[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 14.172035][ T1659] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 18.600539][ T1693] random: sshd: uninitialized urandom read (32 bytes read)
[ 18.645166][ C1] random: crng init done
Warning: Permanently added '10.128.0.232' (ECDSA) to the list of known hosts.
executing program
[ 25.307810][ T83] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 25.547800][ T83] usb 1-1: Using ep0 maxpacket: 32
[ 25.667896][ T83] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[ 25.678923][ T83] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 25.847890][ T83] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 25.857094][ T83] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 25.865158][ T83] usb 1-1: Product: syz
[ 25.869357][ T83] usb 1-1: Manufacturer: syz
[ 25.873936][ T83] usb 1-1: SerialNumber: syz
executing program
[ 26.237968][ T83] ==================================================================
[ 26.246293][ T83] BUG: KASAN: slab-out-of-bounds in parse_term_proc_unit+0x57a/0x5e0
[ 26.254339][ T83] Read of size 1 at addr ffff8881d5978fce by task kworker/1:2/83
[ 26.262022][ T83]
[ 26.264332][ T83] CPU: 1 PID: 83 Comm: kworker/1:2 Not tainted 5.4.0-rc3+ #0
[ 26.271676][ T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 26.281718][ T83] Workqueue: usb_hub_wq hub_event
[ 26.286715][ T83] Call Trace:
[ 26.289983][ T83] dump_stack+0xca/0x13e
[ 26.294199][ T83] ? parse_term_proc_unit+0x57a/0x5e0
[ 26.299542][ T83] ? parse_term_proc_unit+0x57a/0x5e0
[ 26.304891][ T83] print_address_description.constprop.0+0x36/0x50
[ 26.311366][ T83] ? parse_term_proc_unit+0x57a/0x5e0
[ 26.316714][ T83] ? parse_term_proc_unit+0x57a/0x5e0
[ 26.322070][ T83] __kasan_report.cold+0x1a/0x33
[ 26.326984][ T83] ? parse_term_proc_unit+0x57a/0x5e0
[ 26.332329][ T83] kasan_report+0xe/0x20
[ 26.336553][ T83] parse_term_proc_unit+0x57a/0x5e0
[ 26.341726][ T83] __check_input_term+0xc32/0x13f0
[ 26.346811][ T83] parse_audio_unit+0x101d/0x36f0
[ 26.351818][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 26.357608][ T83] ? lockdep_hardirqs_on+0x382/0x580
[ 26.362872][ T83] ? stack_depot_save+0x252/0x440
[ 26.367871][ T83] ? build_audio_procunit+0x13f0/0x13f0
[ 26.373389][ T83] ? save_stack+0x1b/0x80
[ 26.377694][ T83] ? __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 26.383484][ T83] ? snd_usb_create_mixer+0x180/0x1890
[ 26.388915][ T83] ? usb_audio_probe+0xc76/0x2010
[ 26.393912][ T83] ? usb_probe_interface+0x305/0x7a0
[ 26.399180][ T83] ? really_probe+0x281/0x6d0
[ 26.403834][ T83] ? driver_probe_device+0x104/0x210
[ 26.409100][ T83] ? __device_attach_driver+0x1c2/0x220
[ 26.414617][ T83] ? bus_for_each_drv+0x162/0x1e0
[ 26.419622][ T83] ? __device_attach+0x217/0x360
[ 26.424543][ T83] ? bus_probe_device+0x1e4/0x290
[ 26.429552][ T83] ? device_add+0xae6/0x16f0
[ 26.434127][ T83] ? usb_set_configuration+0xdf6/0x1670
[ 26.439649][ T83] ? validate_desc.part.0+0x17f/0x240
