[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.134312] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.912292] random: sshd: uninitialized urandom read (32 bytes read) [ 28.472128] random: sshd: uninitialized urandom read (32 bytes read) [ 29.014052] random: sshd: uninitialized urandom read (32 bytes read) [ 29.194232] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.60' (ECDSA) to the list of known hosts. [ 34.925726] random: sshd: uninitialized urandom read (32 bytes read) executing program executing program [ 35.024213] usb usb1: usbfs: interface 0 claimed by hub while 'syz-executor251' sets config #0 [ 35.037862] usb usb1: usbfs: process 4663 (syz-executor251) did not claim interface 0 before use [ 35.052782] kasan: CONFIG_KASAN_INLINE enabled [ 35.057580] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 35.065013] general protection fault: 0000 [#1] SMP KASAN [ 35.070568] CPU: 1 PID: 4664 Comm: syz-executor251 Not tainted 4.19.0-rc1+ #215 [ 35.078008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.087355] RIP: 0010:usb_find_alt_setting+0x38/0x310 [ 35.092548] Code: 89 fb 48 83 ec 10 48 89 7d c8 89 55 d4 89 75 d0 e8 bd 0e 0b fd 48 8d 7b 04 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 86 02 00 00 [ 35.111466] RSP: 0018:ffff8801c7ec74a8 EFLAGS: 00010247 [ 35.116816] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8476da79 [ 35.124087] RDX: 0000000000000000 RSI: ffffffff8471b1c3 RDI: 0000000000000004 [ 35.131339] RBP: ffff8801c7ec74e0 R08: ffff8801b7774480 R09: ffffed0038fd8eb2 [ 35.138593] R10: ffffed0038fd8eb4 R11: ffff8801c7ec75a7 R12: 0000000000000000 [ 35.145844] R13: ffff8801ce45c3c0 R14: ffff8801b8573300 R15: 0000000000000000 [ 35.153097] FS: 0000000000b12880(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000 [ 35.161302] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.167166] CR2: 00000000006cf090 CR3: 00000001b8372000 CR4: 00000000001406e0 [ 35.174420] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 35.181670] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 35.188922] Call Trace: [ 35.191498] check_ctrlrecip+0x1e6/0x320 [ 35.195546] ? _copy_from_user+0xdf/0x150 [ 35.199690] proc_control+0x151/0xef0 [ 35.203474] ? mark_held_locks+0x160/0x160 [ 35.207691] ? proc_bulk+0xaa0/0xaa0 [ 35.211391] ? lock_downgrade+0x8f0/0x8f0 [ 35.215569] usbdev_do_ioctl+0x1eb4/0x3b30 [ 35.219797] ? processcompl_compat+0x680/0x680 [ 35.224363] ? mntput_no_expire+0x1ea/0xc10 [ 35.228671] ? __lock_acquire+0x7fc/0x5020 [ 35.232897] ? graph_lock+0x170/0x170 [ 35.236694] ? dput.part.26+0x276/0x7a0 [ 35.240664] ? find_held_lock+0x36/0x1c0 [ 35.244742] ? lock_downgrade+0x8f0/0x8f0 [ 35.248892] ? kasan_check_read+0x11/0x20 [ 35.253036] ? rcu_is_watching+0x8c/0x150 [ 35.257179] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.261829] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 35.266485] ? is_bpf_text_address+0xd7/0x170 [ 35.270969] ? kernel_text_address+0x79/0xf0 [ 35.275358] ? __kernel_text_address+0xd/0x40 [ 35.279837] ? unwind_get_return_address+0x61/0xa0 [ 35.284749] ? __save_stack_trace+0x8d/0xf0 [ 35.289065] ? save_stack+0xa9/0xd0 [ 35.292677] ? save_stack+0x43/0xd0 [ 35.296285] ? __kasan_slab_free+0x11a/0x170 [ 35.300674] ? kasan_slab_free+0xe/0x10 [ 35.304631] ? kmem_cache_free+0x86/0x280 [ 35.308762] ? putname+0xf2/0x130 [ 35.312199] ? do_sys_open+0x569/0x720 [ 35.316069] ? __x64_sys_open+0x7e/0xc0 [ 35.320026] ? do_syscall_64+0x1b9/0x820 [ 35.324071] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.329429] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.333823] ? kasan_check_read+0x11/0x20 [ 35.337952] ? do_raw_spin_unlock+0xa7/0x2f0 [ 35.342341] ? trace_hardirqs_on+0x2c0/0x2c0 [ 35.346731] ? kasan_check_write+0x14/0x20 [ 35.350949] ? trace_hardirqs_off+0xb8/0x2b0 [ 35.355344] usbdev_ioctl+0x25/0x30 [ 35.358963] ? usbdev_compat_ioctl+0x30/0x30 [ 35.363354] do_vfs_ioctl+0x1de/0x1720 [ 35.367223] ? kasan_check_read+0x11/0x20 [ 35.371377] ? rcu_is_watching+0x8c/0x150 [ 35.375520] ? trace_hardirqs_on+0xbd/0x2c0 [ 35.379850] ? ioctl_preallocate+0x300/0x300 [ 35.384259] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 35.389781] ? __fget_light+0x2f7/0x440 [ 35.393740] ? putname+0xf2/0x130 [ 35.397211] ? fget_raw+0x20/0x20 [ 35.400659] ? rcu_read_lock_sched_held+0x108/0x120 [ 35.405664] ? kmem_cache_free+0x246/0x280 [ 35.409910] ? do_syscall_64+0x9a/0x820 [ 35.413870] ? do_syscall_64+0x9a/0x820 [ 35.417842] ? lockdep_hardirqs_on+0x421/0x5c0 [ 35.422432] ? security_file_ioctl+0x94/0xc0 [ 35.426826] ksys_ioctl+0xa9/0xd0 [ 35.430267] __x64_sys_ioctl+0x73/0xb0 [ 35.434140] do_syscall_64+0x1b9/0x820 [ 35.438012] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.443360] ? syscall_return_slowpath+0x5e0/0x5e0 [ 35.448272] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.453099] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 35.458098] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 35.463118] ? prepare_exit_to_usermode+0x291/0x3b0 [ 35.468122] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.472953] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.478124] RIP: 0033:0x444b19 [ 35.481302] Code: e8 0c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db ce fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 35.500216] RSP: 002b:00007ffdd23618a8 EFLAGS: 00000217 ORIG_RAX: 0000000000000010 [ 35.507917] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444b19 [ 35.515174] RDX: 0000000020000280 RSI: 00000000c0185500 RDI: 0000000000000005 [ 35.522433] RBP: 0000000000000000 R08: 00000000004002e0 R09: 00000000004002e0 [ 35.529691] R10: 000000000000000f R11: 0000000000000217 R12: 00000000000088bb [ 35.536949] R13: 0000000000401f10 R14: 0000000000000000 R15: 0000000000000000 [ 35.544224] Modules linked in: [ 35.547409] Dumping ftrace buffer: [ 35.550934] (ftrace buffer empty) [ 35.554715] ---[ end trace 0e42f9dce4a55e7c ]--- [ 35.559503] RIP: 0010:usb_find_alt_setting+0x38/0x310 [ 35.564714] Code: 89 fb 48 83 ec 10 48 89 7d c8 89 55 d4 89 75 d0 e8 bd 0e 0b fd 48 8d 7b 04 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 86 02 00 00 [ 35.583646] RSP: 0018:ffff8801c7ec74a8 EFLAGS: 00010247 [ 35.589033] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8476da79 [ 35.596323] RDX: 0000000000000000 RSI: ffffffff8471b1c3 RDI: 0000000000000004 [ 35.603619] RBP: ffff8801c7ec74e0 R08: ffff8801b7774480 R09: ffffed0038fd8eb2 [ 35.610918] R10: ffffed0038fd8eb4 R11: ffff8801c7ec75a7 R12: 0000000000000000 [ 35.618208] R13: ffff8801ce45c3c0 R14: ffff8801b8573300 R15: 0000000000000000 [ 35.625497] FS: 0000000000b12880(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000 [ 35.633765] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.639668] CR2: 00000000006cf090 CR3: 00000001b8372000 CR4: 00000000001406e0 [ 35.646965] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 35.654255] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 35.661560] Kernel panic - not syncing: Fatal exception [ 35.667808] Dumping ftrace buffer: [ 35.671338] (ftrace buffer empty) [ 35.675029] Kernel Offset: disabled [ 35.678638] Rebooting in 86400 seconds..