[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   84.037922][   T32] audit: type=1800 audit(1568042310.081:25): pid=12017 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   84.061492][   T32] audit: type=1800 audit(1568042310.101:26): pid=12017 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   84.096637][   T32] audit: type=1800 audit(1568042310.141:27): pid=12017 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.125' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   96.902732][ T2877] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   96.912693][   T12] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   96.942647][   T29] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   96.942881][T12182] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   96.958179][T12181] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   96.966017][    T5] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   97.172735][ T2877] usb 1-1: Using ep0 maxpacket: 8
[   97.178082][   T12] usb 4-1: Using ep0 maxpacket: 8
[   97.192626][   T29] usb 5-1: Using ep0 maxpacket: 8
[   97.192780][T12182] usb 3-1: Using ep0 maxpacket: 8
[   97.212992][T12181] usb 6-1: Using ep0 maxpacket: 8
[   97.218387][    T5] usb 2-1: Using ep0 maxpacket: 8
[   97.303057][ T2877] usb 1-1: config 0 has an invalid interface number: 28 but max is 0
[   97.311586][ T2877] usb 1-1: config 0 has no interface number 0
[   97.317973][ T2877] usb 1-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   97.322914][   T29] usb 5-1: config 0 has an invalid interface number: 28 but max is 0
[   97.329140][ T2877] usb 1-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9
[   97.337172][   T29] usb 5-1: config 0 has no interface number 0
[   97.337261][   T29] usb 5-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   97.346305][ T2877] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.352426][   T29] usb 5-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9
[   97.364167][   T12] usb 4-1: config 0 has an invalid interface number: 28 but max is 0
[   97.371272][   T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.380397][   T12] usb 4-1: config 0 has no interface number 0
[   97.402821][   T12] usb 4-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   97.404405][   T29] usb 5-1: config 0 descriptor??
[   97.413881][   T12] usb 4-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9
[   97.413952][   T12] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.437297][T12181] usb 6-1: config 0 has an invalid interface number: 28 but max is 0
[   97.445580][T12181] usb 6-1: config 0 has no interface number 0
[   97.451752][T12181] usb 6-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   97.462849][T12181] usb 6-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9
[   97.471994][T12181] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.482657][T12182] usb 3-1: config 0 has an invalid interface number: 28 but max is 0
[   97.490833][T12182] usb 3-1: config 0 has no interface number 0
[   97.493649][   T29] ldusb 5-1:0.28: LD USB Device #0 now attached to major 180 minor 0
[   97.497201][T12182] usb 3-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   97.516382][T12182] usb 3-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9
[   97.525638][T12182] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.534183][    T5] usb 2-1: config 0 has an invalid interface number: 28 but max is 0
[   97.542480][    T5] usb 2-1: config 0 has no interface number 0
[   97.548857][    T5] usb 2-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   97.560251][    T5] usb 2-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9
[   97.569553][    T5] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.578873][T12181] usb 6-1: config 0 descriptor??
[   97.585591][ T2877] usb 1-1: config 0 descriptor??
[   97.593257][T12182] usb 3-1: config 0 descriptor??
[   97.603568][   T12] usb 4-1: config 0 descriptor??
[   97.609417][    T5] usb 2-1: config 0 descriptor??
