[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 101.856360][ T31] audit: type=1800 audit(1565897084.907:25): pid=11598 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 101.880627][ T31] audit: type=1800 audit(1565897084.927:26): pid=11598 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 101.919685][ T31] audit: type=1800 audit(1565897084.957:27): pid=11598 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.9' (ECDSA) to the list of known hosts. 2019/08/15 19:25:00 fuzzer started 2019/08/15 19:25:06 dialing manager at 10.128.0.26:36111 2019/08/15 19:25:06 syscalls: 2376 2019/08/15 19:25:06 code coverage: enabled 2019/08/15 19:25:06 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/08/15 19:25:06 extra coverage: enabled 2019/08/15 19:25:06 setuid sandbox: enabled 2019/08/15 19:25:06 namespace sandbox: enabled 2019/08/15 19:25:06 Android sandbox: /sys/fs/selinux/policy does not exist 2019/08/15 19:25:06 fault injection: enabled 2019/08/15 19:25:06 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/08/15 19:25:06 net packet injection: enabled 2019/08/15 19:25:06 net device setup: enabled 19:28:26 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) close(r0) syzkaller login: [ 324.012706][T11764] IPVS: ftp: loaded support on port[0] = 21 [ 324.192180][T11764] chnl_net:caif_netlink_parms(): no params data found [ 324.266972][T11764] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.274303][T11764] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.283452][T11764] device bridge_slave_0 entered promiscuous mode [ 324.294091][T11764] bridge0: port 2(bridge_slave_1) entered blocking state [ 324.301308][T11764] bridge0: port 2(bridge_slave_1) entered disabled state [ 324.310373][T11764] device bridge_slave_1 entered promiscuous mode [ 324.351281][T11764] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 324.365102][T11764] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 324.405629][T11764] team0: Port device team_slave_0 added [ 324.416904][T11764] team0: Port device team_slave_1 added [ 324.498711][T11764] device hsr_slave_0 entered promiscuous mode [ 324.753593][T11764] device hsr_slave_1 entered promiscuous mode [ 325.030038][T11764] bridge0: port 2(bridge_slave_1) entered blocking state [ 325.037417][T11764] bridge0: port 2(bridge_slave_1) entered forwarding state [ 325.045440][T11764] bridge0: port 1(bridge_slave_0) entered blocking state [ 325.052841][T11764] bridge0: port 1(bridge_slave_0) entered forwarding state [ 325.160886][T11764] 8021q: adding VLAN 0 to HW filter on device bond0 [ 325.186785][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 325.201396][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 325.214644][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.231624][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 325.255646][T11764] 8021q: adding VLAN 0 to HW filter on device team0 [ 325.273202][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 325.283188][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 325.294262][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 325.301502][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 325.317613][T11767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 325.327472][T11767] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 325.337265][T11767] bridge0: port 2(bridge_slave_1) entered blocking state [ 325.344533][T11767] bridge0: port 2(bridge_slave_1) entered forwarding state [ 325.372803][ T3895] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 325.383433][ T3895] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 325.406251][ T3895] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 325.416674][ T3895] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 