[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 82.354159][ T32] audit: type=1800 audit(1568349255.413:25): pid=12020 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 82.377109][ T32] audit: type=1800 audit(1568349255.443:26): pid=12020 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 82.413619][ T32] audit: type=1800 audit(1568349255.473:27): pid=12020 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.95' (ECDSA) to the list of known hosts. 2019/09/13 04:34:30 fuzzer started 2019/09/13 04:34:34 dialing manager at 10.128.0.26:36239 2019/09/13 04:34:34 syscalls: 2376 2019/09/13 04:34:34 code coverage: enabled 2019/09/13 04:34:34 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/09/13 04:34:34 extra coverage: enabled 2019/09/13 04:34:34 setuid sandbox: enabled 2019/09/13 04:34:34 namespace sandbox: enabled 2019/09/13 04:34:34 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/13 04:34:34 fault injection: enabled 2019/09/13 04:34:34 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/13 04:34:34 net packet injection: enabled 2019/09/13 04:34:34 net device setup: enabled 04:37:05 executing program 0: syzkaller login: [ 252.312352][T12184] IPVS: ftp: loaded support on port[0] = 21 [ 252.451655][T12184] chnl_net:caif_netlink_parms(): no params data found [ 252.508640][T12184] bridge0: port 1(bridge_slave_0) entered blocking state [ 252.515928][T12184] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.524887][T12184] device bridge_slave_0 entered promiscuous mode [ 252.535101][T12184] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.542429][T12184] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.551233][T12184] device bridge_slave_1 entered promiscuous mode [ 252.583458][T12184] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 252.596329][T12184] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 252.628542][T12184] team0: Port device team_slave_0 added [ 252.637841][T12184] team0: Port device team_slave_1 added [ 252.938768][T12184] device hsr_slave_0 entered promiscuous mode [ 253.074719][T12184] device hsr_slave_1 entered promiscuous mode [ 253.354606][T12184] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.361850][T12184] bridge0: port 2(bridge_slave_1) entered forwarding state [ 253.369649][T12184] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.376872][T12184] bridge0: port 1(bridge_slave_0) entered forwarding state [ 253.437694][ T2932] bridge0: port 1(bridge_slave_0) entered disabled state [ 253.447545][ T2932] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.487222][T12184] 8021q: adding VLAN 0 to HW filter on device bond0 [ 253.506306][ T2932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 253.514994][ T2932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 253.530897][T12184] 8021q: adding VLAN 0 to HW filter on device team0 [ 253.546204][ T2932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 253.556418][ T2932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 253.565474][ T2932] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.572646][ T2932] bridge0: port 1(bridge_slave_0) entered forwarding state [ 253.620141][T12184] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 253.630673][T12184] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 253.646696][ T2932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 253.660000][ T2932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 253.669100][ T2932] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.676316][ T2932] bridge0: port 2(bridge_slave_1) entered forwarding state [ 253.684773][ T2932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 253.695346][ T2932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 253.705369][ T2932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 253.715261][ T2932] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 253.724927][ T2932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 253.734828][ T2932] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 253.744508][ T2932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 253.753594][ T2932] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 253.763278][ T2932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 253.772495][ T2932] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 253.788531][ T2932] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 253.797465][ T2932] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 253.827078][T12184] 8021q: adding VLAN 0 to HW filter on device batadv0 04:37:07 executing program 0: readlink(0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) r1 = dup2(r0, 0xffffffffffffffff) openat(r1, &(0x7f0000000240)='./file0\x00', 0x402001, 0xd2) 04:37:07 executing program 0: 04:37:07 executing program 0: 04:37:07 executing program 0: syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000fd778940c80a01c34c8b000000010902120001000000000904160000d6cba4007e7607001c1c903b373e844c7500c6a454a5551f66ea5bdaff6f9fd05fb5ef413dc5477402f90a9db3b093f85f03dfb2ed4ee5228b2ccb07eefb555a577ddb11ca073291bb29475488ac856d794304d7255f0e12f88846810f5497e4e28e42719e060b7bff549a95adc67d771dd50cc0c4521e37b837e7cfc27bf22e"], 0x0) [ 254.444773][ T31] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 254.804329][ T31] usb 1-1: config 0 has an invalid interface number: 22 but max is 0 [ 254.812561][ T31] usb 1-1: config 0 has no interface number 0 [ 254.818856][ T31] usb 1-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=8b.4c [ 254.828020][ T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.838543][ T31] usb 1-1: config 0 descriptor?? [ 254.879419][ T31] gspca_main: vc032x-2.14.0 probing 0ac8:c301 [ 255.095017][ T31] gspca_vc032x: reg_w err -71 [ 255.099781][ T31] ================================================================== [ 255.107873][ T31] BUG: KMSAN: uninit-value in read_sensor_register+0x834/0x26c0 [ 255.115505][ T31] CPU: 1 PID: 31 Comm: kworker/1:1 Not tainted 5.3.0-rc7+ #0 [ 255.122872][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 255.132940][ T31] Workqueue: usb_hub_wq hub_event [ 255.137958][ T31] Call Trace: [ 255.141368][ T31] dump_stack+0x191/0x1f0 [ 255.145808][ T31] kmsan_report+0x162/0x2d0 [ 255.150324][ T31] __msan_warning+0x75/0xe0 [ 255.155126][ T31] read_sensor_register+0x834/0x26c0 [ 255.160527][ T31] sd_init+0x2689/0x53a0 [ 255.164788][ T31] ? sd_config+0x270/0x270 [ 255.169207][ T31] gspca_dev_probe2+0xe93/0x2230 [ 255.174176][ T31] gspca_dev_probe+0x346/0x3b0 [ 255.178958][ T31] sd_probe+0x8d/0xa0 [ 255.183049][ T31] ? sd_s_ctrl+0xdd0/0xdd0 [ 255.187490][ T31] usb_probe_interface+0xd19/0x1310 [ 255.192717][ T31] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 255.198714][ T31] ? usb_register_driver+0x7d0/0x7d0 [ 255.204010][ T31] really_probe+0x1373/0x1dc0 [ 255.208713][ T31] driver_probe_device+0x1ba/0x510 [ 255.213847][ T31] __device_attach_driver+0x5b8/0x790 [ 255.219234][ T31] ? bus_for_each_drv+0x1d5/0x3b0 [ 