[ 99.004200][T11778] rsyslog (11778) used greatest stack depth: 53608 bytes left [ 99.015583][ T30] audit: type=1800 audit(1563818281.063:25): pid=11775 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 99.039304][ T30] audit: type=1800 audit(1563818281.093:26): pid=11775 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 99.078718][ T30] audit: type=1800 audit(1563818281.113:27): pid=11775 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.171' (ECDSA) to the list of known hosts. 2019/07/22 17:58:16 fuzzer started 2019/07/22 17:58:22 dialing manager at 10.128.0.26:42295 2019/07/22 17:58:22 syscalls: 2350 2019/07/22 17:58:22 code coverage: enabled 2019/07/22 17:58:22 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/07/22 17:58:22 extra coverage: enabled 2019/07/22 17:58:22 setuid sandbox: enabled 2019/07/22 17:58:22 namespace sandbox: enabled 2019/07/22 17:58:22 Android sandbox: /sys/fs/selinux/policy does not exist 2019/07/22 17:58:22 fault injection: enabled 2019/07/22 17:58:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/07/22 17:58:22 net packet injection: enabled 2019/07/22 17:58:22 net device setup: enabled 18:01:42 executing program 0: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xc9, 0x90, 0x4f, 0x8, 0x4bb, 0x930, 0xd24a, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x98, 0x0, 0x0, 0xd3, 0x4, 0xe8}}]}}]}}, 0x0) syz_usb_control_io(r0, &(0x7f0000000200)={0x34, 0x0, 0x0, &(0x7f0000000840)={0x0, 0x22, 0x5}, 0x0, 0x0, 0x0}, &(0x7f0000000c80)={0x54, &(0x7f0000000a40)={0x20}, 0x0, &(0x7f0000000380)={0x20, 0xa, 0x1}, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x20, 0x0, 0x4}}) syz_usb_control_io(r0, &(0x7f0000002500)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000005ec0)={0x54, &(0x7f0000001a80), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, &(0x7f00000002c0)={0x34, 0x0, 0x0, &(0x7f00000001c0), 0x0, 0x0, 0x0}, 0x0) syzkaller login: [ 320.797270][T11940] IPVS: ftp: loaded support on port[0] = 21 [ 320.969124][T11940] chnl_net:caif_netlink_parms(): no params data found [ 321.033652][T11940] bridge0: port 1(bridge_slave_0) entered blocking state [ 321.040860][T11940] bridge0: port 1(bridge_slave_0) entered disabled state [ 321.049875][T11940] device bridge_slave_0 entered promiscuous mode [ 321.060948][T11940] bridge0: port 2(bridge_slave_1) entered blocking state [ 321.068238][T11940] bridge0: port 2(bridge_slave_1) entered disabled state [ 321.077223][T11940] device bridge_slave_1 entered promiscuous mode [ 321.115665][T11940] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 321.128177][T11940] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 321.164438][T11940] team0: Port device team_slave_0 added [ 321.174653][T11940] team0: Port device team_slave_1 added [ 321.268112][T11940] device hsr_slave_0 entered promiscuous mode [ 321.523315][T11940] device hsr_slave_1 entered promiscuous mode [ 321.679677][T11940] bridge0: port 2(bridge_slave_1) entered blocking state [ 321.686982][T11940] bridge0: port 2(bridge_slave_1) entered forwarding state [ 321.694948][T11940] bridge0: port 1(bridge_slave_0) entered blocking state [ 321.702230][T11940] bridge0: port 1(bridge_slave_0) entered forwarding state [ 321.807649][T11940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 321.831594][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 321.844520][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 321.855717][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 321.868504][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 321.890579][T11940] 8021q: adding VLAN 0 to HW filter on device team0 [ 321.911146][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 321.920337][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 