[info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 14.435980][ T1667] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.513129][ C1] random: crng init done Warning: Permanently added '10.128.1.52' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program [ 61.200013][ T83] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 61.210016][ T102] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 61.210189][ T17] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 61.217916][ T12] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 61.225957][ T22] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 61.232955][ T5] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 61.439967][ T83] usb 1-1: Using ep0 maxpacket: 8 [ 61.479964][ T102] usb 6-1: Using ep0 maxpacket: 8 [ 61.485308][ T12] usb 3-1: Using ep0 maxpacket: 8 [ 61.489974][ T17] usb 4-1: Using ep0 maxpacket: 8 [ 61.490764][ T5] usb 2-1: Using ep0 maxpacket: 8 [ 61.495852][ T22] usb 5-1: Using ep0 maxpacket: 8 [ 61.560156][ T83] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 61.568414][ T83] usb 1-1: config 0 has no interface number 0 [ 61.574710][ T83] usb 1-1: New USB device found, idVendor=0841, idProduct=0001, bcdDevice=6e.90 [ 61.583947][ T83] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.593749][ T83] usb 1-1: config 0 descriptor?? [ 61.600203][ T102] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 61.608365][ T102] usb 6-1: config 0 has no interface number 0 [ 61.610570][ T17] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 61.614715][ T102] usb 6-1: New USB device found, idVendor=0841, idProduct=0001, bcdDevice=6e.90 [ 61.623512][ T17] usb 4-1: config 0 has no interface number 0 [ 61.624084][ T17] usb 4-1: New USB device found, idVendor=0841, idProduct=0001, bcdDevice=6e.90 [ 61.633060][ T102] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.633144][ T12] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 61.639159][ T17] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.648651][ T12] usb 3-1: config 0 has no interface number 0 [ 61.648733][ T5] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 61.656869][ T22] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 61.665636][ T5] usb 2-1: config 0 has no interface number 0 [ 61.666573][ T12] usb 3-1: New USB device found, idVendor=0841, idProduct=0001, bcdDevice=6e.90 [ 61.673804][ T22] usb 5-1: config 0 has no interface number 0 [ 61.679967][ T12] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.683775][ T102] usb 6-1: config 0 descriptor?? [ 61.689792][ T83] rio500 1-1:0.67: USB Rio found at address 2 [ 61.699544][ T5] usb 2-1: New USB device found, idVendor=0841, idProduct=0001, bcdDevice=6e.90 [ 61.706280][ T22] usb 5-1: New USB device found, idVendor=0841, idProduct=0001, bcdDevice=6e.90 [ 61.711537][ T5] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.728761][ T12] usb 3-1: config 0 descriptor?? [ 61.731002][ T22] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.743798][ T17] usb 4-1: config 0 descriptor?? [ 61.746472][ T5] usb 2-1: config 0 descriptor?? [ 61.761405][ T22] usb 5-1: config 0 descriptor?? [ 61.764986][ T102] rio500 6-1:0.67: Second USB Rio at address 2 refused [ 61.791296][ T17] rio500 4-1:0.67: Second USB Rio at address 2 refused [ 61.792970][ T102] rio500: probe of 6-1:0.67 failed with error -16 [ 61.799329][ T17] rio500: probe of 4-1:0.67 failed with error -16 [ 61.820736][ T22] rio500 5-1:0.67: Second USB Rio at address 2 refused [ 61.829196][ T22] rio500: probe of 5-1:0.67 failed with error -16 [ 61.841397][ T5] rio500 2-1:0.67: Second USB Rio at address 2 refused [ 61.848411][ T5] rio500: probe of 2-1:0.67 failed with error -16 executing program [ 61.856460][ T12] rio500 3-1:0.67: Second USB Rio at address 2 refused [ 61.863753][ T12] rio500: probe of 3-1:0.67 failed with error -16 [ 61.890425][ T17] usb 1-1: USB disconnect, device number 2 [ 61.898103][ T17] rio500 1-1:0.67: USB Rio disconnected. executing program executing program [ 61.957321][ T22] usb 6-1: USB disconnect, device number 2 [ 61.991369][ T83] usb 4-1: USB disconnect, device number 2 executing program executing program executing program [ 62.020629][ T5] usb 5-1: USB disconnect, device number 2 [ 62.042152][ T12] usb 2-1: USB disconnect, device number 2 [ 62.047733][ T1736] usb 3-1: USB disconnect, device number 2 [ 62.250095][ T17] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 62.379955][ T5] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 62.379963][ T22] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 62.390134][ T83] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 62.410151][ T12] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 62.449962][ T1736] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 62.490093][ T17] usb 1-1: Using ep0 maxpacket: 8 [ 62.610076][ T17] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 62.618834][ T17] usb 1-1: config 0 has no interface number 0 [ 62.625092][ T22] usb 6-1: Using ep0 maxpacket: 8 [ 62.630571][ T17] usb 1-1: New USB device found, idVendor=0841, idProduct=0001, bcdDevice=6e.90 [ 62.640036][ T17] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.648148][ T83] usb 4-1: Using ep0 maxpacket: 8 [ 62.649914][ T5] usb 5-1: Using ep0 maxpacket: 8 [ 62.655321][ T17] usb 1-1: config 0 descriptor?? [ 62.670123][ T12] usb 2-1: Using ep0 maxpacket: 8 [ 62.700787][ T1736] usb 3-1: Using ep0 maxpacket: 8 [ 62.707046][ T17] rio500 1-1:0.67: USB Rio found at address 3 [ 62.750066][ T22] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 62.758335][ T22] usb 6-1: config 0 has no interface number 0 [ 62.764881][ T22] usb 6-1: New USB device found, idVendor=0841, idProduct=0001, bcdDevice=6e.90 [ 62.774586][ T22] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.782901][ T83] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 62.790078][ T5] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 62.791164][ T83] usb 4-1: config 0 has no interface number 0 [ 62.799303][ T5] usb 5-1: config 0 has no interface number 0 [ 62.806387][ T22] usb 6-1: config 0 descriptor?? [ 62.811625][ T12] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 62.816616][ T83] usb 4-1: New USB device found, idVendor=0841, idProduct=0001, bcdDevice=6e.90 [ 62.824562][ T12] usb 2-1: config 0 has no interface number 0 [ 62.825337][ T12] usb 2-1: New USB device found, idVendor=0841, idProduct=0001, bcdDevice=6e.90 [ 62.833838][ T83] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.839917][ T12] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.840141][ T5] usb 5-1: New USB device found, idVendor=0841, idProduct=0001, bcdDevice=6e.90 [ 62.850204][ T1736] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 62.857165][ T5] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.865121][ T1736] usb 3-1: config 0 has no interface number 0 executing program [ 62.878420][ T12] usb 2-1: config 0 descriptor?? [ 62.886553][ T22] rio500 6-1:0.67: Second USB Rio at address 3 refused [ 62.891248][ T5] usb 5-1: config 0 descriptor?? [ 62.902372][ T22] rio500: probe of 6-1:0.67 failed with error -16 [ 62.911371][ T102] usb 1-1: USB disconnect, device number 3 [ 62.923574][ T1736] usb 3-1: New USB device found, idVendor=0841, idProduct=0001, bcdDevice=6e.90 [ 62.932536][ T102] rio500 1-1:0.67: USB Rio disconnected. [ 62.935712][ T1736] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.942807][ T12] rio500 2-1:0.67: USB Rio found at address 3 [ 62.949524][ T83] usb 4-1: config 0 descriptor?? [ 62.956692][ T5] rio500 5-1:0.67: USB Rio found at address 3 [ 62.998826][ T1736] usb 