[info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 14.210187][ C1] random: crng init done [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.193' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 77.123703][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 77.362952][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 77.483023][ T12] usb 1-1: config 0 has an invalid interface number: 16 but max is 0 [ 77.491178][ T12] usb 1-1: config 0 has no interface number 0 [ 77.497298][ T12] usb 1-1: config 0 interface 16 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 77.508275][ T12] usb 1-1: New USB device found, idVendor=05ac, idProduct=9219, bcdDevice=7d.82 [ 77.517308][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.526367][ T12] usb 1-1: config 0 descriptor?? [ 77.843655][ T12] appledisplay 1-1:0.16: Error while getting initial brightness: -110 [ 77.864023][ T12] appledisplay: probe of 1-1:0.16 failed with error -110 tun: can't open /dev/net/tun: please enable CONFIG_TUN=y otherwise fuzzing or reproducing might not work as intended executing program [ 77.965276][ T83] usb 1-1: USB disconnect, device number 2 [ 78.322971][ T83] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 78.562990][ T83] usb 1-1: Using ep0 maxpacket: 8 [ 78.683077][ T83] usb 1-1: config 0 has an invalid interface number: 16 but max is 0 [ 78.691165][ T83] usb 1-1: config 0 has no interface number 0 [ 78.697269][ T83] usb 1-1: config 0 interface 16 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 78.708219][ T83] usb 1-1: New USB device found, idVendor=05ac, idProduct=9219, bcdDevice=7d.82 [ 78.717287][ T83] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.726078][ T83] usb 1-1: config 0 descriptor?? [ 79.032983][ T83] appledisplay 1-1:0.16: Error while getting initial brightness: -110 [ 79.053340][ T83] appledisplay: probe of 1-1:0.16 failed with error -110 tun: can't open /dev/net/tun: please enable CONFIG_TUN=y otherwise fuzzing or reproducing might not work as intended executing program [ 79.165001][ T12] usb 1-1: USB disconnect, device number 3 [ 79.512959][ T12] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 79.752969][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 79.873075][ T12] usb 1-1: config 0 has an invalid interface number: 16 but max is 0 [ 79.881156][ T12] usb 1-1: config 0 has no interface number 0 [ 79.887399][ T12] usb 1-1: config 0 interface 16 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 79.898385][ T12] usb 1-1: New USB device found, idVendor=05ac, idProduct=9219, bcdDevice=7d.82 [ 79.907429][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.916449][ T12] usb 1-1: config 0 descriptor?? [ 80.232973][ T12] appledisplay 1-1:0.16: Error while getting initial brightness: -110 [ 80.253319][ T12] appledisplay: probe of 1-1:0.16 failed with error -110 tun: can't open /dev/net/tun: please enable CONFIG_TUN=y otherwise fuzzing or reproducing might not work as intended executing program [ 80.354811][ T12] usb 1-1: USB disconnect, device number 4 [ 80.713343][ T12] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 80.952939][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 81.073004][ T12] usb 1-1: config 0 has an invalid interface number: 16 but max is 0 [ 81.081115][ T12] usb 1-1: config 0 has no interface number 0 [ 81.087226][ T12] usb 1-1: config 0 interface 16 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 81.098167][ T12] usb 1-1: New USB device found, idVendor=05ac, idProduct=9219, bcdDevice=7d.82 [ 81.107194][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 81.116096][ T12] usb 1-1: config 0 descriptor?? [ 81.422972][ T12] appledisplay 1-1:0.16: Error while getting initial brightness: -110 [ 81.443322][ T12] appledisplay: probe of 1-1:0.16 failed with error -110 tun: can't open /dev/net/tun: please enable CONFIG_TUN=y otherwise fuzzing or reproducing might not work as intended executing program [ 81.554727][ T12] usb 1-1: USB disconnect, device number 5 [ 81.912981][ T12] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 82.152985][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 82.272996][ T12] usb 1-1: config 0 has an invalid