[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 112.253953][ T32] audit: type=1800 audit(1565611600.304:25): pid=12523 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 112.279400][ T32] audit: type=1800 audit(1565611600.324:26): pid=12523 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 112.319034][ T32] audit: type=1800 audit(1565611600.354:27): pid=12523 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.243' (ECDSA) to the list of known hosts. 2019/08/12 12:06:53 fuzzer started 2019/08/12 12:07:00 dialing manager at 10.128.0.26:33059 2019/08/12 12:07:00 syscalls: 2374 2019/08/12 12:07:00 code coverage: enabled 2019/08/12 12:07:00 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/08/12 12:07:00 extra coverage: enabled 2019/08/12 12:07:00 setuid sandbox: enabled 2019/08/12 12:07:00 namespace sandbox: enabled 2019/08/12 12:07:00 Android sandbox: /sys/fs/selinux/policy does not exist 2019/08/12 12:07:00 fault injection: enabled 2019/08/12 12:07:00 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/08/12 12:07:00 net packet injection: enabled 2019/08/12 12:07:00 net device setup: enabled 12:10:21 executing program 0: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000bc0)={{0x12, 0x1, 0x0, 0xeb, 0x8d, 0xe1, 0x2008, 0x7a69, 0x1, 0x1936, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x9b, 0xe1, 0x36}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000940)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000f40)={0xb4, &(0x7f0000000980)={0x0, 0x0, 0x1, "cf"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000d40)={0x40, 0xf, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syzkaller login: [ 334.168216][T12688] IPVS: ftp: loaded support on port[0] = 21 [ 334.372880][T12688] chnl_net:caif_netlink_parms(): no params data found [ 334.447262][T12688] bridge0: port 1(bridge_slave_0) entered blocking state [ 334.454722][T12688] bridge0: port 1(bridge_slave_0) entered disabled state [ 334.464217][T12688] device bridge_slave_0 entered promiscuous mode [ 334.475986][T12688] bridge0: port 2(bridge_slave_1) entered blocking state [ 334.483489][T12688] bridge0: port 2(bridge_slave_1) entered disabled state [ 334.492804][T12688] device bridge_slave_1 entered promiscuous mode [ 334.535581][T12688] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 334.550022][T12688] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 334.593319][T12688] team0: Port device team_slave_0 added [ 334.604142][T12688] team0: Port device team_slave_1 added [ 334.708408][T12688] device hsr_slave_0 entered promiscuous mode [ 334.973050][T12688] device hsr_slave_1 entered promiscuous mode [ 335.041511][T12688] bridge0: port 2(bridge_slave_1) entered blocking state [ 335.048981][T12688] bridge0: port 2(bridge_slave_1) entered forwarding state [ 335.057121][T12688] bridge0: port 1(bridge_slave_0) entered blocking state [ 335.064509][T12688] bridge0: port 1(bridge_slave_0) entered forwarding state [ 335.175994][T12688] 8021q: adding VLAN 0 to HW filter on device bond0 [ 335.201457][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 335.216165][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 335.226745][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 335.243291][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 335.269840][T12688] 8021q: adding VLAN 0 to HW filter on device team0 [ 335.292764][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 335.303998][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 335.311254][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 335.362635][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 335.373765][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 335.381022][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 335.392622][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 335.406918][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 335.421012][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 335.431845][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 335.458581][T12688] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 335.469532][T12688] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 335.485009][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 