[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   81.324050][   T32] audit: type=1800 audit(1569926440.378:25): pid=11896 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   81.346923][   T32] audit: type=1800 audit(1569926440.398:26): pid=11896 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   81.373280][   T32] audit: type=1800 audit(1569926440.428:27): pid=11896 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.15.205' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   92.971941][ T2944] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   92.991936][   T31] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   92.992066][   T12] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   92.999747][ T4108] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   93.014846][T12059] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   93.022630][   T17] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   93.212090][ T2944] usb 1-1: Using ep0 maxpacket: 8
[   93.232102][   T31] usb 6-1: Using ep0 maxpacket: 8
[   93.242462][   T12] usb 3-1: Using ep0 maxpacket: 8
[   93.252165][ T4108] usb 4-1: Using ep0 maxpacket: 8
[   93.262153][T12059] usb 2-1: Using ep0 maxpacket: 8
[   93.267441][   T17] usb 5-1: Using ep0 maxpacket: 8
[   93.342301][ T2944] usb 1-1: config 0 has an invalid interface number: 28 but max is 0
[   93.350616][ T2944] usb 1-1: config 0 has no interface number 0
[   93.352411][   T31] usb 6-1: config 0 has an invalid interface number: 28 but max is 0
[   93.356862][ T2944] usb 1-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   93.365161][   T31] usb 6-1: config 0 has no interface number 0
[   93.365250][   T31] usb 6-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   93.376152][ T2944] usb 1-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9
[   93.376192][ T2944] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.377303][   T12] usb 3-1: config 0 has an invalid interface number: 28 but max is 0
[   93.382541][   T31] usb 6-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9
[   93.393311][   T12] usb 3-1: config 0 has no interface number 0
[   93.393400][   T12] usb 3-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   93.402465][   T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.410461][   T12] usb 3-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9
[   93.420772][T12059] usb 2-1: config 0 has an invalid interface number: 28 but max is 0
[   93.427607][   T12] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.430116][ T2944] usb 1-1: config 0 descriptor??
[   93.433937][T12059] usb 2-1: config 0 has no interface number 0
[   93.453131][   T12] usb 3-1: config 0 descriptor??
[   93.462210][T12059] usb 2-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   93.462312][T12059] usb 2-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9
[   93.478522][T12059] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.495557][   T17] usb 5-1: config 0 has an invalid interface number: 28 but max is 0
[   93.514496][   T17] usb 5-1: config 0 has no interface number 0
[   93.530573][   T17] usb 5-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   93.547801][   T17] usb 5-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9
[   93.557037][   T17] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.567720][ T4108] usb 4-1: config 0 has an invalid interface number: 28 but max is 0
[   93.574494][ T2944] ldusb 1-1:0.28: LD USB Device #0 now attached to major 180 minor 0
[   93.576046][ T4108] usb 4-1: config 0 has no interface number 0
[   93.590279][ T4108] usb 4-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   93.601398][ T4108] usb 4-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9
[   93.610665][ T4108] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.620597][   T12] ldusb 3-1:0.28: LD USB Device #1 now attached to major 180 minor 1
[   93.622214][ T4108] usb 4-1: config 0 descriptor??
[   93.641156][   T31] usb 6-1: config 0 descriptor??
[   93.654498][   T17] usb 5-1: config 0 descriptor??
[   93.667788][T12059] usb 2-1: config 0 descriptor??
[   93.681084][ T4108] ldusb 4-1:0.28: LD USB Device #2 now attached to major 180 minor 2
[   93.696983][   T31] ldusb 6-1:0.28: LD USB Device #3 now attached to major 180 minor 3
[   93.718811][   T17] ldusb 5-1:0.28: LD USB Device #4 now attached to major 180 minor 4
[   93.742633][T12059] ldusb 2-1:0.28: LD USB Device #5 now attached to major 180 minor 5
[   97.690977][T12059] usb 1-1: USB disconnect, device number 2
[   97.696991][    C0] ldusb 1-1:0.28: usb_submit_urb failed (-19)
[   97.703990][T12058] =====================================================
[   97.710942][T12058] BUG: KMSAN: uninit-value in __vfs_read+0x1a9/0xc90
[   97.713131][   T17] usb 6-1: USB disconnect, device number 2
[   97.717632][T12058] CPU: 0 PID: 12058 Comm: syz-executor221 Not tainted 5.3.0-rc7+ #0
[   97.717640][T12058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   97.717647][T12058] Call Trace:
[   97.717671][T12058]  dump_stack+0x191/0x1f0
[   97.717705][T12058]  kmsan_report+0x13a/0x2b0
