[   68.190108][   T31] audit: type=1800 audit(1559832577.237:25): pid=11285 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   68.213628][   T31] audit: type=1800 audit(1559832577.257:26): pid=11285 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   68.246937][   T31] audit: type=1800 audit(1559832577.287:27): pid=11285 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   69.297063][T11352] sshd (11352) used greatest stack depth: 54296 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.111' (ECDSA) to the list of known hosts.
2019/06/06 14:49:49 fuzzer started
2019/06/06 14:49:55 dialing manager at 10.128.0.26:44085
2019/06/06 14:49:55 syscalls: 2300
2019/06/06 14:49:55 code coverage: enabled
2019/06/06 14:49:55 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/06/06 14:49:55 extra coverage: enabled
2019/06/06 14:49:55 setuid sandbox: enabled
2019/06/06 14:49:55 namespace sandbox: enabled
2019/06/06 14:49:55 Android sandbox: /sys/fs/selinux/policy does not exist
2019/06/06 14:49:55 fault injection: enabled
2019/06/06 14:49:55 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/06/06 14:49:55 net packet injection: enabled
2019/06/06 14:49:55 net device setup: enabled
14:51:45 executing program 0:
shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffa000/0x1000)=nil)

syzkaller login: [  196.382513][T11450] IPVS: ftp: loaded support on port[0] = 21
[  196.502675][T11450] chnl_net:caif_netlink_parms(): no params data found
[  196.565392][T11450] bridge0: port 1(bridge_slave_0) entered blocking state
[  196.572784][T11450] bridge0: port 1(bridge_slave_0) entered disabled state
[  196.581674][T11450] device bridge_slave_0 entered promiscuous mode
[  196.591487][T11450] bridge0: port 2(bridge_slave_1) entered blocking state
[  196.598873][T11450] bridge0: port 2(bridge_slave_1) entered disabled state
[  196.607633][T11450] device bridge_slave_1 entered promiscuous mode
[  196.636896][T11450] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  196.648391][T11450] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  196.677483][T11450] team0: Port device team_slave_0 added
[  196.686398][T11450] team0: Port device team_slave_1 added
[  196.792559][T11450] device hsr_slave_0 entered promiscuous mode
[  196.867789][T11450] device hsr_slave_1 entered promiscuous mode
[  197.013041][T11450] bridge0: port 2(bridge_slave_1) entered blocking state
[  197.020406][T11450] bridge0: port 2(bridge_slave_1) entered forwarding state
[  197.028190][T11450] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.035448][T11450] bridge0: port 1(bridge_slave_0) entered forwarding state
[  197.100723][T11450] 8021q: adding VLAN 0 to HW filter on device bond0
[  197.118540][ T3337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  197.130192][ T3337] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.141058][ T3337] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.154091][ T3337] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  197.172644][T11450] 8021q: adding VLAN 0 to HW filter on device team0
[  197.188863][ T3337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  197.198125][ T3337] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.205523][ T3337] bridge0: port 1(bridge_slave_0) entered forwarding state
[  197.251923][T11450] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  197.262972][T11450] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  197.280204][ T3337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  197.289624][ T3337] bridge0: port 2(bridge_slave_1) entered blocking state
[  197.296992][ T3337] bridge0: port 2(bridge_slave_1) entered forwarding state
[  197.306917][ T3337] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  197.316644][ T3337] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  197.325937][ T3337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  197.335276][ T3337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  197.346321][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  197.354926][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  197.383252][T11450] 8021q: adding VLAN 0 to HW filter on device batadv0
14:51:46 executing program 0:
r0 = socket$inet_sctp(0x2, 0x40000000001, 0x84)
sendmsg(r0, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0x1}], 0x1}, 0x0)

14:51:46 executing program 0:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={0x12, 0x1, 0x0, 0x39, 0x68, 0x9e, 0x20, 0x7d1, 0x3c05, 0xe414, 0x0, 0x0, 0x0, 0x1, [{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{0x9, 0x4, 0xd7, 0x0, 0x0, 0xee, 0xee, 0x41}]}]}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000080)={0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000e00)={0x54, &(0x7f0000000900)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000000340)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000d80)={0x54, &(0x7f0000000500), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000000380)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000008c0)={0x54, &(0x7f00000003c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000000540)={0xffffffffffffff44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000a40)={0x54, &(0x7f0000000580), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000000d00)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000001200)={0x54, &(0x7f0000000e80), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000002a40)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002e00)={0x54, &(0x7f0000002b80), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f00000030c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000100)={0x54, &(0x7f0000003100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f00000002c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000940)={0x54, &(0x7f0000000400), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)

[  197.946938][   T30] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  198.196934][   T30] usb 1-1: Using ep0 maxpacket: 32
[  198.317084][   T30] usb 1-1: config 0 has an invalid interface number: 215 but max is 0
[  198.329775][   T30] usb 1-1: config 0 has no interface number 0
[  198.335994][   T30] usb 1-1: New USB device found, idVendor=07d1, idProduct=3c05, bcdDevice=e4.14
[  198.345720][   T30] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.355848][   T30] usb 1-1: config 0 descriptor??
