[info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 14.498649][ T1662] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 14.600141][ C1] random: crng init done Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.60' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 42.968261][ T83] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 43.208186][ T83] usb 1-1: Using ep0 maxpacket: 8 [ 43.328287][ T83] usb 1-1: config 0 has an invalid interface number: 147 but max is 0 [ 43.336526][ T83] usb 1-1: config 0 has no interface number 0 [ 43.342658][ T83] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=dc.dc [ 43.351689][ T83] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 43.360911][ T83] usb 1-1: config 0 descriptor?? [ 43.608359][ T83] asix 1-1:0.147 (unnamed net_device) (uninitialized): Failed to read MAC address: 0 [ 43.620976][ T83] asix 1-1:0.147 eth1: register 'asix' at usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet, 2a:81:46:51:9b:25 executing program [ 43.810614][ T102] usb 1-1: USB disconnect, device number 2 [ 43.817185][ T102] asix 1-1:0.147 eth1: unregister 'asix' usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet [ 43.898568][ T102] ================================================================== [ 43.906708][ T102] BUG: KASAN: use-after-free in ax88172a_unbind+0x76/0xed [ 43.913830][ T102] Read of size 8 at addr ffff8881d15e9100 by task kworker/0:2/102 [ 43.921603][ T102] [ 43.923910][ T102] CPU: 0 PID: 102 Comm: kworker/0:2 Not tainted 5.4.0-syzkaller #0 [ 43.931768][ T102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.941808][ T102] Workqueue: usb_hub_wq hub_event [ 43.946803][ T102] Call Trace: [ 43.950081][ T102] dump_stack+0xef/0x16e [ 43.954309][ T102] ? ax88172a_unbind+0x76/0xed [ 43.959053][ T102] ? ax88172a_unbind+0x76/0xed [ 43.963797][ T102] print_address_description.constprop.0+0x36/0x50 [ 43.970275][ T102] ? ax88172a_unbind+0x76/0xed [ 43.975018][ T102] ? ax88172a_unbind+0x76/0xed [ 43.979757][ T102] __kasan_report.cold+0x1a/0x33 [ 43.984668][ T102] ? mark_held_locks+0x10/0xe0 [ 43.989409][ T102] ? ax88172a_unbind+0x76/0xed [ 43.994154][ T102] ? ax88172a_bind.cold+0x1e8/0x1e8 [ 43.999335][ T102] kasan_report+0xe/0x20 [ 44.003560][ T102] ax88172a_unbind+0x76/0xed [ 44.008129][ T102] usbnet_disconnect+0x145/0x270 [ 44.013049][ T102] usb_unbind_interface+0x1bd/0x8a0 [ 44.018225][ T102] ? usb_autoresume_device+0x60/0x60 [ 44.023482][ T102] device_release_driver_internal+0x42f/0x500 [ 44.029537][ T102] bus_remove_device+0x2dc/0x4a0 [ 44.034447][ T102] device_del+0x481/0xd30 [ 44.038751][ T102] ? device_create_with_groups+0x120/0x120 [ 44.044527][ T102] ? lockdep_hardirqs_on+0x382/0x580 [ 44.049785][ T102] ? remove_intf_ep_devs+0x13f/0x1d0 [ 44.055041][ T102] usb_disable_device+0x211/0x690 [ 44.060045][ T102] usb_disconnect+0x284/0x8d0 [ 44.064694][ T102] hub_event+0x1753/0x3860 [ 44.069083][ T102] ? hub_port_debounce+0x260/0x260 [ 44.074168][ T102] ? find_held_lock+0x2d/0x110 [ 44.078904][ T102] ? mark_held_locks+0xe0/0xe0 [ 44.083640][ T102] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 44.089156][ T102] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 44.094426][ T102] process_one_work+0x92b/0x1530 [ 44.099339][ T102] ? pwq_dec_nr_in_flight+0x310/0x310 [ 44.104688][ T102] ? do_raw_spin_lock+0x11a/0x280 [ 44.109687][ T102] worker_thread+0x96/0xe20 [ 44.114178][ T102] ? process_one_work+0x1530/0x1530 [ 44.119347][ T102] kthread+0x318/0x420 [ 44.123388][ T102] ? kthread_create_on_node+0xf0/0xf0 [ 44.128738][ T102] ret_from_fork+0x24/0x30 [ 44.133124][ T102] [ 44.135435][ T102] Allocated by task 83: [ 44.139563][ T102] save_stack+0x1b/0x80 [ 44.143692][ T102] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 44.149296][ T102] ax88172a_bind+0x9f/0x7a2 [ 44.153771][ T102] usbnet_probe+0xb43/0x2470 [ 44.158332][ T102] usb_probe_interface+0x305/0x7a0 [ 44.163412][ T102] really_probe+0x281/0x6d0 [ 44.167884][ T102] driver_probe_device+0x104/0x210 [ 44.172978][ T102] __device_attach_driver+0x1c2/0x220 [ 44.178322][ T102] bus_for_each_drv+0x162/0x1e0 [ 44.183143][ T102] __device_attach+0x217/0x360 [ 44.187878][ T102] bus_probe_device+0x1e4/0x290 [ 44.192701][ T102] device_add+0x1480/0x1c20 [ 44.197176][ T102] usb_set_configuration+0xe67/0x1740 [ 44.202522][ T102] generic_probe+0x9d/0xd5 [ 44.206908][ T102] usb_probe_device+0x99/0x100 [ 44.211644][ T102] really_probe+0x281/0x6d0 [ 44.216118][ T102] driver_probe_device+0x104/0x210 [ 44.221201][ T102] __device_attach_driver+0x1c2/0x220 [ 44.226545][ T102] bus_for_each_drv+0x162/0x1e0 [ 44.231377][ T102] __device_attach+0x217/0x360 [ 44.236233][ T102] bus_probe_device+0x1e4/0x290 [ 44.241055][ T102] device_add+0x1480/0x1c20 [ 44.245530][ T102] usb_new_device.cold+0x6a4/0xe79 [ 44.250613][ T102] hub_event+0x1e59/0x3860 [ 44.255001][ T102] process_one_work+0x92b/0x1530 [ 44.259910][ T102] worker_thread+0x96/0xe20 [ 44.264384][ T102] kthread+0x318/0x420 [ 44.268426][ T102] ret_from_fork+0x24/0x30 [ 44.272808][ T102] [ 44.275108][ T102] Freed by task 83: [ 44.278887][ T102] save_stack+0x1b/0x80 [ 44.283016][ T102] __kasan_slab_free+0x130/0x180 [ 44.287930][ T102] kfree+0xdc/0x310 [ 44.291712][ T102] ax88172a_bind.cold+0x4d/0x1e8 [ 44.296623][ T102] usbnet_probe+0xb43/0x2470 [ 44.301185][ T102] usb_probe_interface+0x305/0x7a0 [ 44.306286][ T102] really_probe+0x281/0x6d0 [ 44.310771][ T102] driver_probe_device+0x104/0x210 [ 44.315852][ T102] __device_attach_driver+0x1c2/0x220 [ 44.321197][ T102] bus_for_each_drv+0x162/0x1e0 [ 44.326018][ T102] __device_attach+0x217/0x360 [ 44.330756][ T102] bus_probe_device+0x1e4/0x290 [ 44.335579][ T102] device_add+0x1480/0x1c20 [ 44.340054][ T102] usb_set_configuration+0xe67/0x1740 [ 44.345395][ T102] generic_probe+0x9d/0xd5 [ 44.349784][ T102] usb_probe_device+0x99/0x100 [ 44.354518][ T102] really_probe+0x281/0x6d0 [ 44.358991][ T102] driver_probe_device+0x104/0x210 [ 44.364073][ T102] __device_attach_driver+0x1c2/0x220 [ 44.369432][ T102] bus_for_each_drv+0x162/0x1e0 [ 44.374272][ T102] __device_attach+0x217/0x360 [ 44.379021][ T102] bus_probe_device+0x1e4/0x290 [ 44.383854][ T102] device_add+0x1480/0x1c20 [ 44.388342][ T102] usb_new_device.cold+0x6a4/0xe79 [ 44.393426][ T102] hub_event+0x1e59/0x3860 [ 44.397825][ T102] process_one_work+0x92b/0x1530 [ 44.402735][ T102] worker_thread+0x96/0xe20 [ 44.407209][ T102] kthread+0x318/0x420 [ 44.411249][ T102] ret_from_fork+0x24/0x30 [ 44.415643][ T102] [ 44.417945][ T102] The buggy address belongs to the object at ffff8881d15e9100 [ 44.417945][ T102] which belongs to the cache kmalloc-64 of size 64 [ 44.431809][ T102] The buggy address is located 0 bytes inside of [ 44.431809][ T102] 64-byte region [ffff8881d15e9100, ffff8881d15e9140) [ 44.444788][ T102] The buggy address