[ 68.190108][ T31] audit: type=1800 audit(1559832577.237:25): pid=11285 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[ 68.213628][ T31] audit: type=1800 audit(1559832577.257:26): pid=11285 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 68.246937][ T31] audit: type=1800 audit(1559832577.287:27): pid=11285 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 69.297063][T11352] sshd (11352) used greatest stack depth: 54296 bytes left
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.111' (ECDSA) to the list of known hosts.
2019/06/06 14:49:49 fuzzer started
2019/06/06 14:49:55 dialing manager at 10.128.0.26:44085
2019/06/06 14:49:55 syscalls: 2300
2019/06/06 14:49:55 code coverage: enabled
2019/06/06 14:49:55 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/06/06 14:49:55 extra coverage: enabled
2019/06/06 14:49:55 setuid sandbox: enabled
2019/06/06 14:49:55 namespace sandbox: enabled
2019/06/06 14:49:55 Android sandbox: /sys/fs/selinux/policy does not exist
2019/06/06 14:49:55 fault injection: enabled
2019/06/06 14:49:55 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/06/06 14:49:55 net packet injection: enabled
2019/06/06 14:49:55 net device setup: enabled
14:51:45 executing program 0:
shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffa000/0x1000)=nil)
syzkaller login: [ 196.382513][T11450] IPVS: ftp: loaded support on port[0] = 21
[ 196.502675][T11450] chnl_net:caif_netlink_parms(): no params data found
[ 196.565392][T11450] bridge0: port 1(bridge_slave_0) entered blocking state
[ 196.572784][T11450] bridge0: port 1(bridge_slave_0) entered disabled state
[ 196.581674][T11450] device bridge_slave_0 entered promiscuous mode
[ 196.591487][T11450] bridge0: port 2(bridge_slave_1) entered blocking state
[ 196.598873][T11450] bridge0: port 2(bridge_slave_1) entered disabled state
[ 196.607633][T11450] device bridge_slave_1 entered promiscuous mode
[ 196.636896][T11450] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 196.648391][T11450] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 196.677483][T11450] team0: Port device team_slave_0 added
[ 196.686398][T11450] team0: Port device team_slave_1 added
[ 196.792559][T11450] device hsr_slave_0 entered promiscuous mode
[ 196.867789][T11450] device hsr_slave_1 entered promiscuous mode
[ 197.013041][T11450] bridge0: port 2(bridge_slave_1) entered blocking state
[ 197.020406][T11450] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 197.028190][T11450] bridge0: port 1(bridge_slave_0) entered blocking state
[ 197.035448][T11450] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 197.100723][T11450] 8021q: adding VLAN 0 to HW filter on device bond0
[ 197.118540][ T3337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 197.130192][ T3337] bridge0: port 1(bridge_slave_0) entered disabled state
[ 197.141058][ T3337] bridge0: port 2(bridge_slave_1) entered disabled state
[ 197.154091][ T3337] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 197.172644][T11450] 8021q: adding VLAN 0 to HW filter on device team0
[ 197.188863][ T3337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 197.198125][ T3337] bridge0: port 1(bridge_slave_0) entered blocking state
[ 197.205523][ T3337] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 197.251923][T11450] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 197.262972][T11450] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 197.280204][ T3337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 197.289624][ T3337] bridge0: port 2(bridge_slave_1) entered blocking state
[ 197.296992][ T3337] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 197.306917][ T3337] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 197.316644][ T3337] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 197.325937][ T3337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 197.335276][ T3337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 197.346321][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 197.354926][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 197.383252][T11450] 8021q: adding VLAN 0 to HW filter on device batadv0
14:51:46 executing program 0:
r0 = socket$inet_sctp(0x2, 0x40000000001, 0x84)
sendmsg(r0, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0x1}], 0x1}, 0x0)
14:51:46 executing program 0:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={0x12, 0x1, 0x0, 0x39, 0x68, 0x9e, 0x20, 0x7d1, 0x3c05, 0xe414, 0x0, 0x0, 0x0, 0x1, [{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{0x9, 0x4, 0xd7, 0x0, 0x0, 0xee, 0xee, 0x41}]}]}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000080)={0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000e00)={0x54, &(0x7f0000000900)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000000340)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000d80)={0x54, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000000380)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000008c0)={0x54, &(0x7f00000003c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000000540)={0xffffffffffffff44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000a40)={0x54, &(0x7f0000000580), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000000d00)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000001200)={0x54, &(0x7f0000000e80), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000002a40)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002e00)={0x54, &(0x7f0000002b80), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f00000030c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000100)={0x54, &(0x7f0000003100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f00000002c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000940)={0x54, &(0x7f0000000400), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
[ 197.946938][ T30] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 198.196934][ T30] usb 1-1: Using ep0 maxpacket: 32
[ 198.317084][ T30] usb 1-1: config 0 has an invalid interface number: 215 but max is 0
[ 198.329775][ T30] usb 1-1: config 0 has no interface number 0
[ 198.335994][ T30] usb 1-1: New USB device found, idVendor=07d1, idProduct=3c05, bcdDevice=e4.14
[ 198.345720][ T30] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 198.355848][ T30] usb 1-1: config 0 descriptor??
