[info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 13.900584][ T1659] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 17.043657][ T1693] random: sshd: uninitialized urandom read (32 bytes read) [ 17.058385][ C1] random: crng init done Warning: Permanently added '10.128.0.139' (ECDSA) to the list of known hosts. executing program [ 23.674729][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 23.914694][ T12] usb 1-1: Using ep0 maxpacket: 32 [ 24.034767][ T12] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 24.045762][ T12] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 24.214745][ T12] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 24.223899][ T12] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 24.231928][ T12] usb 1-1: Product: syz [ 24.236116][ T12] usb 1-1: Manufacturer: syz [ 24.240692][ T12] usb 1-1: SerialNumber: syz executing program [ 24.624855][ T12] ================================================================== [ 24.633023][ T12] BUG: KASAN: use-after-free in parse_term_proc_unit+0x57a/0x5e0 [ 24.640743][ T12] Read of size 1 at addr ffff8881d50a5c4a by task kworker/0:1/12 [ 24.648433][ T12] [ 24.650750][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.4.0-rc3+ #0 [ 24.658154][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.668197][ T12] Workqueue: usb_hub_wq hub_event [ 24.673239][ T12] Call Trace: [ 24.676512][ T12] dump_stack+0xca/0x13e [ 24.680729][ T12] ? parse_term_proc_unit+0x57a/0x5e0 [ 24.686110][ T12] ? parse_term_proc_unit+0x57a/0x5e0 [ 24.691458][ T12] print_address_description.constprop.0+0x36/0x50 [ 24.697934][ T12] ? parse_term_proc_unit+0x57a/0x5e0 [ 24.703367][ T12] ? parse_term_proc_unit+0x57a/0x5e0 [ 24.708712][ T12] __kasan_report.cold+0x1a/0x33 [ 24.713623][ T12] ? parse_term_proc_unit+0x57a/0x5e0 [ 24.718975][ T12] kasan_report+0xe/0x20 [ 24.723199][ T12] parse_term_proc_unit+0x57a/0x5e0 [ 24.728373][ T12] __check_input_term+0xc32/0x13f0 [ 24.733498][ T12] parse_audio_unit+0x101d/0x36f0 [ 24.738496][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 24.744284][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 24.749541][ T12] ? stack_depot_save+0x252/0x440 [ 24.754535][ T12] ? build_audio_procunit+0x13f0/0x13f0 [ 24.760052][ T12] ? save_stack+0x1b/0x80 [ 24.764357][ T12] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 24.770146][ T12] ? snd_usb_create_mixer+0x180/0x1890 [ 24.775577][ T12] ? usb_audio_probe+0xc76/0x2010 [ 24.780576][ T12] ? usb_probe_interface+0x305/0x7a0 [ 24.785831][ T12] ? really_probe+0x281/0x6d0 [ 24.790481][ T12] ? driver_probe_device+0x104/0x210 [ 24.795736][ T12] ? __device_attach_driver+0x1c2/0x220 [ 24.801254][ T12] ? bus_for_each_drv+0x162/0x1e0 [ 24.806256][ T12] ? __device_attach+0x217/0x360 [ 24.811164][ T12] ? bus_probe_device+0x1e4/0x290 [ 24.816158][ T12] ? device_add+0xae6/0x16f0 [ 24.820722][ T12] ? usb_set_configuration+0xdf6/0x1670 [ 24.826239][ T12] ? validate_desc.part.0+0x17f/0x240 [ 24.831624][ T12] snd_usb_mixer_controls+0x715/0xb90 [ 24.836978][ T12] ? parse_audio_unit+0x36f0/0x36f0 [ 24.842167][ T12] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 24.847770][ T12] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 24.853034][ T12] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 24.858814][ T12] ? kasan_unpoison_shadow+0x30/0x40 [ 24.864077][ T12] ? usb_ifnum_to_if+0x12b/0x180 [ 24.868991][ T12] snd_usb_create_mixer+0x2b5/0x1890 [ 24.874251][ T12] ? mark_lock+0xbc/0x1160 [ 24.878642][ T12] ? mark_held_locks+0x9f/0xe0 [ 24.883380][ T12] ? snd_usb_mixer_interrupt+0x800/0x800 [ 24.888987][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 24.894244][ T12] ? usb_driver_claim_interface+0x210/0x420 [ 24.900149][ T12] ? snd_usb_create_stream+0x16a/0x4c0 [ 24.905583][ T12] usb_audio_probe+0xc76/0x2010 [ 