interface number: 16 but max is 0 [ 82.281088][ T12] usb 1-1: config 0 has no interface number 0 [ 82.287201][ T12] usb 1-1: config 0 interface 16 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 82.298203][ T12] usb 1-1: New USB device found, idVendor=05ac, idProduct=9219, bcdDevice=7d.82 [ 82.307233][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.316282][ T12] usb 1-1: config 0 descriptor?? [ 82.622999][ T12] appledisplay 1-1:0.16: Error while getting initial brightness: -110 [ 82.643311][ T12] appledisplay: probe of 1-1:0.16 failed with error -110 tun: can't open /dev/net/tun: please enable CONFIG_TUN=y otherwise fuzzing or reproducing might not work as intended executing program [ 82.754711][ T12] usb 1-1: USB disconnect, device number 6 [ 83.102966][ T12] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 83.342984][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 83.463084][ T12] usb 1-1: config 0 has an invalid interface number: 16 but max is 0 [ 83.471264][ T12] usb 1-1: config 0 has no interface number 0 [ 83.477380][ T12] usb 1-1: config 0 interface 16 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 83.488336][ T12] usb 1-1: New USB device found, idVendor=05ac, idProduct=9219, bcdDevice=7d.82 [ 83.497435][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.506516][ T12] usb 1-1: config 0 descriptor?? [ 83.823024][ T12] appledisplay 1-1:0.16: Error while getting initial brightness: -110 [ 83.843333][ T12] appledisplay: probe of 1-1:0.16 failed with error -110 tun: can't open /dev/net/tun: please enable CONFIG_TUN=y otherwise fuzzing or reproducing might not work as intended executing program [ 83.944582][ T12] usb 1-1: USB disconnect, device number 7 [ 84.292959][ T12] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 84.532955][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 84.653067][ T12] usb 1-1: config 0 has an invalid interface number: 16 but max is 0 [ 84.661147][ T12] usb 1-1: config 0 has no interface number 0 [ 84.667294][ T12] usb 1-1: config 0 interface 16 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 84.678252][ T12] usb 1-1: New USB device found, idVendor=05ac, idProduct=9219, bcdDevice=7d.82 [ 84.687324][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.696340][ T12] usb 1-1: config 0 descriptor?? [ 85.012990][ T12] appledisplay 1-1:0.16: Error while getting initial brightness: -110 [ 85.033311][ T12] appledisplay: probe of 1-1:0.16 failed with error -110 tun: can't open /dev/net/tun: please enable CONFIG_TUN=y otherwise fuzzing or reproducing might not work as intended executing program [ 85.134486][ T12] usb 1-1: USB disconnect, device number 8 [ 85.482966][ T12] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 85.722964][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 85.842999][ T12] usb 1-1: config 0 has an invalid interface number: 16 but max is 0 [ 85.851084][ T12] usb 1-1: config 0 has no interface number 0 [ 85.857204][ T12] usb 1-1: config 0 interface 16 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 85.868168][ T12] usb 1-1: New USB device found, idVendor=05ac, idProduct=9219, bcdDevice=7d.82 [ 85.877330][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.886353][ T12] usb 1-1: config 0 descriptor?? [ 86.203015][ T12] appledisplay 1-1:0.16: Error while getting initial brightness: -110 [ 86.223340][ T12] appledisplay: probe of 1-1:0.16 failed with error -110 tun: can't open /dev/net/tun: please enable CONFIG_TUN=y otherwise fuzzing or reproducing might not work as intended executing program [ 86.324456][ T12] usb 1-1: USB disconnect, device number 9 [ 86.672976][ T12] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 86.912960][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 87.033013][ T12] usb 1-1: config 0 has an invalid interface number: 16 but max is 0 [ 87.041188][ T12] usb 1-1: config 0 has no interface number 0 [ 87.047299][ T12] usb 1-1: config 0 interface 16 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 87.058355][ T12] usb 1-1: New USB device found, idVendor=05ac, idProduct=9219, bcdDevice=7d.82 [ 87.067379][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.076477][ T12] usb 1-1: config 0 descriptor?? [ 87.393009][ T12] appledisplay 1-1:0.16: Error while getting initial brightness: -110 [ 87.413392][ T12] appledisplay: probe of 1-1:0.16 failed with error -110 tun: can't open /dev/net/tun: please enable CONFIG_TUN=y otherwise fuzzing or reproducing might not work as intended executing program [ 87.514608][ T83] usb 1-1: USB disconnect, device number 10 [ 87.862958][ T83] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 88.102953][ T83] usb 1-1: Using ep0 maxpacket: 8 [ 88.222992][ T83] usb 1-1: config 0 has an invalid interface number: 16 but max is 0 [ 88.231185][ T83] usb 1-1: config 0 has no interface number 0 [ 88.237293][ T83] usb 1-1: config 0 interface 16 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 88.248242][ T83] usb 1-1: New USB device found, idVendor=05ac, idProduct=9219, bcdDevice=7d.82 [ 88.257270][ T83] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.265903][ T83] usb 1-1: config 0 descriptor?? [ 88.583203][ T83] appledisplay 1-1:0.16: Error while getting initial brightness: -110 [ 88.603347][ T83] appledisplay: probe of 1-1:0.16 failed with error -110 [ 88.611825][ T17] ================================================================== [ 88.619981][ T17] BUG: KASAN: use-after-free in appledisplay_bl_get_brightness+0x1ac/0x1c0 [ 88.628592][ T17] Read of size 8 at addr ffff8881cfc576a0 by task kworker/1:0/17 [ 88.636273][ T17] [ 88.638579][ T17] CPU: 1 PID: 17 Comm: kworker/1:0 Not tainted 5.3.0+ #0 [ 88.645568][ T17] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 88.655602][ T17] Workqueue: events appledisplay_work [ 88.660943][ T17] Call Trace: [ 88.664213][ T17] dump_stack+0xca/0x13e [ 88.668435][ T17] ? appledisplay_bl_get_brightness+0x1ac/0x1c0 [ 88.674651][ T17] ? appledisplay_bl_get_brightness+0x1ac/0x1c0 [ 88.680867][ T17] print_address_description+0x6a/0x32c [ 88.686387][ T17] ? appledisplay_bl_get_brightness+0x1ac/0x1c0 [ 88.692606][ T17] ? appledisplay_bl_get_brightness+0x1ac/0x1c0 [ 88.698827][ T17] __kasan_report.cold+0x1a/0x33 [ 88.703741][ T17] ? appledisplay_bl_get_brightness+0x1ac/0x1c0 [ 88.709952][ T17] kasan_report+0xe/0x12 [ 88.714170][ T17] appledisplay_bl_get_brightness+0x1ac/0x1c0 [ 88.720205][ T17] appledisplay_work+0x36/0x160 [ 88.725025][ T17] process_one_work+0x92b/0x1530 [ 88.729934][ T17] ? pwq_dec_nr_in_flight+0x310/0x310 [ 88.735277][ T17] ? do_raw_spin_lock+0x11a/0x280 [ 88.740271][ T17] worker_thread+0x96/0xe20 [ 88.744746][ T17] ? process_one_work+0x1530/0x1530 [ 88.749917][ T17] kthread+0x318/0x420 [ 88.753970][ T17] ? kthread_create_on_node+0xf0/0xf0 [ 88.759311][ T17] ret_from_fork+0x24/0x30 [ 88.763696][ T17] [ 88.765999][ T17] Allocated by task 83: [ 88.770124][ T17] save_stack+0x1b/0x80 [ 88.774249][ T17] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 88.779851][ T17] appledisplay_probe+0x15a/0xb37 [ 88.784848][ T17] usb_probe_interface+0x305/0x7a0 [ 88.789934][ T17] really_probe+0x281/0x6d0 [ 88.794406][ T17] driver_probe_device+0x101/0x1b0 [ 88.799511][ T17] __device_attach_driver+0x1c2/0x220 [ 88.804863][ T17] bus_for_each_drv+0x162/0x1e0 [ 88.809691][ T17] __device_attach+0x217/0x360 [ 88.814427][ T17] bus_probe_device+0x1e4/0x290 [ 88.819248][ T17] device_add+0xae6/0x16f0 [ 88.823639][ T17] usb_set_configuration+0xdf6/0x1670 [ 88.830023][ T17] generic_probe+0x9d/0xd5 [ 88.834411][ T17] usb_probe_device+0x99/0x100 [ 88.839146][ T17] really_probe+0x281/0x6d0 [ 88.843668][ T17] driver_probe_device+0x101/0x1b0 [ 88.848763][ T17] __device_attach_driver+0x1c2/0x220 [ 88.854104][ T17] bus_for_each_drv+0x162/0x1e0 [ 88.858933][ T17] __device_attach+0x217/0x360 [ 88.863667][ T17] bus_probe_device+0x1e4/0x290 [ 88.868528][ T17] device_add+0xae6/0x16f0 [ 88.872927][ T17] usb_new_device.cold+0x6a4/0xe79 [ 88.878007][ T17] hub_event+0x1b5c/0x3640 [ 88.882393][ T17] process_one_work+0x92b/0x1530 [ 88.887300][ T17] worker_thread+0x96/0xe20 [ 88.891775][ T17] kthread+0x318/0x420 [ 88.895821][ T17] ret_from_fork+0x24/0x30 [ 88.900206][ T17] [ 88.902507][ T17] Freed by task 83: [ 88.906288][ T17] save_stack+0x1b/0x80 [ 88.910418][ T17] __kasan_slab_free+0x130/0x180 [ 88.915338][ T17] kfree+0xe4/0x2f0 [ 88.919117][ T17] appledisplay_probe+0x772/0xb37 [ 88.924123][ T17] usb_probe_interface+0x305/0x7a0 [ 88.929224][ T17] really_probe+0x281/0x6d0 [ 88.933698][ T17] driver_probe_device+0x101/0x1b0 [ 88.938788][ T17] __device_attach_driver+0x1c2/0x220 [ 88.944133][ T17] bus_for_each_drv+0x162/0x1e0 [ 88.948961][ T17] __device_attach+0x217/0x360 [ 88.953696][ T17] bus_probe_device+0x1e4/0x290 [ 88.958517][ T17] device_add+0xae6/0x16f0 [ 88.962913][ T17] usb_set_configuration+0xdf6/0x1670 [ 88.968257][ T17] generic_probe+0x9d/0xd5 [ 88.972652][ T17] usb_probe_device+0x99/0x100 [ 88.977386][ T17] really_probe+0x281/0x6d0 [ 88.981858][ T17] driver_probe_device+0x101/0x1b0 [ 88.986942][ T17] __device_attach_driver+0x1c2/0x220 [ 88.992290][ T17] bus_for_each_drv+0x162/0x1e0 [ 88.997109][ T17] __device_attach+0x217/0x360 [ 89.001845][ T17] bus_probe_device+0x1e4/0x290 [ 89.006667][ T17] device_add+0xae6/0x16f0 [ 89.011054][ T17] usb_new_device.cold+0x6a4/0xe79 [ 89.016141][ T17] hub_event+0x1b5c/0x3640 [ 89.020538][ T17] process_one_work+0x92b/0x1530 [ 89.025444][ T17] worker_thread+0x96/0xe20 [ 89.029917][ T17] kthread+0x318/0x420 [ 89.033960][ T17] ret_from_fork+0x24/0x30 [ 89.038344][ T17] [ 89.040647][ T17] The buggy address belongs to the object at ffff8881cfc57680 [ 89.040647][ T17] which belongs to the cache kmalloc-512 of size 512 [ 89.054674][ T17] The buggy address is located 32 bytes inside of [ 89.054674][ T17] 512-byte region [ffff8881cfc57680, ffff8881cfc57880) [ 89.067826][ T17] The buggy address belongs to the page: [ 89.073427][ T17] page:ffffea00073f1580 refcount:1 mapcount:0 mapping:ffff8881da002500 index:0x0 compound_mapcount: 0 [ 89.084325][ T17] flags: 0x200000000010200(slab|head) [ 89.089672][ T17] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da002500 [ 89.098232][ T17] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000 [ 89.106780][ T17] page dumped because: kasan: bad access detected [ 89.113163][ T17] [ 89.115462][ T17] Memory state around the buggy address: [ 89.121067][ T17] ffff8881cfc57580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb tun: can't open /dev/net/tun: please enable CONFIG_TUN=y otherwise fuzzing or reproducing might not work as intended [ 89.129101][ T17] ffff8881cfc57600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 89.137131][ T17] >ffff8881cfc57680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 89.145162][ T17] ^ [ 89.150242][ T17] ffff8881cfc57700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 89.158274][ T17] ffff8881cfc57780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 89.166306][ T17] ================================================================== [ 89.174343][ T17] Disabling lock debugging due to kernel taint executing program [ 89.180520][ T17] Kernel panic - not syncing: panic_on_warn set ... [ 89.187112][ T17] CPU: 1 PID: 17 Comm: kworker/1:0 Tainted: G B 5.3.0+ #0 [ 89.195505][ T17] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 89.205542][ T17] Workqueue: events appledisplay_work [ 89.210880][ T17] Call Trace: [ 89.214142][ T17] dump_stack+0xca/0x13e [ 89.218356][ T17] panic+0x2a3/0x6da [ 89.222224][ T17] ? add_taint.cold+0x16/0x16 [ 89.226874][ T17] ? appledisplay_bl_get_brightness+0x1ac/0x1c0 [ 89.233086][ T17] ? trace_hardirqs_on+0x55/0x1e0 [ 89.238079][ T17] ? appledisplay_bl_get_brightness+0x1ac/0x1c0 [ 89.244289][ T17] end_report+0x43/0x49 [ 89.248416][ T17] ? appledisplay_bl_get_brightness+0x1ac/0x1c0 [ 89.254647][ T17] __kasan_report.cold+0xd/0x33 [ 89.259487][ T17] ? appledisplay_bl_get_brightness+0x1ac/0x1c0 [ 89.265695][ T17] kasan_report+0xe/0x12 [ 89.269905][ T17] appledisplay_bl_get_brightness+0x1ac/0x1c0 [ 89.275939][ T17] appledisplay_work+0x36/0x160 [ 89.280759][ T17] process_one_work+0x92b/0x1530 [ 89.285667][ T17] ? pwq_dec_nr_in_flight+0x310/0x310 [ 89.291006][ T17] ? do_raw_spin_lock+0x11a/0x280 [ 89.296024][ T17] worker_thread+0x96/0xe20 [ 89.300501][ T17] ? process_one_work+0x1530/0x1530 [ 89.305670][ T17] kthread+0x318/0x420 [ 89.309715][ T17] ? kthread_create_on_node+0xf0/0xf0 [ 89.315204][ T17] ret_from_fork+0x24/0x30 [ 89.320341][ T17] Kernel Offset: disabled [ 89.324657][ T17] Rebooting in 86400 seconds..