[   97.637245][T12181] ldusb 6-1:0.28: LD USB Device #1 now attached to major 180 minor 1
[   97.659451][   T12] ldusb 4-1:0.28: LD USB Device #2 now attached to major 180 minor 2
[   97.673239][ T2877] ldusb 1-1:0.28: LD USB Device #3 now attached to major 180 minor 3
[   97.689328][T12182] ldusb 3-1:0.28: LD USB Device #4 now attached to major 180 minor 4
[   97.713261][    T5] ldusb 2-1:0.28: LD USB Device #5 now attached to major 180 minor 5
executing program
executing program
[  101.604239][   T29] usb 1-1: USB disconnect, device number 2
[  101.611670][    T5] usb 4-1: USB disconnect, device number 2
[  101.620738][T12185] usb 6-1: USB disconnect, device number 2
[  101.630161][   T12] usb 3-1: USB disconnect, device number 2
executing program
executing program
executing program
executing program
[  101.650700][   T12] ldusb 3-1:0.28: LD USB Device #4 now disconnected
[  101.659404][   T29] ldusb 1-1:0.28: LD USB Device #3 now disconnected
[  101.669110][T12185] ldusb 6-1:0.28: LD USB Device #1 now disconnected
[  101.669934][    T5] ldusb 4-1:0.28: LD USB Device #2 now disconnected
[  101.677848][T12195] usb 5-1: USB disconnect, device number 2
[  101.682816][    C1] ldusb 5-1:0.28: usb_submit_urb failed (-19)
[  101.742803][T12195] ldusb 5-1:0.28: LD USB Device #0 now disconnected
[  101.752401][T12204] usb 2-1: USB disconnect, device number 2
[  101.763678][T12204] ldusb 2-1:0.28: LD USB Device #5 now disconnected
[  102.082646][T12185] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  102.082697][    T5] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  102.102699][T12195] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  102.122767][   T12] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  102.132874][   T29] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  102.141932][T12204] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  102.322620][    T5] usb 4-1: Using ep0 maxpacket: 8
[  102.352918][T12185] usb 6-1: Using ep0 maxpacket: 8
[  102.358505][T12195] usb 5-1: Using ep0 maxpacket: 8
[  102.372623][   T12] usb 3-1: Using ep0 maxpacket: 8
[  102.392835][T12204] usb 2-1: Using ep0 maxpacket: 8
[  102.398045][   T29] usb 1-1: Using ep0 maxpacket: 8
[  102.442703][    T5] usb 4-1: config 0 has an invalid interface number: 28 but max is 0
[  102.451037][    T5] usb 4-1: config 0 has no interface number 0
[  102.457387][    T5] usb 4-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  102.468425][    T5] usb 4-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9
[  102.477631][    T5] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.486941][    T5] usb 4-1: config 0 descriptor??
[  102.493905][T12185] usb 6-1: config 0 has an invalid interface number: 28 but max is 0
[  102.502193][T12185] usb 6-1: config 0 has no interface number 0
[  102.508452][T12185] usb 6-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  102.519444][T12185] usb 6-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9
[  102.522944][   T12] usb 3-1: config 0 has an invalid interface number: 28 but max is 0
[  102.528679][T12185] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.536781][   T12] usb 3-1: config 0 has no interface number 0
[  102.545801][T12195] usb 5-1: config 0 has an invalid interface number: 28 but max is 0
[  102.550903][   T12] usb 3-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  102.559018][T12195] usb 5-1: config 0 has no interface number 0
[  102.569951][   T12] usb 3-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9
[  102.576014][T12195] usb 5-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  102.576112][T12195] usb 5-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9
[  102.585229][   T12] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.596989][T12195] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.624318][T12204] usb 2-1: config 0 has an invalid interface number: 28 but max is 0
[  102.624919][    T5] ldusb 4-1:0.28: LD USB Device #0 now attached to major 180 minor 0
[  102.632581][T12204] usb 2-1: config 0 has no interface number 0
[  102.632736][T12204] usb 2-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  102.645581][   T12] usb 3-1: config 0 descriptor??
[  102.646940][T12204] usb 2-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9
[  102.671821][T12204] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.681354][T12185] usb 6-1: config 0 descriptor??
[  102.688062][T12204] usb 2-1: config 0 descriptor??
[  102.695086][T12195] usb 5-1: config 0 descriptor??
[  102.714114][   T29] usb 1-1: config 0 has an invalid interface number: 28 but max is 0
[  102.722271][   T29] usb 1-1: config 0 has no interface number 0
[  102.728544][   T29] usb 1-1: config 0 interface 28 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  102.739929][   T29] usb 1-1: New USB device found, idVendor=0f11, idProduct=2020, bcdDevice=48.c9
[  102.741595][   T12] ldusb 3-1:0.28: LD USB Device #1 now attached to major 180 minor 1
[  102.749046][   T29] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.762227][T12204] ldusb 2-1:0.28: LD USB Device #2 now attached to major 180 minor 2
[  102.778059][T12185] ldusb 6-1:0.28: LD USB Device #3 now attached to major 180 minor 3
[  102.793692][T12195] ldusb 5-1:0.28: LD USB Device #4 now attached to major 180 minor 4
[  102.828980][   T29] usb 1-1: config 0 descriptor??
