[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 88.373682][ T31] audit: type=1800 audit(1571193060.414:25): pid=12585 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 88.396802][ T31] audit: type=1800 audit(1571193060.444:26): pid=12585 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 88.434331][ T31] audit: type=1800 audit(1571193060.464:27): pid=12585 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 99.993806][ T3960] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 100.013773][ T3383] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 100.023789][ T17] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 100.034039][ T12] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 100.041997][ T5] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 100.049843][T12748] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 100.233875][ T3960] usb 1-1: Using ep0 maxpacket: 8 [ 100.253923][ T3383] usb 2-1: Using ep0 maxpacket: 8 [ 100.263869][ T17] usb 3-1: Using ep0 maxpacket: 8 [ 100.283763][ T5] usb 6-1: Using ep0 maxpacket: 8 [ 100.289482][ T12] usb 5-1: Using ep0 maxpacket: 8 [ 100.295010][T12748] usb 4-1: Using ep0 maxpacket: 8 [ 100.364016][ T3960] usb 1-1: config 0 has an invalid interface number: 28 but max is 0 [ 100.372273][ T3960] usb 1-1: config 0 has no interface number 0 [ 100.374138][ T3383] usb 2-1: config 0 has an invalid interface number: 28 but max is 0 [ 100.378541][ T3960] usb 1-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 100.386769][ T3383] usb 2-1: config 0 has no interface number 0 [ 100.397682][ T3960] usb 1-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 100.403892][ T3383] usb 2-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 100.412854][ T3960] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.423893][ T3383] usb 2-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 100.434460][ T17] usb 3-1: config 0 has an invalid interface number: 28 but max is 0 [ 100.441142][ T3383] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.449414][ T17] usb 3-1: config 0 has no interface number 0 [ 100.459786][ T3383] usb 2-1: config 0 descriptor?? [ 100.463733][ T17] usb 3-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 100.479576][ T17] usb 3-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 100.488776][ T17] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.489339][ T5] usb 6-1: config 0 has an invalid interface number: 28 but max is 0 [ 100.499094][ T17] usb 3-1: config 0 descriptor?? [ 100.505454][ T5] usb 6-1: config 0 has no interface number 0 [ 100.511296][ T3960] usb 1-1: config 0 descriptor?? [ 100.516646][ T5] usb 6-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 100.516755][ T5] usb 6-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 100.516819][ T5] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.518205][ T12] usb 5-1: config 0 has an invalid interface number: 28 but max is 0 [ 100.542277][ T12] usb 5-1: config 0 has no interface number 0 [ 100.564824][ T12] usb 5-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 100.576173][ T12] usb 5-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 100.585375][ T12] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.594431][T12748] usb 4-1: config 0 has an invalid interface number: 28 but max is 0 [ 100.602629][T12748] usb 4-1: config 0 has no interface number 0 [ 100.608990][T12748] usb 4-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 100.611588][ T17] ldusb 3-1:0.28: LD USB Device #0 now attached to major 180 minor 0 [ 100.620375][T12748] usb 4-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9 [ 100.637597][T12748] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.638098][ T3960] ldusb 1-1:0.28: LD USB Device #1 now attached to major 180 minor 1 [ 100.674243][ T3383] ldusb 2-1:0.28: LD USB Device #2 now attached to major 180 minor 2 [ 100.688449][ T5] usb 6-1: config 0 descriptor?? [ 100.732005][T12748] usb 4-1: config 0 descriptor?? [ 100.749197][ T5] ldusb 6-1:0.28: LD USB Device #3 now attached to major 180 minor 3 [ 100.769826][ T12] usb 5-1: config 0 descriptor?? [ 100.781472][T12748] ldusb 4-1:0.28: LD USB Device #4 now attached to major 180 minor 4 [ 100.820341][ T12] ldusb 5-1:0.28: LD USB Device #5 now attached to major 180 minor 5 executing program [ 104.716161][ T17] usb 1-1: USB disconnect, device number 2 [ 104.724541][ T12] usb 5-1: USB disconnect, device number 2 [ 104.732158][ T3960] usb 3-1: USB disconnect, device number 2 [ 104.743989][T12745] ===================================================== [ 104.751000][T12745] BUG: KMSAN: uninit-value in ld_usb_read+0x870/0xc50 [ 104.757775][T12745] CPU: 1 PID: 12745 Comm: syz-executor511 Not tainted 5.4.0-rc3+ #0 [ 104.765736][T12745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 104.765742][T12745] Call Trace: [ 104.765765][T12745] dump_stack+0x191/0x1f0 [ 104.765789][T12745] kmsan_report+0x14a/0x2f0 [ 104.765811][T12745] __msan_warning+0x73/0xf0 [ 104.765847][T12745] ld_usb_read+0x870/0xc50 [ 104.779195][T12745] ? init_wait_entry+0x190/0x190 [ 104.788007][T12745] ? kmalloc_array+0x110/0x110 [ 104.806720][T12745] __vfs_read+0x1a9/0xc90 [ 104.807907][T12748] usb 6-1: USB disconnect, device number 2 [ 104.811066][T12745] ? rw_verify_area+0x3a5/0x5e0 [ 104.811094][T12745] vfs_read+0x359/0x6f0 [ 104.811122][T12745] ksys_read+0x265/0x430 [ 104.811151][T12745] __se_sys_read+0x92/0xb0 [ 104.811170][T12745] __x64_sys_read+0x4a/0x70 [ 104.811203][T12745] do_syscall_64+0xb6/0x160 [ 104.825996][T12745] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 104.826010][T12745] RIP: 0033:0x4418a9 [ 104.826028][T12745] Code: e8 8c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 104.826036][T12745] RSP: 002b:00007ffd63549848 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 104.826051][T12745] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004418a9 [ 104.826060][T12745] RDX: 0000000000000002 RSI: 0000000020000040 RDI: 0000000000000004 [ 104.826069][T12745] RBP: 00000000006cc018 R08: 000000000000000f R09: 00000000004002c8 [ 104.826078][T12745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402600 executing program executing program executing program [ 104.826087][T12745] R13: 0000000000402690 R14: 0000000000000000 R15: 0000000000000000 [ 104.826107][T12745] [ 104.826112][T12745] Uninit was created at: [ 104.826129][T12745] kmsan_save_stack_with_flags+0x3f/0x90 [ 104.826162][T12745] kmsan_alloc_page+0x153/0x370 [ 104.834815][T12745] __alloc_pages_nodemask+0x149d/0x60c0 [ 104.853630][T12745] alloc_pages_current+0x68d/0x9a0 [ 104.853646][T12745] kmalloc_order_trace+0x94/0x3f0 [ 104.853660][T12745] __kmalloc+0x2e6/0x430 [ 104.853676][T12745] kmalloc_array+0x86/0x110 [ 104.853690][T12745] ld_usb_probe+0x64f/0x1460 [ 104.853707][T12745] usb_probe_interface+0xd19/0x1310 [ 104.853721][T12745] really_probe+0xd91/0x1f90 [ 104.853732][T12745] driver_probe_device+0x1ba/0x510 [ 104.853744][T12745] __device_attach_driver+0x5b8/0x790 [ 104.853755][T12745] bus_for_each_drv+0x28e/0x3b0 [ 104.853767][T12745] __device_attach+0x489/0x750 [ 104.853778][T12745] device_initial_probe+0x4a/0x60 [ 104.853788][T12745] bus_probe_device+0x131/0x390 [ 