[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 78.625531][ T32] audit: type=1800 audit(1569118408.672:25): pid=11733 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 78.662237][ T32] audit: type=1800 audit(1569118408.692:26): pid=11733 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 78.682929][ T32] audit: type=1800 audit(1569118408.702:27): pid=11733 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. 2019/09/22 02:13:44 fuzzer started 2019/09/22 02:13:48 dialing manager at 10.128.0.26:42045 2019/09/22 02:13:49 syscalls: 2382 2019/09/22 02:13:49 code coverage: enabled 2019/09/22 02:13:49 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/09/22 02:13:49 extra coverage: enabled 2019/09/22 02:13:49 setuid sandbox: enabled 2019/09/22 02:13:49 namespace sandbox: enabled 2019/09/22 02:13:49 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/22 02:13:49 fault injection: enabled 2019/09/22 02:13:49 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/22 02:13:49 net packet injection: enabled 2019/09/22 02:13:49 net device setup: enabled 02:16:25 executing program 0: r0 = syz_usb_connect(0x0, 0x3e6, &(0x7f00000008c0)={{0x12, 0x1, 0x0, 0x72, 0x68, 0x34, 0x8, 0x424, 0x9908, 0x6a5e, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x80, 0x0, 0x2, 0xc2, 0x8b, 0xac, 0x0, [], [{{0x9, 0x5, 0xb, 0x2}}, {{0x9, 0x5, 0x8a, 0x2}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001c00)={0x2c, &(0x7f0000001140)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0xac, &(0x7f0000000240)={0x0, 0x0, 0x2, "5cdf"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000d40)={0x2c, &(0x7f0000000b40), 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000280)={0x1c, &(0x7f00000000c0)={0x0, 0x0, 0x1, "cc"}, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syzkaller login: [ 255.847302][T11896] IPVS: ftp: loaded support on port[0] = 21 [ 255.984487][T11896] chnl_net:caif_netlink_parms(): no params data found [ 256.040482][T11896] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.047754][T11896] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.056432][T11896] device bridge_slave_0 entered promiscuous mode [ 256.067034][T11896] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.074476][T11896] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.084070][T11896] device bridge_slave_1 entered promiscuous mode [ 256.116206][T11896] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 256.128676][T11896] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 256.160822][T11896] team0: Port device team_slave_0 added [ 256.169978][T11896] team0: Port device team_slave_1 added [ 256.346826][T11896] device hsr_slave_0 entered promiscuous mode [ 256.503223][T11896] device hsr_slave_1 entered promiscuous mode [ 256.783128][T11896] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.790364][T11896] bridge0: port 2(bridge_slave_1) entered forwarding state [ 256.798310][T11896] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.805554][T11896] bridge0: port 1(bridge_slave_0) entered forwarding state [ 256.882827][T11896] 8021q: adding VLAN 0 to HW filter on device bond0 [ 256.902632][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 256.915526][ T31] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.925485][ T31] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.941423][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 256.959855][T11896] 8021q: adding VLAN 0 to HW filter on device team0 [ 256.977098][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 256.986479][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 256.996713][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.003938][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 257.048827][T11896] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 257.060738][T11896] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 257.077167][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 257.087039][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 