[  102.888225][   T29] ldusb 1-1:0.28: LD USB Device #5 now attached to major 180 minor 5
executing program
[  106.634478][   T12] usb 6-1: USB disconnect, device number 3
[  106.650682][   T29] usb 3-1: USB disconnect, device number 3
[  106.659867][    T5] usb 4-1: USB disconnect, device number 3
[  106.668968][T12195] usb 1-1: USB disconnect, device number 3
[  106.672706][T12202] ldusb 4-1:0.28: Read buffer overflow, -414328874449497579 bytes dropped
[  106.683609][T12202] ==================================================================
[  106.691684][T12202] BUG: KMSAN: uninit-value in _copy_to_user+0x1aa/0x1f0
[  106.691703][T12202] CPU: 0 PID: 12202 Comm: syz-executor155 Not tainted 5.3.0-rc7+ #0
[  106.691712][T12202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  106.691718][T12202] Call Trace:
[  106.691744][T12202]  dump_stack+0x191/0x1f0
[  106.691770][T12202]  kmsan_report+0x162/0x2d0
[  106.691804][T12202]  __msan_warning+0x75/0xe0
[  106.706695][T12202]  _copy_to_user+0x1aa/0x1f0
[  106.728789][T12202]  ld_usb_read+0x58d/0xc40
[  106.728825][T12202]  ? init_wait_entry+0x190/0x190
[  106.728844][T12202]  ? kmalloc_array+0x110/0x110
[  106.728868][T12202]  __vfs_read+0x1a9/0xc90
[  106.728902][T12202]  ? rw_verify_area+0x3a5/0x5e0
[  106.737970][T12202]  ? __fget_light+0x19f/0x710
[  106.747285][T12202]  vfs_read+0x359/0x6f0
[  106.756341][T12202]  ksys_read+0x265/0x430
[  106.756368][T12202]  __se_sys_read+0x92/0xb0
[  106.756390][T12202]  __x64_sys_read+0x4a/0x70
[  106.756407][T12202]  do_syscall_64+0xbc/0xf0
[  106.756441][T12202]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  106.765933][T12202] RIP: 0033:0x441839
[  106.770870][T12204] usb 5-1: USB disconnect, device number 3
[  106.774278][T12202] Code: e8 8c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  106.774287][T12202] RSP: 002b:00007ffd47c58b68 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
executing program
executing program
[  106.774304][T12202] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441839
[  106.774314][T12202] RDX: 0000001788000335 RSI: 0000000020000140 RDI: 0000000000000004
[  106.774323][T12202] RBP: 0000000000017997 R08: 000000000000000f R09: 00000009004002c8
[  106.774333][T12202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402590
[  106.774342][T12202] R13: 0000000000402620 R14: 0000000000000000 R15: 0000000000000000
[  106.774362][T12202] 
[  106.774367][T12202] Uninit was created at:
[  106.774388][T12202]  kmsan_save_stack_with_flags+0x37/0x70
executing program
executing program
[  106.774403][T12202]  kmsan_internal_alloc_meta_for_pages+0x123/0x510
[  106.774430][T12202]  kmsan_alloc_page+0x7a/0xf0
[  106.781166][T12204] ldusb 5-1:0.28: LD USB Device #4 now disconnected
[  106.783305][T12202]  __alloc_pages_nodemask+0x142d/0x5fa0
[  106.783320][T12202]  alloc_pages_current+0x68d/0x9a0
[  106.783331][T12202]  kmalloc_order_trace+0x87/0x320
[  106.783362][T12202]  __kmalloc+0x2e6/0x430
[  106.803319][T12202]  kmalloc_array+0x86/0x110
[  106.803333][T12202]  ld_usb_probe+0x650/0x1650
[  106.803352][T12202]  usb_probe_interface+0xd19/0x1310
[  106.803369][T12202]  really_probe+0x1373/0x1dc0
[  106.803383][T12202]  driver_probe_device+0x1ba/0x510
[  106.803398][T12202]  __device_attach_driver+0x5b8/0x790
[  106.803412][T12202]  bus_for_each_drv+0x28e/0x3b0
[  106.803424][T12202]  __device_attach+0x489/0x750
[  106.803437][T12202]  device_initial_probe+0x4a/0x60
[  106.803473][T12202]  bus_probe_device+0x131/0x390
