[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 101.304598][ T31] audit: type=1800 audit(1564409423.363:25): pid=12017 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 101.328465][ T31] audit: type=1800 audit(1564409423.383:26): pid=12017 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 101.366960][ T31] audit: type=1800 audit(1564409423.413:27): pid=12017 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.55' (ECDSA) to the list of known hosts. 2019/07/29 14:10:37 fuzzer started 2019/07/29 14:10:42 dialing manager at 10.128.0.26:40333 2019/07/29 14:10:43 syscalls: 2365 2019/07/29 14:10:43 code coverage: enabled 2019/07/29 14:10:43 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/07/29 14:10:43 extra coverage: enabled 2019/07/29 14:10:43 setuid sandbox: enabled 2019/07/29 14:10:43 namespace sandbox: enabled 2019/07/29 14:10:43 Android sandbox: /sys/fs/selinux/policy does not exist 2019/07/29 14:10:43 fault injection: enabled 2019/07/29 14:10:43 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/07/29 14:10:43 net packet injection: enabled 2019/07/29 14:10:43 net device setup: enabled 14:14:11 executing program 0: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f00000002c0)=[{&(0x7f0000000080), 0x156}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) move_pages(0x0, 0x7700, &(0x7f0000000300)=[&(0x7f0000005000/0x2000)=nil], &(0x7f0000000380)=[0x1], 0x0, 0x0) setsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) syzkaller login: [ 329.931785][T12182] IPVS: ftp: loaded support on port[0] = 21 [ 330.110050][T12182] chnl_net:caif_netlink_parms(): no params data found [ 330.178628][T12182] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.186003][T12182] bridge0: port 1(bridge_slave_0) entered disabled state [ 330.195097][T12182] device bridge_slave_0 entered promiscuous mode [ 330.206432][T12182] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.213768][T12182] bridge0: port 2(bridge_slave_1) entered disabled state [ 330.222972][T12182] device bridge_slave_1 entered promiscuous mode [ 330.262277][T12182] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 330.275162][T12182] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 330.312489][T12182] team0: Port device team_slave_0 added [ 330.322684][T12182] team0: Port device team_slave_1 added [ 330.477795][T12182] device hsr_slave_0 entered promiscuous mode [ 330.603188][T12182] device hsr_slave_1 entered promiscuous mode [ 330.889548][T12182] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.896893][T12182] bridge0: port 2(bridge_slave_1) entered forwarding state [ 330.904987][T12182] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.912278][T12182] bridge0: port 1(bridge_slave_0) entered forwarding state [ 331.019840][T12182] 8021q: adding VLAN 0 to HW filter on device bond0 [ 331.045147][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 331.057772][ T838] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.069622][ T838] bridge0: port 2(bridge_slave_1) entered disabled state [ 331.081511][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 331.104796][T12182] 8021q: adding VLAN 0 to HW filter on device team0 [ 331.125839][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 331.136182][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 331.147154][ T838] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.154468][ T838] bridge0: port 1(bridge_slave_0) entered forwarding state [ 331.217239][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 331.227498][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 331.236753][ T838] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.244021][ T838] bridge0: port 2(bridge_slave_1) entered forwarding state [ 331.252722][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 331.263095][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 331.273399][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 331.283591][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 331.293479][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 331.303720][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 331.314660][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 331.324249][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 331.333597][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 331.343336][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 331.357238][T12182] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 331.403338][T12182] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 331.514558][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 14:14:13 executing program 0: r0 = syz_open_dev$hidraw(&(0x7f0000000100)='/dev/../raw#\x00', 0x0, 0x12d439) write$hidraw(r0, &(0x7f0000000000)="01", 0xfffffd73) 14:14:13 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_int(r0, 0x29, 0x49, 0x0, &(0x7f0000000180)) 14:14:13 executing program 0: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x91, 0x14, 0x8f, 0x40, 0x411, 0x12, 0x565f, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xce, 0x0, 0x0, 0x54, 0x74, 0x24}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) ioctl$EVIOCGBITSND(0xffffffffffffffff, 0x80404532, &(0x7f0000001d80)=""/59) syz_usb_control_io(r0, &(0x7f0000002100)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000023c0)={0xcc, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000110000000c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x40, 0x19, 0x2}, 0x0, &(0x7f0000000000)={0x40, 0x1c, 0x1}, 0x0, &(0x7f0000000000)={0x40, 0x21, 0x1}}) [ 332.162130][ T2848] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 332.532300][ T2848] usb 1-1: config 0 has an invalid interface number: 206 but max is 0 [ 332.540609][ T2848] usb 1-1: config 0 has no interface number 0 [ 332.546935][ T2848] usb 1-1: New USB device found, idVendor=0411, idProduct=0012, bcdDevice=56.5f [ 332.556356][ T2848] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.567652][ T2848] usb 1-1: config 0 descriptor?? [ 333.276704][ T2848] ================================================================== [ 333.284862][ T2848] BUG: KMSAN: uninit-value in _mix_pool_bytes+0x7de/0x960 [ 333.292024][ T2848] CPU: 0 PID: 2848 Comm: kworker/0:2 Not tainted 5.2.0+ #15 [ 333.299319][ T2848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 333.309408][ T2848] Workqueue: usb_hub_wq hub_event [ 333.314464][ T2848] Call Trace: [ 333.317881][ T2848] dump_stack+0x191/0x1f0 [ 333.322873][ T2848] kmsan_report+0x162/0x2d0 [ 333.327452][ T2848] __msan_warning+0x75/0xe0 [ 333.332004][ T2848] _mix_pool_bytes+0x7de/0x960 [ 333.336918][ T2848] ? register_netdevice+0x1eab/0x2690 [ 333.342328][ T2848] add_device_randomness+0x776/0xfa0 [ 333.347688][ T2848] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 333.353884][ T2848] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 333.359819][ T2848] register_netdevice+0x1eab/0x2690 [ 333.365075][ T2848] register_netdev+0x93/0xd0 [ 333.369687][ T2848] rtl8150_probe+0x11f8/0x1550 [ 333.374493][ T2848] ? __mii_op+0x2e0/0xe70 [ 333.378853][ T2848] ? read_eprom_word+0xdd0/0xdd0 [ 333.383905][ T2848] usb_probe_interface+0xd19/0x1310 [ 333.389163][ T2848] ? usb_register_driver+0x7d0/0x7d0 [ 333.394478][ T2848] really_probe+0x1344/0x1d90 [ 333.399192][ T2848] driver_probe_device+0x1ba/0x510 [ 333.404332][ T2848] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 333.410256][ T2848] __device_attach_driver+0x5b8/0x790 [ 333.415695][ T2848] bus_for_each_drv+0x28e/0x3b0 [ 333.420580][ T2848] ? deferred_probe_work_func+0x400/0x400 [ 333.426351][ T2848] __device_attach+0x489/0x750 [ 333.432135][ T2848] device_initial_probe+0x4a/0x60 [ 333.439363][ T2848] bus_probe_device+0x131/0x390 [ 333.444253][ T2848] device_add+0x25b5/0x2df0 [ 333.448835][ T2848] usb_set_configuration+0x309f/0x3710 [ 333.454559][ T2848] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 333.461291][ T2848] generic_probe+0xe7/0x280 [ 333.466421][ T2848] ? usb_choose_configuration+0xae0/0xae0 [ 333.472269][ T2848] usb_probe_device+0x146/0x200 [ 333.477166][ T2848] ? usb_register_device_driver+0x470/0x470 [ 333.483187][ T2848] really_probe+0x1344/0x1d90 [ 333.487915][ T2848] driver_probe_device+0x1ba/0x510 [ 333.493057][ T2848] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 333.498994][ T2848] __device_attach_driver+0x5b8/0x790 [ 333.504506][ T2848] bus_for_each_drv+0x28e/0x3b0 [ 333.509389][ T2848] ? deferred_probe_work_func+0x400/0x400 [ 333.515144][ T2848] __device_attach+0x489/0x750 [ 333.519960][ T2848] device_initial_probe+0x4a/0x60 [ 333.525035][ T2848] bus_probe_device+0x131/0x390 [ 333.529926][ T2848] device_add+0x25b5/0x2df0 [ 333.534509][ T2848] usb_new_device+0x23e5/0x2fb0 [ 333.539417][ T2848] hub_event+0x5853/0x7320 [ 333.543935][ T2848] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 333.549850][ T2848] ? led_work+0x720/0x720 [ 333.554199][ T2848] ? led_work+0x720/0x720 [ 333.558556][ T2848] process_one_work+0x1572/0x1f00 [ 333.563651][ T2848] worker_thread+0x111b/0x2460 [ 333.568495][ T2848] kthread+0x4b5/0x4f0 [ 333.572597][ T2848] ? process_one_work+0x1f00/0x1f00 [ 333.577933][ T2848] ? kthread_blkcg+0xf0/0xf0 [ 333.582644][ T2848] ret_from_fork+0x35/0x40 [ 333.587099][ T2848] [ 333.589439][ T2848] Uninit was stored to memory at: [ 333.594484][ T2848] kmsan_internal_chain_origin+0xcc/0x150 [ 333.600218][ T2848] kmsan_memcpy_memmove_metadata+0x9f9/0xe00 [ 333.606224][ T2848] kmsan_memcpy_metadata+0xb/0x10 [ 333.611270][ T2848] __msan_memcpy+0x56/0x70 [ 333.615716][ T2848] rtl8150_probe+0x114c/0x1550 [ 333.620489][ T2848] usb_probe_interface+0xd19/0x1310 [ 333.625707][ T2848] really_probe+0x1344/0x1d90 [ 333.630396][ T2848] driver_probe_device+0x1ba/0x510 [ 333.635517][ T2848] __device_attach_driver+0x5b8/0x790 [ 333.640905][ T2848] bus_for_each_drv+0x28e/0x3b0 [ 333.645769][ T2848] __device_attach+0x489/0x750 [ 333.650542][ T2848] device_initial_probe+0x4a/0x60 [ 333.655575][ T2848] bus_probe_device+0x131/0x390 [ 333.660435][ T2848] device_add+0x25b5/0x2df0 [ 333.664951][ T2848] usb_set_configuration+0x309f/0x3710 [ 333.670456][ T2848] generic_probe+0xe7/0x280 [ 333.674965][ T2848] usb_probe_device+0x146/0x200 [ 333.679824][ T2848] really_probe+0x1344/0x1d90 [ 333.684515][ T2848] driver_probe_device+0x1ba/0x510 [ 333.689649][ T2848] __device_attach_driver+0x5b8/0x790 [ 333.695035][ T2848] bus_for_each_drv+0x28e/0x3b0 [ 333.699909][ T2848] __device_attach+0x489/0x750 [ 333.704694][ T2848] device_initial_probe+0x4a/0x60 [ 333.709751][ T2848] bus_probe_device+0x131/0x390 [ 333.714617][ T2848] device_add+0x25b5/0x2df0 [ 333.719138][ T2848] usb_new_device+0x23e5/0x2fb0 [ 333.724086][ T2848] hub_event+0x5853/0x7320 [ 333.728515][ T2848] process_one_work+0x1572/0x1f00 [ 333.733549][ T2848] worker_thread+0x111b/0x2460 [ 333.738323][ T2848] kthread+0x4b5/0x4f0 [ 333.742402][ T2848] ret_from_fork+0x35/0x40 [ 333.746815][ T2848] [ 333.749150][ T2848] Local variable