[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 98.588904][ T30] audit: type=1800 audit(1562023978.638:25): pid=12900 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 98.614458][ T30] audit: type=1800 audit(1562023978.668:26): pid=12900 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 98.652024][ T30] audit: type=1800 audit(1562023978.698:27): pid=12900 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.29' (ECDSA) to the list of known hosts. 2019/07/01 23:33:13 fuzzer started 2019/07/01 23:33:19 dialing manager at 10.128.0.26:37509 2019/07/01 23:33:19 syscalls: 2347 2019/07/01 23:33:19 code coverage: enabled 2019/07/01 23:33:19 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/07/01 23:33:19 extra coverage: enabled 2019/07/01 23:33:19 setuid sandbox: enabled 2019/07/01 23:33:19 namespace sandbox: enabled 2019/07/01 23:33:19 Android sandbox: /sys/fs/selinux/policy does not exist 2019/07/01 23:33:19 fault injection: enabled 2019/07/01 23:33:19 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/07/01 23:33:19 net packet injection: enabled 2019/07/01 23:33:19 net device setup: enabled 23:36:28 executing program 0: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0) write$selinux_attr(r0, 0x0, 0x0) syzkaller login: [ 309.265721][T13063] IPVS: ftp: loaded support on port[0] = 21 [ 309.414209][T13063] chnl_net:caif_netlink_parms(): no params data found [ 309.476326][T13063] bridge0: port 1(bridge_slave_0) entered blocking state [ 309.483761][T13063] bridge0: port 1(bridge_slave_0) entered disabled state [ 309.493028][T13063] device bridge_slave_0 entered promiscuous mode [ 309.503925][T13063] bridge0: port 2(bridge_slave_1) entered blocking state [ 309.511201][T13063] bridge0: port 2(bridge_slave_1) entered disabled state [ 309.520286][T13063] device bridge_slave_1 entered promiscuous mode [ 309.571093][T13063] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 309.583744][T13063] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 309.617917][T13063] team0: Port device team_slave_0 added [ 309.627466][T13063] team0: Port device team_slave_1 added [ 309.716846][T13063] device hsr_slave_0 entered promiscuous mode [ 309.762565][T13063] device hsr_slave_1 entered promiscuous mode [ 309.983719][T13063] bridge0: port 2(bridge_slave_1) entered blocking state [ 309.991064][T13063] bridge0: port 2(bridge_slave_1) entered forwarding state [ 309.998898][T13063] bridge0: port 1(bridge_slave_0) entered blocking state [ 310.006276][T13063] bridge0: port 1(bridge_slave_0) entered forwarding state [ 310.089536][T13063] 8021q: adding VLAN 0 to HW filter on device bond0 [ 310.111212][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 310.123165][ T3002] bridge0: port 1(bridge_slave_0) entered disabled state [ 310.133995][ T3002] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.147246][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 310.168710][T13063] 8021q: adding VLAN 0 to HW filter on device team0 [ 310.187176][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 310.196817][ T3002] bridge0: port 1(bridge_slave_0) entered blocking state [ 310.204172][ T3002] bridge0: port 1(bridge_slave_0) entered forwarding state [ 310.258293][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 310.267443][ T3002] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.274778][ T3002] bridge0: port 2(bridge_slave_1) entered forwarding state [ 310.285208][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 310.295284][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 310.304923][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 