321.927598][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 321.975650][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 321.985710][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 321.992979][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 322.004081][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 322.018690][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 322.030812][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 322.041000][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 322.069395][T11940] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 322.080416][T11940] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 322.094763][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 322.104200][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 322.114154][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 322.123834][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 322.142278][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 322.177779][T11940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 322.592534][ T5] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 322.832647][ T5] usb 1-1: Using ep0 maxpacket: 8 [ 322.952750][ T5] usb 1-1: config 0 has an invalid interface number: 152 but max is 0 [ 322.961124][ T5] usb 1-1: config 0 has no interface number 0 [ 322.967461][ T5] usb 1-1: New USB device found, idVendor=04bb, idProduct=0930, bcdDevice=d2.4a [ 322.977124][ T5] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 322.992491][ T5] usb 1-1: config 0 descriptor?? [ 323.252167][ T5] ================================================================== [ 323.260872][ T5] BUG: KMSAN: uninit-value in ax88178_bind+0x635/0xad0 [ 323.267739][ T5] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.2.0+ #15 [ 323.274762][ T5] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 323.284885][ T5] Workqueue: usb_hub_wq hub_event [ 323.289921][ T5] Call Trace: [ 323.293306][ T5] dump_stack+0x191/0x1f0 [ 323.297739][ T5] kmsan_report+0x162/0x2d0 [ 323.302277][ T5] __msan_warning+0x75/0xe0 [ 323.306804][ T5] ax88178_bind+0x635/0xad0 [ 323.311351][ T5] ? asix_get_link+0x60/0x60 [ 323.315984][ T5] usbnet_probe+0x10d3/0x3950 [ 323.320690][ T5] ? kmsan_internal_memset_shadow+0x104/0x3a0 [ 323.326815][ T5] ? usbnet_disconnect+0x660/0x660 [ 323.331952][ T5] usb_probe_interface+0xd19/0x1310 [ 323.337217][ T5] ? usb_register_driver+0x7d0/0x7d0 [ 323.342631][ T5] really_probe+0x1344/0x1d90 [ 323.347359][ T5] driver_probe_device+0x1ba/0x510 [ 323.352492][ T5] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 323.358412][ T5] __device_attach_driver+0x5b8/0x790 [ 323.363828][ T5] bus_for_each_drv+0x28e/0x3b0 [ 323.368695][ T5] ? deferred_probe_work_func+0x400/0x400 [ 323.374472][ T5] __device_attach+0x489/0x750 [ 323.379308][ T5] device_initial_probe+0x4a/0x60 [ 323.384379][ T5] bus_probe_device+0x131/0x390 [ 323.389266][ T5] device_add+0x25b5/0x2df0 [ 323.393836][ T5] usb_set_configuration+0x309f/0x3710 [ 323.399360][ T5] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 323.405505][ T5] generic_probe+0xe7/0x280 [ 323.410033][ T5] ? usb_choose_configuration+0xae0/0xae0 [ 323.415799][ T5] usb_probe_device+0x146/0x200 [ 323.420677][ T5] ? usb_register_device_driver+0x470/0x470 [ 323.426586][ T5] really_probe+0x1344/0x1d90 [ 323.431310][ T5] driver_probe_device+0x1ba/0x510 [ 323.436441][ T5] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 323.442363][ T5] __device_attach_driver+0x5b8/0x790 [ 323.447779][ T5] bus_for_each_drv+0x28e/0x3b0 [ 323.452648][ T5] ? deferred_probe_work_func+0x400/0x400 [ 323.458396][ T5] __device_attach+0x489/0x750 [ 323.463197][ T5] device_initial_probe+0x4a/0x60 [ 323.468245][ T5] bus_probe_device+0x131/0x390 [ 323.473131][ T5] device_add+0x25b5/0x2df0 [ 323.477690][ T5] usb_new_device+0x23e5/0x2fb0 [ 323.482606][ T5] hub_event+0x5853/0x7320 [ 323.487130][ T5] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 323.493034][ T5] ? led_work+0x720/0x720 [ 323.497376][ T5] ? led_work+0x720/0x720 [ 323.501782][ T5] process_one_work+0x1572/0x1f00 [ 323.506863][ T5] worker_thread+0x111b/0x2460 [ 323.511714][ T5] kthread+0x4b5/0x4f0 [ 323.515795][ T5] ? process_one_work+0x1f00/0x1f00 [ 323.521021][ T5] ? kthread_blkcg+0xf0/0xf0 [ 323.525661][ T5] ret_from_fork+0x35/0x40 [ 323.530103][ T5] [ 323.532434][ T5] Local variable description: ----buf@ax88178_bind [ 323.538931][ T5] Variable was created at: [ 323.543362][ T5] ax88178_bind+0x60/0xad0 [ 323.547785][ T5] usbnet_probe+0x10d3/0x3950 [ 323.552459][ T5] ================================================================== [ 323.560514][ T5] Disabling lock debugging due to kernel taint [ 323.566668][ T5] Kernel panic - not syncing: panic_on_warn set ... [ 323.573264][ T5] CPU: 0 PID: 5 Comm: kworker/0:0 Tainted: G B 5.2.0+ #15 [ 323.581677][ T5] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 323.591746][ T5] Workqueue: usb_hub_wq hub_event [ 323.596772][ T5] Call Trace: [ 323.600079][ T5] dump_stack+0x191/0x1f0 [ 323.604492][ T5] panic+0x3c9/0xc1e [ 323.608459][ T5] kmsan_report+0x2ca/0x2d0 [ 323.612988][ T5] __msan_warning+0x75/0xe0 [ 323.617524][ T5] ax88178_bind+0x635/0xad0 [ 323.622097][ T5] ? asix_get_link+0x60/0x60 [ 323.626729][ T5] usbnet_probe+0x10d3/0x3950 [ 323.631436][ T5] ? kmsan_internal_memset_shadow+0x104/0x3a0 [ 323.637550][ T5] ? usbnet_disconnect+0x660/0x660 [ 323.642679][ T5] usb_probe_interface+0xd19/0x1310 [ 323.647914][ T5] ? usb_register_driver+0x7d0/0x7d0 [ 323.653215][ T5] really_probe+0x1344/0x1d90 [ 323.657931][ T5] driver_probe_device+0x1ba/0x510 [ 323.663072][ T5] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 323.669004][ T5] __device_attach_driver+0x5b8/0x790 [ 323.674423][ T5] bus_for_each_drv+0x28e/0x3b0 [ 323.679294][ T5] ? deferred_probe_work_func+0x400/0x400 [ 323.685041][ T5] __device_attach+0x489/0x750 [ 323.689847][ T5] device_initial_probe+0x4a/0x60 [ 323.694887][ T5] bus_probe_device+0x131/0x390 [ 323.699767][ T5] device_add+0x25b5/0x2df0 [ 323.704338][ T5] usb_set_configuration+0x309f/0x3710 [ 323.709861][ T5] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 323.715978][ T5] generic_probe+0xe7/0x280 [ 323.720498][ T5] ? usb_choose_configuration+0xae0/0xae0 [ 323.726235][ T5] usb_probe_device+0x146/0x200 [ 323.731138][ T5] ? usb_register_device_driver+0x470/0x470 [ 323.737049][ T5] really_probe+0x1344/0x1d90 [ 323.741760][ T5] driver_probe_device+0x1ba/0x510 [ 323.746895][ T5] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 323.752817][ T5] __device_attach_driver+0x5b8/0x790 [ 323.758232][ T5] bus_for_each_drv+0x28e/0x3b0 [ 323.763099][ T5] ? deferred_probe_work_func+0x400/0x400 [ 323.768843][ T5] __device_attach+0x489/0x750 [ 323.773646][ T5] device_initial_probe+0x4a/0x60 [ 323.778690][ T5] bus_probe_device+0x131/0x390 [ 323.783568][ T5] device_add+0x25b5/0x2df0 [ 323.788133][ T5] usb_new_device+0x23e5/0x2fb0 [ 323.793037][ T5] hub_event+0x5853/0x7320 [ 323.797559][ T5] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 323.803470][ T5] ? led_work+0x720/0x720 [ 323.807813][ T5] ? led_work+0x720/0x720 [ 323.812158][ T5] process_one_work+0x1572/0x1f00 [ 323.817233][ T5] worker_thread+0x111b/0x2460 [ 323.822062][ T5] kthread+0x4b5/0x4f0 [ 323.826146][ T5] ? process_one_work+0x1f00/0x1f00 [ 323.831369][ T5] ? kthread_blkcg+0xf0/0xf0 [ 323.835974][ T5] ret_from_fork+0x35/0x40 [ 323.841446][ T5] Kernel Offset: disabled [ 323.845774][ T5] Rebooting in 86400 seconds..