[  198.597007][   T30] ==================================================================
[  198.605846][   T30] BUG: KMSAN: uninit-value in ax88772_bind+0x93d/0x11e0
[  198.612801][   T30] CPU: 1 PID: 30 Comm: kworker/1:1 Not tainted 5.1.0+ #1
[  198.619832][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  198.630004][   T30] Workqueue: usb_hub_wq hub_event
[  198.635036][   T30] Call Trace:
[  198.638614][   T30]  dump_stack+0x191/0x1f0
[  198.642963][   T30]  kmsan_report+0x130/0x2a0
[  198.647566][   T30]  __msan_warning+0x75/0xe0
[  198.652086][   T30]  ax88772_bind+0x93d/0x11e0
[  198.656695][   T30]  ? ax88178_change_mtu+0x650/0x650
[  198.661984][   T30]  usbnet_probe+0x10f5/0x3940
[  198.666715][   T30]  ? usbnet_disconnect+0x660/0x660
[  198.671864][   T30]  usb_probe_interface+0xd66/0x1320
[  198.677187][   T30]  ? usb_register_driver+0x7d0/0x7d0
[  198.682577][   T30]  really_probe+0xdae/0x1d80
[  198.687191][   T30]  driver_probe_device+0x1b3/0x4f0
[  198.692408][   T30]  __device_attach_driver+0x5b8/0x790
[  198.697891][   T30]  bus_for_each_drv+0x28e/0x3b0
[  198.702753][   T30]  ? deferred_probe_work_func+0x400/0x400
[  198.708956][   T30]  __device_attach+0x454/0x730
[  198.713742][   T30]  device_initial_probe+0x4a/0x60
[  198.718791][   T30]  bus_probe_device+0x137/0x390
[  198.723777][   T30]  device_add+0x288d/0x30e0
[  198.728326][   T30]  usb_set_configuration+0x30dc/0x3750
[  198.733836][   T30]  generic_probe+0xe7/0x280
[  198.738359][   T30]  ? usb_choose_configuration+0xae0/0xae0
[  198.744286][   T30]  usb_probe_device+0x14c/0x200
[  198.749153][   T30]  ? usb_register_device_driver+0x470/0x470
[  198.755049][   T30]  really_probe+0xdae/0x1d80
[  198.759659][   T30]  driver_probe_device+0x1b3/0x4f0
[  198.764795][   T30]  __device_attach_driver+0x5b8/0x790
[  198.770289][   T30]  bus_for_each_drv+0x28e/0x3b0
[  198.775500][   T30]  ? deferred_probe_work_func+0x400/0x400
[  198.781236][   T30]  __device_attach+0x454/0x730
[  198.786017][   T30]  device_initial_probe+0x4a/0x60
[  198.791051][   T30]  bus_probe_device+0x137/0x390
[  198.796013][   T30]  device_add+0x288d/0x30e0
[  198.800570][   T30]  usb_new_device+0x23e5/0x2ff0
[  198.805947][   T30]  hub_event+0x48d1/0x7290
[  198.810436][   T30]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  198.816349][   T30]  ? led_work+0x720/0x720
[  198.820944][   T30]  ? led_work+0x720/0x720
[  198.825290][   T30]  process_one_work+0x1572/0x1f00
[  198.830433][   T30]  worker_thread+0x111b/0x2460
[  198.835339][   T30]  kthread+0x4b5/0x4f0
[  198.839501][   T30]  ? process_one_work+0x1f00/0x1f00
[  198.848026][   T30]  ? kthread_blkcg+0xf0/0xf0
[  198.854244][   T30]  ret_from_fork+0x35/0x40
[  198.858675][   T30] 
[  198.861097][   T30] Local variable description: ----buf@ax88772_bind
[  198.867691][   T30] Variable was created at:
[  198.872119][   T30]  ax88772_bind+0x5f/0x11e0
[  198.876716][   T30]  usbnet_probe+0x10f5/0x3940
[  198.881486][   T30] ==================================================================
[  198.889554][   T30] Disabling lock debugging due to kernel taint
[  198.895700][   T30] Kernel panic - not syncing: panic_on_warn set ...