310.324500][T13063] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 310.338168][T13063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 310.372766][T13063] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 310.439051][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 310.448060][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 23:36:30 executing program 0: mknod(&(0x7f0000000040)='./bus\x00', 0x800080008002, 0x5bc9) r0 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0) ioctl$FIONREAD(r0, 0x4004667f, 0x0) 23:36:30 executing program 0: r0 = memfd_create(&(0x7f0000000040)='\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00', 0x0) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="7f454c46000000000000000000aab40003003e"], 0x13) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 23:36:30 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3000005, 0x31, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) clone(0x2000000000003ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000040)=ANY=[]) 23:36:31 executing program 0: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = epoll_create1(0x0) r2 = epoll_create1(0x0) dup2(r0, r1) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)) ppoll(&(0x7f0000000200)=[{r2}], 0x1, 0x0, 0x0, 0x0) [ 310.905422][T13083] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 23:36:31 executing program 0: syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x7c, 0x55, 0xa9, 0x10, 0x586, 0x102, 0xa341, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xb8, 0x0, 0x1, 0xe5, 0x4b, 0xe, 0x0, [], [{{0x9, 0x5, 0x8f, 0x1}}]}}]}}]}}, 0x0) [ 312.162450][ T3002] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 312.402367][ T3002] usb 1-1: Using ep0 maxpacket: 16 [ 312.532626][ T3002] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 312.540981][ T3002] usb 1-1: config 0 has no interface number 0 [ 312.547295][ T3002] usb 1-1: config 0 interface 184 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 312.558539][ T3002] usb 1-1: New USB device found, idVendor=0586, idProduct=0102, bcdDevice=a3.41 [ 312.567692][ T3002] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.583105][ T3002] usb 1-1: config 0 descriptor?? [ 312.627621][ T3002] ================================================================== [ 312.635754][ T3002] BUG: KMSAN: uninit-value in hfcsusb_probe+0xf46/0x4db0 [ 312.642798][ T3002] CPU: 1 PID: 3002 Comm: kworker/1:2 Not tainted 5.2.0-rc4+ #7 [ 312.650348][ T3002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 312.660429][ T3002] Workqueue: usb_hub_wq hub_event [ 312.665463][ T3002] Call Trace: [ 312.668833][ T3002] dump_stack+0x191/0x1f0 [ 312.673196][ T3002] kmsan_report+0x162/0x2d0 [ 312.677728][ T3002] __msan_warning+0x75/0xe0 [ 312.682258][ T3002] hfcsusb_probe+0xf46/0x4db0 [ 312.687011][ T3002] ? l1oip_4bit_alloc+0x780/0x780 [ 312.692054][ T3002] ? l1oip_4bit_alloc+0x780/0x780 [ 312.697104][ T3002] usb_probe_interface+0xd19/0x1310 [ 312.702341][ T3002] ? usb_register_driver+0x7d0/0x7d0 [ 312.707661][ T3002] really_probe+0x1344/0x1d90 [ 312.712386][ T3002] driver_probe_device+0x1ba/0x510 [ 312.717534][ T3002] ? kmsan_get_shadow_origin_ptr+0x71/0x470 23:36:32 executing program 1: r0 = getpgrp(0x0) ptrace$setregset(0x4205, r0, 0x201, &(0x7f0000000040)={&(0x7f0000000000)="191ea9e2698d15d83a8a593e3df827", 0xf}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x80, 0x40) ioctl$NBD_SET_SIZE(r1, 0xab02, 0x6) prctl$PR_SET_DUMPABLE(0x4, 0x1) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r2, 0x0, 0x70bd2b, 0x25dfdbfc, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(r1, 