335.495040][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 335.505683][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 335.516542][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 335.528065][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 335.580441][T12688] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 336.034190][T12691] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 336.282879][T12691] usb 1-1: Using ep0 maxpacket: 8 [ 336.402936][T12691] usb 1-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=19.36 [ 336.412225][T12691] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 336.425206][T12691] usb 1-1: config 0 descriptor?? [ 336.471000][T12691] usb 1-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state 12:10:25 executing program 1: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000bc0)={{0x12, 0x1, 0x0, 0xeb, 0x8d, 0xe1, 0x2008, 0x7a69, 0x1, 0x1936, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x9b, 0xe1, 0x36}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000940)={0x2c, 0x0, 0x0, &(0x7f00000007c0)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, 0x0, 0x0}, &(0x7f0000000f40)={0xb4, &(0x7f0000000980)={0x0, 0x0, 0x1, "cf"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 337.543233][T12691] ================================================================== [ 337.551551][T12691] BUG: KMSAN: uninit-value in friio_power_ctrl+0xb3e/0x1a70 [ 337.558890][T12691] CPU: 0 PID: 12691 Comm: kworker/0:0 Not tainted 5.3.0-rc3+ #17 [ 337.566629][T12691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 337.576744][T12691] Workqueue: usb_hub_wq hub_event [ 337.581837][T12691] Call Trace: [ 337.585190][T12691] dump_stack+0x191/0x1f0 [ 337.589599][T12691] kmsan_report+0x162/0x2d0 [ 337.594151][T12691] __msan_warning+0x75/0xe0 [ 337.598720][T12691] friio_power_ctrl+0xb3e/0x1a70 [ 337.603684][T12691] ? kasan_kmalloc+0xd/0x30 [ 337.608231][T12691] ? gl861_i2c_msg+0x6e0/0x6e0 [ 337.613044][T12691] dvb_usbv2_probe+0xd3d/0x5dd0 [ 337.617950][T12691] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 337.623994][T12691] ? usb_probe_interface+0xb69/0x1310 [ 337.629400][T12691] ? technisat_usb2_i2c_access+0x12a0/0x12a0 [ 337.635499][T12691] ? technisat_usb2_i2c_access+0x12a0/0x12a0 [ 337.641544][T12691] usb_probe_interface+0xd19/0x1310 [ 337.646797][T12691] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 337.652817][T12691] ? usb_register_driver+0x7d0/0x7d0 [ 337.658178][T12691] really_probe+0x1373/0x1dc0 [ 337.662914][T12691] driver_probe_device+0x1ba/0x510 [ 337.668079][T12691] __device_attach_driver+0x5b8/0x790 [ 337.673675][T12691] ? bus_for_each_drv+0x1d5/0x3b0 [ 337.678741][T12691] bus_for_each_drv+0x28e/0x3b0 [ 337.683622][T12691] ? deferred_probe_work_func+0x400/0x400 [ 337.689384][T12691] __device_attach+0x489/0x750 [ 337.694287][T12691] device_initial_probe+0x4a/0x60 [ 337.699345][T12691] bus_probe_device+0x131/0x390 [ 337.704345][T12691] device_add+0x25b5/0x2df0 [ 337.708907][T12691] ? usb_set_configuration+0x3036/0x3710 [ 337.714581][T12691] usb_set_configuration+0x309f/0x3710 [ 337.720118][T12691] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 337.726248][T12691] generic_probe+0xe7/0x280 [ 337.730788][T12691] ? usb_probe_device+0x104/0x200 [ 337.735844][T12691] ? usb_choose_configuration+0xae0/0xae0 [ 337.741682][T12691] usb_probe_device+0x146/0x200 [ 337.746726][T12691] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 337.752728][T12691] ? usb_register_device_driver+0x470/0x470 [ 337.758758][T12691] really_probe+0x1373/0x1dc0 [ 337.763493][T12691] driver_probe_device+0x1ba/0x510 [ 337.768642][T12691] __device_attach_driver+0x5b8/0x790 [ 337.774046][T12691] ? bus_for_each_drv+0x1d5/0x3b0 [ 337.779091][T12691] bus_for_each_drv+0x28e/0x3b0 [ 337.783960][T12691] ? deferred_probe_work_func+0x400/0x400 [ 337.789702][T12691] __device_attach+0x489/0x750 [ 337.794499][T12691] device_initial_probe+0x4a/0x60 [ 337.799535][T12691] bus_probe_device+0x131/0x390 [ 337.804416][T12691] device_add+0x25b5/0x2df0 [ 337.808974][T12691] usb_new_device+0x23e5/0x2fb0 [ 337.813924][T12691] hub_event+0x581d/0x72f0 [ 