[ 198.597007][ T30] ==================================================================
[ 198.605846][ T30] BUG: KMSAN: uninit-value in ax88772_bind+0x93d/0x11e0
[ 198.612801][ T30] CPU: 1 PID: 30 Comm: kworker/1:1 Not tainted 5.1.0+ #1
[ 198.619832][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 198.630004][ T30] Workqueue: usb_hub_wq hub_event
[ 198.635036][ T30] Call Trace:
[ 198.638614][ T30] dump_stack+0x191/0x1f0
[ 198.642963][ T30] kmsan_report+0x130/0x2a0
[ 198.647566][ T30] __msan_warning+0x75/0xe0
[ 198.652086][ T30] ax88772_bind+0x93d/0x11e0
[ 198.656695][ T30] ? ax88178_change_mtu+0x650/0x650
[ 198.661984][ T30] usbnet_probe+0x10f5/0x3940
[ 198.666715][ T30] ? usbnet_disconnect+0x660/0x660
[ 198.671864][ T30] usb_probe_interface+0xd66/0x1320
[ 198.677187][ T30] ? usb_register_driver+0x7d0/0x7d0
[ 198.682577][ T30] really_probe+0xdae/0x1d80
[ 198.687191][ T30] driver_probe_device+0x1b3/0x4f0
[ 198.692408][ T30] __device_attach_driver+0x5b8/0x790
[ 198.697891][ T30] bus_for_each_drv+0x28e/0x3b0
[ 198.702753][ T30] ? deferred_probe_work_func+0x400/0x400
[ 198.708956][ T30] __device_attach+0x454/0x730
[ 198.713742][ T30] device_initial_probe+0x4a/0x60
[ 198.718791][ T30] bus_probe_device+0x137/0x390
[ 198.723777][ T30] device_add+0x288d/0x30e0
[ 198.728326][ T30] usb_set_configuration+0x30dc/0x3750
[ 198.733836][ T30] generic_probe+0xe7/0x280
[ 198.738359][ T30] ? usb_choose_configuration+0xae0/0xae0
[ 198.744286][ T30] usb_probe_device+0x14c/0x200
[ 198.749153][ T30] ? usb_register_device_driver+0x470/0x470
[ 198.755049][ T30] really_probe+0xdae/0x1d80
[ 198.759659][ T30] driver_probe_device+0x1b3/0x4f0
[ 198.764795][ T30] __device_attach_driver+0x5b8/0x790
[ 198.770289][ T30] bus_for_each_drv+0x28e/0x3b0
[ 198.775500][ T30] ? deferred_probe_work_func+0x400/0x400
[ 198.781236][ T30] __device_attach+0x454/0x730
[ 198.786017][ T30] device_initial_probe+0x4a/0x60
[ 198.791051][ T30] bus_probe_device+0x137/0x390
[ 198.796013][ T30] device_add+0x288d/0x30e0
[ 198.800570][ T30] usb_new_device+0x23e5/0x2ff0
[ 198.805947][ T30] hub_event+0x48d1/0x7290
[ 198.810436][ T30] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 198.816349][ T30] ? led_work+0x720/0x720
[ 198.820944][ T30] ? led_work+0x720/0x720
[ 198.825290][ T30] process_one_work+0x1572/0x1f00
[ 198.830433][ T30] worker_thread+0x111b/0x2460
[ 198.835339][ T30] kthread+0x4b5/0x4f0
[ 198.839501][ T30] ? process_one_work+0x1f00/0x1f00
[ 198.848026][ T30] ? kthread_blkcg+0xf0/0xf0
[ 198.854244][ T30] ret_from_fork+0x35/0x40
[ 198.858675][ T30]
[ 198.861097][ T30] Local variable description: ----buf@ax88772_bind
[ 198.867691][ T30] Variable was created at:
[ 198.872119][ T30] ax88772_bind+0x5f/0x11e0
[ 198.876716][ T30] usbnet_probe+0x10f5/0x3940
[ 198.881486][ T30] ==================================================================
[ 198.889554][ T30] Disabling lock debugging due to kernel taint
[ 198.895700][ T30] Kernel panic - not syncing: panic_on_warn set ...