325.448611][T11764] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 325.459138][T11764] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 325.474926][ T3895] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 325.484564][ T3895] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 325.495374][ T3895] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 325.506324][ T3895] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 325.515850][ T3895] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 325.527899][ T3895] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 325.537558][ T3895] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 325.548897][ T3895] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 325.602117][T11764] 8021q: adding VLAN 0 to HW filter on device batadv0 19:28:28 executing program 0: r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f00000000c0)={0x0, @in={{0x2, 0x0, @empty}}}, &(0x7f0000000180)=0x90) 19:28:28 executing program 0: 19:28:29 executing program 0: r0 = syz_usb_connect(0x0, 0x181, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x97, 0x34, 0x13, 0x8, 0xc72, 0xd, 0xdad3, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xf1, 0x0, 0x0, 0xa, 0x72, 0x24}}]}}]}}, 0x0) syz_usb_control_io(r0, &(0x7f0000001200)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000001500)={0xac, &(0x7f0000001240), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, &(0x7f0000000c80)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000001300)={0xac, &(0x7f0000000cc0)={0x0, 0x0, 0x1b, "b2558f624f75aa72867fa5d56d60d1678d5dfbcfccf5b083868ee1"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) [ 326.333896][ T3895] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 326.573480][ T3895] usb 1-1: Using ep0 maxpacket: 8 [ 326.693213][ T3895] usb 1-1: config 0 has an invalid interface number: 241 but max is 0 [ 326.701606][ T3895] usb 1-1: config 0 has no interface number 0 [ 326.708006][ T3895] usb 1-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=da.d3 [ 326.717250][ T3895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.729031][ T3895] usb 1-1: config 0 descriptor?? [ 327.215367][ T3895] ================================================================== [ 327.223508][ T3895] BUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x7ef/0x1f50 [ 327.231261][ T3895] CPU: 0 PID: 3895 Comm: kworker/0:2 Not tainted 5.3.0-rc3+ #17 [ 327.238939][ T3895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 327.249030][ T3895] Workqueue: usb_hub_wq hub_event [ 327.254071][ T3895] Call Trace: [ 327.257395][ T3895] dump_stack+0x191/0x1f0 [ 327.261775][ T3895] kmsan_report+0x162/0x2d0 [ 327.266311][ T3895] kmsan_internal_check_memory+0x7be/0x8d0 [ 327.272669][ T3895] ? hub_event+0x581d/0x72f0 [ 327.277374][ T3895] ? process_one_work+0x1572/0x1ef0 [ 327.282593][ T3895] ? worker_thread+0x111b/0x2460 [ 327.287556][ T3895] ? kthread+0x4b5/0x4f0 [ 327.291849][ T3895] kmsan_handle_urb+0x28/0x40 [ 327.296557][ T3895] usb_submit_urb+0x7ef/0x1f50 [ 327.301393][ T3895] usb_start_wait_urb+0x143/0x410 [ 327.306473][ T3895] usb_control_msg+0x49f/0x7f0 [ 327.311294][ T3895] pcan_usb_pro_init+0x1319/0x1720 [ 327.316473][ T3895] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 327.322630][ T3895] ? pcan_usb_pro_probe+0x250/0x250 [ 327.327856][ T3895] peak_usb_probe+0x1416/0x1b20 [ 327.332776][ T3895] ? peak_usb_do_device_exit+0x240/0x240 [ 327.338540][ T3895] usb_probe_interface+0xd19/0x1310 [ 327.343790][ T3895] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 327.349806][ T3895] ? usb_register_driver+0x7d0/0x7d0 [ 327.355470][ T3895] really_probe+0x1373/0x1dc0 [ 327.360199][ T3895] driver_probe_device+0x1ba/0x510 [ 327.365361][ T3895] __device_attach_driver+0x5b8/0x790 [ 327.370766][ T3895] ? bus_for_each_drv+0x1d5/0x3b0 [ 327.375817][ T3895] bus_for_each_drv+0x28e/0x3b0 [ 327.380698][ T3895] ? deferred_probe_work_func+0x400/0x400 [ 327.386475][ T3895] __device_attach+0x489/0x750 [ 327.391282][ T3895] device_initial_probe+0x4a/0x60 [ 327.396334][ T3895] bus_probe_device+0x131/0x390 [ 327.401214][ T3895] device_add+0x25b5/0x2df0 [ 327.405777][ T3895] ? usb_set_configuration+0x3036/0x3710 [ 327.411439][ T3895] usb_set_configuration+0x309f/0x3710 [ 327.416962][ T3895] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 327.423080][ T3895] generic_probe+0xe7/0x280 [ 327.427605][ T3895] ? usb_probe_device+0x104/0x200 [ 327.432650][ T3895] ? usb_choose_configuration+0xae0/0xae0 [ 327.438389][ T3895] usb_probe_device+0x146/0x200 [ 327.443260][ T3895] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 327.449268][ T3895] ? usb_register_device_driver+0x470/0x470 [ 327.455183][ T3895] really_probe+0x1373/0x1dc0 [ 327.459903][ T3895] driver_probe_device+0x1ba/0x510 [ 327.465053][ T3895] __device_attach_driver+0x5b8/0x790 [ 327.470455][ T3895] ? bus_for_each_drv+0x1d5/0x3b0 [ 327.475516][ T3895] bus_for_each_drv+0x28e/0x3b0 [ 327.480394][ T3895] ? deferred_probe_work_func+0x400/0x400 [ 327.486236][ T3895] __device_attach+0x489/0x750 [ 327.491065][ T3895] device_initial_probe+0x4a/0x60 [ 327.496141][ T3895] bus_probe_device+0x131/0x390 [ 327.501025][ T3895] device_add+0x25b5/0x2df0 [ 327.505594][ T3895] usb_new_device+0x23e5/0x2fb0 [ 327.510514][ T3895] hub_event+0x581d/0x72f0 [ 327.515036][ T3895] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 327.521039][ T3895] ? led_work+0x720/0x720 [ 327.525382][ T3895] ? led_work+0x720/0x720 [ 327.529737][ T3895] process_one_work+0x1572/0x1ef0 [ 327.534815][ T3895] worker_thread+0x111b/0x2460 [ 327.539641][ T3895] kthread+0x4b5/0x4f0 [ 327.543725][ T3895] ? process_one_work+0x1ef0/0x1ef0 [ 327.548945][ T3895] ? kthread_blkcg+0xf0/0xf0 [ 327.553563][ T3895] ret_from_fork+0x35/0x40 [ 327.558006][ T3895] [ 327.560333][ T3895] Uninit was created at: [ 327.564591][ T3895] kmsan_internal_poison_shadow+0x53/0xa0 [ 327.570321][ T3895] kmsan_slab_alloc+0xaa/0x120 [ 327.575097][ T3895] kmem_cache_alloc_trace+0x8c5/0xd20 [ 327.580475][ T3895] pcan_usb_pro_init+0xe96/0x1720 [ 327.585509][ T3895] peak_usb_probe+0x1416/0x1b20 [ 327.590371][ T3895] usb_probe_interface+0xd19/0x1310 [ 327.595577][ T3895] really_probe+0x1373/0x1dc0 [ 327.600616][ T3895] driver_probe_device+0x1ba/0x510 [ 327.605738][ T3895] __device_attach_driver+0x5b8/0x790 [ 327.611115][ T3895] bus_for_each_drv+0x28e/0x3b0 [ 327.615974][ T3895] __device_attach+0x489/0x750 [ 327.620750][ T3895] device_initial_probe+0x4a/0x60 [ 327.625781][ T3895] bus_probe_device+0x131/0x390 [ 327.630640][ T3895] device_add+0x25b5/0x2df0 [ 327.635150][ T3895] usb_set_configuration+0x309f/0x3710 [ 327.640620][ T3895] generic_probe+0xe7/0x280 [ 327.645232][ T3895] usb_probe_device+0x146/0x200 [ 327.650091][ T3895] really_probe+0x1373/0x1dc0 [ 327.654786][ T3895] driver_probe_device+0x1ba/0x510 [ 327.659912][ T3895] __device_attach_driver+0x5b8/0x790 [ 327.665292][ T3895] bus_for_each_drv+0x28e/0x3b0 [ 327.670151][ T3895] __device_attach+0x489/0x750 [ 327.674921][ T3895] device_initial_probe+0x4a/0x60 [ 327.679954][ T3895] bus_probe_device+0x131/0x390 [ 327.685169][ T3895] device_add+0x25b5/0x2df0 [ 327.689677][ T3895] usb_new_device+0x23e5/0x2fb0 [ 327.694538][ T3895] hub_event+0x581d/0x72f0 [ 327.698965][ T3895] process_one_work+0x1572/0x1ef0 [ 327.703999][ T3895] worker_thread+0x111b/0x2460 [ 327.708770][ T3895] kthread+0x4b5/0x4f0 [ 327.712853][ T3895] ret_from_fork+0x35/0x40 [ 327.717261][ T3895] [ 327.719598][ T3895] Bytes 2-15 of 16 are uninitialized [ 327.724882][ T3895] Memory access of size 16 starts at ffff8880a26ce670 [ 