[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 80.941518][ T31] audit: type=1800 audit(1568211045.987:25): pid=11846 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 80.965302][ T31] audit: type=1800 audit(1568211046.017:26): pid=11846 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 81.001274][ T31] audit: type=1800 audit(1568211046.037:27): pid=11846 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.169' (ECDSA) to the list of known hosts. syzkaller login: [ 92.703848][ T2866] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 92.713869][ T30] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 92.733938][ T12] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 92.734098][ T17] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 92.749266][ T3374] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 92.757268][T12009] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 92.944398][ T2866] usb 1-1: Using ep0 maxpacket: 8 [ 92.964025][ T30] usb 2-1: Using ep0 maxpacket: 8 [ 92.974318][ T12] usb 3-1: Using ep0 maxpacket: 8 [ 92.984819][ T17] usb 5-1: Using ep0 maxpacket: 8 [ 92.993943][ T3374] usb 6-1: Using ep0 maxpacket: 8 [ 93.014298][T12009] usb 4-1: Using ep0 maxpacket: 8 [ 93.064026][ T2866] usb 1-1: config 0 has an invalid interface number: 28 but max is 0 [ 93.072297][ T2866] usb 1-1: config 0 has no interface number 0 [ 93.079082][ T2866] usb 1-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 93.090090][ T2866] usb 1-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 93.099308][ T2866] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.108012][ T30] usb 2-1: config 0 has an invalid interface number: 28 but max is 0 [ 93.109196][ T2866] usb 1-1: config 0 descriptor?? [ 93.116286][ T30] usb 2-1: config 0 has no interface number 0 [ 93.116376][ T30] usb 2-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 93.116487][ T30] usb 2-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 93.121930][ T12] usb 3-1: config 0 has an invalid interface number: 28 but max is 0 [ 93.127552][ T30] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.134847][ T3374] usb 6-1: config 0 has an invalid interface number: 28 but max is 0 [ 93.138763][ T12] usb 3-1: config 0 has no interface number 0 [ 93.147795][ T3374] usb 6-1: config 0 has no interface number 0 [ 93.155886][ T12] usb 3-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 93.163910][ T3374] usb 6-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 93.171999][ T12] usb 3-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 93.178128][ T3374] usb 6-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 93.184239][ T12] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.195117][ T3374] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.206481][ T30] usb 2-1: config 0 descriptor?? [ 93.225690][T12009] usb 4-1: config 0 has an invalid interface number: 28 but max is 0 [ 93.246223][T12009] usb 4-1: config 0 has no interface number 0 [ 93.260734][ T12] usb 3-1: config 0 descriptor?? [ 93.260922][T12009] usb 4-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 93.277338][T12009] usb 4-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 93.283403][ T2866] ldusb 1-1:0.28: LD USB Device #0 now attached to major 180 minor 0 [ 93.286567][T12009] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.287403][ T17] usb 5-1: config 0 has an invalid interface number: 28 but max is 0 [ 93.302925][ T17] usb 5-1: config 0 has no interface number 0 [ 93.317410][ T17] usb 