[info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 14.184180][ C1] random: crng init done [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.155' (ECDSA) to the list of known hosts. 2019/09/21 09:51:15 parsed 1 programs 2019/09/21 09:51:17 executed programs: 0 syzkaller login: [ 51.979139][ T1740] cgroup1: Unknown subsys name 'perf_event' [ 51.985733][ T1740] cgroup1: Unknown subsys name 'net_cls' [ 51.990710][ T1744] cgroup1: Unknown subsys name 'perf_event' [ 51.993214][ T1742] cgroup1: Unknown subsys name 'perf_event' [ 51.998751][ T1746] cgroup1: Unknown subsys name 'perf_event' [ 52.009748][ T1744] cgroup1: Unknown subsys name 'net_cls' [ 52.009812][ T1742] cgroup1: Unknown subsys name 'net_cls' [ 52.020771][ T1746] cgroup1: Unknown subsys name 'net_cls' [ 52.025072][ T1749] cgroup1: Unknown subsys name 'perf_event' [ 52.037181][ T1753] cgroup1: Unknown subsys name 'perf_event' [ 52.044123][ T1749] cgroup1: Unknown subsys name 'net_cls' [ 52.051014][ T1753] cgroup1: Unknown subsys name 'net_cls' [ 55.092427][ T83] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 55.192336][ T17] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 55.192744][ T5] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 55.242035][ T102] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 55.252333][ T2729] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 55.272046][ T2737] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 55.452151][ T83] usb 5-1: config 0 has an invalid interface number: 106 but max is 0 [ 55.460503][ T83] usb 5-1: config 0 has no interface number 0 [ 55.466947][ T83] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=ef.8f [ 55.476180][ T83] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.485660][ T83] usb 5-1: config 0 descriptor?? [ 55.562128][ T17] usb 1-1: config 0 has an invalid interface number: 106 but max is 0 [ 55.570465][ T17] usb 1-1: config 0 has no interface number 0 [ 55.576769][ T17] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=ef.8f [ 55.585861][ T17] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.592885][ T5] usb 3-1: config 0 has an invalid interface number: 106 but max is 0 [ 55.595355][ T17] usb 1-1: config 0 descriptor?? [ 55.602045][ T5] usb 3-1: config 0 has no interface number 0 [ 55.605954][ T5] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=ef.8f [ 55.622276][ T5] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.630971][ T5] usb 3-1: config 0 descriptor?? [ 55.634441][ T2729] usb 2-1: config 0 has an invalid interface number: 106 but max is 0 [ 55.644148][ T2729] usb 2-1: config 0 has no interface number 0 [ 55.650236][ T2737] usb 4-1: config 0 has an invalid interface number: 106 but max is 0 [ 55.652091][ T102] usb 6-1: config 0 has an invalid interface number: 106 but max is 0 [ 55.658433][ T2737] usb 4-1: config 0 has no interface number 0 [ 55.666582][ T102] usb 6-1: config 0 has no interface number 0 [ 55.673835][ T2729] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=ef.8f [ 55.682910][ T102] usb 6-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=ef.8f [ 55.687769][ T2729] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.697020][ T102] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.705417][ T2737] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=ef.8f [ 55.722290][ T2737] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.725903][ T102] usb 6-1: config 0 descriptor?? [ 55.739866][ T2729] usb 2-1: config 0 descriptor?? [ 55.745377][ T2737] usb 4-1: config 0 descriptor?? [ 56.622193][ T83] usb 5-1: ATUSB: AT86RF230 version 0 [ 56.732098][ T17] usb 1-1: ATUSB: AT86RF230 version 0 [ 56.782164][ T5] usb 3-1: ATUSB: AT86RF230 