327.731635][ T3895] ================================================================== [ 327.739695][ T3895] Disabling lock debugging due to kernel taint [ 327.745850][ T3895] Kernel panic - not syncing: panic_on_warn set ... [ 327.752451][ T3895] CPU: 0 PID: 3895 Comm: kworker/0:2 Tainted: G B 5.3.0-rc3+ #17 [ 327.761477][ T3895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 327.771663][ T3895] Workqueue: usb_hub_wq hub_event [ 327.776693][ T3895] Call Trace: [ 327.780007][ T3895] dump_stack+0x191/0x1f0 [ 327.784369][ T3895] panic+0x3c9/0xc1e [ 327.788335][ T3895] kmsan_report+0x2ca/0x2d0 [ 327.803220][ T3895] kmsan_internal_check_memory+0x7be/0x8d0 [ 327.809089][ T3895] ? hub_event+0x581d/0x72f0 [ 327.813702][ T3895] ? process_one_work+0x1572/0x1ef0 [ 327.818919][ T3895] ? worker_thread+0x111b/0x2460 [ 327.823872][ T3895] ? kthread+0x4b5/0x4f0 [ 327.828157][ T3895] kmsan_handle_urb+0x28/0x40 [ 327.832950][ T3895] usb_submit_urb+0x7ef/0x1f50 [ 327.837776][ T3895] usb_start_wait_urb+0x143/0x410 [ 327.842851][ T3895] usb_control_msg+0x49f/0x7f0 [ 327.847664][ T3895] pcan_usb_pro_init+0x1319/0x1720 [ 327.852823][ T3895] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 327.858826][ T3895] ? pcan_usb_pro_probe+0x250/0x250 [ 327.864044][ T3895] peak_usb_probe+0x1416/0x1b20 [ 327.868958][ T3895] ? peak_usb_do_device_exit+0x240/0x240 [ 327.874617][ T3895] usb_probe_interface+0xd19/0x1310 [ 327.879862][ T3895] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 327.885872][ T3895] ? usb_register_driver+0x7d0/0x7d0 [ 327.891197][ T3895] really_probe+0x1373/0x1dc0 [ 327.895921][ T3895] driver_probe_device+0x1ba/0x510 [ 327.901080][ T3895] __device_attach_driver+0x5b8/0x790 [ 327.906490][ T3895] ? bus_for_each_drv+0x1d5/0x3b0 [ 327.911554][ T3895] bus_for_each_drv+0x28e/0x3b0 [ 327.916603][ T3895] ? deferred_probe_work_func+0x400/0x400 [ 327.922359][ T3895] __device_attach+0x489/0x750 [ 327.927167][ T3895] device_initial_probe+0x4a/0x60 [ 327.932217][ T3895] bus_probe_device+0x131/0x390 [ 327.937108][ T3895] device_add+0x25b5/0x2df0 [ 327.941674][ T3895] ? usb_set_configuration+0x3036/0x3710 [ 327.947347][ T3895] usb_set_configuration+0x309f/0x3710 [ 327.952873][ T3895] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 327.958994][ T3895] generic_probe+0xe7/0x280 [ 327.963518][ T3895] ? usb_probe_device+0x104/0x200 [ 327.968569][ T3895] ? usb_choose_configuration+0xae0/0xae0 [ 327.974317][ T3895] usb_probe_device+0x146/0x200 [ 327.979202][ T3895] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 327.985218][ T3895] ? usb_register_device_driver+0x470/0x470 [ 327.991142][ T3895] really_probe+0x1373/0x1dc0 [ 327.995869][ T3895] driver_probe_device+0x1ba/0x510 [ 328.001019][ T3895] __device_attach_driver+0x5b8/0x790 [ 328.006422][ T3895] ? bus_for_each_drv+0x1d5/0x3b0 [ 328.011474][ T3895] bus_for_each_drv+0x28e/0x3b0 [ 328.016341][ T3895] ? deferred_probe_work_func+0x400/0x400 [ 328.022101][ T3895] __device_attach+0x489/0x750 [ 328.026905][ T3895] device_initial_probe+0x4a/0x60 [ 328.031952][ T3895] bus_probe_device+0x131/0x390 [ 328.036835][ T3895] device_add+0x25b5/0x2df0 [ 328.041397][ T3895] usb_new_device+0x23e5/0x2fb0 [ 328.046311][ T3895] hub_event+0x581d/0x72f0 [ 328.050833][ T3895] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 328.056837][ T3895] ? led_work+0x720/0x720 [ 328.061188][ T3895] ? led_work+0x720/0x720 [ 328.065552][ T3895] process_one_work+0x1572/0x1ef0 [ 328.070656][ T3895] worker_thread+0x111b/0x2460 [ 328.075582][ T3895] kthread+0x4b5/0x4f0 [ 328.079673][ T3895] ? process_one_work+0x1ef0/0x1ef0 [ 328.085189][ T3895] ? kthread_blkcg+0xf0/0xf0 [ 328.089808][ T3895] ret_from_fork+0x35/0x40 [ 328.095343][ T3895] Kernel Offset: disabled [ 328.099696][ T3895] Rebooting in 86400 seconds..