[  198.902384][   T30] CPU: 1 PID: 30 Comm: kworker/1:1 Tainted: G    B             5.1.0+ #1
[  198.911105][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  198.921182][   T30] Workqueue: usb_hub_wq hub_event
[  198.926205][   T30] Call Trace:
[  198.929519][   T30]  dump_stack+0x191/0x1f0
[  198.933860][   T30]  panic+0x3ca/0xafe
[  198.937796][   T30]  kmsan_report+0x298/0x2a0
[  198.942312][   T30]  __msan_warning+0x75/0xe0
[  198.946823][   T30]  ax88772_bind+0x93d/0x11e0
[  198.951430][   T30]  ? ax88178_change_mtu+0x650/0x650
[  198.956633][   T30]  usbnet_probe+0x10f5/0x3940
[  198.961345][   T30]  ? usbnet_disconnect+0x660/0x660
[  198.966467][   T30]  usb_probe_interface+0xd66/0x1320
[  198.971691][   T30]  ? usb_register_driver+0x7d0/0x7d0
[  198.976984][   T30]  really_probe+0xdae/0x1d80
[  198.981596][   T30]  driver_probe_device+0x1b3/0x4f0
[  198.986730][   T30]  __device_attach_driver+0x5b8/0x790
[  198.992137][   T30]  bus_for_each_drv+0x28e/0x3b0
[  198.997077][   T30]  ? deferred_probe_work_func+0x400/0x400
[  199.002988][   T30]  __device_attach+0x454/0x730
[  199.008270][   T30]  device_initial_probe+0x4a/0x60
[  199.013433][   T30]  bus_probe_device+0x137/0x390
[  199.018389][   T30]  device_add+0x288d/0x30e0
[  199.023015][   T30]  usb_set_configuration+0x30dc/0x3750
[  199.028641][   T30]  generic_probe+0xe7/0x280
[  199.033152][   T30]  ? usb_choose_configuration+0xae0/0xae0
[  199.038883][   T30]  usb_probe_device+0x14c/0x200
[  199.043837][   T30]  ? usb_register_device_driver+0x470/0x470
[  199.049839][   T30]  really_probe+0xdae/0x1d80
[  199.054537][   T30]  driver_probe_device+0x1b3/0x4f0
[  199.059683][   T30]  __device_attach_driver+0x5b8/0x790
[  199.065292][   T30]  bus_for_each_drv+0x28e/0x3b0
[  199.070156][   T30]  ? deferred_probe_work_func+0x400/0x400
[  199.076066][   T30]  __device_attach+0x454/0x730
[  199.080932][   T30]  device_initial_probe+0x4a/0x60
[  199.085963][   T30]  bus_probe_device+0x137/0x390
[  199.090924][   T30]  device_add+0x288d/0x30e0
[  199.095824][   T30]  usb_new_device+0x23e5/0x2ff0
[  199.100709][   T30]  hub_event+0x48d1/0x7290
[  199.105873][   T30]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  199.111861][   T30]  ? led_work+0x720/0x720
[  199.116284][   T30]  ? led_work+0x720/0x720
[  199.120649][   T30]  process_one_work+0x1572/0x1f00
[  199.125701][   T30]  worker_thread+0x111b/0x2460
[  199.130501][   T30]  kthread+0x4b5/0x4f0
[  199.134573][   T30]  ? process_one_work+0x1f00/0x1f00
[  199.139804][   T30]  ? kthread_blkcg+0xf0/0xf0
[  199.144403][   T30]  ret_from_fork+0x35/0x40
[  199.150870][   T30] Kernel Offset: disabled
[  199.155355][   T30] Rebooting in 86400 seconds..