description: ----node_id.i@rtl8150_probe [ 333.756257][ T2848] Variable was created at: [ 333.760715][ T2848] rtl8150_probe+0xdce/0x1550 [ 333.765413][ T2848] usb_probe_interface+0xd19/0x1310 [ 333.770616][ T2848] ================================================================== [ 333.778878][ T2848] Disabling lock debugging due to kernel taint [ 333.785044][ T2848] Kernel panic - not syncing: panic_on_warn set ... [ 333.791664][ T2848] CPU: 0 PID: 2848 Comm: kworker/0:2 Tainted: G B 5.2.0+ #15 [ 333.800359][ T2848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 333.810445][ T2848] Workqueue: usb_hub_wq hub_event [ 333.815487][ T2848] Call Trace: [ 333.818810][ T2848] dump_stack+0x191/0x1f0 [ 333.823184][ T2848] panic+0x3c9/0xc1e [ 333.827237][ T2848] kmsan_report+0x2ca/0x2d0 [ 333.831774][ T2848] __msan_warning+0x75/0xe0 [ 333.836312][ T2848] _mix_pool_bytes+0x7de/0x960 [ 333.841157][ T2848] ? register_netdevice+0x1eab/0x2690 [ 333.846734][ T2848] add_device_randomness+0x776/0xfa0 [ 333.852092][ T2848] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 333.858272][ T2848] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 333.864199][ T2848] register_netdevice+0x1eab/0x2690 [ 333.869493][ T2848] register_netdev+0x93/0xd0 [ 333.874116][ T2848] rtl8150_probe+0x11f8/0x1550 [ 333.878923][ T2848] ? __mii_op+0x2e0/0xe70 [ 333.883269][ T2848] ? read_eprom_word+0xdd0/0xdd0 [ 333.888252][ T2848] usb_probe_interface+0xd19/0x1310 [ 333.893502][ T2848] ? usb_register_driver+0x7d0/0x7d0 [ 333.898829][ T2848] really_probe+0x1344/0x1d90 [ 333.903581][ T2848] driver_probe_device+0x1ba/0x510 [ 333.908738][ T2848] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 333.914764][ T2848] __device_attach_driver+0x5b8/0x790 [ 333.920195][ T2848] bus_for_each_drv+0x28e/0x3b0 [ 333.925080][ T2848] ? deferred_probe_work_func+0x400/0x400 [ 333.930932][ T2848] __device_attach+0x489/0x750 [ 333.935745][ T2848] device_initial_probe+0x4a/0x60 [ 333.940810][ T2848] bus_probe_device+0x131/0x390 [ 333.945694][ T2848] device_add+0x25b5/0x2df0 [ 333.950255][ T2848] usb_set_configuration+0x309f/0x3710 [ 333.955783][ T2848] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 333.961898][ T2848] generic_probe+0xe7/0x280 [ 333.966425][ T2848] ? usb_choose_configuration+0xae0/0xae0 [ 333.972168][ T2848] usb_probe_device+0x146/0x200 [ 333.977052][ T2848] ? usb_register_device_driver+0x470/0x470 [ 333.982963][ T2848] really_probe+0x1344/0x1d90 [ 333.987687][ T2848] driver_probe_device+0x1ba/0x510 [ 333.992822][ T2848] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 333.998768][ T2848] __device_attach_driver+0x5b8/0x790 [ 334.004277][ T2848] bus_for_each_drv+0x28e/0x3b0 [ 334.009151][ T2848] ? deferred_probe_work_func+0x400/0x400 [ 334.014934][ T2848] __device_attach+0x489/0x750 [ 334.019749][ T2848] device_initial_probe+0x4a/0x60 [ 334.024808][ T2848] bus_probe_device+0x131/0x390 [ 334.029883][ T2848] device_add+0x25b5/0x2df0 [ 334.034479][ T2848] usb_new_device+0x23e5/0x2fb0 [ 334.039414][ T2848] hub_event+0x5853/0x7320 [ 334.043937][ T2848] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 334.049858][ T2848] ? led_work+0x720/0x720 [ 334.054212][ T2848] ? led_work+0x720/0x720 [ 334.058589][ T2848] process_one_work+0x1572/0x1f00 [ 334.063691][ T2848] worker_thread+0x111b/0x2460 [ 334.068524][ T2848] kthread+0x4b5/0x4f0 [ 334.072612][ T2848] ? process_one_work+0x1f00/0x1f00 [ 334.077851][ T2848] ? kthread_blkcg+0xf0/0xf0 [ 334.082468][ T2848] ret_from_fork+0x35/0x40 [ 335.584099][ T2848] Shutting down cpus with NMI [ 335.604942][ T2848] Kernel Offset: disabled [ 335.609318][ T2848] Rebooting in 86400 seconds..