[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 76.730528][ T31] audit: type=1800 audit(1570601439.775:25): pid=11528 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 76.754365][ T31] audit: type=1800 audit(1570601439.805:26): pid=11528 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 76.790056][ T31] audit: type=1800 audit(1570601439.825:27): pid=11528 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.50' (ECDSA) to the list of known hosts. syzkaller login: [ 126.633201][T11681] IPVS: ftp: loaded support on port[0] = 21 [ 126.640926][T11686] IPVS: ftp: loaded support on port[0] = 21 [ 126.663767][T11690] IPVS: ftp: loaded support on port[0] = 21 [ 126.663910][T11688] IPVS: ftp: loaded support on port[0] = 21 [ 126.683158][T11687] IPVS: ftp: loaded support on port[0] = 21 [ 126.691431][T11689] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program executing program executing program [ 127.141872][ T12] usb 4-1: new low-speed USB device number 2 using dummy_hcd [ 127.171924][ T17] usb 6-1: new low-speed USB device number 2 using dummy_hcd [ 127.181890][ T32] usb 2-1: new low-speed USB device number 2 using dummy_hcd [ 127.201951][T11695] usb 1-1: new low-speed USB device number 2 using dummy_hcd [ 127.212195][T11696] usb 3-1: new low-speed USB device number 2 using dummy_hcd [ 127.231855][ T950] usb 5-1: new low-speed USB device number 2 using dummy_hcd [ 127.512237][ T12] usb 4-1: config 0 has an invalid interface number: 236 but max is 2 [ 127.520599][ T12] usb 4-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config [ 127.530963][ T12] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 127.532133][ T17] usb 6-1: config 0 has an invalid interface number: 236 but max is 2 [ 127.540333][ T12] usb 4-1: config 0 has no interface number 0 [ 127.554616][ T12] usb 4-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt [ 127.554782][ T17] usb 6-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config [ 127.565089][ T12] usb 4-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0 [ 127.575039][ T17] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 127.584101][ T12] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.593012][ T17] usb 6-1: config 0 has no interface number 0 [ 127.607234][ T17] usb 6-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt [ 127.617559][ T17] usb 6-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0 [ 127.624712][ T12] usb 4-1: config 0 descriptor?? [ 127.626968][ T17] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.641110][ T32] usb 2-1: config 0 has an invalid interface number: 236 but max is 2 [ 127.649710][ T32] usb 2-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config [ 127.660106][ T32] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 127.669120][ T32] usb 2-1: config 0 has no interface number 0 [ 127.675360][ T32] usb 2-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt [ 127.682171][ T950] usb 5-1: config 0 has an invalid interface number: 236 but max is 2 [ 127.685610][ T32] usb 2-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0 [ 127.693862][ T950] usb 5-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config [ 127.702902][ T32] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.713102][ T950] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 127.724150][ T32] usb 2-1: config 0 descriptor?? [ 127.730217][ T950] usb 5-1: config 0 has no interface number 0 [ 127.736955][ T17] usb 6-1: config 0 descriptor?? [ 127.742178][ T950] usb 5-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt [ 127.747576][T11695] usb 1-1: config 0 has an invalid interface number: 236 but max is 2 [ 127.757248][ T950] usb 5-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0 [ 127.757311][ T950] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.783059][T11695] usb 1-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config [ 127.793451][T11695] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 127.802506][T11695] usb 