337.818434][T12691] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 337.824426][T12691] ? led_work+0x720/0x720 [ 337.828762][T12691] ? led_work+0x720/0x720 [ 337.833198][T12691] process_one_work+0x1572/0x1ef0 [ 337.838271][T12691] worker_thread+0x111b/0x2460 [ 337.843091][T12691] kthread+0x4b5/0x4f0 [ 337.847167][T12691] ? process_one_work+0x1ef0/0x1ef0 [ 337.852388][T12691] ? kthread_blkcg+0xf0/0xf0 [ 337.857022][T12691] ret_from_fork+0x35/0x40 [ 337.861548][T12691] [ 337.863888][T12691] Local variable description: ----rbuf.i@friio_power_ctrl [ 337.870986][T12691] Variable was created at: [ 337.875423][T12691] friio_power_ctrl+0x92/0x1a70 [ 337.880278][T12691] dvb_usbv2_probe+0xd3d/0x5dd0 [ 337.885128][T12691] ================================================================== [ 337.893186][T12691] Disabling lock debugging due to kernel taint [ 337.899379][T12691] Kernel panic - not syncing: panic_on_warn set ... [ 337.905990][T12691] CPU: 0 PID: 12691 Comm: kworker/0:0 Tainted: G B 5.3.0-rc3+ #17 [ 337.915282][T12691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 337.925361][T12691] Workqueue: usb_hub_wq hub_event [ 337.930396][T12691] Call Trace: [ 337.933704][T12691] dump_stack+0x191/0x1f0 [ 337.938072][T12691] panic+0x3c9/0xc1e [ 337.942033][T12691] kmsan_report+0x2ca/0x2d0 [ 337.946557][T12691] __msan_warning+0x75/0xe0 [ 337.951097][T12691] friio_power_ctrl+0xb3e/0x1a70 [ 337.956052][T12691] ? kasan_kmalloc+0xd/0x30 [ 337.960584][T12691] ? gl861_i2c_msg+0x6e0/0x6e0 [ 337.965534][T12691] dvb_usbv2_probe+0xd3d/0x5dd0 [ 337.970416][T12691] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 337.976437][T12691] ? usb_probe_interface+0xb69/0x1310 [ 337.981816][T12691] ? technisat_usb2_i2c_access+0x12a0/0x12a0 [ 337.987807][T12691] ? technisat_usb2_i2c_access+0x12a0/0x12a0 [ 337.993810][T12691] usb_probe_interface+0xd19/0x1310 [ 337.999047][T12691] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 338.005047][T12691] ? usb_register_driver+0x7d0/0x7d0 [ 338.010342][T12691] really_probe+0x1373/0x1dc0 [ 338.015063][T12691] driver_probe_device+0x1ba/0x510 [ 338.020207][T12691] __device_attach_driver+0x5b8/0x790 [ 338.025601][T12691] ? bus_for_each_drv+0x1d5/0x3b0 [ 338.030638][T12691] bus_for_each_drv+0x28e/0x3b0 [ 338.035504][T12691] ? deferred_probe_work_func+0x400/0x400 [ 338.041249][T12691] __device_attach+0x489/0x750 [ 338.046049][T12691] device_initial_probe+0x4a/0x60 [ 338.051091][T12691] bus_probe_device+0x131/0x390 [ 338.055975][T12691] device_add+0x25b5/0x2df0 [ 338.060521][T12691] ? usb_set_configuration+0x3036/0x3710 [ 338.066175][T12691] usb_set_configuration+0x309f/0x3710 [ 338.071690][T12691] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 338.077802][T12691] generic_probe+0xe7/0x280 [ 338.082322][T12691] ? usb_probe_device+0x104/0x200 [ 338.087360][T12691] ? usb_choose_configuration+0xae0/0xae0 [ 338.093097][T12691] usb_probe_device+0x146/0x200 [ 338.097960][T12691] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 338.103962][T12691] ? usb_register_device_driver+0x470/0x470 [ 338.109865][T12691] really_probe+0x1373/0x1dc0 [ 338.114577][T12691] driver_probe_device+0x1ba/0x510 [ 338.119723][T12691] __device_attach_driver+0x5b8/0x790 [ 338.125122][T12691] ? bus_for_each_drv+0x1d5/0x3b0 [ 338.130168][T12691] bus_for_each_drv+0x28e/0x3b0 [ 338.135038][T12691] ? deferred_probe_work_func+0x400/0x400 [ 338.140793][T12691] __device_attach+0x489/0x750 [ 338.145605][T12691] device_initial_probe+0x4a/0x60 [ 338.150661][T12691] bus_probe_device+0x131/0x390 [ 338.155551][T12691] device_add+0x25b5/0x2df0 [ 338.160107][T12691] usb_new_device+0x23e5/0x2fb0 [ 338.165007][T12691] hub_event+0x581d/0x72f0 [ 338.169523][T12691] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 338.175520][T12691] ? led_work+0x720/0x720 [ 338.179861][T12691] ? led_work+0x720/0x720 [ 338.184206][T12691] process_one_work+0x1572/0x1ef0 [ 338.189280][T12691] worker_thread+0x111b/0x2460 [ 338.194109][T12691] kthread+0x4b5/0x4f0 [ 338.198201][T12691] ? process_one_work+0x1ef0/0x1ef0 [ 338.203423][T12691] ? kthread_blkcg+0xf0/0xf0 [ 338.208030][T12691] ret_from_fork+0x35/0x40 [ 338.213670][T12691] Kernel Offset: disabled [ 338.218019][T12691] Rebooting in 86400 seconds..