0x8905, &(0x7f0000000200)) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000240)={'veth0_to_team\x00', 0x400}) fcntl$setstatus(r1, 0x4, 0x46000) clock_getres(0x3, &(0x7f0000000280)) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r1, 0x0, 0x4e, 0xa5, &(0x7f00000002c0)="a469052c3bb954299444b5e4f159b66c938851d866537a246ad2c51326e29e7b1455bbf2b3cdfd24b0d67a3d2490ece7f612717be58cfb0d2f975c9981f5b3b8e9208b6696fe4f4361d610026bd7", &(0x7f0000000340)=""/165, 0x41}, 0x28) ioctl$RNDZAPENTCNT(r1, 0x5204, &(0x7f0000000440)=0xf71) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000480)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$DRM_IOCTL_AGP_RELEASE(r1, 0x6431) stat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000640)={r0, r4, r5}, 0xc) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000680)={0x0, @in={{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xa}}}, 0x7fff, 0x4e29}, &(0x7f0000000740)=0x90) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000780)={0xb0f3, 0x8002, 0xffff, 0x800, r6}, &(0x7f00000007c0)=0x10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000800)={r6, 0x7ff, 0xffffffff00000000, 0x3, 0x6857, 0x1f2a21ab}, 0x14) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r3, &(0x7f0000000840)={0x2}) r7 = openat$random(0xffffffffffffff9c, &(0x7f0000000880)='/dev/urandom\x00', 0x200c01, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r1, 0x40505331, &(0x7f00000008c0)={{0x3ff, 0x81}, {0x4, 0x80}, 0x1, 0x6, 0x80000000}) ioctl$VIDIOC_G_INPUT(r1, 0x80045626, &(0x7f0000000940)) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r1, 0x40a85321, &(0x7f0000000980)={{0x4, 0x3}, 'port1\x00', 0x8a, 0x10, 0x437f, 0x0, 0x7, 0x1, 0x100, 0x0, 0x3, 0x7}) write$tun(r7, &(0x7f0000000a40)={@void, @void, @mpls={[{0x80, 0x0, 0xfffffffffffff801}, {0x88ec}, {0x9, 0x0, 0x4}, {0x7, 0x0, 0x7fffffff}, {0x0, 0x0, 0x276}], @llc={@llc={0x2, 0xbc, "ae", "dab63ebef3af225874e22aab73fc043a8953aefc65c72ae06873f913befeac9cc73d91fa93794cc78867e908f2815091fde8af0f1f658ded8d4852b5dba62682e40944369e19b64bd776fc8f4e820f878e0cd7ff791ff1992e21db106f48661b639c2f"}}}}, 0x7a) ioctl$TIOCGPTLCK(r1, 0x80045439, &(0x7f0000000ac0)) setsockopt$inet6_udp_int(r1, 0x11, 0xb, &(0x7f0000000b00)=0x100000000, 0x4) ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x1) [ 312.723458][ T3002] __device_attach_driver+0x5b8/0x790 [ 312.728876][ T3002] bus_for_each_drv+0x28e/0x3b0 [ 312.733743][ T3002] ? deferred_probe_work_func+0x400/0x400 [ 312.739502][ T3002] __device_attach+0x489/0x750 [ 312.744310][ T3002] device_initial_probe+0x4a/0x60 [ 312.749362][ T3002] bus_probe_device+0x131/0x390 [ 312.754251][ T3002] device_add+0x25b5/0x2df0 [ 312.758821][ T3002] usb_set_configuration+0x309f/0x3710 [ 312.764376][ T3002] generic_probe+0xe7/0x280 [ 312.768916][ T3002] ? usb_choose_configuration+0xae0/0xae0 [ 312.774664][ T3002] usb_probe_device+0x146/0x200 [ 312.779545][ T3002] ? usb_register_device_driver+0x470/0x470 [ 312.785479][ T3002] really_probe+0x1344/0x1d90 [ 312.790200][ T3002] driver_probe_device+0x1ba/0x510 [ 312.795338][ T3002] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 312.801265][ T3002] __device_attach_driver+0x5b8/0x790 [ 312.806699][ T3002] bus_for_each_drv+0x28e/0x3b0 [ 312.811581][ T3002] ? deferred_probe_work_func+0x400/0x400 [ 312.817343][ T3002] __device_attach+0x489/0x750 [ 312.822153][ T3002] device_initial_probe+0x4a/0x60 [ 312.827202][ T3002] bus_probe_device+0x131/0x390 [ 312.832087][ T3002] device_add+0x25b5/0x2df0 [ 312.836661][ T3002] usb_new_device+0x23e5/0x2fb0 [ 312.841564][ T3002] hub_event+0x5853/0x7320 [ 312.846076][ T3002] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 312.851982][ T3002] ? led_work+0x720/0x720 [ 312.856317][ T3002] ? led_work+0x720/0x720 [ 312.860663][ T3002] process_one_work+0x1572/0x1f00 [ 312.865741][ T3002] worker_thread+0x111b/0x2460 [ 312.870556][ T3002] kthread+0x4b5/0x4f0 [ 312.874633][ T3002] ? process_one_work+0x1f00/0x1f00 [ 312.879857][ T3002] ? kthread_blkcg+0xf0/0xf0 [ 312.884527][ T3002] ret_from_fork+0x35/0x40 [ 312.888970][ T3002] [ 312.891303][ T3002] Local variable description: ----bookmark@__wake_up_common_lock [ 312.899016][ T3002] Variable was created at: [ 312.903447][ T3002] __wake_up_common_lock+0xa2/0x3a0 [ 312.908665][ T3002] __wake_up_sync_key+0xcf/0x120 [ 312.913600][ T3002] ================================================================== [ 312.921670][ T3002] Disabling lock debugging due to kernel taint [ 312.927833][ T3002] Kernel panic - not syncing: panic_on_warn set ... [ 312.934622][ T3002] CPU: 1 PID: 3002 Comm: kworker/1:2 Tainted: G B 5.2.0-rc4+ #7 [ 312.943555][ T3002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 312.953630][ T3002] Workqueue: usb_hub_wq hub_event [ 312.958660][ T3002] Call Trace: [ 312.961968][ T3002] dump_stack+0x191/0x1f0 [ 312.966328][ T3002] panic+0x3c9/0xc1e [ 312.970299][ T3002] kmsan_report+0x2ca/0x2d0 [ 312.974847][ T3002] __msan_warning+0x75/0xe0 [ 312.979388][ T3002] hfcsusb_probe+0xf46/0x4db0 [ 312.984158][ T3002] ? l1oip_4bit_alloc+0x780/0x780 [ 312.989208][ T3002] ? l1oip_4bit_alloc+0x780/0x780 [ 312.994260][ T3002] usb_probe_interface+0xd19/0x1310 [ 312.999496][ T3002] ? usb_register_driver+0x7d0/0x7d0 [ 313.004820][ T3002] really_probe+0x1344/0x1d90 [ 313.009531][ T3002] driver_probe_device+0x1ba/0x510 [ 313.014662][ T3002] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 313.020581][ T3002] __device_attach_driver+0x5b8/0x790 [ 313.025995][ T3002] bus_for_each_drv+0x28e/0x3b0 [ 313.030857][ T3002] ? deferred_probe_work_func+0x400/0x400 [ 313.036602][ T3002] __device_attach+0x489/0x750 [ 313.041412][ T3002] device_initial_probe+0x4a/0x60 [ 313.046457][ T3002] bus_probe_device+0x131/0x390 [ 313.051333][ T3002] device_add+0x25b5/0x2df0 [ 313.055885][ T3002] usb_set_configuration+0x309f/0x3710 [ 313.061431][ T3002] generic_probe+0xe7/0x280 [ 313.065967][ T3002] ? usb_choose_configuration+0xae0/0xae0 [ 313.071716][ T3002] usb_probe_device+0x146/0x200 [ 313.076591][ T3002] ? usb_register_device_driver+0x470/0x470 [ 313.082596][ T3002] really_probe+0x1344/0x1d90 [ 313.094958][ T3002] driver_probe_device+0x1ba/0x510 [ 313.100091][ T3002] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 313.106010][ T3002] __device_attach_driver+0x5b8/0x790 [ 313.111418][ T3002] bus_for_each_drv+0x28e/0x3b0 [ 313.116281][ T3002] ? deferred_probe_work_func+0x400/0x400 [ 313.122025][ T3002] __device_attach+0x489/0x750 [ 313.126816][ T3002] device_initial_probe+0x4a/0x60 [ 313.131857][ T3002] bus_probe_device+0x131/0x390 [ 313.136737][ T3002] device_add+0x25b5/0x2df0 [ 313.141284][ T3002] usb_new_device+0x23e5/0x2fb0 [ 313.146184][ T3002] hub_event+0x5853/0x7320 [ 313.150697][ T3002] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 313.156610][ T3002] ? led_work+0x720/0x720 [ 313.161452][ T3002] ? led_work+0x720/0x720 [ 313.165801][ T3002] process_one_work+0x1572/0x1f00 [ 313.170872][ T3002] worker_thread+0x111b/0x2460 [ 313.175692][ T3002] kthread+0x4b5/0x4f0 [ 313.179773][ T3002] ? process_one_work+0x1f00/0x1f00 [ 313.184991][ T3002] ? kthread_blkcg+0xf0/0xf0 [ 313.189591][ T3002] ret_from_fork+0x35/0x40 [ 313.195072][ T3002] Kernel Offset: disabled [ 313.199404][ T3002] Rebooting in 86400 seconds..