1-1: config 0 has no interface number 0 [ 127.808686][T11695] usb 1-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt [ 127.812011][ T12] iowarrior 4-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior0 [ 127.819016][T11695] usb 1-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0 [ 127.838727][T11695] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.847759][T11696] usb 3-1: config 0 has an invalid interface number: 236 but max is 2 [ 127.850770][ T950] usb 5-1: config 0 descriptor?? [ 127.856121][T11696] usb 3-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config [ 127.871273][T11696] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 127.880266][T11696] usb 3-1: config 0 has no interface number 0 [ 127.886505][T11696] usb 3-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt [ 127.896716][T11696] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0 [ 127.905935][T11696] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.922377][T11696] usb 3-1: config 0 descriptor?? [ 127.940928][T11695] usb 1-1: config 0 descriptor?? [ 127.952898][ T950] iowarrior 5-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior1 executing program [ 127.954332][ T32] iowarrior 2-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior2 [ 127.982844][ T17] iowarrior 6-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior3 [ 127.998313][T11696] iowarrior 3-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior4 [ 128.044573][T11695] iowarrior 1-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior5 [ 128.083609][ T32] usb 2-1: USB disconnect, device number 2 executing program executing program [ 128.096889][T11695] usb 4-1: USB disconnect, device number 2 [ 128.103472][T11698] iowarrior_open - error, can't find device for minor 0 [ 128.111093][ T32] iowarrior 2-1:0.236: I/O-Warror #2 now disconnected [ 128.119326][ T12] usb 5-1: USB disconnect, device number 2 [ 128.126835][T11695] iowarrior 4-1:0.236: I/O-Warror #0 now disconnected [ 128.133484][ T950] usb 6-1: USB disconnect, device number 2 [ 128.162446][ T12] iowarrior 5-1:0.236: I/O-Warror #1 now disconnected [ 128.173963][T11696] usb 3-1: USB disconnect, device number 2 [ 128.189762][T11696] iowarrior 3-1:0.236: I/O-Warror #4 now disconnected [ 128.202323][ T950] iowarrior 6-1:0.236: I/O-Warror #3 now disconnected executing program executing program executing program [ 128.214576][ T17] usb 1-1: USB disconnect, device number 2 [ 128.224384][ T17] iowarrior 1-1:0.236: I/O-Warror #5 now disconnected [ 128.501921][ T32] usb 2-1: new low-speed USB device number 3 using dummy_hcd [ 128.512375][T11695] usb 4-1: new low-speed USB device number 3 using dummy_hcd [ 128.581886][T11696] usb 3-1: new low-speed USB device number 3 using dummy_hcd [ 128.601888][ T12] usb 5-1: new low-speed USB device number 3 using dummy_hcd [ 128.609575][ T950] usb 6-1: new low-speed USB device number 3 using dummy_hcd [ 128.632060][ T17] usb 1-1: new low-speed USB device number 3 using dummy_hcd [ 128.862044][ T32] usb 2-1: config 0 has an invalid interface number: 236 but max is 2 [ 128.870594][ T32] usb 2-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config [ 128.881231][ T32] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 128.890336][ T32] usb 2-1: config 0 has no interface number 0 [ 128.896588][ T32] usb 2-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt [ 128.906806][ T32] usb 2-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0 [ 128.916015][ T32] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.924635][T11695] usb 4-1: config 0 has an invalid interface number: 236 but max is 2 [ 128.932955][T11695] usb 4-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config [ 128.943333][T11695] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 128.952399][T11695] usb 4-1: config 0 has no interface number 0 [ 128.958583][T11695] usb 4-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt [ 128.968866][T11695] usb 4-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0 [ 128.972036][ T12] usb 5-1: config 0 has an invalid interface number: 236 but max is 2 [ 128.978090][T11695] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.986442][ T12] usb 5-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config [ 128.996169][ T32] usb 2-1: config 0 descriptor?? [ 129.006005][ T12] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 129.006075][ T12] usb 5-1: config 0 has no interface number 0 [ 129.026155][ T12] usb 5-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt [ 129.030454][T11695] usb 4-1: config 0 descriptor?? [ 129.036393][ T12] usb 5-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0 [ 129.036462][ T12] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.037203][ T950] usb 6-1: config 0 has an invalid interface number: 236 but max is 2 [ 129.057773][ T32] iowarrior 2-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior0 [ 129.058767][ T950] usb 6-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config [ 129.086251][T11696] usb 3-1: config 0 has an invalid interface number: 236 but max is 2 [ 129.088147][ T950] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 129.096262][T11696] usb 3-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config [ 129.105166][ T950] usb 6-1: config 0 has no interface number 0 [ 129.115370][T11696] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 129.121440][ T950] usb 6-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt [ 129.130339][T11696] usb 3-1: config 0 has no interface number 0 [ 129.140458][ T950] usb 6-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0 [ 129.146566][T11696] usb 3-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt [ 129.155715][ T950] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.165777][T11696] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0 [ 129.182885][T11696] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.196390][ T12] usb 5-1: config 0 descriptor?? [ 129.203496][ T950] usb 6-1: config 0 descriptor?? [ 129.203801][T11695] iowarrior 4-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior1 [ 129.224040][T11696] usb 3-1: config 0 descriptor?? [ 129.232289][ T17] usb 1-1: config 0 has an invalid interface number: 236 but max is 2 [ 129.240780][ T17] usb 1-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config [ 129.251148][ T17] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 129.260352][ T17] usb 1-1: config 0 has no interface number 0 [ 129.266636][ T17] usb 1-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt [ 129.276882][ T17] usb 1-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0 [ 129.286084][ T17] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.297444][ T950] iowarrior 6-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior2 [ 129.316296][ T12] iowarrior 5-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior3 [ 129.328345][T11695] usb 2-1: USB disconnect, device number 3 [ 129.335174][ C1] iowarrior 2-1:0.236: iowarrior_callback - usb_submit_urb failed with result -19 [ 129.351257][T11696] iowarrior 3-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior4 [ 129.372702][T11695] ===================================================== [ 129.379684][T11695] BUG: KMSAN: use-after-free in __mutex_lock+0x8d8/0x1980 [ 129.386799][T11695] CPU: 1 PID: 11695 Comm: kworker/1:2 Not tainted 5.3.0-rc7+ #0 [ 129.394429][T11695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 129.404515][T11695] Workqueue: usb_hub_wq hub_event [ 129.409560][T11695] Call Trace: [ 129.412866][T11695] dump_stack+0x191/0x1f0 [ 129.417222][T11695] kmsan_report+0x17d/0x2f0 [ 129.421745][T11695] __msan_warning+0x73/0xe0 [ 129.426270][T11695] __list_add_valid+0x1b6/0x430 [ 129.427922][ T12] usb 4-1: USB disconnect, device number 3 [ 129.431138][T11695] __mutex_lock+0x8d8/0x1980 [ 129.431173][T11695] ? kmsan_internal_unpoison_shadow+0x42/0x80 [ 129.431195][T11695] __mutex_lock_slowpath+0x2c/0x30 [ 129.431211][T11695] mutex_lock+0x5d/0x80 [ 129.431246][T11695] iowarrior_disconnect+0x133/0x3e0 [ 129.462111][T11695] ? iowarrior_probe+0x1a50/0x1a50 [ 129.467234][T11695] usb_unbind_interface+0x3a2/0xdd0 executing program executing program [ 129.472456][T11695] ? usb_driver_release_interface+0x2a0/0x2a0 [ 129.478545][T11695] device_release_driver_internal+0x911/0xd20 [ 129.484641][T11695] device_release_driver+0x4b/0x60 [ 129.489367][ T12] iowarrior 4-1:0.236: I/O-Warror #1 now disconnected [ 129.489781][T11695] bus_remove_device+0x4bf/0x670 [ 129.501477][T11695] device_del+0xcd5/0x1d10 [ 129.505937][T11695] usb_disable_device+0x567/0x1150 [ 129.511075][T11695] usb_disconnect+0x51e/0xd60 [ 129.515775][T11695] hub_event+0x3fd0/0x72f0 [ 129.515832][T11695] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 129.515877][T11695] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 129.526167][T11695] ? led_work+0x720/0x720 [ 129.536938][T11695] ? led_work+0x720/0x720 [ 129.541300][T11695] process_one_work+0x1572/0x1ef0 [ 129.546451][T11695] worker_thread+0x111b/0x2460 [ 129.546496][T11695] kthread+0x4b5/0x4f0 [ 129.546518][T11695] ? process_one_work+0x1ef0/0x1ef0 [ 129.546549][T11695] ? kthread_blkcg+0xf0/0xf0 [ 129.555368][T11695] ret_from_fork+0x35/0x40 [ 129.569529][T11695] [ 129.571862][T11695] Uninit was created at: [ 129.576213][T11695] kmsan_internal_poison_shadow+0x60/0x120 [ 129.582046][T11695] kmsan_slab_free+0x8d/0x100 [ 129.586732][T11695] kfree+0x4c1/0x2db0 [ 129.591569][T11695] iowarrior_release+0x334/0x3a0 [ 129.596499][T11695] __fput+0x4c9/0xba0 [ 129.600467][T11695] ____fput+0x37/0x40 [ 129.604459][T11695] task_work_run+0x22e/0x2a0 [ 129.609044][T11695] prepare_exit_to_usermode+0x39d/0x4d0 [ 129.616151][T11695] syscall_return_slowpath+0x90/0x610 [ 129.621516][T11695] do_syscall_64+0xe2/0xf0 [ 129.625938][T11695] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 129.631854][T11695] ===================================================== [ 129.638874][T11695] Disabling lock debugging due to kernel taint [ 129.645012][T11695] Kernel panic - not syncing: panic_on_warn set ... [ 129.651610][T11695] CPU: 1 PID: 11695 Comm: kworker/1:2 Tainted: G B 5.3.0-rc7+ #0 [ 129.660649][T11695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 129.670700][T11695] Workqueue: usb_hub_wq hub_event [ 129.675707][T11695] Call Trace: [ 129.678998][T11695] dump_stack+0x191/0x1f0 [ 129.683327][T11695] panic+0x3c9/0xc1e [ 129.687274][T11695] kmsan_report+0x2e5/0x2f0 [ 129.691762][T11695] __msan_warning+0x73/0xe0 [ 129.696251][T11695] __list_add_valid+0x1b6/0x430 [ 129.701103][T11695] __mutex_lock+0x8d8/0x1980 [ 129.705716][T11695] ? kmsan_internal_unpoison_shadow+0x42/0x80 [ 129.711769][T11695] __mutex_lock_slowpath+0x2c/0x30 [ 129.716872][T11695] mutex_lock+0x5d/0x80 [ 129.721026][T11695] iowarrior_disconnect+0x133/0x3e0 [ 129.726218][T11695] ? iowarrior_probe+0x1a50/0x1a50 [ 129.731315][T11695] usb_unbind_interface+0x3a2/0xdd0 [ 129.736515][T11695] ? usb_driver_release_interface+0x2a0/0x2a0 [ 129.742602][T11695] device_release_driver_internal+0x911/0xd20 [ 129.748690][T11695] device_release_driver+0x4b/0x60 [ 129.753818][T11695] bus_remove_device+0x4bf/0x670 [ 129.758757][T11695] device_del+0xcd5/0x1d10 [ 129.763190][T11695] usb_disable_device+0x567/0x1150 [ 129.768330][T11695] usb_disconnect+0x51e/0xd60 [ 129.773016][T11695] hub_event+0x3fd0/0x72f0 [ 129.777922][T11695] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 129.783811][T11695] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 129.789693][T11695] ? led_work+0x720/0x720 [ 129.794020][T11695] ? led_work+0x720/0x720 [ 129.798349][T11695] process_one_work+0x1572/0x1ef0 [ 129.803369][T11695] worker_thread+0x111b/0x2460 [ 129.808148][T11695] kthread+0x4b5/0x4f0 [ 129.812202][T11695] ? process_one_work+0x1ef0/0x1ef0 [ 129.817393][T11695] ? kthread_blkcg+0xf0/0xf0 [ 129.821974][T11695] ret_from_fork+0x35/0x40 [ 129.827793][T11695] Kernel Offset: disabled [ 129.832117][T11695] Rebooting in 86400 seconds..