257.096458][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.104016][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 257.112403][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 257.122499][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 257.132302][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 257.142746][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 257.152286][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 257.162055][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 257.171919][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 257.181204][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 257.190806][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 257.201013][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 257.215314][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 257.224013][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 257.255125][T11896] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 257.662291][ T31] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 257.902269][ T31] usb 1-1: Using ep0 maxpacket: 8 [ 258.022650][ T31] usb 1-1: config 0 has an invalid interface number: 128 but max is 0 [ 258.031107][ T31] usb 1-1: config 0 has no interface number 0 [ 258.038150][ T31] usb 1-1: config 0 interface 128 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 258.048116][ T31] usb 1-1: config 0 interface 128 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 0 [ 258.058175][ T31] usb 1-1: New USB device found, idVendor=0424, idProduct=9908, bcdDevice=6a.5e [ 258.067300][ T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.078526][ T31] usb 1-1: config 0 descriptor?? [ 258.124445][ T31] smsc95xx v1.0.6 [ 258.552521][ T31] ================================================================== [ 258.560747][ T31] BUG: KMSAN: uninit-value in smsc95xx_read_eeprom+0x203/0x920 [ 258.568301][ T31] CPU: 1 PID: 31 Comm: kworker/1:1 Not tainted 5.3.0-rc7+ #0 [ 258.575668][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 258.585802][ T31] Workqueue: usb_hub_wq hub_event [ 258.590823][ T31] Call Trace: [ 258.594241][ T31] dump_stack+0x191/0x1f0 [ 258.598643][ T31] kmsan_report+0x162/0x2d0 [ 258.603156][ T31] __msan_warning+0x75/0xe0 [ 258.607676][ T31] smsc95xx_read_eeprom+0x203/0x920 [ 258.612957][ T31] smsc95xx_bind+0x467/0x1690 [ 258.617636][ T31] ? kmsan_memcpy_memmove_metadata+0x119/0x2d0 [ 258.624254][ T31] ? kmsan_get_shadow_origin_ptr+0x71/0x4c0 [ 258.630157][ T31] ? smsc95xx_mdio_write+0xc10/0xc10 [ 258.635441][ T31] usbnet_probe+0x10ae/0x3960 [ 258.640120][ T31] ? kmsan_set_origin+0x6a/0xf0 [ 258.644990][ T31] ? usbnet_disconnect+0x660/0x660 [ 258.650165][ T31] usb_probe_interface+0xd19/0x1310 [ 258.655382][ T31] ? usb_register_driver+0x7d0/0x7d0 [ 258.660750][ T31] really_probe+0x1373/0x1dc0 [ 258.665448][ T31] driver_probe_device+0x1ba/0x510 [ 258.670564][ T31] ? kmsan_get_shadow_origin_ptr+0x71/0x4c0 [ 258.676463][ T31] __device_attach_driver+0x5b8/0x790 [ 258.681849][ T31] bus_for_each_drv+0x28e/0x3b0 [ 258.686706][ T31] ? deferred_probe_work_func+0x400/0x400 [ 258.692443][ T31] __device_attach+0x489/0x750 [ 258.697220][ T31] device_initial_probe+0x4a/0x60 02:16:28 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) seccomp(0x1, 0x0, &(0x7f0000000140)={0x20000000000002f0, &(0x7f0000000200)=[{0x6}]}) [ 258.702246][ T31] bus_probe_device+0x131/0x390 [ 258.707109][ T31] device_add+0x25b5/0x2df0 [ 258.711638][ T31] usb_set_configuration+0x309f/0x3710 [ 258.717143][ T31] generic_probe+0xe7/0x280 [ 258.721650][ T31] ? usb_choose_configuration+0xae0/0xae0 [ 258.727375][ T31] usb_probe_device+0x146/0x200 [ 258.732232][ T31] ? usb_register_device_driver+0x470/0x470 [ 258.738148][ T31] really_probe+0x1373/0x1dc0 [ 258.742861][ T31] driver_probe_device+0x1ba/0x510 [ 258.748001][ T31] ? kmsan_get_shadow_origin_ptr+0x71/0x4c0 [ 258.753921][ T31] __device_attach_driver+0x5b8/0x790 [ 258.759467][ T31] bus_for_each_drv+0x28e/0x3b0 [ 258.764329][ T31] ? deferred_probe_work_func+0x400/0x400 [ 