belongs to the page: [ 44.450402][ T102] page:ffffea0007457a40 refcount:1 mapcount:0 mapping:ffff8881da003180 index:0x0 [ 44.459493][ T102] raw: 0200000000000200 ffffea00074686c0 0000000d0000000d ffff8881da003180 [ 44.468088][ T102] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 44.476644][ T102] page dumped because: kasan: bad access detected [ 44.483072][ T102] [ 44.485387][ T102] Memory state around the buggy address: [ 44.490996][ T102] ffff8881d15e9000: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 44.499032][ T102] ffff8881d15e9080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 44.507067][ T102] >ffff8881d15e9100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 44.515111][ T102] ^ [ 44.519153][ T102] ffff8881d15e9180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 44.527187][ T102] ffff8881d15e9200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 44.535218][ T102] ================================================================== [ 44.543266][ T102] Disabling lock debugging due to kernel taint [ 44.549458][ T102] Kernel panic - not syncing: panic_on_warn set ... [ 44.556031][ T102] CPU: 0 PID: 102 Comm: kworker/0:2 Tainted: G B 5.4.0-syzkaller #0 [ 44.565277][ T102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.575315][ T102] Workqueue: usb_hub_wq hub_event [ 44.580310][ T102] Call Trace: [ 44.583577][ T102] dump_stack+0xef/0x16e [ 44.587807][ T102] panic+0x2aa/0x6e1 [ 44.591676][ T102] ? add_taint.cold+0x16/0x16 [ 44.596327][ T102] ? ax88172a_unbind+0x76/0xed [ 44.601084][ T102] ? trace_hardirqs_on+0x55/0x1e0 [ 44.606183][ T102] ? ax88172a_unbind+0x76/0xed [ 44.610921][ T102] end_report+0x43/0x49 [ 44.615070][ T102] ? ax88172a_unbind+0x76/0xed [ 44.619822][ T102] __kasan_report.cold+0xd/0x33 [ 44.624677][ T102] ? mark_held_locks+0x10/0xe0 [ 44.629424][ T102] ? ax88172a_unbind+0x76/0xed [ 44.634165][ T102] ? ax88172a_bind.cold+0x1e8/0x1e8 [ 44.639343][ T102] kasan_report+0xe/0x20 [ 44.643565][ T102] ax88172a_unbind+0x76/0xed [ 44.648146][ T102] usbnet_disconnect+0x145/0x270 [ 44.653074][ T102] usb_unbind_interface+0x1bd/0x8a0 [ 44.658450][ T102] ? usb_autoresume_device+0x60/0x60 [ 44.663713][ T102] device_release_driver_internal+0x42f/0x500 [ 44.669757][ T102] bus_remove_device+0x2dc/0x4a0 [ 44.674672][ T102] device_del+0x481/0xd30 [ 44.678992][ T102] ? device_create_with_groups+0x120/0x120 [ 44.684792][ T102] ? lockdep_hardirqs_on+0x382/0x580 [ 44.690123][ T102] ? remove_intf_ep_devs+0x13f/0x1d0 [ 44.695392][ T102] usb_disable_device+0x211/0x690 [ 44.700402][ T102] usb_disconnect+0x284/0x8d0 [ 44.705059][ T102] hub_event+0x1753/0x3860 [ 44.709490][ T102] ? hub_port_debounce+0x260/0x260 [ 44.714591][ T102] ? find_held_lock+0x2d/0x110 [ 44.719335][ T102] ? mark_held_locks+0xe0/0xe0 [ 44.724080][ T102] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 44.729604][ T102] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 44.734867][ T102] process_one_work+0x92b/0x1530 [ 44.739792][ T102] ? pwq_dec_nr_in_flight+0x310/0x310 [ 44.745146][ T102] ? do_raw_spin_lock+0x11a/0x280 [ 44.750157][ T102] worker_thread+0x96/0xe20 [ 44.754647][ T102] ? process_one_work+0x1530/0x1530 [ 44.759821][ T102] kthread+0x318/0x420 [ 44.763870][ T102] ? kthread_create_on_node+0xf0/0xf0 [ 44.769297][ T102] ret_from_fork+0x24/0x30 [ 44.774495][ T102] Kernel Offset: disabled [ 44.778814][ T102] Rebooting in 86400 seconds..