5-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 93.328477][ T17] usb 5-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 93.337864][ T17] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.349655][ T12] ldusb 3-1:0.28: LD USB Device #1 now attached to major 180 minor 1 [ 93.360205][ T3374] usb 6-1: config 0 descriptor?? [ 93.371391][ T30] ldusb 2-1:0.28: LD USB Device #2 now attached to major 180 minor 2 [ 93.386004][ T17] usb 5-1: config 0 descriptor?? [ 93.395439][T12009] usb 4-1: config 0 descriptor?? [ 93.409535][ T3374] ldusb 6-1:0.28: LD USB Device #3 now attached to major 180 minor 3 [ 93.429754][ T17] ldusb 5-1:0.28: LD USB Device #4 now attached to major 180 minor 4 [ 93.464703][T12009] ldusb 4-1:0.28: LD USB Device #5 now attached to major 180 minor 5 [ 97.426716][T12009] usb 2-1: USB disconnect, device number 2 [ 97.435237][ T12] usb 5-1: USB disconnect, device number 2 [ 97.442593][ T17] usb 4-1: USB disconnect, device number 2 [ 97.450113][ T2866] usb 1-1: USB disconnect, device number 2 [ 97.457614][T12009] ldusb 2-1:0.28: LD USB Device #2 now disconnected [ 97.464931][ C0] ldusb 1-1:0.28: usb_submit_urb failed (-19) [ 97.467367][ T17] ldusb 4-1:0.28: LD USB Device #5 now disconnected [ 97.480282][T12008] ================================================================== [ 97.488380][T12008] BUG: KMSAN: uninit-value in ld_usb_read+0x872/0xc40 [ 97.495147][T12008] CPU: 1 PID: 12008 Comm: syz-executor550 Not tainted 5.3.0-rc7+ #0 [ 97.495985][T12013] usb 6-1: USB disconnect, device number 2 [ 97.503138][T12008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 97.514562][ T12] ldusb 5-1:0.28: LD USB Device #4 now disconnected [ 97.519118][T12008] Call Trace: [ 97.529021][T12008] dump_stack+0x191/0x1f0 [ 97.533377][T12008] kmsan_report+0x162/0x2d0 [ 97.537923][T12008] __msan_warning+0x75/0xe0 [ 97.542435][T12008] ld_usb_read+0x872/0xc40 [ 97.546860][T12008] ? init_wait_entry+0x190/0x190 [ 97.551799][T12008] ? kmalloc_array+0x110/0x110 [ 97.556575][T12008] __vfs_read+0x1a9/0xc90 [ 97.561009][T12008] ? rw_verify_area+0x3a5/0x5e0 [ 97.565871][T12008] ? __fget_light+0x19f/0x710 [ 97.566446][T12013] ldusb 6-1:0.28: LD USB Device #3 now disconnected [ 97.570573][T12008] vfs_read+0x359/0x6f0 [ 97.581666][T12008] ksys_read+0x265/0x430 [ 97.585936][T12008] __se_sys_read+0x92/0xb0 [ 97.590375][T12008] __x64_sys_read+0x4a/0x70 [ 97.594896][T12008] do_syscall_64+0xbc/0xf0 [ 97.599333][T12008] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 97.605243][T12008] RIP: 0033:0x441819 [ 97.609150][T12008] Code: e8 8c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 97.629104][T12008] RSP: 002b:00007ffeb0c2d748 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 97.629118][T12008] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441819 [ 97.629126][T12008] RDX: 00000000ffffffbc RSI: 0000000020000040 RDI: 0000000000000004 [ 97.629134][T12008] RBP: 00000000006cc018 R08: 000000000000000f R09: 00000000004002c8 [ 97.629142][T12008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402570 [ 97.629151][T12008] R13: 0000000000402600 R14: 0000000000000000 R15: 0000000000000000 [ 97.629173][T12008] [ 97.629178][T12008] Uninit was created at: [ 97.629198][T12008] kmsan_save_stack_with_flags+0x37/0x70 [ 97.629213][T12008] kmsan_internal_alloc_meta_for_pages+0x123/0x510 [ 97.629224][T12008] kmsan_alloc_page+0x7a/0xf0 [ 97.629235][T12008] __alloc_pages_nodemask+0x142d/0x5fa0 [ 97.629248][T12008] alloc_pages_current+0x68d/0x9a0 [ 97.629259][T12008] kmalloc_order_trace+0x87/0x320 [ 97.629276][T12008] __kmalloc+0x2e6/0x430 [ 97.629315][T12008] kmalloc_array+0x86/0x110 [ 97.645709][T12008] ld_usb_probe+0x650/0x1650 [ 97.661660][T12008] usb_probe_interface+0xd19/0x1310 [ 97.690400][T12008] really_probe+0x1373/0x1dc0 [ 97.690414][T12008] driver_probe_device+0x1ba/0x510 [ 97.690429][T12008] __device_attach_driver+0x5b8/0x790 [ 97.690443][T12008] bus_for_each_drv+0x28e/0x3b0 [ 97.690457][T12008] __device_attach+0x489/0x750 [ 97.690471][T12008] device_initial_probe+0x4a/0x60 [ 97.690485][T12008] bus_probe_device+0x131/0x390 [ 97.690496][T12008] device_add+0x25b5/0x2df0 [ 97.690512][T12008] usb_set_configuration+0x309f/0x3710 [ 97.690544][T12008] generic_probe+0xe7/0x280 [ 97.701737][T12008] usb_probe_device+0x146/0x200 [ 97.712371][T12008] really_probe+0x1373/0x1dc0 [ 97.735919][T12008] driver_probe_device+0x1ba/0x510 [ 97.799896][T12008] __device_attach_driver+0x5b8/0x790 [ 97.805357][T12008] bus_for_each_drv+0x28e/0x3b0 [ 97.810204][T12008] __device_attach+0x489/0x750 [ 97.814973][T12008] device_initial_probe+0x4a/0x60 [ 97.820593][T12008] bus_probe_device+0x131/0x390 [ 97.825619][T12008] device_add+0x25b5/0x2df0 [ 97.831176][T12008] usb_new_device+0x23e5/0x2fb0 [ 97.837869][T12008] hub_event+0x581d/0x72f0 [ 97.842474][T12008] process_one_work+0x1572/0x1ef0 [ 97.850053][T12008] worker_thread+0x111b/0x2460 [ 97.855079][T12008] kthread+0x4b5/0x4f0 [ 97.859132][T12008] ret_from_fork+0x35/0x40 [ 97.863525][T12008] ================================================================== [ 97.871664][T12008] Disabling lock debugging due to kernel taint [ 97.877852][T12008] Kernel panic - not syncing: panic_on_warn set ... [ 97.884460][T12008] CPU: 1 PID: 12008 Comm: syz-executor550 Tainted: G B 5.3.0-rc7+ #0 [ 97.893835][T12008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 97.903876][T12008] Call Trace: [ 97.907177][T12008] dump_stack+0x191/0x1f0 [ 97.911518][T12008] panic+0x3c9/0xc1e [ 97.915427][T12008] kmsan_report+0x2ca/0x2d0 [ 97.920017][T12008] __msan_warning+0x75/0xe0 [ 97.924542][T12008] ld_usb_read+0x872/0xc40 [ 97.928983][T12008] ? init_wait_entry+0x190/0x190 [ 97.933921][T12008] ? kmalloc_array+0x110/0x110 [ 97.938679][T12008] __vfs_read+0x1a9/0xc90 [ 97.943022][T12008] ? rw_verify_area+0x3a5/0x5e0 [ 97.949006][T12008] ? __fget_light+0x19f/0x710 [ 97.953698][T12008] vfs_read+0x359/0x6f0 [ 97.957873][T12008] ksys_read+0x265/0x430 [ 97.962139][T12008] __se_sys_read+0x92/0xb0 [ 97.966558][T12008] __x64_sys_read+0x4a/0x70 [ 97.971048][T12008] do_syscall_64+0xbc/0xf0 [ 97.975477][T12008] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 97.981374][T12008] RIP: 0033:0x441819 [ 97.985268][T12008] Code: e8 8c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 97.994064][ T12] dummy_hcd dummy_hcd.4: port status 0x00100503 has changes [ 98.004882][T12008] RSP: 002b:00007ffeb0c2d748 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 98.013643][T12013] dummy_hcd dummy_hcd.5: port status 0x00100503 has changes [ 98.020596][T12008] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441819 [ 98.035834][T12008] RDX: 00000000ffffffbc RSI: 0000000020000040 RDI: 0000000000000004 [ 98.043806][T12008] RBP: 00000000006cc018 R08: 000000000000000f R09: 00000000004002c8 [ 98.052371][T12008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402570 [ 98.060349][T12008] R13: 0000000000402600 R14: 0000000000000000 R15: 0000000000000000 [ 98.069686][T12008] Kernel Offset: disabled [ 98.074455][T12008] Rebooting in 86400 seconds..