[  106.823150][T12217] dummy_hcd dummy_hcd.4: port status 0x00010101 has changes
[  106.831477][T12202]  device_add+0x25b5/0x2df0
[  106.887948][T12213] udc dummy_udc.5: registering UDC driver [USB fuzzer]
[  106.889976][T12202]  usb_set_configuration+0x309f/0x3710
[  106.889993][T12202]  generic_probe+0xe7/0x280
[  106.890008][T12202]  usb_probe_device+0x146/0x200
[  106.890026][T12202]  really_probe+0x1373/0x1dc0
[  106.890041][T12202]  driver_probe_device+0x1ba/0x510
[  106.890056][T12202]  __device_attach_driver+0x5b8/0x790
[  106.890070][T12202]  bus_for_each_drv+0x28e/0x3b0
[  106.890082][T12202]  __device_attach+0x489/0x750
[  106.890113][T12202]  device_initial_probe+0x4a/0x60
[  106.894857][T12213] dummy_hcd dummy_hcd.5: port status 0x00010101 has changes
[  106.901356][T12202]  bus_probe_device+0x131/0x390
[  106.931242][T12214] udc dummy_udc.2: registering UDC driver [USB fuzzer]
[  106.935455][T12202]  device_add+0x25b5/0x2df0
[  106.935472][T12202]  usb_new_device+0x23e5/0x2fb0
[  106.935485][T12202]  hub_event+0x581d/0x72f0
[  106.935502][T12202]  process_one_work+0x1572/0x1ef0
[  106.935516][T12202]  worker_thread+0x111b/0x2460
[  106.935529][T12202]  kthread+0x4b5/0x4f0
[  106.935547][T12202]  ret_from_fork+0x35/0x40
[  106.935553][T12202] ==================================================================
[  106.935558][T12202] Disabling lock debugging due to kernel taint
[  106.935566][T12202] Kernel panic - not syncing: panic_on_warn set ...
[  106.935583][T12202] CPU: 0 PID: 12202 Comm: syz-executor155 Tainted: G    B             5.3.0-rc7+ #0
[  106.935590][T12202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  106.935614][T12202] Call Trace:
[  106.940324][T12214] dummy_hcd dummy_hcd.2: port status 0x00010101 has changes
[  106.945401][T12202]  dump_stack+0x191/0x1f0
[  106.965740][T12215] udc dummy_udc.3: registering UDC driver [USB fuzzer]
[  106.970176][T12202]  panic+0x3c9/0xc1e
[  106.970224][T12202]  kmsan_report+0x2ca/0x2d0
[  106.970247][T12202]  __msan_warning+0x75/0xe0
[  106.970270][T12202]  _copy_to_user+0x1aa/0x1f0
[  106.970311][T12202]  ld_usb_read+0x58d/0xc40
[  106.977666][T12215] dummy_hcd dummy_hcd.3: port status 0x00010101 has changes
[  106.982077][T12202]  ? init_wait_entry+0x190/0x190
[  107.180363][T12202]  ? kmalloc_array+0x110/0x110
[  107.185142][T12202]  __vfs_read+0x1a9/0xc90
[  107.189489][T12202]  ? rw_verify_area+0x3a5/0x5e0
[  107.194336][T12202]  ? __fget_light+0x19f/0x710
[  107.198998][T12202]  vfs_read+0x359/0x6f0
[  107.203144][T12202]  ksys_read+0x265/0x430
[  107.207375][T12202]  __se_sys_read+0x92/0xb0
[  107.211779][T12202]  __x64_sys_read+0x4a/0x70
[  107.216286][T12202]  do_syscall_64+0xbc/0xf0
[  107.220701][T12202]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  107.226578][T12202] RIP: 0033:0x441839
[  107.230476][T12202] Code: e8 8c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  107.250084][T12202] RSP: 002b:00007ffd47c58b68 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  107.258498][T12202] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441839
[  107.266877][T12202] RDX: 0000001788000335 RSI: 0000000020000140 RDI: 0000000000000004
[  107.274838][T12202] RBP: 0000000000017997 R08: 000000000000000f R09: 00000009004002c8
[  107.282823][T12202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402590
[  107.290800][T12202] R13: 0000000000402620 R14: 0000000000000000 R15: 0000000000000000
[  107.300299][T12202] Kernel Offset: disabled
[  107.304631][T12202] Rebooting in 86400 seconds..