[info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 14.748000][ T1677] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.164871][ T1717] random: sshd: uninitialized urandom read (32 bytes read) [ 36.191582][ C1] random: crng init done Warning: Permanently added '10.128.1.61' (ECDSA) to the list of known hosts. executing program [ 57.621404][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 57.861382][ T12] usb 1-1: Using ep0 maxpacket: 32 [ 57.981475][ T12] usb 1-1: config 0 has an invalid interface number: 251 but max is 0 [ 57.990026][ T12] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 58.000927][ T12] usb 1-1: config 0 has no interface number 0 [ 58.012231][ T12] usb 1-1: New USB device found, idVendor=9022, idProduct=d421, bcdDevice=dd.f0 [ 58.021250][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.030843][ T12] usb 1-1: config 0 descriptor?? [ 58.083455][ T12] dw2102: su3000_identify_state [ 58.088656][ T12] dvb-usb: found a 'TeVii S421 PCI' in warm state. [ 58.095400][ T12] dw2102: su3000_power_ctrl: 1, initialized 0 [ 58.102469][ T12] dvb-usb: bulk message failed: -8 (2/0) [ 58.109713][ T12] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 58.131761][ T12] dvbdev: DVB: registering new adapter (TeVii S421 PCI) [ 58.142269][ T12] usb 1-1: media controller created [ 58.147825][ T12] dvb-usb: bulk message failed: -8 (6/0) [ 58.153851][ T12] dw2102: i2c transfer failed. [ 58.158779][ T12] dvb-usb: bulk message failed: -8 (6/0) [ 58.164452][ T12] dw2102: i2c transfer failed. [ 58.169656][ T12] dvb-usb: bulk message failed: -8 (6/0) [ 58.175599][ T12] dw2102: i2c transfer failed. [ 58.180451][ T12] dvb-usb: bulk message failed: -8 (6/0) [ 58.186337][ T12] dw2102: i2c transfer failed. [ 58.191794][ T12] dvb-usb: bulk message failed: -8 (6/0) [ 58.197576][ T12] dw2102: i2c transfer failed. [ 58.202672][ T12] dvb-usb: bulk message failed: -8 (6/0) [ 58.208307][ T12] dw2102: i2c transfer failed. [ 58.213782][ T12] dvb-usb: MAC address: 02:02:02:02:02:02 [ 58.223548][ T12] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 58.239407][ T12] dvb-usb: bulk message failed: -8 (1/0) [ 58.245218][ T12] dw2102: command 0x51 transfer failed. [ 58.253447][ T12] dvb-usb: bulk message failed: -8 (5/0) [ 58.259155][ T12] dw2102: i2c transfer failed. [ 58.264199][ T12] dvb-usb: bulk message failed: -8 (5/0) [ 58.269841][ T12] dw2102: i2c transfer failed. [ 58.274812][ T12] dvb-usb: bulk message failed: -8 (5/0) executing program [ 58.281239][ T12] dw2102: i2c transfer failed. [ 58.312125][ T12] dvb-usb: bulk message failed: -8 (5/0) [ 58.320093][ T12] dw2102: i2c transfer failed. [ 58.329056][ T12] dvb-usb: bulk message failed: -8 (5/0) [ 58.337416][ T12] dw2102: i2c transfer failed. [ 58.343113][ T12] dvb-usb: bulk message failed: -8 (5/0) [ 58.349238][ T12] dw2102: i2c transfer failed. [ 58.381461][ T12] dvb-usb: bulk message failed: -8 (5/0) [ 58.387104][ T12] dw2102: i2c transfer failed. [ 58.392066][ T12] dvb-usb: bulk message failed: -8 (5/0) [ 58.398093][ T12] dw2102: i2c transfer failed. [ 58.402986][ T12] dvb-usb: bulk message failed: -8 (5/0) [ 