[ 8.283909][ T22] audit: type=1107 audit(1585930941.699:7): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 msg='avc: denied { status } for auid=n/a uid=0 gid=0 path="/lib/systemd/system/systemd-timesyncd.service" cmdline="systemctl try-restart systemd-timesyncd.service" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=service [ 8.283909][ T22] exe="/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' Starting Network Time Synchronization... [ OK ] Started Network Time Synchronization. [ OK ] Started Raise network interfaces. [ OK ] Reached target Network. Starting Permit User Sessions... Starting OpenBSD Secure Shell server... [ OK ] Started Permit User Sessions. [ OK ] Started OpenBSD Secure Shell server. Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts. executing program [* ] A start job is running for dev-ttyS0.device (8s / 1min 30s) [** ] A start job is running for dev-ttyS0.device (9s / 1min 30s) [*** ] A start job is running for dev-ttyS0.device (9s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (10s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (10s / 1min 30s) [ ***] A start job is running for dev-ttyS0.device (11s / 1min 30s)[ 17.650580][ T115] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ **] A start job is running for dev-ttyS0.device (12s / 1min 30s)[ 17.740280][ T115] usb 1-1: Using ep0 maxpacket: 8 [ 17.859835][ T115] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=dc.dc [ 17.868921][ T115] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 17.879318][ T115] usb 1-1: config 0 descriptor?? [ 17.884362][ C1] random: crng init done [ 17.888600][ C1] random: 7 urandom warning(s) missed due to ratelimiting [ 18.148597][ T115] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read MAC address: 0 [ 18.160207][ T115] asix 1-1:0.0 eth1: register 'asix' at usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet, 86:18:8e:32:60:8d executing program [ *] A start job is running for dev-ttyS0.device (12s / 1min 30s)[ 18.348255][ T115] usb 1-1: USB disconnect, device number 2 [ 18.354241][ T115] asix 1-1:0.0 eth1: unregister 'asix' usb-dummy_hcd.0-1, ASIX AX88172A USB 2.0 Ethernet [ 18.417491][ T115] ================================================================== [ 18.425570][ T115] BUG: KASAN: use-after-free in ax88172a_unbind+0x6a/0xc0 [ 18.432648][ T115] Read of size 8 at addr ffff8881cf4d5580 by task kworker/1:1/115 [ 18.440415][ T115] [ 18.442735][ T115] CPU: 1 PID: 115 Comm: kworker/1:1 Not tainted 5.4.30-syzkaller-00977-g13000e5761aa #0 [ 18.452411][ T115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 18.462442][ T115] Workqueue: usb_hub_wq hub_event [ 18.467434][ T115] Call Trace: [ 18.470694][ T115] dump_stack+0x14a/0x1ce [ 18.475006][ T115] ? show_regs_print_info+0x12/0x12 [ 18.480172][ T115] ? printk+0xd2/0x114 [ 18.484212][ T115] print_address_description+0x93/0x620 [ 18.489741][ T115] ? _raw_spin_lock+0x170/0x170 [ 18.494560][ T115] __kasan_report+0x16d/0x1e0 [ 18.499208][ T115] ? ax88172a_unbind+0x6a/0xc0 [ 18.503938][ T115] kasan_report+0x34/0x60 [ 18.508236][ T115] ax88172a_unbind+0x6a/0xc0 [ 18.512796][ T115] ? ax88172a_bind+0x980/0x980 [ 18.517535][ T115] usbnet_disconnect+0x14b/0x340 [ 18.522456][ T115] usb_unbind_interface+0x1cf/0x840 [ 18.527624][ T115] ? usb_driver_release_interface+0x1b0/0x1b0 [ 18.533674][ T115] device_release_driver_internal+0x505/0x790 [ 18.539710][ T115] bus_remove_device+0x2e0/0x350 [ 18.544616][ T115] device_del+0x7a7/0x11f0 [ 18.549009][ T115] ? kill_device+0xc0/0xc0 [ 18.553394][ T115] usb_disable_device+0x3f3/0xb80 [ 18.558388][ T115] usb_disconnect+0x341/0x880 [ 18.563034][ T115] hub_event+0x1c44/0x4fc0 [ 18.567426][ T115] ? _raw_spin_lock+0xa1/0x170 [ 18.572256][ T115] ? led_work+0x530/0x530 [ 18.576556][ T115] ? __do_compat_sys_sysinfo+0x1b0/0x720 [ 18.582172][ T115] ? _raw_spin_lock_irq+0xa2/0x180 [ 18.587254][ T115] ? read_word_at_a_time+0xe/0x20 [ 18.592246][ T115] ? strscpy+0xa6/0x260 [ 18.596368][ T115] process_one_work+0x777/0xf90 [ 18.601186][ T115] worker_thread+0xa8f/0x1430 [ 18.605830][ T115] ? _raw_spin_lock+0x170/0x170 [ 18.610667][ T115] kthread+0x2df/0x300 [ 18.614705][ T115] ? process_one_work+0xf90/0xf90 [ 18.619698][ T115] ? kthread_destroy_worker+0x280/0x280 [ 18.625213][ T115] ret_from_fork+0x1f/0x30 [ 18.629609][ T115] [ 18.631922][ T115] Allocated by task 115: [ 18.636133][ T115] __kasan_kmalloc+0x12c/0x1c0 [ 18.640878][ T115] kmem_cache_alloc_trace+0xc3/0x270 [ 18.646131][ T115] ax88172a_bind+0xc7/0x980 [ 18.650601][ T115] usbnet_probe+0xa8f/0x2760 [ 18.655165][ T115] usb_probe_interface+0x621/0xac0 [ 18.660244][ T115] really_probe+0x75b/0xf50 [ 18.664715][ T115] driver_probe_device+0xe6/0x230 [ 18.669710][ T115] bus_for_each_drv+0x17a/0x200 [ 18.674527][ T115] __device_attach+0x275/0x410 [ 18.679369][ T115] bus_probe_device+0xb8/0x1e0 [ 18.684111][ T115] device_add+0x1054/0x1740 [ 18.688588][ T115] usb_set_configuration+0x184c/0x1dc0 [ 18.694015][ T115] generic_probe+0x82/0x140 [ 18.698496][ T115] really_probe+0x75b/0xf50 [ 18.702983][ T115] driver_probe_device+0xe6/0x230 [ 18.707983][ T115] bus_for_each_drv+0x17a/0x200 [ 18.712814][ T115] __device_attach+0x275/0x410 [ 18.717549][ T115] bus_probe_device+0xb8/0x1e0 [ 18.723248][ T115] device_add+0x1054/0x1740 [ 18.727722][ T115] usb_new_device+0x9ba/0xfc0 [ 18.732374][ T115] hub_event+0x28eb/0x4fc0 [ 18.736794][ T115] process_one_work+0x777/0xf90 [ 18.741626][ T115] worker_thread+0xa8f/0x1430 [ 18.746274][ T115] kthread+0x2df/0x300 [ 18.750314][ T115] ret_from_fork+0x1f/0x30 [ 18.754781][ T115] [ 18.757079][ T115] Freed by task 115: [ 18.760952][ T115] __kasan_slab_free+0x181/0x230 [ 18.765879][ T115] slab_free_freelist_hook+0xd0/0x140 [ 18.771219][ T115] kfree+0x12b/0x5f0 [ 18.775086][ T115] ax88172a_bind+0x844/0x980 [ 18.779644][ T115] usbnet_probe+0xa8f/0x2760 [ 18.784206][ T115] usb_probe_interface+0x621/0xac0 [ 18.789312][ T115] really_probe+0x75b/0xf50 [ 18.793787][ T115] driver_probe_device+0xe6/0x230 [ 18.798783][ T115] bus_for_each_drv+0x17a/0x200 [ 18.803600][ T115] __device_attach+0x275/0x410 [ 18.808395][ T115] bus_probe_device+0xb8/0x1e0 [ 18.813142][ T115] device_add+0x1054/0x1740 [ 18.817749][ T115] usb_set_configuration+0x184c/0x1dc0 [ 18.823186][ T115] generic_probe+0x82/0x140 [ 18.827718][ T115] really_probe+0x75b/0xf50 [ 18.832239][ T115] driver_probe_device+0xe6/0x230 [ 18.837235][ T115] bus_for_each_drv+0x17a/0x200 [ 18.842080][ T115] __device_attach+0x275/0x410 [ 18.846819][ T115] bus_probe_device+0xb8/0x1e0 [ 18.851594][ T115] device_add+0x1054/0x1740 [ 18.856178][ T115] usb_new_device+0x9ba/0xfc0 [ 18.860826][ T115] hub_event+0x28eb/0x4fc0 [ 18.865228][ T115] process_one_work+0x777/0xf90 [ 18.870048][ T115] worker_thread+0xa8f/0x1430 [ 18.874695][ T115] kthread+0x2df/0x300 [ 18.878736][ T115] ret_from_fork+0x1f/0x30 [ 18.883131][ T115] [ 18.885437][ T115] The buggy address belongs to the object at ffff8881cf4d5580 [ 18.885437][ T115] which belongs to the cache kmalloc-64 of size 64 [ 18.899297][ T115] The buggy address is located 0 bytes inside of [ 18.899297][ T115] 64-byte region [ffff8881cf4d5580, ffff8881cf4d55c0) [ 18.912303][ T115] The buggy address belongs to the page: [ 18.917918][ T115] page:ffffea00073d3540 refcount:1 mapcount:0 mapping:ffff8881da803600 index:0x0 [ 18.927020][ T115] flags: 0x8000000000000200(slab) [ 18.932033][ T115] raw: 8000000000000200 0000000000000000 0000000100000001 ffff8881da803600 [ 18.940588][ T115] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 18.949163][ T115] page dumped because: kasan: bad access detected [ 18.955543][ T115] [ 18.957844][ T115] Memory state around the buggy address: [ 18.963448][ T115] ffff8881cf4d5480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 18.971489][ T115] ffff8881cf4d5500: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 18.979679][ T115] >ffff8881cf4d5580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 18.987718][ T115] ^ [ 18.991757][ T115] ffff8881cf4d5600: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 18.999851][ T115] ffff8881cf4d5680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 19.007888][ T115] ================================================================== [ 19.016036][ T115] Disabling lock debugging due to kernel taint [ [ 19.022560][ T115] asix 1-1:0.0 eth1 (unregistered): deregistering mdio bus **][ 19.031287][ T115] ------------[ cut here ]------------ [ 19.038035][ T115] kernel BUG at drivers/net/phy/mdio_bus.c:456! A start job is [ 19.044304][ T115] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 19.051750][ T115] CPU: 1 PID: 115 Comm: kworker/1:1 Tainted: G B 5.4.30-syzkaller-00977-g13000e5761aa #0 running for dev-[ 19.062915][ T115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ttyS0.device (13[ 19.074454][ T115] Workqueue: usb_hub_wq hub_event [ 19.080867][ T115] RIP: 0010:mdiobus_unregister+0x1da/0x1e0 s / 1min 30s)[ 19.086673][ T115] Code: fa fe e9 80 fe ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 94 fe ff ff 4c 89 ff e8 20 56 fa fe e9 87 fe ff ff e8 76 31 cc fe <0f> 0b 0f 1f 40 00 41 57 41 56 41 55 41 54 53 49 89 ff 49 bc 00 00 [ 19.107384][ T115] RSP: 0018:ffff8881d9d37640 EFLAGS: 00010293 [ 19.113432][ T115] RAX: ffffffff827585ca RBX: 0000000000000000 RCX: ffff8881d9d28f40 [ 19.121387][ T115] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 19.129356][ T115] RBP: 1ffff11039b92013 R08: ffffffff82758436 R09: ffffed103b725de0 [ 19.137313][ T115] R10: ffffed103b725de0 R11: 0000000000000000 R12: dffffc0000000000 [ 19.145270][ T115] R13: dffffc0000000000 R14: ffff8881cdc90000 R15: ffff8881cdc90098 [ 19.153245][ T115] FS: 0000000000000000(0000) GS:ffff8881db900000(0000) knlGS:0000000000000000 [ 19.162169][ T115] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 19.168754][ T115] CR2: 00007fd5b00f0740 CR3: 00000001d64e0003 CR4: 00000000001606e0 [ 19.176733][ T115] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 19.184689][ T115] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 19.192644][ T115] Call Trace: [ 19.195923][ T115] ax88172a_unbind+0x99/0xc0 [ 19.200510][ T115] ? ax88172a_bind+0x980/0x980 [ 19.205270][ T115] usbnet_disconnect+0x14b/0x340 [ 19.210193][ T115] usb_unbind_interface+0x1cf/0x840 [ 19.215392][ T115] ? usb_driver_release_interface+0x1b0/0x1b0 [ 19.221442][ T115] device_release_driver_internal+0x505/0x790 [ 19.227498][ T115] bus_remove_device+0x2e0/0x350 [ 19.232421][ T115] device_del+0x7a7/0x11f0 [ 19.236822][ T115] ? kill_device+0xc0/0xc0 [ 19.241250][ T115] usb_disable_device+0x3f3/0xb80 [ 19.246276][ T115] usb_disconnect+0x341/0x880 [ 19.250959][ T115] hub_event+0x1c44/0x4fc0 [ 19.255397][ T115] ? _raw_spin_lock+0xa1/0x170 [ 19.260154][ T115] ? led_work+0x530/0x530 [ 19.264474][ T115] ? __do_compat_sys_sysinfo+0x1b0/0x720 [ 19.270106][ T115] ? _raw_spin_lock_irq+0xa2/0x180 [ 19.275215][ T115] ? read_word_at_a_time+0xe/0x20 [ 19.280224][ T115] ? strscpy+0xa6/0x260 [ 19.284369][ T115] process_one_work+0x777/0xf90 [ 19.289210][ T115] worker_thread+0xa8f/0x1430 [ 19.293879][ T115] ? _raw_spin_lock+0x170/0x170 [ 19.298735][ T115] kthread+0x2df/0x300 [ 19.302793][ T115] ? process_one_work+0xf90/0xf90 [ 19.307804][ T115] ? kthread_destroy_worker+0x280/0x280 [ 19.313337][ T115] ret_from_fork+0x1f/0x30 [ 19.317734][ T115] Modules linked in: [ 19.321737][ T115] ---[ end trace 988821328f4face9 ]--- [ 19.327214][ T115] RIP: 0010:mdiobus_unregister+0x1da/0x1e0 [ 19.333008][ T115] Code: fa fe e9 80 fe ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 94 fe ff ff 4c 89 ff e8 20 56 fa fe e9 87 fe ff ff e8 76 31 cc fe <0f> 0b 0f 1f 40 00 41 57 41 56 41 55 41 54 53 49 89 ff 49 bc 00 00 [ 19.352648][ T115] RSP: 0018:ffff8881d9d37640 EFLAGS: 00010293 [ 19.358757][ T115] RAX: ffffffff827585ca RBX: 0000000000000000 RCX: ffff8881d9d28f40 [ 19.366916][ T115] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 19.374957][ T115] RBP: 1ffff11039b92013 R08: ffffffff82758436 R09: ffffed103b725de0 [ 19.382919][ T115] R10: ffffed103b725de0 R11: 0000000000000000 R12: dffffc0000000000 [ 19.390907][ T115] R13: dffffc0000000000 R14: ffff8881cdc90000 R15: ffff8881cdc90098 [ 19.398902][ T115] FS: 0000000000000000(0000) GS:ffff8881db900000(0000) knlGS:0000000000000000 [ 19.407842][ T115] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 19.414445][ T115] CR2: 00007fd5b00f0740 CR3: 00000001d64e0003 CR4: 00000000001606e0 [ 19.422409][ T115] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 19.430399][ T115] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 19.438405][ T115] Kernel panic - not syncing: Fatal exception [ 19.445088][ T115] Kernel Offset: disabled [ 19.449403][ T115] Rebooting in 86400 seconds..