258.770063][ T31] __device_attach+0x489/0x750 [ 258.774852][ T31] device_initial_probe+0x4a/0x60 [ 258.779973][ T31] bus_probe_device+0x131/0x390 [ 258.784835][ T31] device_add+0x25b5/0x2df0 [ 258.789459][ T31] usb_new_device+0x23e5/0x2fb0 [ 258.794320][ T31] hub_event+0x581d/0x72f0 [ 258.798767][ T31] ? kmsan_get_shadow_origin_ptr+0x71/0x4c0 [ 258.804763][ T31] ? led_work+0x720/0x720 [ 258.809088][ T31] ? led_work+0x720/0x720 [ 258.813511][ T31] process_one_work+0x1572/0x1ef0 [ 258.818553][ T31] worker_thread+0x111b/0x2460 [ 258.823376][ T31] kthread+0x4b5/0x4f0 [ 258.827436][ T31] ? process_one_work+0x1ef0/0x1ef0 [ 258.832649][ T31] ? kthread_blkcg+0xf0/0xf0 [ 258.837263][ T31] ret_from_fork+0x35/0x40 [ 258.841697][ T31] [ 258.844017][ T31] Local variable description: ----buf.i.i86@smsc95xx_read_eeprom [ 258.851721][ T31] Variable was created at: [ 258.856142][ T31] smsc95xx_read_eeprom+0x109/0x920 [ 258.861332][ T31] smsc95xx_bind+0x467/0x1690 [ 258.865999][ T31] ================================================================== [ 258.874152][ T31] Disabling lock debugging due to kernel taint [ 258.880316][ T31] Kernel panic - not syncing: panic_on_warn set ... [ 258.886892][ T31] CPU: 1 PID: 31 Comm: kworker/1:1 Tainted: G B 5.3.0-rc7+ #0 [ 258.895661][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 258.905707][ T31] Workqueue: usb_hub_wq hub_event [ 258.910798][ T31] Call Trace: [ 258.914094][ T31] dump_stack+0x191/0x1f0 [ 258.918502][ T31] panic+0x3c9/0xc1e [ 258.922409][ T31] kmsan_report+0x2ca/0x2d0 [ 258.926903][ T31] __msan_warning+0x75/0xe0 [ 258.931400][ T31] smsc95xx_read_eeprom+0x203/0x920 [ 258.936595][ T31] smsc95xx_bind+0x467/0x1690 [ 258.941270][ T31] ? kmsan_memcpy_memmove_metadata+0x119/0x2d0 [ 258.947415][ T31] ? kmsan_get_shadow_origin_ptr+0x71/0x4c0 [ 258.953309][ T31] ? smsc95xx_mdio_write+0xc10/0xc10 [ 258.958577][ T31] usbnet_probe+0x10ae/0x3960 [ 258.963246][ T31] ? kmsan_set_origin+0x6a/0xf0 [ 258.968104][ T31] ? usbnet_disconnect+0x660/0x660 [ 258.973300][ T31] usb_probe_interface+0xd19/0x1310 [ 258.978506][ T31] ? usb_register_driver+0x7d0/0x7d0 [ 258.983888][ T31] really_probe+0x1373/0x1dc0 [ 258.988565][ T31] driver_probe_device+0x1ba/0x510 [ 258.993670][ T31] ? kmsan_get_shadow_origin_ptr+0x71/0x4c0 [ 258.999554][ T31] __device_attach_driver+0x5b8/0x790 [ 259.004924][ T31] bus_for_each_drv+0x28e/0x3b0 [ 259.009935][ T31] ? deferred_probe_work_func+0x400/0x400 [ 259.015650][ T31] __device_attach+0x489/0x750 [ 259.020586][ T31] device_initial_probe+0x4a/0x60 [ 259.025620][ T31] bus_probe_device+0x131/0x390 [ 259.030462][ T31] device_add+0x25b5/0x2df0 [ 259.034984][ T31] usb_set_configuration+0x309f/0x3710 [ 259.040466][ T31] generic_probe+0xe7/0x280 [ 259.045221][ T31] ? usb_choose_configuration+0xae0/0xae0 [ 259.050929][ T31] usb_probe_device+0x146/0x200 [ 259.055773][ T31] ? usb_register_device_driver+0x470/0x470 [ 259.061758][ T31] really_probe+0x1373/0x1dc0 [ 259.066449][ T31] driver_probe_device+0x1ba/0x510 [ 259.071554][ T31] ? kmsan_get_shadow_origin_ptr+0x71/0x4c0 [ 259.077449][ T31] __device_attach_driver+0x5b8/0x790 [ 259.082828][ T31] bus_for_each_drv+0x28e/0x3b0 [ 259.087673][ T31] ? deferred_probe_work_func+0x400/0x400 [ 259.093387][ T31] __device_attach+0x489/0x750 [ 259.098321][ T31] device_initial_probe+0x4a/0x60 [ 259.103339][ T31] bus_probe_device+0x131/0x390 [ 259.108197][ T31] device_add+0x25b5/0x2df0 [ 259.112807][ T31] usb_new_device+0x23e5/0x2fb0 [ 259.117667][ T31] hub_event+0x581d/0x72f0 [ 259.122197][ T31] ? kmsan_get_shadow_origin_ptr+0x71/0x4c0 [ 259.128438][ T31] ? led_work+0x720/0x720 [ 259.132780][ T31] ? led_work+0x720/0x720 [ 259.137198][ T31] process_one_work+0x1572/0x1ef0 [ 259.142229][ T31] worker_thread+0x111b/0x2460 [ 259.147000][ T31] kthread+0x4b5/0x4f0 [ 259.151076][ T31] ? process_one_work+0x1ef0/0x1ef0 [ 259.156272][ T31] ? kthread_blkcg+0xf0/0xf0 [ 259.160853][ T31] ret_from_fork+0x35/0x40 [ 259.167011][ T31] Kernel Offset: disabled [ 259.171491][ T31] Rebooting in 86400 seconds..