[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 104.114208][ T31] audit: type=1800 audit(1564815435.167:25): pid=12448 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 104.152521][ T31] audit: type=1800 audit(1564815435.187:26): pid=12448 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 104.173201][ T31] audit: type=1800 audit(1564815435.197:27): pid=12448 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.68' (ECDSA) to the list of known hosts. 2019/08/03 06:57:28 fuzzer started 2019/08/03 06:57:34 dialing manager at 10.128.0.26:35097 2019/08/03 06:57:34 syscalls: 2367 2019/08/03 06:57:34 code coverage: enabled 2019/08/03 06:57:34 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/08/03 06:57:34 extra coverage: enabled 2019/08/03 06:57:34 setuid sandbox: enabled 2019/08/03 06:57:34 namespace sandbox: enabled 2019/08/03 06:57:34 Android sandbox: /sys/fs/selinux/policy does not exist 2019/08/03 06:57:34 fault injection: enabled 2019/08/03 06:57:34 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/08/03 06:57:34 net packet injection: enabled 2019/08/03 06:57:34 net device setup: enabled 07:00:48 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='loginuid\x00') sendfile(r0, r0, 0x0, 0xd4f) syzkaller login: [ 317.978551][T12614] IPVS: ftp: loaded support on port[0] = 21 [ 318.150575][T12614] chnl_net:caif_netlink_parms(): no params data found [ 318.217834][T12614] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.225136][T12614] bridge0: port 1(bridge_slave_0) entered disabled state [ 318.234093][T12614] device bridge_slave_0 entered promiscuous mode [ 318.244666][T12614] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.251873][T12614] bridge0: port 2(bridge_slave_1) entered disabled state [ 318.260851][T12614] device bridge_slave_1 entered promiscuous mode [ 318.299221][T12614] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 318.311855][T12614] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 318.350044][T12614] team0: Port device team_slave_0 added [ 318.360895][T12614] team0: Port device team_slave_1 added [ 318.528051][T12614] device hsr_slave_0 entered promiscuous mode [ 318.653672][T12614] device hsr_slave_1 entered promiscuous mode [ 318.939942][T12614] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.947285][T12614] bridge0: port 2(bridge_slave_1) entered forwarding state [ 318.955281][T12614] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.962540][T12614] bridge0: port 1(bridge_slave_0) entered forwarding state [ 319.063315][T12614] 8021q: adding VLAN 0 to HW filter on device bond0 [ 319.086849][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 319.100123][ T3358] bridge0: port 1(bridge_slave_0) entered disabled state [ 319.111603][ T3358] bridge0: port 2(bridge_slave_1) entered disabled state [ 319.123798][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 319.146377][T12614] 8021q: adding VLAN 0 to HW filter on device team0 [ 319.168173][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 319.178040][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 319.188905][ T3358] bridge0: port 1(bridge_slave_0) entered blocking state [ 319.196242][ T3358] bridge0: port 1(bridge_slave_0) entered forwarding state [ 319.212567][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 319.222274][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 319.231720][ T30] bridge0: port 2(bridge_slave_1) entered blocking state [ 319.239028][ T30] bridge0: port 2(bridge_slave_1) entered forwarding state [ 319.286343][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 319.297357][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 319.307884][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 319.318365][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 319.328490][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 319.338877][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 319.348847][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 319.358387][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 319.367864][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 319.378077][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 319.390554][ T30] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 319.404499][T12614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 319.454666][T12614] 8021q: adding VLAN 0 to HW filter on device batadv0 07:00:50 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000240)={'lo\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'lo\x00\x00\x00\x00\x04\x00\x00\x00\x00\x06\x00', 0xfd}) 07:00:51 executing program 0: socketpair$unix(0x1, 0x8000000000001, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) keyctl$update(0x2, 