[ 26.444997][ T83] snd_usb_mixer_controls+0x715/0xb90
[ 26.450354][ T83] ? parse_audio_unit+0x36f0/0x36f0
[ 26.455548][ T83] ? fs_reclaim_acquire.part.0+0x30/0x30
[ 26.461156][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 26.466415][ T83] ? __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 26.472207][ T83] ? kasan_unpoison_shadow+0x30/0x40
[ 26.477468][ T83] ? usb_ifnum_to_if+0x12b/0x180
[ 26.482389][ T83] snd_usb_create_mixer+0x2b5/0x1890
[ 26.487655][ T83] ? mark_lock+0xbc/0x1160
[ 26.492047][ T83] ? mark_held_locks+0x9f/0xe0
[ 26.496783][ T83] ? snd_usb_mixer_interrupt+0x800/0x800
[ 26.502389][ T83] ? lockdep_hardirqs_on+0x382/0x580
[ 26.507648][ T83] ? usb_driver_claim_interface+0x210/0x420
[ 26.513519][ T83] ? snd_usb_create_stream+0x16a/0x4c0
[ 26.518959][ T83] usb_audio_probe+0xc76/0x2010
[ 26.523782][ T83] ? usb_audio_resume+0x20/0x20
[ 26.528608][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 26.534476][ T83] usb_probe_interface+0x305/0x7a0
[ 26.539559][ T83] ? usb_probe_device+0x100/0x100
[ 26.544560][ T83] really_probe+0x281/0x6d0
[ 26.549045][ T83] driver_probe_device+0x104/0x210
[ 26.554156][ T83] __device_attach_driver+0x1c2/0x220
[ 26.559516][ T83] ? driver_allows_async_probing+0x160/0x160
[ 26.565478][ T83] bus_for_each_drv+0x162/0x1e0
[ 26.570308][ T83] ? bus_rescan_devices+0x20/0x20
[ 26.575316][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 26.581129][ T83] ? lockdep_hardirqs_on+0x382/0x580
[ 26.586404][ T83] __device_attach+0x217/0x360
[ 26.591149][ T83] ? device_bind_driver+0xd0/0xd0
[ 26.596149][ T83] ? kobject_uevent_env+0x29e/0x1150
[ 26.601411][ T83] ? kobject_uevent_env+0x2a8/0x1150
[ 26.606672][ T83] bus_probe_device+0x1e4/0x290
[ 26.611515][ T83] ? blocking_notifier_call_chain+0x54/0xa0
[ 26.617405][ T83] device_add+0xae6/0x16f0
[ 26.621793][ T83] ? uevent_store+0x50/0x50
[ 26.626274][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 26.632067][ T83] usb_set_configuration+0xdf6/0x1670
[ 26.637504][ T83] generic_probe+0x9d/0xd5
[ 26.641994][ T83] usb_probe_device+0x99/0x100
[ 26.646736][ T83] ? usb_suspend+0x620/0x620
[ 26.651305][ T83] really_probe+0x281/0x6d0
[ 26.655805][ T83] driver_probe_device+0x104/0x210
[ 26.660978][ T83] __device_attach_driver+0x1c2/0x220
[ 26.666324][ T83] ? driver_allows_async_probing+0x160/0x160
[ 26.672275][ T83] bus_for_each_drv+0x162/0x1e0
[ 26.677110][ T83] ? bus_rescan_devices+0x20/0x20
[ 26.682116][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 26.687904][ T83] ? lockdep_hardirqs_on+0x382/0x580
[ 26.693178][ T83] __device_attach+0x217/0x360
[ 26.697929][ T83] ? device_bind_driver+0xd0/0xd0
[ 26.703067][ T83] ? kobject_uevent_env+0x29e/0x1150
[ 26.708535][ T83] ? kobject_uevent_env+0x2a8/0x1150
[ 26.713819][ T83] bus_probe_device+0x1e4/0x290
[ 26.718655][ T83] ? blocking_notifier_call_chain+0x54/0xa0
[ 26.724525][ T83] device_add+0xae6/0x16f0
[ 26.728917][ T83] ? uevent_store+0x50/0x50
[ 26.733398][ T83] usb_new_device.cold+0x6a4/0xe79