58.408631][ T12] dw2102: i2c transfer failed. [ 58.415317][ T12] dvb-usb: bulk message failed: -8 (5/0) [ 58.421132][ T12] dw2102: i2c transfer failed. [ 58.426028][ T12] dvb-usb: bulk message failed: -8 (5/0) [ 58.431734][ T12] dw2102: i2c transfer failed. [ 58.436541][ T12] dvb-usb: bulk message failed: -8 (5/0) [ 58.442466][ T12] dw2102: i2c transfer failed. [ 58.447299][ T12] ts2020 0-0060: Montage Technology TS2020 successfully identified [ 58.455851][ T12] dw2102: Attached RS2000/TS2020! [ 58.461061][ T12] usb 1-1: DVB: registering adapter 0 frontend 0 (M88RS2000 DVB-S)... [ 58.469756][ T12] dvbdev: dvb_create_media_entity: media entity 'M88RS2000 DVB-S' registered. [ 58.531819][ T12] Registered IR keymap rc-su3000 [ 58.537465][ T12] rc rc0: TeVii S421 PCI as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0 [ 58.547090][ T12] input: TeVii S421 PCI as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input5 [ 58.558344][ T12] dvb-usb: schedule remote query interval to 150 msecs. [ 58.565474][ T12] dw2102: su3000_power_ctrl: 0, initialized 1 [ 58.571597][ T12] dvb-usb: TeVii S421 PCI successfully initialized and connected. [ 58.581420][ T12] usb 1-1: USB disconnect, device number 2 [ 58.588556][ T12] ================================================================== [ 58.598382][ T12] BUG: KASAN: use-after-free in dvb_usb_device_exit+0xb6/0xc0 [ 58.606067][ T12] Read of size 8 at addr ffff8881d3da02d8 by task kworker/0:1/12 [ 58.614157][ T12] [ 58.616488][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.2.0-rc6+ #14 [ 58.625111][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.635340][ T12] Workqueue: usb_hub_wq hub_event [ 58.641259][ T12] Call Trace: [ 58.647631][ T12] dump_stack+0xca/0x13e [ 58.652898][ T12] ? dvb_usb_device_exit+0xb6/0xc0 [ 58.659303][ T12] ? dvb_usb_device_exit+0xb6/0xc0 [ 58.664411][ T12] print_address_description+0x67/0x231 [ 58.670572][ T12] ? dvb_usb_device_exit+0xb6/0xc0 [ 58.675828][ T12] ? dvb_usb_device_exit+0xb6/0xc0 [ 58.682535][ T12] __kasan_report.cold+0x1a/0x32 [ 58.687603][ T12] ? dvb_usb_device_exit+0xb6/0xc0 [ 58.692714][ T12] kasan_report+0xe/0x20 [ 58.697152][ T12] dvb_usb_device_exit+0xb6/0xc0 [ 58.702144][ T12] usb_unbind_interface+0x1bd/0x8a0 [ 58.707785][ T12] ? usb_autoresume_device+0x60/0x60 [ 58.713064][ T12] device_release_driver_internal+0x404/0x4c0 [ 58.719700][ T12] bus_remove_device+0x2dc/0x4a0 [ 58.724749][ T12] device_del+0x460/0xb80 [ 58.729187][ T12] ? __device_links_no_driver+0x240/0x240 [ 58.735031][ T12] ? usb_remove_ep_devs+0x3e/0x80 [ 58.740232][ T12] ? remove_intf_ep_devs+0x13f/0x1d0 [ 58.745598][ T12] usb_disable_device+0x211/0x690 [ 58.751583][ T12] usb_disconnect+0x284/0x830 [ 58.756261][ T12] hub_event+0x143d/0x35f0 [ 58.760947][ T12] ? hub_port_debounce+0x260/0x260 [ 58.766131][ T12] process_one_work+0x905/0x1570 [ 58.771717][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 58.777436][ T12] ? do_raw_spin_lock+0x11a/0x280 [ 58.783122][ T12] worker_thread+0x7ab/0xe20 [ 58.797237][ T12] ? process_one_work+0x1570/0x1570 [ 58.803342][ T12] kthread+0x30b/0x410 [ 58.808003][ T12] ? kthread_park+0x1a0/0x1a0 [ 58.813640][ T12] ret_from_fork+0x24/0x30 [ 58.819170][ T12] [ 58.824362][ T12] Allocated by task 12: [ 58.828731][ T12] save_stack+0x1b/0x80 [ 58.833347][ T12] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 58.839163][ T12] __kmalloc_track_caller+0xe2/0x2b0 [ 58.846530][ T12] kmemdup+0x23/0x50 [ 58.850856][ T12] dw2102_probe+0x627/0xc40 [ 58.855382][ T12] usb_probe_interface+0x305/0x7a0 [ 58.860675][ T12] really_probe+0x281/0x660 [ 58.867729][ T12] driver_probe_device+0x104/0x210 [ 58.873151][ T12] __device_attach_driver+0x1c2/0x220 [ 58.880615][ T12] bus_for_each_drv+0x15c/0x1e0 [ 58.894280][ T12] __device_attach+0x217/0x360 [ 58.903584][ T12] bus_probe_device+0x1e4/0x290 [ 58.908452][ T12] device_add+0xae6/0x16f0 [ 58.912951][ T12] usb_set_configuration+0xdf6/0x1670 [ 58.919017][ T12] generic_probe+0x9d/0xd5 [ 58.923755][ T12] usb_probe_device+0x99/0x100 [ 58.928603][ T12] really_probe+0x281/0x660 [ 58.933098][ T12] driver_probe_device+0x104/0x210 [ 58.938378][ T12] __device_attach_driver+0x1c2/0x220 [ 58.943740][ T12] bus_for_each_drv+0x15c/0x1e0 [ 58.948581][ T12] __device_attach+0x217/0x360 [ 58.953377][ T12] bus_probe_device+0x1e4/0x290 [ 58.958226][ T12] device_add+0xae6/0x16f0 [ 58.962907][ T12] usb_new_device.cold+0x8c1/0x1016 [ 58.968311][ T12] hub_event+0x1b3d/0x35f0 [ 58.972742][ T12] process_one_work+0x905/0x1570 [ 58.977819][ T12] worker_thread+0x96/0xe20 [ 58.982317][ T12] kthread+0x30b/0x410 [ 58.986376][ T12] ret_from_fork+0x24/0x30 [ 58.990781][ T12] [ 58.993138][ T12] Freed by task 12: [ 58.997054][ T12] save_stack+0x1b/0x80 [ 59.001206][ T12] __kasan_slab_free+0x130/0x180 [ 59.006409][ T12] kfree+0xd7/0x280 [ 59.010275][ T12] dw2102_probe+0x871/0xc40 [ 59.015056][ T12] usb_probe_interface+0x305/0x7a0 [ 59.020431][ T12] really_probe+0x281/0x660 [ 59.024938][ T12] driver_probe_device+0x104/0x210 [ 59.030916][ T12] __device_attach_driver+0x1c2/0x220 [ 59.036385][ T12] bus_for_each_drv+0x15c/0x1e0 [ 59.041324][ T12] __device_attach+0x217/0x360 [ 59.046094][ T12] bus_probe_device+0x1e4/0x290 [ 59.050933][ T12] device_add+0xae6/0x16f0 [ 59.055340][ T12] usb_set_configuration+0xdf6/0x1670 [ 59.060729][ T12] generic_probe+0x9d/0xd5 [ 59.065171][ T12] usb_probe_device+0x99/0x100 [ 59.069943][ T12] really_probe+0x281/0x660 [ 59.074473][ T12] driver_probe_device+0x104/0x210 [ 59.079573][ T12] __device_attach_driver+0x1c2/0x220 [ 59.084929][ T12] bus_for_each_drv+0x15c/0x1e0 [ 59.089984][ T12] __device_attach+0x217/0x360 [ 59.094838][ T12] bus_probe_device+0x1e4/0x290 [ 59.099683][ T12] device_add+0xae6/0x16f0 [ 59.104136][ T12] usb_new_device.cold+0x8c1/0x1016 [ 59.110356][ T12] hub_event+0x1b3d/0x35f0 [ 59.115158][ T12] process_one_work+0x905/0x1570 [ 59.120125][ T12] worker_thread+0x96/0xe20 [ 59.124619][ T12] kthread+0x30b/0x410 [ 59.128678][ T12] ret_from_fork+0x24/0x30 [ 59.133489][ T12] [ 59.135922][ T12] The buggy address belongs to the object at ffff8881d3da0000 [ 59.135922][ T12] which belongs to the cache kmalloc-4k of size 4096 [ 59.150069][ T12] The buggy address is located 728 bytes inside of [ 59.150069][ T12] 