[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   23.134312] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   27.912292] random: sshd: uninitialized urandom read (32 bytes read)
[   28.472128] random: sshd: uninitialized urandom read (32 bytes read)
[   29.014052] random: sshd: uninitialized urandom read (32 bytes read)
[   29.194232] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.60' (ECDSA) to the list of known hosts.
[   34.925726] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
[   35.024213] usb usb1: usbfs: interface 0 claimed by hub while 'syz-executor251' sets config #0
[   35.037862] usb usb1: usbfs: process 4663 (syz-executor251) did not claim interface 0 before use
[   35.052782] kasan: CONFIG_KASAN_INLINE enabled
[   35.057580] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   35.065013] general protection fault: 0000 [#1] SMP KASAN
[   35.070568] CPU: 1 PID: 4664 Comm: syz-executor251 Not tainted 4.19.0-rc1+ #215
[   35.078008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.087355] RIP: 0010:usb_find_alt_setting+0x38/0x310
[   35.092548] Code: 89 fb 48 83 ec 10 48 89 7d c8 89 55 d4 89 75 d0 e8 bd 0e 0b fd 48 8d 7b 04 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 86 02 00 00
[   35.111466] RSP: 0018:ffff8801c7ec74a8 EFLAGS: 00010247
[   35.116816] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8476da79
[   35.124087] RDX: 0000000000000000 RSI: ffffffff8471b1c3 RDI: 0000000000000004
[   35.131339] RBP: ffff8801c7ec74e0 R08: ffff8801b7774480 R09: ffffed0038fd8eb2
[   35.138593] R10: ffffed0038fd8eb4 R11: ffff8801c7ec75a7 R12: 0000000000000000
[   35.145844] R13: ffff8801ce45c3c0 R14: ffff8801b8573300 R15: 0000000000000000
[   35.153097] FS:  0000000000b12880(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
[   35.161302] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   35.167166] CR2: 00000000006cf090 CR3: 00000001b8372000 CR4: 00000000001406e0
[   35.174420] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   35.181670] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   35.188922] Call Trace:
[   35.191498]  check_ctrlrecip+0x1e6/0x320
[   35.195546]  ? _copy_from_user+0xdf/0x150
[   35.199690]  proc_control+0x151/0xef0
[   35.203474]  ? mark_held_locks+0x160/0x160
[   35.207691]  ? proc_bulk+0xaa0/0xaa0
[   35.211391]  ? lock_downgrade+0x8f0/0x8f0
[   35.215569]  usbdev_do_ioctl+0x1eb4/0x3b30
[   35.219797]  ? processcompl_compat+0x680/0x680
[   35.224363]  ? mntput_no_expire+0x1ea/0xc10
[   35.228671]  ? __lock_acquire+0x7fc/0x5020
[   35.232897]  ? graph_lock+0x170/0x170
[   35.236694]  ? dput.part.26+0x276/0x7a0
[   35.240664]  ? find_held_lock+0x36/0x1c0
[   35.244742]  ? lock_downgrade+0x8f0/0x8f0
[   35.248892]  ? kasan_check_read+0x11/0x20
[   35.253036]  ? rcu_is_watching+0x8c/0x150
[   35.257179]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   35.261829]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   35.266485]  ? is_bpf_text_address+0xd7/0x170
[   35.270969]  ? kernel_text_address+0x79/0xf0
[   35.275358]  ? __kernel_text_address+0xd/0x40
[   35.279837]  ? unwind_get_return_address+0x61/0xa0
[   35.284749]  ? __save_stack_trace+0x8d/0xf0
[   35.289065]  ? save_stack+0xa9/0xd0
[   35.292677]  ? save_stack+0x43/0xd0
[   35.296285]  ? __kasan_slab_free+0x11a/0x170
[   35.300674]  ? kasan_slab_free+0xe/0x10
[   35.304631]  ? kmem_cache_free+0x86/0x280
[   35.308762]  ? putname+0xf2/0x130
[   35.312199]  ? do_sys_open+0x569/0x720
[   35.316069]  ? __x64_sys_open+0x7e/0xc0
[   35.320026]  ? do_syscall_64+0x1b9/0x820
[   35.324071]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.329429]  ? trace_hardirqs_off+0xb8/0x2b0