[ 26.738487][ T83] hub_event+0x1dd0/0x37e0
[ 26.742882][ T83] ? hub_port_debounce+0x260/0x260
[ 26.748156][ T83] ? find_held_lock+0x2d/0x110
[ 26.753113][ T83] ? mark_held_locks+0xe0/0xe0
[ 26.757943][ T83] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 26.763477][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 26.768740][ T83] process_one_work+0x92b/0x1530
[ 26.773658][ T83] ? pwq_dec_nr_in_flight+0x310/0x310
[ 26.779119][ T83] ? do_raw_spin_lock+0x11a/0x280
[ 26.784143][ T83] worker_thread+0x96/0xe20
[ 26.788637][ T83] ? process_one_work+0x1530/0x1530
[ 26.793810][ T83] kthread+0x318/0x420
[ 26.798046][ T83] ? kthread_create_on_node+0xf0/0xf0
[ 26.806363][ T83] ret_from_fork+0x24/0x30
[ 26.810752][ T83]
[ 26.813067][ T83] Allocated by task 83:
[ 26.817583][ T83] save_stack+0x1b/0x80
[ 26.821725][ T83] __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 26.827345][ T83] usb_get_configuration+0x314/0x3050
[ 26.832715][ T83] usb_new_device+0xd3/0x160
[ 26.837277][ T83] hub_event+0x1dd0/0x37e0
[ 26.841682][ T83] process_one_work+0x92b/0x1530
[ 26.846600][ T83] worker_thread+0x96/0xe20
[ 26.851075][ T83] kthread+0x318/0x420
[ 26.855118][ T83] ret_from_fork+0x24/0x30
[ 26.859522][ T83]
[ 26.861828][ T83] Freed by task 1:
[ 26.865536][ T83] save_stack+0x1b/0x80
[ 26.869686][ T83] __kasan_slab_free+0x130/0x180
[ 26.874611][ T83] kfree+0xe4/0x320
[ 26.878406][ T83] rcu_core+0x630/0x1ca0
[ 26.882642][ T83] __do_softirq+0x221/0x912
[ 26.887119][ T83]
[ 26.889438][ T83] The buggy address belongs to the object at ffff8881d5978f00
[ 26.889438][ T83] which belongs to the cache kmalloc-192 of size 192
[ 26.903477][ T83] The buggy address is located 14 bytes to the right of
[ 26.903477][ T83] 192-byte region [ffff8881d5978f00, ffff8881d5978fc0)
[ 26.917154][ T83] The buggy address belongs to the page:
[ 26.922763][ T83] page:ffffea0007565e00 refcount:1 mapcount:0 mapping:ffff8881da002a00 index:0x0
[ 26.931844][ T83] flags: 0x200000000000200(slab)
[ 26.936770][ T83] raw: 0200000000000200 ffffea0007562740 0000000600000006 ffff8881da002a00
[ 26.945358][ T83] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 26.953924][ T83] page dumped because: kasan: bad access detected
[ 26.960318][ T83]
[ 26.962620][ T83] Memory state around the buggy address:
[ 26.968253][ T83] ffff8881d5978e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 26.976308][ T83] ffff8881d5978f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 26.984392][ T83] >ffff8881d5978f80: 00 00 00 00 05 fc fc fc fc fc fc fc fc fc fc fc
[ 26.992426][ T83] ^
[ 26.998814][ T83] ffff8881d5979000: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 27.006850][ T83] ffff8881d5979080: fb fb fc fc fb fb fc fc fb fb fc fc fb fb fc fc
[ 27.014890][ T83] ==================================================================
[ 27.022936][ T83] Disabling lock debugging due to kernel taint
[ 27.029350][ T83] Kernel panic - not syncing: panic_on_warn set ...