24.910405][ T12] ? usb_audio_resume+0x20/0x20 [ 24.915232][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 24.921012][ T12] usb_probe_interface+0x305/0x7a0 [ 24.926118][ T12] ? usb_probe_device+0x100/0x100 [ 24.931150][ T12] really_probe+0x281/0x6d0 [ 24.935666][ T12] driver_probe_device+0x104/0x210 [ 24.940768][ T12] __device_attach_driver+0x1c2/0x220 [ 24.946120][ T12] ? driver_allows_async_probing+0x160/0x160 [ 24.952081][ T12] bus_for_each_drv+0x162/0x1e0 [ 24.956949][ T12] ? bus_rescan_devices+0x20/0x20 [ 24.961999][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 24.967798][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 24.973059][ T12] __device_attach+0x217/0x360 [ 24.977805][ T12] ? device_bind_driver+0xd0/0xd0 [ 24.982815][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 24.988073][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 24.993363][ T12] bus_probe_device+0x1e4/0x290 [ 24.998195][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 25.004060][ T12] device_add+0xae6/0x16f0 [ 25.008450][ T12] ? uevent_store+0x50/0x50 [ 25.012938][ T12] usb_set_configuration+0xdf6/0x1670 [ 25.018288][ T12] generic_probe+0x9d/0xd5 [ 25.022685][ T12] usb_probe_device+0x99/0x100 [ 25.027457][ T12] ? usb_suspend+0x620/0x620 [ 25.032018][ T12] really_probe+0x281/0x6d0 [ 25.036512][ T12] driver_probe_device+0x104/0x210 [ 25.041597][ T12] __device_attach_driver+0x1c2/0x220 [ 25.046953][ T12] ? driver_allows_async_probing+0x160/0x160 [ 25.052927][ T12] bus_for_each_drv+0x162/0x1e0 [ 25.057752][ T12] ? bus_rescan_devices+0x20/0x20 [ 25.062770][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 25.068551][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 25.073809][ T12] __device_attach+0x217/0x360 [ 25.078547][ T12] ? device_bind_driver+0xd0/0xd0 [ 25.083562][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 25.088827][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 25.094082][ T12] bus_probe_device+0x1e4/0x290 [ 25.098916][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 25.104796][ T12] device_add+0xae6/0x16f0 [ 25.109190][ T12] ? uevent_store+0x50/0x50 [ 25.113682][ T12] usb_new_device.cold+0x6a4/0xe79 [ 25.118763][ T12] hub_event+0x1dd0/0x37e0 [ 25.123152][ T12] ? hub_port_debounce+0x260/0x260 [ 25.128238][ T12] ? find_held_lock+0x2d/0x110 [ 25.132979][ T12] ? mark_held_locks+0xe0/0xe0 [ 25.137714][ T12] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 25.143228][ T12] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 25.148485][ T12] process_one_work+0x92b/0x1530 [ 25.153396][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 25.158738][ T12] ? do_raw_spin_lock+0x11a/0x280 [ 25.163733][ T12] worker_thread+0x96/0xe20 [ 25.168210][ T12] ? process_one_work+0x1530/0x1530 [ 25.173384][ T12] kthread+0x318/0x420 [ 25.177437][ T12] ? kthread_create_on_node+0xf0/0xf0 [ 25.182789][ T12] ret_from_fork+0x24/0x30 [ 25.187178][ T12] [ 25.189481][ T12] Allocated by task 12: [ 25.193614][ T12] save_stack+0x1b/0x80 [ 25.197750][ T12] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 25.203354][ T12] usb_alloc_urb+0x65/0xb0 [ 25.207753][ T12] usb_control_msg+0x1c9/0x4a0 [ 25.212491][ T12] usb_get_descriptor+0xc1/0x1b0 [ 25.217402][ T12] usb_get_configuration+0x28e/0x3050 [ 25.222746][ T12] usb_new_device+0xd3/0x160 [ 25.227308][ T12] hub_event+0x1dd0/0x37e0 [ 25.231695][ T12] process_one_work+0x92b/0x1530 [ 25.236600][ T12] worker_thread+0x96/0xe20 [ 25.241073][ T12] kthread+0x318/0x420 [ 25.245115][ T12] ret_from_fork+0x24/0x30 [ 25.249513][ T12] [ 25.251827][ T12] Freed by task 12: [ 25.255618][ T12] save_stack+0x1b/0x80 [ 25.259758][ T12] __kasan_slab_free+0x130/0x180 [ 25.264680][ T12] kfree+0xe4/0x320 [ 25.268462][ T12] usb_free_urb.part.0+0x7a/0xc0 [ 25.273369][ T12] usb_free_urb+0x1b/0x30 [ 25.277670][ T12] usb_start_wait_urb+0x1e5/0x2b0 [ 25.282667][ T12] usb_control_msg+0x31c/0x4a0 [ 25.287405][ T12] usb_get_descriptor+0xc1/0x1b0 [ 25.292321][ T12] usb_get_configuration+0x28e/0x3050 [ 25.297664][ T12] usb_new_device+0xd3/0x160 [ 25.302228][ T12] hub_event+0x1dd0/0x37e0 [ 25.306617][ T12] process_one_work+0x92b/0x1530 [ 25.311537][ T12] worker_thread+0x96/0xe20 [ 25.316010][ T12] kthread+0x318/0x420 [ 25.320052][ T12] ret_from_fork+0x24/0x30 [ 25.324445][ T12] [ 25.326753][ T12] The buggy address belongs to the object at ffff8881d50a5c00 [ 25.326753][ T12] which belongs to the cache kmalloc-192 of size 192 [ 25.340775][ T12] The buggy address is located 74 bytes inside of [ 25.340775][ T12] 192-byte region [ffff8881d50a5c00, ffff8881d50a5cc0) [ 25.353929][ T12] The buggy address belongs to the page: [ 25.359623][ T12] page:ffffea0007542940 refcount:1 mapcount:0 mapping:ffff8881da002a00 index:0x0 [ 25.368698][ T12] flags: 0x200000000000200(slab) [ 25.373617][ T12] raw: 0200000000000200 ffffea0007559400 0000000900000009 ffff8881da002a00 [ 25.382203][ T12] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 25.390755][ T12] page dumped because: kasan: bad access detected [ 25.397134][ T12] [ 25.399448][ T12] Memory state around the buggy address: [ 25.405056][ T12] ffff8881d50a5b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.413102][ T12] ffff8881d50a5b80: 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc [ 25.421137][ T12] >ffff8881d50a5c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.429169][ T12] ^ [ 25.435554][ T12] ffff8881d50a5c80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 25.443589][ T12] ffff8881d50a5d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.451635][ T12] ================================================================== [ 25.459669][ T12] Disabling lock debugging due to kernel taint [ 25.465863][ T12] Kernel panic - not syncing: panic_on_warn set ... [ 25.472959][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G B 5.4.0-rc3+ #0 [ 25.481690][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.491775][ T12] Workqueue: usb_hub_wq hub_event [ 25.496792][ T12] Call Trace: [ 25.500058][ T12] dump_stack+0xca/0x13e [ 25.504273][ T12] panic+0x2aa/0x6e1 [ 25.508139][ T12] ? add_taint.cold+0x16/0x16 [ 25.512800][ T12] ? retint_kernel+0x10/0x10 [ 25.517363][ T12] ? trace_hardirqs_on+0x55/0x1e0 [ 25.522361][ T12] ? parse_term_proc_unit+0x57a/0x5e0 [ 25.527719][ T12] end_report+0x43/0x49 [ 25.531844][ T12] ? parse_term_proc_unit+0x57a/0x5e0 [ 25.537187][ T12] __kasan_report.cold+0xd/0x33 [ 25.542017][ T12] ? parse_term_proc_unit+0x57a/0x5e0 [ 25.547361][ T12] kasan_report+0xe/0x20 [ 25.551580][ T12] parse_term_proc_unit+0x57a/0x5e0 [ 25.556748][ T12] __check_input_term+0xc32/0x13f0 [ 25.561842][ T12] parse_audio_unit+0x101d/0x36f0 [ 25.566838][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 25.572615][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 25.577882][ T12] ? stack_depot_save+0x252/0x440 [ 25.582880][ T12] ? build_audio_procunit+0x13f0/0x13f0 [ 25.588395][ T12] ? save_stack+0x1b/0x80 [ 25.592782][ T12] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 25.598554][ T12] ? snd_usb_create_mixer+0x180/0x1890 [ 25.604341][ T12] ? usb_audio_probe+0xc76/0x2010 [ 25.609334][ T12] ? usb_probe_interface+0x305/0x7a0 [ 25.614706][ T12] ? really_probe+0x281/0x6d0 [ 25.619373][ T12] ? driver_probe_device+0x104/0x210 [ 25.624632][ T12] ? __device_attach_driver+0x1c2/0x220 [ 25.630148][ T12] ? bus_for_each_drv+0x162/0x1e0 [ 25.635153][ T12] ? __device_attach+0x217/0x360 [ 25.640059][ T12] ? bus_probe_device+0x1e4/0x290 [ 25.645064][ T12] ? device_add+0xae6/0x16f0 [ 25.649627][ T12] ? usb_set_configuration+0xdf6/0x1670 [ 25.655142][ T12] ? validate_desc.part.0+0x17f/0x240 [ 25.660491][ T12] snd_usb_mixer_controls+0x715/0xb90 [ 25.665886][ T12] ? parse_audio_unit+0x36f0/0x36f0 [ 25.671061][ T12] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 25.676704][ T12] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 25.681966][ T12] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 25.687781][ T12] ? kasan_unpoison_shadow+0x30/0x40 [ 25.693042][ T12] ? usb_ifnum_to_if+0x12b/0x180 [ 25.697963][ T12] snd_usb_create_mixer+0x2b5/0x1890 [ 25.703222][ T12] ? mark_lock+0xbc/0x1160 [ 25.707610][ T12] ? mark_held_locks+0x9f/0xe0 [ 25.712353][ T12] ? snd_usb_mixer_interrupt+0x800/0x800 [ 25.717967][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 25.723227][ T12] ? usb_driver_claim_interface+0x210/0x420 [ 25.729091][ T12] ? snd_usb_create_stream+0x16a/0x4c0 [ 25.734522][ T12] usb_audio_probe+0xc76/0x2010 [ 25.739349][ T12] ? usb_audio_resume+0x20/0x20 [ 25.744262][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 25.750079][ T12] usb_probe_interface+0x305/0x7a0 [ 25.755164][ T12] ? usb_probe_device+0x100/0x100 [ 25.760160][ T12] really_probe+0x281/0x6d0 [ 25.764635][ T12] driver_probe_device+0x104/0x210 [ 25.769716][ T12] __device_attach_driver+0x1c2/0x220 [ 25.775062][ T12] ? driver_allows_async_probing+0x160/0x160 [ 25.781011][ T12] bus_for_each_drv+0x162/0x1e0 [ 25.785952][ T12] ? bus_rescan_devices+0x20/0x20 [ 25.790958][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 25.796740][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 25.802005][ T12] __device_attach+0x217/0x360 [ 25.806744][ T12] ? device_bind_driver+0xd0/0xd0 [ 25.811741][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 25.816999][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 25.822258][ T12] bus_probe_device+0x1e4/0x290 [ 25.827104][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 25.833064][ T12] device_add+0xae6/0x16f0 [ 25.837457][ T12] ? uevent_store+0x50/0x50 [ 25.841937][ T12] usb_set_configuration+0xdf6/0x1670 [ 25.847287][ T12] generic_probe+0x9d/0xd5 [ 25.851678][ T12] usb_probe_device+0x99/0x100 [ 25.856414][ T12] ? usb_suspend+0x620/0x620 [ 25.860977][ T12] really_probe+0x281/0x6d0 [ 25.865452][ T12] driver_probe_device+0x104/0x210 [ 25.870538][ T12] __device_attach_driver+0x1c2/0x220 [ 25.875884][ T12] ? driver_allows_async_probing+0x160/0x160 [ 25.881835][ T12] bus_for_each_drv+0x162/0x1e0 [ 25.886658][ T12] ? bus_rescan_devices+0x20/0x20 [ 25.891653][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 25.897437][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 25.902693][ T12] __device_attach+0x217/0x360 [ 25.909564][ T12] ? device_bind_driver+0xd0/0xd0 [ 25.914591][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 25.919856][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 25.925114][ T12] bus_probe_device+0x1e4/0x290 [ 25.929948][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 25.935945][ T12] device_add+0xae6/0x16f0 [ 25.940338][ T12] ? uevent_store+0x50/0x50 [ 25.944819][ T12] usb_new_device.cold+0x6a4/0xe79 [ 25.949905][ T12] hub_event+0x1dd0/0x37e0 [ 25.954320][ T12] ? hub_port_debounce+0x260/0x260 [ 25.959406][ T12] ? find_held_lock+0x2d/0x110 [ 25.964142][ T12] ? mark_held_locks+0xe0/0xe0 [ 25.968879][ T12] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 25.974394][ T12] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 25.979654][ T12] process_one_work+0x92b/0x1530 [ 25.984568][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 25.989928][ T12] ? do_raw_spin_lock+0x11a/0x280 [ 25.994930][ T12] worker_thread+0x96/0xe20 [ 25.999406][ T12] ? process_one_work+0x1530/0x1530 [ 26.004578][ T12] kthread+0x318/0x420 [ 26.008631][ T12] ? kthread_create_on_node+0xf0/0xf0 [ 26.013974][ T12] ret_from_fork+0x24/0x30 [ 26.018953][ T12] Kernel Offset: disabled [ 26.023359][ T12] Rebooting in 86400 seconds..