from_fork+0x35/0x40 [ 183.600771][ T17] [ 183.603120][ T17] Local variable description: ----buf@ax88772_bind [ 183.609612][ T17] Variable was created at: [ 183.614128][ T17] ax88772_bind+0x5f/0x11e0 [ 183.618634][ T17] usbnet_probe+0x10d3/0x3950 [ 183.623300][ T17] ================================================================== [ 183.631355][ T17] Disabling lock debugging due to kernel taint [ 183.637506][ T17] Kernel panic - not syncing: panic_on_warn set ... [ 183.644186][ T17] CPU: 1 PID: 17 Comm: kworker/1:0 Tainted: G B 5.2.0+ #14 [ 183.652677][ T17] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.662853][ T17] Workqueue: usb_hub_wq hub_event [ 183.667962][ T17] Call Trace: [ 183.671262][ T17] dump_stack+0x191/0x1f0 [ 183.675606][ T17] panic+0x3c9/0xc1e [ 183.679531][ T17] kmsan_report+0x2ca/0x2d0 [ 183.684225][ T17] __msan_warning+0x75/0xe0 [ 183.688819][ T17] ax88772_bind+0x93d/0x11e0 [ 183.693683][ T17] ? ax88178_change_mtu+0x650/0x650 [ 183.698886][ T17] usbnet_probe+0x10d3/0x3950 [ 183.703572][ T17] ? kmsan_internal_memset_shadow+0x104/0x3a0 [ 183.709660][ T17] ? usbnet_disconnect+0x660/0x660 [ 183.714776][ T17] usb_probe_interface+0xd19/0x1310 [ 183.720000][ T17] ? usb_register_driver+0x7d0/0x7d0 [ 183.725299][ T17] really_probe+0x1344/0x1d90 [ 183.729993][ T17] driver_probe_device+0x1ba/0x510 [ 183.735117][ T17] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 183.741022][ T17] __device_attach_driver+0x5b8/0x790 [ 183.746510][ T17] bus_for_each_drv+0x28e/0x3b0 [ 183.751366][ T17] ? deferred_probe_work_func+0x400/0x400 [ 183.757103][ T17] __device_attach+0x489/0x750 [ 183.761880][ T17] device_initial_probe+0x4a/0x60 [ 183.766912][ T17] bus_probe_device+0x131/0x390 [ 183.771777][ T17] device_add+0x25b5/0x2df0 [ 183.776320][ T17] usb_set_configuration+0x309f/0x3710 [ 183.781803][ T17] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 183.787886][ T17] generic_probe+0xe7/0x280 [ 183.792396][ T17] ? usb_choose_configuration+0xae0/0xae0 [ 183.798117][ T17] usb_probe_device+0x146/0x200 [ 183.802977][ T17] ? usb_register_device_driver+0x470/0x470 [ 183.808872][ T17] really_probe+0x1344/0x1d90 [ 183.813572][ T17] driver_probe_device+0x1ba/0x510 [ 183.818719][ T17] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 183.824626][ T17] __device_attach_driver+0x5b8/0x790 [ 183.830029][ T17] bus_for_each_drv+0x28e/0x3b0 [ 183.834886][ T17] ? deferred_probe_work_func+0x400/0x400 [ 183.840641][ T17] __device_attach+0x489/0x750 [ 183.845423][ T17] device_initial_probe+0x4a/0x60 [ 183.850973][ T17] bus_probe_device+0x131/0x390 [ 183.855851][ T17] device_add+0x25b5/0x2df0 [ 183.860379][ T17] usb_new_device+0x23e5/0x2fb0 [ 183.865354][ T17] hub_event+0x5853/0x7320 [ 183.869921][ T17] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 183.875820][ T17] ? led_work+0x720/0x720 [ 183.880148][ T17] ? led_work+0x720/0x720 [ 183.884487][ T17] process_one_work+0x1572/0x1f00 [ 183.889633][ T17] worker_thread+0x111b/0x2460 [ 183.894434][ T17] kthread+0x4b5/0x4f0 [ 183.898505][ T17] ? process_one_work+0x1f00/0x1f00 [ 183.903717][ T17] ? kthread_blkcg+0xf0/0xf0 [ 183.908331][ T17] ret_from_fork+0x35/0x40 [ 183.914309][ T17] Kernel Offset: disabled [ 183.918716][ T17] Rebooting in 86400 seconds..