[ 198.902384][ T30] CPU: 1 PID: 30 Comm: kworker/1:1 Tainted: G B 5.1.0+ #1
[ 198.911105][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 198.921182][ T30] Workqueue: usb_hub_wq hub_event
[ 198.926205][ T30] Call Trace:
[ 198.929519][ T30] dump_stack+0x191/0x1f0
[ 198.933860][ T30] panic+0x3ca/0xafe
[ 198.937796][ T30] kmsan_report+0x298/0x2a0
[ 198.942312][ T30] __msan_warning+0x75/0xe0
[ 198.946823][ T30] ax88772_bind+0x93d/0x11e0
[ 198.951430][ T30] ? ax88178_change_mtu+0x650/0x650
[ 198.956633][ T30] usbnet_probe+0x10f5/0x3940
[ 198.961345][ T30] ? usbnet_disconnect+0x660/0x660
[ 198.966467][ T30] usb_probe_interface+0xd66/0x1320
[ 198.971691][ T30] ? usb_register_driver+0x7d0/0x7d0
[ 198.976984][ T30] really_probe+0xdae/0x1d80
[ 198.981596][ T30] driver_probe_device+0x1b3/0x4f0
[ 198.986730][ T30] __device_attach_driver+0x5b8/0x790
[ 198.992137][ T30] bus_for_each_drv+0x28e/0x3b0
[ 198.997077][ T30] ? deferred_probe_work_func+0x400/0x400
[ 199.002988][ T30] __device_attach+0x454/0x730
[ 199.008270][ T30] device_initial_probe+0x4a/0x60
[ 199.013433][ T30] bus_probe_device+0x137/0x390
[ 199.018389][ T30] device_add+0x288d/0x30e0
[ 199.023015][ T30] usb_set_configuration+0x30dc/0x3750
[ 199.028641][ T30] generic_probe+0xe7/0x280
[ 199.033152][ T30] ? usb_choose_configuration+0xae0/0xae0
[ 199.038883][ T30] usb_probe_device+0x14c/0x200
[ 199.043837][ T30] ? usb_register_device_driver+0x470/0x470
[ 199.049839][ T30] really_probe+0xdae/0x1d80
[ 199.054537][ T30] driver_probe_device+0x1b3/0x4f0
[ 199.059683][ T30] __device_attach_driver+0x5b8/0x790
[ 199.065292][ T30] bus_for_each_drv+0x28e/0x3b0
[ 199.070156][ T30] ? deferred_probe_work_func+0x400/0x400
[ 199.076066][ T30] __device_attach+0x454/0x730
[ 199.080932][ T30] device_initial_probe+0x4a/0x60
[ 199.085963][ T30] bus_probe_device+0x137/0x390
[ 199.090924][ T30] device_add+0x288d/0x30e0
[ 199.095824][ T30] usb_new_device+0x23e5/0x2ff0
[ 199.100709][ T30] hub_event+0x48d1/0x7290
[ 199.105873][ T30] ? kmsan_get_shadow_origin_ptr+0x71/0x470
[ 199.111861][ T30] ? led_work+0x720/0x720
[ 199.116284][ T30] ? led_work+0x720/0x720
[ 199.120649][ T30] process_one_work+0x1572/0x1f00
[ 199.125701][ T30] worker_thread+0x111b/0x2460
[ 199.130501][ T30] kthread+0x4b5/0x4f0
[ 199.134573][ T30] ? process_one_work+0x1f00/0x1f00
[ 199.139804][ T30] ? kthread_blkcg+0xf0/0xf0
[ 199.144403][ T30] ret_from_fork+0x35/0x40
[ 199.150870][ T30] Kernel Offset: disabled
[ 199.155355][ T30] Rebooting in 86400 seconds..