0x0, 0x0, 0xffffffffffffffdd) 07:00:51 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x40000000000009) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x400000000001, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) getpid() [ 320.182751][T12634] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 320.190169][T12634] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 320.234748][T12634] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 320.273193][T12636] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 320.364100][T12636] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:00:51 executing program 0: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001340)={{0x12, 0x1, 0x0, 0xed, 0x11, 0x5d, 0x40, 0x2001, 0x1a02, 0xf89b, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x69, 0x0, 0x0, 0x2e, 0x5d, 0x8b}}]}}]}}, 0x0) syz_usb_control_io(r0, &(0x7f0000002c00)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002f80)={0xcc, &(0x7f0000000700)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, &(0x7f0000000280)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000580)={0xcc, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, &(0x7f0000000380)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000001780)={0xcc, &(0x7f00000003c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000001000)={0x34, 0x0, 0x0, 0x0, &(0x7f0000000f40), &(0x7f0000000f80)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x0, 0x0, 0x0, 'N(~P', "0477ce46"}}, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) [ 320.793079][ T3358] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 321.163326][ T3358] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 321.171645][ T3358] usb 1-1: config 0 has no interface number 0 [ 321.178037][ T3358] usb 1-1: New USB device found, idVendor=2001, idProduct=1a02, bcdDevice=f8.9b [ 321.187278][ T3358] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.198898][ T3358] usb 1-1: config 0 descriptor?? [ 321.462869][ T3358] ================================================================== [ 321.471016][ T3358] BUG: KMSAN: uninit-value in ax88772_bind+0x93d/0x11e0 [ 321.477980][ T3358] CPU: 0 PID: 3358 Comm: kworker/0:2 Not tainted 5.2.0+ #15 [ 321.485277][ T3358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 321.495363][ T3358] Workqueue: usb_hub_wq hub_event [ 321.500404][ T3358] Call Trace: [ 321.503807][ T3358] dump_stack+0x191/0x1f0 [ 321.508201][ T3358] kmsan_report+0x162/0x2d0 [ 321.512855][ T3358] __msan_warning+0x75/0xe0 [ 321.517399][ T3358] ax88772_bind+0x93d/0x11e0 [ 321.522039][ T3358] ? ax88178_change_mtu+0x650/0x650 [ 321.527269][ T3358] usbnet_probe+0x10d3/0x3950 [ 321.531986][ T3358] ? kmsan_internal_memset_shadow+0x104/0x3a0 [ 321.538129][ T3358] ? usbnet_disconnect+0x660/0x660 [ 321.543289][ T3358] usb_probe_interface+0xd19/0x1310 [ 321.548555][ T3358] ? usb_register_driver+0x7d0/0x7d0 [ 321.553878][ T3358] really_probe+0x1344/0x1d90 [ 321.558621][ T3358] driver_probe_device+0x1ba/0x510 [ 321.563780][ T3358] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 321.569725][ T3358] __device_attach_driver+0x5b8/0x790 [ 321.575170][ T3358] bus_for_each_drv+0x28e/0x3b0 [ 321.580144][ T3358] ? deferred_probe_work_func+0x400/0x400 [ 321.585972][ T3358] __device_attach+0x489/0x750 [ 321.590813][ T3358] device_initial_probe+0x4a/0x60 [ 321.595893][ T3358] bus_probe_device+0x131/0x390 [ 321.600799][ T3358] device_add+0x25b5/0x2df0 [ 321.605386][ T3358] usb_set_configuration+0x309f/0x3710 07:00:52 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000200)=@broute={'broute\x00', 0x20, 0x2, 0x26c, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000440], 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000030000000000000000006970366772657461703000000000000069703667726530000000000000000000696662300000000e000000000000000076657468305f746f5f62726964676500aaaaaaaaaabb000000000000aaaaaaaaaa000000000000000000ac000000080100003001000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000009000000000000000200000000000000646e6174000000000000000000000000000000000000000000000000000000000c000000ed8faff475be0000ffffffff6d61726b0000000000000000000000000000000000000000000000000000000008000000f0fffffffefff0ff4e46515545554500000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000fcffffff010000001d00000000000000000065727370616e30000000000000000000627269646765300000000000000000007465716c30000000000000000000000065716c00000000000000000000000000ffffffffffff0000000000000180c200000000000000000000007000000070000000ac00000052415445455354000000000000000000000000000000000000000000000000001800000073797a3000"/620]}, 0x2e4) [ 321.611017][ T3358] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 