[ 27.035938][ T83] CPU: 1 PID: 83 Comm: kworker/1:2 Tainted: G B 5.4.0-rc3+ #0
[ 27.044670][ T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 27.054819][ T83] Workqueue: usb_hub_wq hub_event
[ 27.059820][ T83] Call Trace:
[ 27.063090][ T83] dump_stack+0xca/0x13e
[ 27.067309][ T83] panic+0x2aa/0x6e1
[ 27.071185][ T83] ? add_taint.cold+0x16/0x16
[ 27.075844][ T83] ? retint_kernel+0x10/0x10
[ 27.080411][ T83] ? trace_hardirqs_on+0x55/0x1e0
[ 27.085423][ T83] ? parse_term_proc_unit+0x57a/0x5e0
[ 27.090768][ T83] end_report+0x43/0x49
[ 27.094898][ T83] ? parse_term_proc_unit+0x57a/0x5e0
[ 27.100243][ T83] __kasan_report.cold+0xd/0x33
[ 27.105079][ T83] ? parse_term_proc_unit+0x57a/0x5e0
[ 27.110437][ T83] kasan_report+0xe/0x20
[ 27.114654][ T83] parse_term_proc_unit+0x57a/0x5e0
[ 27.119839][ T83] __check_input_term+0xc32/0x13f0
[ 27.124948][ T83] parse_audio_unit+0x101d/0x36f0
[ 27.129948][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 27.135745][ T83] ? lockdep_hardirqs_on+0x382/0x580
[ 27.141014][ T83] ? stack_depot_save+0x252/0x440
[ 27.146011][ T83] ? build_audio_procunit+0x13f0/0x13f0
[ 27.151529][ T83] ? save_stack+0x1b/0x80
[ 27.155838][ T83] ? __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 27.161627][ T83] ? snd_usb_create_mixer+0x180/0x1890
[ 27.167059][ T83] ? usb_audio_probe+0xc76/0x2010
[ 27.172069][ T83] ? usb_probe_interface+0x305/0x7a0
[ 27.177327][ T83] ? really_probe+0x281/0x6d0
[ 27.181978][ T83] ? driver_probe_device+0x104/0x210
[ 27.187259][ T83] ? __device_attach_driver+0x1c2/0x220
[ 27.192778][ T83] ? bus_for_each_drv+0x162/0x1e0
[ 27.197791][ T83] ? __device_attach+0x217/0x360
[ 27.202704][ T83] ? bus_probe_device+0x1e4/0x290
[ 27.207704][ T83] ? device_add+0xae6/0x16f0
[ 27.212276][ T83] ? usb_set_configuration+0xdf6/0x1670
[ 27.217796][ T83] ? validate_desc.part.0+0x17f/0x240
[ 27.223143][ T83] snd_usb_mixer_controls+0x715/0xb90
[ 27.228502][ T83] ? parse_audio_unit+0x36f0/0x36f0
[ 27.233869][ T83] ? fs_reclaim_acquire.part.0+0x30/0x30
[ 27.239502][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 27.244934][ T83] ? __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 27.250716][ T83] ? kasan_unpoison_shadow+0x30/0x40
[ 27.255987][ T83] ? usb_ifnum_to_if+0x12b/0x180
[ 27.260921][ T83] snd_usb_create_mixer+0x2b5/0x1890
[ 27.266366][ T83] ? mark_lock+0xbc/0x1160
[ 27.270766][ T83] ? mark_held_locks+0x9f/0xe0
[ 27.275500][ T83] ? snd_usb_mixer_interrupt+0x800/0x800
[ 27.281108][ T83] ? lockdep_hardirqs_on+0x382/0x580
[ 27.286375][ T83] ? usb_driver_claim_interface+0x210/0x420
[ 27.292335][ T83] ? snd_usb_create_stream+0x16a/0x4c0
[ 27.297790][ T83] usb_audio_probe+0xc76/0x2010
[ 27.302619][ T83] ? usb_audio_resume+0x20/0x20
[ 27.307450][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 27.313242][ T83] usb_probe_interface+0x305/0x7a0