4096-byte region [ffff8881d3da0000, ffff8881d3da1000) [ 59.163448][ T12] The buggy address belongs to the page: [ 59.169074][ T12] page:ffffea00074f6800 refcount:1 mapcount:0 mapping:ffff8881dac02600 index:0x0 compound_mapcount: 0 [ 59.182617][ T12] flags: 0x200000000010200(slab|head) [ 59.188076][ T12] raw: 0200000000010200 dead000000000100 dead000000000200 ffff8881dac02600 [ 59.196683][ T12] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000 [ 59.205315][ T12] page dumped because: kasan: bad access detected [ 59.211818][ T12] [ 59.214127][ T12] Memory state around the buggy address: [ 59.219753][ T12] ffff8881d3da0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.227802][ T12] ffff8881d3da0200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.235954][ T12] >ffff8881d3da0280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.243998][ T12] ^ [ 59.251700][ T12] ffff8881d3da0300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.260795][ T12] ffff8881d3da0380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.268908][ T12] ================================================================== [ 59.277029][ T12] Disabling lock debugging due to kernel taint [ 59.283242][ T12] Kernel panic - not syncing: panic_on_warn set ... [ 59.289847][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G B 5.2.0-rc6+ #14 [ 59.298686][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.308735][ T12] Workqueue: usb_hub_wq hub_event [ 59.313776][ T12] Call Trace: [ 59.317072][ T12] dump_stack+0xca/0x13e [ 59.321310][ T12] panic+0x292/0x6c9 [ 59.325376][ T12] ? __warn_printk+0xf3/0xf3 [ 59.329955][ T12] ? dvb_usb_device_exit+0xb6/0xc0 [ 59.335429][ T12] ? trace_hardirqs_on+0x55/0x1c0 [ 59.340540][ T12] ? dvb_usb_device_exit+0xb6/0xc0 [ 59.345639][ T12] end_report+0x43/0x49 [ 59.349784][ T12] ? dvb_usb_device_exit+0xb6/0xc0 [ 59.354916][ T12] __kasan_report.cold+0xd/0x32 [ 59.359758][ T12] ? dvb_usb_device_exit+0xb6/0xc0 [ 59.364982][ T12] kasan_report+0xe/0x20 [ 59.369216][ T12] dvb_usb_device_exit+0xb6/0xc0 [ 59.374488][ T12] usb_unbind_interface+0x1bd/0x8a0 [ 59.379905][ T12] ? usb_autoresume_device+0x60/0x60 [ 59.385725][ T12] device_release_driver_internal+0x404/0x4c0 [ 59.391792][ T12] bus_remove_device+0x2dc/0x4a0 [ 59.396767][ T12] device_del+0x460/0xb80 [ 59.401105][ T12] ? __device_links_no_driver+0x240/0x240 [ 59.407360][ T12] ? usb_remove_ep_devs+0x3e/0x80 [ 59.412376][ T12] ? remove_intf_ep_devs+0x13f/0x1d0 [ 59.417645][ T12] usb_disable_device+0x211/0x690 [ 59.423746][ T12] usb_disconnect+0x284/0x830 [ 59.428469][ T12] hub_event+0x143d/0x35f0 [ 59.432922][ T12] ? hub_port_debounce+0x260/0x260 [ 59.438141][ T12] process_one_work+0x905/0x1570 [ 59.443516][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 59.448873][ T12] ? do_raw_spin_lock+0x11a/0x280 [ 59.453888][ T12] worker_thread+0x7ab/0xe20 [ 59.458553][ T12] ? process_one_work+0x1570/0x1570 [ 59.463739][ T12] kthread+0x30b/0x410 [ 59.467882][ T12] ? kthread_park+0x1a0/0x1a0 [ 59.472721][ T12] ret_from_fork+0x24/0x30 [ 59.477615][ T12] Kernel Offset: disabled [ 59.481992][ T12] Rebooting in 86400 seconds..