321.617155][ T3358] generic_probe+0xe7/0x280 [ 321.621705][ T3358] ? usb_choose_configuration+0xae0/0xae0 [ 321.627477][ T3358] usb_probe_device+0x146/0x200 [ 321.632402][ T3358] ? usb_register_device_driver+0x470/0x470 [ 321.638348][ T3358] really_probe+0x1344/0x1d90 [ 321.643288][ T3358] driver_probe_device+0x1ba/0x510 [ 321.648462][ T3358] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 321.654406][ T3358] __device_attach_driver+0x5b8/0x790 [ 321.659856][ T3358] bus_for_each_drv+0x28e/0x3b0 [ 321.664759][ T3358] ? deferred_probe_work_func+0x400/0x400 [ 321.670540][ T3358] __device_attach+0x489/0x750 [ 321.675376][ T3358] device_initial_probe+0x4a/0x60 [ 321.680461][ T3358] bus_probe_device+0x131/0x390 [ 321.685378][ T3358] device_add+0x25b5/0x2df0 [ 321.689968][ T3358] usb_new_device+0x23e5/0x2fb0 [ 321.694928][ T3358] hub_event+0x5853/0x7320 [ 321.699495][ T3358] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 321.705428][ T3358] ? led_work+0x720/0x720 [ 321.709790][ T3358] ? led_work+0x720/0x720 [ 321.714256][ T3358] process_one_work+0x1572/0x1f00 [ 321.719357][ T3358] worker_thread+0x111b/0x2460 [ 321.724303][ T3358] kthread+0x4b5/0x4f0 [ 321.728402][ T3358] ? process_one_work+0x1f00/0x1f00 [ 321.733640][ T3358] ? kthread_blkcg+0xf0/0xf0 [ 321.738314][ T3358] ret_from_fork+0x35/0x40 [ 321.742758][ T3358] [ 321.745087][ T3358] Local variable description: ----buf@ax88772_bind [ 321.751583][ T3358] Variable was created at: [ 321.756018][ T3358] ax88772_bind+0x5f/0x11e0 [ 321.760529][ T3358] usbnet_probe+0x10d3/0x3950 [ 321.765205][ T3358] ================================================================== [ 321.773269][ T3358] Disabling lock debugging due to kernel taint [ 321.779448][ T3358] Kernel panic - not syncing: panic_on_warn set ... [ 321.786081][ T3358] CPU: 0 PID: 3358 Comm: kworker/0:2 Tainted: G B 5.2.0+ #15 [ 321.794762][ T3358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 321.804860][ T3358] Workqueue: usb_hub_wq hub_event [ 321.809898][ T3358] Call Trace: [ 321.813219][ T3358] dump_stack+0x191/0x1f0 [ 321.817583][ T3358] panic+0x3c9/0xc1e [ 321.821560][ T3358] kmsan_report+0x2ca/0x2d0 [ 321.826094][ T3358] __msan_warning+0x75/0xe0 [ 321.830620][ T3358] ax88772_bind+0x93d/0x11e0 [ 321.835242][ T3358] ? ax88178_change_mtu+0x650/0x650 [ 321.840454][ T3358] usbnet_probe+0x10d3/0x3950 [ 321.845167][ T3358] ? kmsan_internal_memset_shadow+0x104/0x3a0 [ 321.851300][ T3358] ? usbnet_disconnect+0x660/0x660 [ 321.856439][ T3358] usb_probe_interface+0xd19/0x1310 [ 321.861676][ T3358] ? usb_register_driver+0x7d0/0x7d0 [ 321.866991][ T3358] really_probe+0x1344/0x1d90 [ 321.871709][ T3358] driver_probe_device+0x1ba/0x510 [ 321.876850][ T3358] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 321.882770][ T3358] __device_attach_driver+0x5b8/0x790 [ 321.888185][ T3358] bus_for_each_drv+0x28e/0x3b0 [ 321.893064][ T3358] ? deferred_probe_work_func+0x400/0x400 [ 321.898818][ T3358] __device_attach+0x489/0x750 [ 321.903627][ T3358] device_initial_probe+0x4a/0x60 [ 321.908696][ T3358] bus_probe_device+0x131/0x390 [ 321.913583][ T3358] device_add+0x25b5/0x2df0 [ 321.918148][ T3358] usb_set_configuration+0x309f/0x3710 [ 321.923852][ T3358] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 321.929972][ T3358] generic_probe+0xe7/0x280 [ 321.934519][ T3358] ? usb_choose_configuration+0xae0/0xae0 [ 321.940268][ T3358] usb_probe_device+0x146/0x200 [ 321.945157][ T3358] ? usb_register_device_driver+0x470/0x470 [ 321.951088][ T3358] really_probe+0x1344/0x1d90 [ 321.955824][ T3358] driver_probe_device+0x1ba/0x510 [ 321.960975][ T3358] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 321.966914][ T3358] __device_attach_driver+0x5b8/0x790 [ 321.972341][ T3358] bus_for_each_drv+0x28e/0x3b0 [ 321.977232][ T3358] ? deferred_probe_work_func+0x400/0x400 [ 321.982997][ T3358] __device_attach+0x489/0x750 [ 321.987808][ T3358] device_initial_probe+0x4a/0x60 [ 321.992868][ T3358] bus_probe_device+0x131/0x390 [ 321.997758][ T3358] device_add+0x25b5/0x2df0 [ 322.002324][ T3358] usb_new_device+0x23e5/0x2fb0 [ 322.007286][ T3358] hub_event+0x5853/0x7320 [ 322.011810][ T3358] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 322.017735][ T3358] ? led_work+0x720/0x720 [ 322.022092][ T3358] ? led_work+0x720/0x720 [ 322.026453][ T3358] process_one_work+0x1572/0x1f00 [ 322.031632][ T3358] worker_thread+0x111b/0x2460 [ 322.036479][ T3358] kthread+0x4b5/0x4f0 [ 322.040574][ T3358] ? process_one_work+0x1f00/0x1f00 [ 322.045813][ T3358] ? kthread_blkcg+0xf0/0xf0 [ 322.050434][ T3358] ret_from_fork+0x35/0x40 [ 322.055945][ T3358] Kernel Offset: disabled [ 322.060298][ T3358] Rebooting in 86400 seconds..