255.224446][ T31] bus_for_each_drv+0x28e/0x3b0 [ 255.229405][ T31] ? deferred_probe_work_func+0x400/0x400 [ 255.235139][ T31] __device_attach+0x489/0x750 [ 255.239934][ T31] device_initial_probe+0x4a/0x60 [ 255.244977][ T31] bus_probe_device+0x131/0x390 [ 255.249837][ T31] device_add+0x25b5/0x2df0 [ 255.254367][ T31] ? usb_set_configuration+0x3036/0x3710 [ 255.260008][ T31] usb_set_configuration+0x309f/0x3710 [ 255.265505][ T31] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 255.271618][ T31] generic_probe+0xe7/0x280 [ 255.276371][ T31] ? usb_probe_device+0x104/0x200 [ 255.281407][ T31] ? usb_choose_configuration+0xae0/0xae0 [ 255.287139][ T31] usb_probe_device+0x146/0x200 [ 255.292054][ T31] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 255.298042][ T31] ? usb_register_device_driver+0x470/0x470 [ 255.303941][ T31] really_probe+0x1373/0x1dc0 [ 255.308815][ T31] driver_probe_device+0x1ba/0x510 [ 255.314029][ T31] __device_attach_driver+0x5b8/0x790 [ 255.319411][ T31] ? bus_for_each_drv+0x1d5/0x3b0 [ 255.324445][ T31] bus_for_each_drv+0x28e/0x3b0 [ 255.329297][ T31] ? deferred_probe_work_func+0x400/0x400 [ 255.335031][ T31] __device_attach+0x489/0x750 [ 255.339811][ T31] device_initial_probe+0x4a/0x60 [ 255.344845][ T31] bus_probe_device+0x131/0x390 [ 255.349810][ T31] device_add+0x25b5/0x2df0 [ 255.354346][ T31] usb_new_device+0x23e5/0x2fb0 [ 255.359234][ T31] hub_event+0x581d/0x72f0 [ 255.363712][ T31] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 255.369695][ T31] ? led_work+0x720/0x720 [ 255.374111][ T31] ? led_work+0x720/0x720 [ 255.378446][ T31] process_one_work+0x1572/0x1ef0 [ 255.383494][ T31] worker_thread+0x111b/0x2460 [ 255.388287][ T31] kthread+0x4b5/0x4f0 [ 255.392365][ T31] ? process_one_work+0x1ef0/0x1ef0 [ 255.397570][ T31] ? kthread_blkcg+0xf0/0xf0 [ 255.402203][ T31] ret_from_fork+0x35/0x40 [ 255.406633][ T31] [ 255.408958][ T31] Uninit was created at: [ 255.413213][ T31] kmsan_internal_poison_shadow+0x58/0xb0 [ 255.418935][ T31] kmsan_slab_alloc+0xaa/0x120 [ 255.423699][ T31] kmem_cache_alloc_trace+0x8c5/0xd20 [ 255.429071][ T31] gspca_dev_probe2+0x30d/0x2230 [ 255.434109][ T31] gspca_dev_probe+0x346/0x3b0 [ 255.438910][ T31] sd_probe+0x8d/0xa0 [ 255.442899][ T31] usb_probe_interface+0xd19/0x1310 [ 255.448104][ T31] really_probe+0x1373/0x1dc0 [ 255.452787][ T31] driver_probe_device+0x1ba/0x510 [ 255.457902][ T31] __device_attach_driver+0x5b8/0x790 [ 255.463277][ T31] bus_for_each_drv+0x28e/0x3b0 [ 255.468128][ T31] __device_attach+0x489/0x750 [ 255.472921][ T31] device_initial_probe+0x4a/0x60 [ 255.477965][ T31] bus_probe_device+0x131/0x390 [ 255.482852][ T31] device_add+0x25b5/0x2df0 [ 255.487381][ T31] usb_set_configuration+0x309f/0x3710 [ 255.492846][ T31] generic_probe+0xe7/0x280 [ 255.497382][ T31] usb_probe_device+0x146/0x200 [ 255.502241][ T31] really_probe+0x1373/0x1dc0 [ 255.506952][ T31] driver_probe_device+0x1ba/0x510 [ 255.512065][ T31] __device_attach_driver+0x5b8/0x790 [ 255.517533][ T31] bus_for_each_drv+0x28e/0x3b0 [ 255.522385][ T31] __device_attach+0x489/0x750 [ 255.527150][ T31] device_initial_probe+0x4a/0x60 [ 255.532178][ T31] bus_probe_device+0x131/0x390 [ 255.537044][ T31] device_add+0x25b5/0x2df0 [ 255.541640][ T31] usb_new_device+0x23e5/0x2fb0 [ 255.546505][ T31] hub_event+0x581d/0x72f0 [ 255.550943][ T31] process_one_work+0x1572/0x1ef0 [ 255.555974][ T31] worker_thread+0x111b/0x2460 [ 255.560741][ T31] kthread+0x4b5/0x4f0 [ 255.564813][ T31] ret_from_fork+0x35/0x40 [ 255.569217][ T31] ================================================================== [ 255.577275][ T31] Disabling lock debugging due to kernel taint [ 255.583423][ T31] Kernel panic - not syncing: panic_on_warn set ... [ 255.583481][T12198] dummy_hcd dummy_hcd.0: port status 0x00010101 has changes 04:37:08 executing program 1: syz_open_dev$hiddev(&(0x7f0000000100)='/dev/usb/hiddev#\x00', 0x0, 0x100) [ 255.590031][ T31] CPU: 1 PID: 31 Comm: kworker/1:1 Tainted: G B 5.3.0-rc7+ #0 [ 255.606082][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 255.616157][ T31] Workqueue: usb_hub_wq hub_event [ 255.621190][ T31] Call Trace: [ 255.624503][ T31] dump_stack+0x191/0x1f0 [ 255.628886][ T31] panic+0x3c9/0xc1e [ 255.632837][ T31] kmsan_report+0x2ca/0x2d0 [ 255.637359][ T31] __msan_warning+0x75/0xe0 [ 255.641892][ T31] read_sensor_register+0x834/0x26c0 [ 255.647208][ T31] sd_init+0x2689/0x53a0 [ 255.651484][ T31] ? sd_config+0x270/0x270 [ 255.656078][ T31] gspca_dev_probe2+0xe93/0x2230 [ 255.661040][ T31] gspca_dev_probe+0x346/0x3b0 [ 255.665824][ T31] sd_probe+0x8d/0xa0 [ 255.669802][ T31] ? sd_s_ctrl+0xdd0/0xdd0 [ 255.674211][ T31] usb_probe_interface+0xd19/0x1310 [ 255.679408][ T31] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 255.685418][ T31] ? usb_register_driver+0x7d0/0x7d0 [ 255.690697][ T31] really_probe+0x1373/0x1dc0 [ 255.695629][ T31] driver_probe_device+0x1ba/0x510 [ 255.700771][ T31] __device_attach_driver+0x5b8/0x790 [ 255.706240][ T31] ? bus_for_each_drv+0x1d5/0x3b0 [ 255.711624][ T31] bus_for_each_drv+0x28e/0x3b0 [ 255.716472][ T31] ? deferred_probe_work_func+0x400/0x400 [ 255.722187][ T31] __device_attach+0x489/0x750 [ 255.727738][ T31] device_initial_probe+0x4a/0x60 [ 255.732764][ T31] bus_probe_device+0x131/0x390 [ 255.737793][ T31] device_add+0x25b5/0x2df0 [ 255.742301][ T31] ? usb_set_configuration+0x3036/0x3710 [ 255.748036][ T31] usb_set_configuration+0x309f/0x3710 [ 255.753593][ T31] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 255.759687][ T31] generic_probe+0xe7/0x280 [ 255.764196][ T31] ? usb_probe_device+0x104/0x200 [ 255.769216][ T31] ? usb_choose_configuration+0xae0/0xae0 [ 255.774957][ T31] usb_probe_device+0x146/0x200 [ 255.780230][ T31] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 255.786200][ T31] ? usb_register_device_driver+0x470/0x470 [ 255.792093][ T31] really_probe+0x1373/0x1dc0 [ 255.796772][ T31] driver_probe_device+0x1ba/0x510 [ 255.801880][ T31] __device_attach_driver+0x5b8/0x790 [ 255.807244][ T31] ? bus_for_each_drv+0x1d5/0x3b0 [ 255.812258][ T31] bus_for_each_drv+0x28e/0x3b0 [ 255.817097][ T31] ? deferred_probe_work_func+0x400/0x400 [ 255.822811][ T31] __device_attach+0x489/0x750 [ 255.827576][ T31] device_initial_probe+0x4a/0x60 [ 255.832589][ T31] bus_probe_device+0x131/0x390 [ 255.837433][ T31] device_add+0x25b5/0x2df0 [ 255.841946][ T31] usb_new_device+0x23e5/0x2fb0 [ 255.846806][ T31] hub_event+0x581d/0x72f0 [ 255.851266][ T31] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 255.857232][ T31] ? led_work+0x720/0x720 [ 255.861561][ T31] ? led_work+0x720/0x720 [ 255.865880][ T31] process_one_work+0x1572/0x1ef0 [ 255.871028][ T31] worker_thread+0x111b/0x2460 [ 255.875842][ T31] kthread+0x4b5/0x4f0 [ 255.879899][ T31] ? process_one_work+0x1ef0/0x1ef0 [ 255.885100][ T31] ? kthread_blkcg+0xf0/0xf0 [ 255.889699][ T31] ret_from_fork+0x35/0x40 [ 255.895969][ T31] Kernel Offset: disabled [ 255.900440][ T31] Rebooting in 86400 seconds..