version 0 [ 56.842119][ T83] usb 5-1: Firmware: major: 176, minor: 17, hardware type: UNKNOWN (34) [ 56.842126][ T102] usb 6-1: ATUSB: AT86RF230 version 0 [ 56.850623][ T83] usb 5-1: failed to fetch extended address, random address set [ 56.863718][ T83] usb 5-1: atusb_probe: initialization failed, error = -524 [ 56.871111][ T2729] usb 2-1: ATUSB: AT86RF230 version 0 [ 56.876707][ T83] atusb: probe of 5-1:0.106 failed with error -524 [ 56.883738][ T2737] usb 4-1: ATUSB: AT86RF230 version 0 [ 56.952127][ T17] usb 1-1: Firmware: major: 120, minor: 16, hardware type: UNKNOWN (34) [ 56.960633][ T17] usb 1-1: failed to fetch extended address, random address set [ 56.968365][ T17] usb 1-1: atusb_probe: initialization failed, error = -524 [ 56.975897][ T17] atusb: probe of 1-1:0.106 failed with error -524 [ 56.992078][ T5] usb 3-1: Firmware: major: 152, minor: 209, hardware type: UNKNOWN (162) [ 57.000662][ T5] usb 3-1: failed to fetch extended address, random address set [ 57.008389][ T5] usb 3-1: atusb_probe: initialization failed, error = -524 [ 57.015823][ T5] atusb: probe of 3-1:0.106 failed with error -524 [ 57.062272][ T102] usb 6-1: Firmware: major: 192, minor: 208, hardware type: UNKNOWN (162) [ 57.071070][ T102] usb 6-1: failed to fetch extended address, random address set [ 57.072095][ T2729] usb 2-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0) [ 57.078893][ T102] usb 6-1: atusb_probe: initialization failed, error = -524 [ 57.086580][ T2729] usb 2-1: Firmware version (0.0) predates our first public release. [ 57.094532][ T102] atusb: probe of 6-1:0.106 failed with error -524 [ 57.101898][ T2729] usb 2-1: Please update to version 0.2 or newer [ 57.102090][ T2737] usb 4-1: Firmware: major: 48, minor: 16, hardware type: UNKNOWN (34) [ 57.123025][ T2737] usb 4-1: failed to fetch extended address, random address set [ 57.130657][ T2737] usb 4-1: atusb_probe: initialization failed, error = -524 [ 57.138211][ T2737] atusb: probe of 4-1:0.106 failed with error -524 [ 57.312147][ T2729] usb 2-1: Firmware: build [ 57.943587][ T2729] usb 2-1: USB disconnect, device number 2 2019/09/21 09:51:23 executed programs: 6 [ 58.044119][ T2737] usb 5-1: USB disconnect, device number 2 [ 58.072944][ T2729] ================================================================== [ 58.081100][ T2729] BUG: KASAN: use-after-free in atusb_disconnect+0x17f/0x1c0 [ 58.088453][ T2729] Read of size 8 at addr ffff8881c9304c28 by task kworker/1:3/2729 [ 58.096322][ T2729] [ 58.098630][ T2729] CPU: 1 PID: 2729 Comm: kworker/1:3 Not tainted 5.3.0+ #0 [ 58.105794][ T2729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.115878][ T2729] Workqueue: usb_hub_wq hub_event [ 58.120948][ T2729] Call Trace: [ 58.124220][ T2729] dump_stack+0xca/0x13e [ 58.128439][ T2729] ? atusb_disconnect+0x17f/0x1c0 [ 58.133439][ T2729] ? atusb_disconnect+0x17f/0x1c0 [ 58.138445][ T2729] print_address_description+0x6a/0x32c [ 58.143990][ T2729] ? atusb_disconnect+0x17f/0x1c0 [ 58.148991][ T2729] ? atusb_disconnect+0x17f/0x1c0 [ 58.154176][ T2729] __kasan_report.cold+0x1a/0x33 [ 58.154276][ T102] usb 1-1: USB disconnect, device number 2 [ 58.159113][ T2729] ? kobject_put+0x120/0x280 [ 58.169474][ T2729] ? atusb_disconnect+0x17f/0x1c0 [ 58.174498][ T2729] kasan_report+0xe/0x12 [ 58.178733][ T2729] atusb_disconnect+0x17f/0x1c0 [ 58.183573][ T2729] usb_unbind_interface+0x1bd/0x8a0 [ 58.188788][ T2729] ? usb_autoresume_device+0x60/0x60 [ 58.194069][ T2729] device_release_driver_internal+0x42f/0x500 [ 58.200144][ T2729] bus_remove_device+0x2dc/0x4a0 [ 58.205072][ T2729] device_del+0x420/0xb10 [ 58.209387][ T2729] ? __device_links_no_driver+0x240/0x240 [ 58.215094][ T2729] ? lockdep_hardirqs_on+0x379/0x580 [ 58.218760][ T5] usb 3-1: USB disconnect, device number 2 [ 58.220370][ T2729] ? remove_intf_ep_devs+0x13f/0x1d0 [ 58.231422][ T2729] usb_disable_device+0x211/0x690 [ 58.236444][ T2729] usb_disconnect+0x284/0x8d0 [ 58.241120][ T2729] hub_event+0x1454/0x3640 [ 58.245533][ T2729] ? find_held_lock+0x2d/0x110 [ 58.250294][ T2729] ? mark_held_locks+0xe0/0xe0 [ 58.255051][ T2729] ? hub_port_debounce+0x260/0x260 [ 58.260157][ T2729] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.264745][ T2738] usb 6-1: USB disconnect, device number 2 [ 58.265690][ T2729] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 58.276743][ T2729] process_one_work+0x92b/0x1530 [ 58.281678][ T2729] ? pwq_dec_nr_in_flight+0x310/0x310 [ 58.287049][ T2729] ? do_raw_spin_lock+0x11a/0x280 [ 58.292071][ T2729] worker_thread+0x96/0xe20 [ 58.296579][ T2729] ? process_one_work+0x1530/0x1530 [ 58.301772][ T2729] kthread+0x318/0x420 [ 58.305841][ T2729] ? kthread_create_on_node+0xf0/0xf0 [ 58.311214][ T2729] ret_from_fork+0x24/0x30 [ 58.311912][ T2769] usb 4-1: USB disconnect, device number 2 [ 58.315634][ T2729] [ 58.315641][ T2729] Allocated by task 2729: [ 58.315657][ T2729] save_stack+0x1b/0x80 [ 58.315668][ T2729] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 58.315680][ T2729] wpan_phy_new+0x22/0x290 [ 58.315692][ T2729] ieee802154_alloc_hw+0x11d/0x750 [ 58.315702][ T2729] atusb_probe+0x9b/0xfa2 [ 58.315713][ T2729] usb_probe_interface+0x305/0x7a0 [ 58.315725][ T2729] really_probe+0x281/0x6d0 [ 58.315733][ T2729] driver_probe_device+0x101/0x1b0 [ 58.315747][ T2729] __device_attach_driver+0x1c2/0x220 [ 58.371668][ T2729] bus_for_each_drv+0x162/0x1e0 [ 58.376497][ T2729] __device_attach+0x217/0x360 [ 58.381287][ T2729] bus_probe_device+0x1e4/0x290 [ 58.386118][ T2729] device_add+0xae6/0x16f0 [ 58.390553][ T2729] usb_set_configuration+0xdf6/0x1670 [ 58.395901][ T2729] generic_probe+0x9d/0xd5 [ 58.400299][ T2729] usb_probe_device+0x99/0x100 [ 58.405042][ T2729] really_probe+0x281/0x6d0 [ 58.409540][ T2729] driver_probe_device+0x101/0x1b0 [ 58.414642][ T2729] __device_attach_driver+0x1c2/0x220 [ 58.419990][ T2729] bus_for_each_drv+0x162/0x1e0 [ 58.424818][ T2729] __device_attach+0x217/0x360 [ 58.429559][ T2729] bus_probe_device+0x1e4/0x290 [ 58.434384][ T2729] device_add+0xae6/0x16f0 [ 58.438775][ T2729] usb_new_device.cold+0x6a4/0xe79 [ 58.443861][ T2729] hub_event+0x1b5c/0x3640 [ 58.448267][ T2729] process_one_work+0x92b/0x1530 [ 58.453177][ T2729] worker_thread+0x96/0xe20 [ 58.457655][ T2729] kthread+0x318/0x420 [ 58.461699][ T2729] ret_from_fork+0x24/0x30 [ 58.466091][ T2729] [ 58.468398][ T2729] Freed by task 2729: [ 58.472361][ T2729] save_stack+0x1b/0x80 [ 58.476496][ T2729] __kasan_slab_free+0x130/0x180 [ 58.481416][ T2729] kfree+0xe4/0x2f0 [ 58.485224][ T2729] device_release+0x71/0x200 [ 58.489790][ T2729] kobject_put+0x171/0x280 [ 58.494189][ T2729] put_device+0x1b/0x30 [ 58.498319][ T2729] atusb_disconnect+0x117/0x1c0 [ 58.503154][ T2729] usb_unbind_interface+0x1bd/0x8a0 [ 58.508334][ T2729] device_release_driver_internal+0x42f/0x500 [ 58.514375][ T2729] bus_remove_device+0x2dc/0x4a0 [ 58.519287][ T2729] device_del+0x420/0xb10 [ 58.523591][ T2729] usb_disable_device+0x211/0x690 [ 58.528605][ T2729] usb_disconnect+0x284/0x8d0 [ 58.533267][ T2729] hub_event+0x1454/0x3640 [ 58.537662][ T2729] process_one_work+0x92b/0x1530 [ 58.542576][ T2729] worker_thread+0x96/0xe20 [ 58.547053][ T2729] kthread+0x318/0x420 [ 58.551100][ T2729] ret_from_fork+0x24/0x30 [ 58.555485][ T2729] [ 58.557792][ T2729] The buggy address belongs to the object at ffff8881c9304400 [ 58.557792][ T2729] which belongs to the cache kmalloc-4k of size 4096 [ 58.571818][ T2729] The buggy address is located 2088 bytes inside of [ 58.571818][ T2729] 4096-byte region [ffff8881c9304400, ffff8881c9305400) [ 58.572036][ T102] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 58.585230][ T2729] The buggy address belongs to the page: [ 58.585243][ T2729] page:ffffea000724c000 refcount:1 mapcount:0 mapping:ffff8881da00c280 index:0x0 compound_mapcount: 0 [ 58.585256][ T2729] flags: 0x200000000010200(slab|head) [ 58.585273][ T2729] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da00c280 [ 58.585286][ T2729] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000 [ 58.585291][ T2729] page dumped because: kasan: bad access detected [ 58.585295][ T2729] [ 58.585298][ T2729] Memory state around the buggy address: [ 58.585307][ T2729] ffff8881c9304b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.585316][ T2729] ffff8881c9304b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.585324][ T2729] >ffff8881c9304c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.585329][ T2729] ^ [ 58.585337][ T2729] ffff8881c9304c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.585345][ T2729] ffff8881c9304d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.585355][ T2729] ================================================================== [ 58.632110][ T5] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 58.632339][ T2729] Disabling lock debugging due to kernel taint [ 58.632523][ T2729] Kernel panic - not syncing: panic_on_warn set ... [ 58.720303][ T2729] CPU: 1 PID: 2729 Comm: kworker/1:3 Tainted: G B 5.3.0+ #0 [ 58.728859][ T2729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.738897][ T2729] Workqueue: usb_hub_wq hub_event [ 58.743896][ T2729] Call Trace: [ 58.747168][ T2729] dump_stack+0xca/0x13e [ 58.751395][ T2729] panic+0x2a3/0x6da [ 58.755264][ T2729] ? add_taint.cold+0x16/0x16 [ 58.759915][ T2729] ? retint_kernel+0x10/0x10 [ 58.764493][ T2729] ? trace_hardirqs_on+0x55/0x1e0 [ 58.769491][ T2729] ? atusb_disconnect+0x17f/0x1c0 [ 58.774492][ T2729] end_report+0x43/0x49 [ 58.778620][ T2729] ? atusb_disconnect+0x17f/0x1c0 [ 58.783618][ T2729] __kasan_report.cold+0xd/0x33 [ 58.788459][ T2729] ? kobject_put+0x120/0x280 [ 58.793045][ T2729] ? atusb_disconnect+0x17f/0x1c0 [ 58.798082][ T2729] kasan_report+0xe/0x12 [ 58.802299][ T2729] atusb_disconnect+0x17f/0x1c0 [ 58.807131][ T2729] usb_unbind_interface+0x1bd/0x8a0 [ 58.812308][ T2729] ? usb_autoresume_device+0x60/0x60 [ 58.817575][ T2729] device_release_driver_internal+0x42f/0x500 [ 58.823619][ T2729] bus_remove_device+0x2dc/0x4a0 [ 58.828536][ T2729] device_del+0x420/0xb10 [ 58.832845][ T2729] ? __device_links_no_driver+0x240/0x240 [ 58.838552][ T2729] ? lockdep_hardirqs_on+0x379/0x580 [ 58.843899][ T2729] ? remove_intf_ep_devs+0x13f/0x1d0 [ 58.849160][ T2729] usb_disable_device+0x211/0x690 [ 58.854160][ T2729] usb_disconnect+0x284/0x8d0 [ 58.858813][ T2729] hub_event+0x1454/0x3640 [ 58.863205][ T2729] ? find_held_lock+0x2d/0x110 [ 58.867941][ T2729] ? mark_held_locks+0xe0/0xe0 [ 58.872676][ T2729] ? hub_port_debounce+0x260/0x260 [ 58.877764][ T2729] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.883293][ T2729] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 58.888555][ T2729] process_one_work+0x92b/0x1530 [ 58.893468][ T2729] ? pwq_dec_nr_in_flight+0x310/0x310 [ 58.898814][ T2729] ? do_raw_spin_lock+0x11a/0x280 [ 58.903814][ T2729] worker_thread+0x96/0xe20 [ 58.908407][ T2729] ? process_one_work+0x1530/0x1530 [ 58.913592][ T2729] kthread+0x318/0x420 [ 58.917644][ T2729] ? kthread_create_on_node+0xf0/0xf0 [ 58.922997][ T2729] ret_from_fork+0x24/0x30 [ 58.928060][ T2729] Kernel Offset: disabled [ 58.932369][ T2729] Rebooting in 86400 seconds..