104.853827][T12745] device_add+0x25b5/0x2df0 [ 104.873535][T12764] dummy_hcd dummy_hcd.5: port status 0x00010101 has changes [ 104.881845][T12745] usb_set_configuration+0x309f/0x3710 [ 104.881881][T12745] generic_probe+0xe7/0x280 [ 104.926954][T12761] udc dummy_udc.2: registering UDC driver [USB fuzzer] [ 104.928796][T12745] usb_probe_device+0x146/0x200 [ 104.928812][T12745] really_probe+0xd91/0x1f90 [ 104.928827][T12745] driver_probe_device+0x1ba/0x510 [ 104.928841][T12745] __device_attach_driver+0x5b8/0x790 [ 104.928854][T12745] bus_for_each_drv+0x28e/0x3b0 [ 104.928867][T12745] __device_attach+0x489/0x750 [ 104.928880][T12745] device_initial_probe+0x4a/0x60 [ 104.928892][T12745] bus_probe_device+0x131/0x390 [ 104.928904][T12745] device_add+0x25b5/0x2df0 [ 104.928916][T12745] usb_new_device+0x23e5/0x2fb0 [ 104.928926][T12745] hub_event+0x581d/0x72f0 [ 104.928962][T12745] process_one_work+0x1572/0x1ef0 [ 104.934716][T12761] dummy_hcd dummy_hcd.2: port status 0x00010101 has changes [ 104.939475][T12745] worker_thread+0x111b/0x2460 [ 104.958456][T12744] usb-fuzzer-gadget dummy_udc.3: unregistering UDC driver [USB fuzzer] [ 104.959352][T12745] kthread+0x4b5/0x4f0 [ 104.959368][T12745] ret_from_fork+0x35/0x40 [ 104.959375][T12745] ===================================================== [ 104.959380][T12745] Disabling lock debugging due to kernel taint [ 104.959389][T12745] Kernel panic - not syncing: panic_on_warn set ... [ 104.959408][T12745] CPU: 1 PID: 12745 Comm: syz-executor511 Tainted: G B 5.4.0-rc3+ #0 [ 104.959416][T12745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 104.959422][T12745] Call Trace: [ 104.959443][T12745] dump_stack+0x191/0x1f0 [ 104.959465][T12745] panic+0x3c9/0xc1e [ 104.959507][T12745] kmsan_report+0x2e8/0x2f0 [ 104.964479][T12744] dummy_hcd dummy_hcd.3: port status 0x00010100 has changes [ 104.968618][T12745] __msan_warning+0x73/0xf0 [ 104.974019][T12744] dummy_udc dummy_udc.3: disabled ep3out [ 104.978390][T12745] ld_usb_read+0x870/0xc50 [ 104.983802][T12744] dummy_udc dummy_udc.3: disabled ep5in-int [ 104.989033][T12745] ? init_wait_entry+0x190/0x190 [ 104.996543][ T5] dummy_hcd dummy_hcd.3: port status 0x00010100 has changes [ 104.998630][T12745] ? kmalloc_array+0x110/0x110 [ 105.010088][T12762] udc dummy_udc.4: registering UDC driver [USB fuzzer] [ 105.012992][T12745] __vfs_read+0x1a9/0xc90 [ 105.013020][T12745] ? rw_verify_area+0x3a5/0x5e0 [ 105.013046][T12745] vfs_read+0x359/0x6f0 [ 105.013080][T12745] ksys_read+0x265/0x430 [ 105.013108][T12745] __se_sys_read+0x92/0xb0 [ 105.013146][T12745] __x64_sys_read+0x4a/0x70 [ 105.020523][T12762] dummy_hcd dummy_hcd.4: port status 0x00010101 has changes [ 105.025911][T12745] do_syscall_64+0xb6/0x160 [ 105.038205][ T5] usb 4-1: USB disconnect, device number 2 [ 105.042109][T12745] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 105.042122][T12745] RIP: 0033:0x4418a9 [ 105.042139][T12745] Code: e8 8c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 105.042147][T12745] RSP: 002b:00007ffd63549848 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 105.042162][T12745] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004418a9 [ 105.042171][T12745] RDX: 0000000000000002 RSI: 0000000020000040 RDI: 0000000000000004 [ 105.042180][T12745] RBP: 00000000006cc018 R08: 000000000000000f R09: 00000000004002c8 [ 105.042189][T12745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402600 [ 105.042198][T12745] R13: 0000000000402690 R14: 0000000000000000 R15: 0000000000000000 [ 105.043731][T12745] Kernel Offset: disabled [ 105.362422][T12745] Rebooting in 86400 seconds..