[ 27.318339][ T83] ? usb_probe_device+0x100/0x100
[ 27.323340][ T83] really_probe+0x281/0x6d0
[ 27.327828][ T83] driver_probe_device+0x104/0x210
[ 27.332932][ T83] __device_attach_driver+0x1c2/0x220
[ 27.338278][ T83] ? driver_allows_async_probing+0x160/0x160
[ 27.344234][ T83] bus_for_each_drv+0x162/0x1e0
[ 27.349059][ T83] ? bus_rescan_devices+0x20/0x20
[ 27.354246][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 27.360027][ T83] ? lockdep_hardirqs_on+0x382/0x580
[ 27.365289][ T83] __device_attach+0x217/0x360
[ 27.370037][ T83] ? device_bind_driver+0xd0/0xd0
[ 27.375052][ T83] ? kobject_uevent_env+0x29e/0x1150
[ 27.380411][ T83] ? kobject_uevent_env+0x2a8/0x1150
[ 27.385679][ T83] bus_probe_device+0x1e4/0x290
[ 27.390506][ T83] ? blocking_notifier_call_chain+0x54/0xa0
[ 27.396372][ T83] device_add+0xae6/0x16f0
[ 27.400763][ T83] ? uevent_store+0x50/0x50
[ 27.405240][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 27.411021][ T83] usb_set_configuration+0xdf6/0x1670
[ 27.416366][ T83] generic_probe+0x9d/0xd5
[ 27.420769][ T83] usb_probe_device+0x99/0x100
[ 27.425507][ T83] ? usb_suspend+0x620/0x620
[ 27.430071][ T83] really_probe+0x281/0x6d0
[ 27.434548][ T83] driver_probe_device+0x104/0x210
[ 27.439646][ T83] __device_attach_driver+0x1c2/0x220
[ 27.444991][ T83] ? driver_allows_async_probing+0x160/0x160
[ 27.450942][ T83] bus_for_each_drv+0x162/0x1e0
[ 27.455764][ T83] ? bus_rescan_devices+0x20/0x20
[ 27.460772][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 27.466552][ T83] ? lockdep_hardirqs_on+0x382/0x580
[ 27.471811][ T83] __device_attach+0x217/0x360
[ 27.476561][ T83] ? device_bind_driver+0xd0/0xd0
[ 27.481572][ T83] ? kobject_uevent_env+0x29e/0x1150
[ 27.486830][ T83] ? kobject_uevent_env+0x2a8/0x1150
[ 27.492087][ T83] bus_probe_device+0x1e4/0x290
[ 27.496928][ T83] ? blocking_notifier_call_chain+0x54/0xa0
[ 27.502792][ T83] device_add+0xae6/0x16f0
[ 27.507181][ T83] ? uevent_store+0x50/0x50
[ 27.511656][ T83] usb_new_device.cold+0x6a4/0xe79
[ 27.516741][ T83] hub_event+0x1dd0/0x37e0
[ 27.521130][ T83] ? hub_port_debounce+0x260/0x260
[ 27.526214][ T83] ? find_held_lock+0x2d/0x110
[ 27.530952][ T83] ? mark_held_locks+0xe0/0xe0
[ 27.535689][ T83] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 27.541205][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 27.546480][ T83] process_one_work+0x92b/0x1530
[ 27.551393][ T83] ? pwq_dec_nr_in_flight+0x310/0x310
[ 27.556737][ T83] ? do_raw_spin_lock+0x11a/0x280
[ 27.561737][ T83] worker_thread+0x96/0xe20
[ 27.566223][ T83] ? process_one_work+0x1530/0x1530
[ 27.571404][ T83] kthread+0x318/0x420
[ 27.575459][ T83] ? kthread_create_on_node+0xf0/0xf0
[ 27.580807][ T83] ret_from_fork+0x24/0x30
[ 27.585838][ T83] Kernel Offset: disabled
[ 27.590148][ T83] Rebooting in 86400 seconds..