[   97.753532][T12058]  __msan_warning+0x73/0xe0
[   97.758023][T12058]  ld_usb_read+0x872/0xc40
[   97.762431][T12058]  ? init_wait_entry+0x190/0x190
[   97.767353][T12058]  ? kmalloc_array+0x110/0x110
[   97.772103][T12058]  __vfs_read+0x1a9/0xc90
[   97.776419][T12058]  ? rw_verify_area+0x3a5/0x5e0
[   97.781254][T12058]  vfs_read+0x359/0x6f0
[   97.785423][T12058]  ksys_read+0x265/0x430
[   97.789664][T12058]  __se_sys_read+0x92/0xb0
[   97.794065][T12058]  __x64_sys_read+0x4a/0x70
[   97.798549][T12058]  do_syscall_64+0xbc/0xf0
[   97.802964][T12058]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   97.808854][T12058] RIP: 0033:0x4418a9
[   97.812732][T12058] Code: e8 8c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   97.832319][T12058] RSP: 002b:00007ffd3d470a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   97.840716][T12058] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004418a9
[   97.848691][T12058] RDX: 00000000fffffe3f RSI: 0000000020000140 RDI: 0000000000000004
[   97.856668][T12058] RBP: 00000000006cc018 R08: 000000000000000f R09: 00000000004002c8
[   97.864633][T12058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402600
[   97.872604][T12058] R13: 0000000000402690 R14: 0000000000000000 R15: 0000000000000000
[   97.880573][T12058] 
[   97.882883][T12058] Uninit was created at:
[   97.887173][T12058]  kmsan_save_stack_with_flags+0x3a/0x80
[   97.892804][T12058]  kmsan_alloc_page+0x151/0x360
[   97.897683][T12058]  __alloc_pages_nodemask+0x142d/0x5fa0
[   97.903257][T12058]  alloc_pages_current+0x68d/0x9a0
[   97.908350][T12058]  kmalloc_order_trace+0x87/0x320
[   97.913358][T12058]  __kmalloc+0x2e6/0x430
[   97.917619][T12058]  kmalloc_array+0x86/0x110
[   97.922190][T12058]  ld_usb_probe+0x650/0x1650
[   97.926762][T12058]  usb_probe_interface+0xd19/0x1310
[   97.931953][T12058]  really_probe+0x1373/0x1dc0
[   97.937043][T12058]  driver_probe_device+0x1ba/0x510
[   97.942135][T12058]  __device_attach_driver+0x5b8/0x790
[   97.947496][T12058]  bus_for_each_drv+0x28e/0x3b0
[   97.952600][T12058]  __device_attach+0x489/0x750
[   97.957356][T12058]  device_initial_probe+0x4a/0x60
[   97.962395][T12058]  bus_probe_device+0x131/0x390
[   97.967225][T12058]  device_add+0x25b5/0x2df0
[   97.971718][T12058]  usb_set_configuration+0x309f/0x3710
[   97.977161][T12058]  generic_probe+0xe7/0x280
[   97.981646][T12058]  usb_probe_device+0x146/0x200
[   97.986475][T12058]  really_probe+0x1373/0x1dc0
[   97.991132][T12058]  driver_probe_device+0x1ba/0x510
[   97.996223][T12058]  __device_attach_driver+0x5b8/0x790
[   98.001578][T12058]  bus_for_each_drv+0x28e/0x3b0
[   98.006418][T12058]  __device_attach+0x489/0x750
[   98.011188][T12058]  device_initial_probe+0x4a/0x60
[   98.016204][T12058]  bus_probe_device+0x131/0x390
[   98.021043][T12058]  device_add+0x25b5/0x2df0
[   98.025527][T12058]  usb_new_device+0x23e5/0x2fb0
[   98.030398][T12058]  hub_event+0x581d/0x72f0
[   98.034821][T12058]  process_one_work+0x1572/0x1ef0
[   98.039835][T12058]  worker_thread+0x111b/0x2460
[   98.044584][T12058]  kthread+0x4b5/0x4f0
[   98.048635][T12058]  ret_from_fork+0x35/0x40
[   98.053048][T12058] =====================================================
[   98.059957][T12058] Disabling lock debugging due to kernel taint
[   98.066091][T12058] Kernel panic - not syncing: panic_on_warn set ...
[   98.072663][T12058] CPU: 0 PID: 12058 Comm: syz-executor221 Tainted: G    B             5.3.0-rc7+ #0
[   98.082018][T12058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   98.092067][T12058] Call Trace:
[   98.095346][T12058]  dump_stack+0x191/0x1f0
[   98.099683][T12058]  panic+0x3c9/0xc1e
[   98.103589][T12058]  kmsan_report+0x2a2/0x2b0
[   98.108077][T12058]  __msan_warning+0x73/0xe0
[   98.112565][T12058]  ld_usb_read+0x872/0xc40
[   98.116983][T12058]  ? init_wait_entry+0x190/0x190
[   98.121912][T12058]  ? kmalloc_array+0x110/0x110
[   98.126676][T12058]  __vfs_read+0x1a9/0xc90
[   98.131023][T12058]  ? rw_verify_area+0x3a5/0x5e0
[   98.135860][T12058]  vfs_read+0x359/0x6f0
[   98.140008][T12058]  ksys_read+0x265/0x430
[   98.144240][T12058]  __se_sys_read+0x92/0xb0
[   98.148663][T12058]  __x64_sys_read+0x4a/0x70
[   98.153152][T12058]  do_syscall_64+0xbc/0xf0
[   98.157552][T12058]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   98.163424][T12058] RIP: 0033:0x4418a9
[   98.167301][T12058] Code: e8 8c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   98.186899][T12058] RSP: 002b:00007ffd3d470a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   98.195296][T12058] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004418a9
[   98.203254][T12058] RDX: 00000000fffffe3f RSI: 0000000020000140 RDI: 0000000000000004
[   98.211209][T12058] RBP: 00000000006cc018 R08: 000000000000000f R09: 00000000004002c8
[   98.219175][T12058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402600
[   98.227140][T12058] R13: 0000000000402690 R14: 0000000000000000 R15: 0000000000000000
[   98.236649][T12058] Kernel Offset: disabled
[   98.240993][T12058] Rebooting in 86400 seconds..