[   35.333823]  ? kasan_check_read+0x11/0x20
[   35.337952]  ? do_raw_spin_unlock+0xa7/0x2f0
[   35.342341]  ? trace_hardirqs_on+0x2c0/0x2c0
[   35.346731]  ? kasan_check_write+0x14/0x20
[   35.350949]  ? trace_hardirqs_off+0xb8/0x2b0
[   35.355344]  usbdev_ioctl+0x25/0x30
[   35.358963]  ? usbdev_compat_ioctl+0x30/0x30
[   35.363354]  do_vfs_ioctl+0x1de/0x1720
[   35.367223]  ? kasan_check_read+0x11/0x20
[   35.371377]  ? rcu_is_watching+0x8c/0x150
[   35.375520]  ? trace_hardirqs_on+0xbd/0x2c0
[   35.379850]  ? ioctl_preallocate+0x300/0x300
[   35.384259]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.389781]  ? __fget_light+0x2f7/0x440
[   35.393740]  ? putname+0xf2/0x130
[   35.397211]  ? fget_raw+0x20/0x20
[   35.400659]  ? rcu_read_lock_sched_held+0x108/0x120
[   35.405664]  ? kmem_cache_free+0x246/0x280
[   35.409910]  ? do_syscall_64+0x9a/0x820
[   35.413870]  ? do_syscall_64+0x9a/0x820
[   35.417842]  ? lockdep_hardirqs_on+0x421/0x5c0
[   35.422432]  ? security_file_ioctl+0x94/0xc0
[   35.426826]  ksys_ioctl+0xa9/0xd0
[   35.430267]  __x64_sys_ioctl+0x73/0xb0
[   35.434140]  do_syscall_64+0x1b9/0x820
[   35.438012]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   35.443360]  ? syscall_return_slowpath+0x5e0/0x5e0
[   35.448272]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.453099]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[   35.458098]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   35.463118]  ? prepare_exit_to_usermode+0x291/0x3b0
[   35.468122]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.472953]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.478124] RIP: 0033:0x444b19
[   35.481302] Code: e8 0c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db ce fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   35.500216] RSP: 002b:00007ffdd23618a8 EFLAGS: 00000217 ORIG_RAX: 0000000000000010
[   35.507917] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444b19
[   35.515174] RDX: 0000000020000280 RSI: 00000000c0185500 RDI: 0000000000000005
[   35.522433] RBP: 0000000000000000 R08: 00000000004002e0 R09: 00000000004002e0
[   35.529691] R10: 000000000000000f R11: 0000000000000217 R12: 00000000000088bb
[   35.536949] R13: 0000000000401f10 R14: 0000000000000000 R15: 0000000000000000
[   35.544224] Modules linked in:
[   35.547409] Dumping ftrace buffer:
[   35.550934]    (ftrace buffer empty)
[   35.554715] ---[ end trace 0e42f9dce4a55e7c ]---
[   35.559503] RIP: 0010:usb_find_alt_setting+0x38/0x310
[   35.564714] Code: 89 fb 48 83 ec 10 48 89 7d c8 89 55 d4 89 75 d0 e8 bd 0e 0b fd 48 8d 7b 04 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 86 02 00 00
[   35.583646] RSP: 0018:ffff8801c7ec74a8 EFLAGS: 00010247
[   35.589033] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8476da79
[   35.596323] RDX: 0000000000000000 RSI: ffffffff8471b1c3 RDI: 0000000000000004
[   35.603619] RBP: ffff8801c7ec74e0 R08: ffff8801b7774480 R09: ffffed0038fd8eb2
[   35.610918] R10: ffffed0038fd8eb4 R11: ffff8801c7ec75a7 R12: 0000000000000000
[   35.618208] R13: ffff8801ce45c3c0 R14: ffff8801b8573300 R15: 0000000000000000
[   35.625497] FS:  0000000000b12880(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
[   35.633765] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   35.639668] CR2: 00000000006cf090 CR3: 00000001b8372000 CR4: 00000000001406e0
[   35.646965] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   35.654255] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   35.661560] Kernel panic - not syncing: Fatal exception
[   35.667808] Dumping ftrace buffer:
[   35.671338]    (ftrace buffer empty)
[   35.675029] Kernel Offset: disabled
[   35.678638] Rebooting in 86400 seconds..