3-1: config 0 descriptor?? [ 63.031454][ T83] rio500 4-1:0.67: Second USB Rio at address 3 refused [ 63.038645][ T83] rio500: probe of 4-1:0.67 failed with error -16 [ 63.046610][ T1736] rio500 3-1:0.67: Second USB Rio at address 3 refused [ 63.055339][ T1736] rio500: probe of 3-1:0.67 failed with error -16 executing program [ 63.098216][ T1736] usb 6-1: USB disconnect, device number 3 executing program executing program [ 63.142803][ T12] usb 2-1: USB disconnect, device number 3 [ 63.150502][ T12] rio500 2-1:0.67: USB Rio disconnected. [ 63.158046][ T83] usb 5-1: USB disconnect, device number 3 [ 63.165192][ T83] ================================================================== [ 63.173798][ T83] BUG: KASAN: double-free or invalid-free in disconnect_rio+0x12b/0x1b0 [ 63.182203][ T83] [ 63.184522][ T83] CPU: 1 PID: 83 Comm: kworker/1:2 Not tainted 5.3.0+ #0 [ 63.191538][ T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.202060][ T83] Workqueue: usb_hub_wq hub_event [ 63.207088][ T83] Call Trace: [ 63.210547][ T83] dump_stack+0xca/0x13e [ 63.214788][ T83] print_address_description+0x6a/0x32c [ 63.220349][ T83] ? disconnect_rio+0x12b/0x1b0 [ 63.225189][ T83] kasan_report_invalid_free+0x61/0xa0 [ 63.230643][ T83] ? disconnect_rio+0x12b/0x1b0 [ 63.231689][ T5] usb 4-1: USB disconnect, device number 3 [ 63.235528][ T83] __kasan_slab_free+0x162/0x180 [ 63.246248][ T83] ? disconnect_rio+0x12b/0x1b0 [ 63.251117][ T83] kfree+0xe4/0x2f0 [ 63.255025][ T83] disconnect_rio+0x12b/0x1b0 [ 63.259696][ T83] usb_unbind_interface+0x1bd/0x8a0 [ 63.264954][ T83] ? usb_autoresume_device+0x60/0x60 [ 63.270232][ T83] device_release_driver_internal+0x42f/0x500 [ 63.276808][ T83] bus_remove_device+0x2dc/0x4a0 [ 63.281742][ T83] device_del+0x420/0xb10 [ 63.286085][ T83] ? __device_links_no_driver+0x240/0x240 [ 63.291800][ T83] ? lockdep_hardirqs_on+0x379/0x580 [ 63.297073][ T83] ? remove_intf_ep_devs+0x13f/0x1d0 [ 63.302541][ T83] usb_disable_device+0x211/0x690 [ 63.307552][ T83] usb_disconnect+0x284/0x8d0 [ 63.312399][ T83] hub_event+0x1454/0x3640 [ 63.316804][ T83] ? find_held_lock+0x2d/0x110 [ 63.321749][ T83] ? mark_held_locks+0xe0/0xe0 [ 63.326715][ T83] ? hub_port_debounce+0x260/0x260 [ 63.332050][ T83] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.337612][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 63.339959][ T102] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 63.342928][ T83] process_one_work+0x92b/0x1530 [ 63.342941][ T83] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.342957][ T83] ? do_raw_spin_lock+0x11a/0x280 [ 63.365706][ T83] worker_thread+0x96/0xe20 [ 63.370329][ T83] ? process_one_work+0x1530/0x1530 [ 63.375545][ T83] kthread+0x318/0x420 [ 63.379595][ T83] ? kthread_create_on_node+0xf0/0xf0 [ 63.384975][ T83] ret_from_fork+0x24/0x30 [ 63.389527][ T83] [ 63.392145][ T83] Allocated by task 12: [ 63.396351][ T83] save_stack+0x1b/0x80 [ 63.400697][ T83] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 63.406444][ T83] probe_rio+0x135/0x248 [ 63.410691][ T83] usb_probe_interface+0x305/0x7a0 [ 63.415806][ T83] really_probe+0x281/0x6d0 [ 63.420308][ T83] driver_probe_device+0x101/0x1b0 [ 63.425406][ T83] __device_attach_driver+0x1c2/0x220 [ 63.430772][ T83] bus_for_each_drv+0x162/0x1e0 [ 63.435613][ T83] __device_attach+0x217/0x360 [ 63.440424][ T83] bus_probe_device+0x1e4/0x290 [ 63.445484][ T83] device_add+0xae6/0x16f0 [ 63.450016][ T83] usb_set_configuration+0xdf6/0x1670 [ 63.455437][ T83] generic_probe+0x9d/0xd5 [ 63.459949][ T83] usb_probe_device+0x99/0x100 [ 63.464908][ T83] really_probe+0x281/0x6d0 [ 63.469564][ T83] driver_probe_device+0x101/0x1b0 [ 63.474678][ T83] __device_attach_driver+0x1c2/0x220 [ 63.480057][ T83] bus_for_each_drv+0x162/0x1e0 [ 63.484893][ T83] __device_attach+0x217/0x360 [ 63.489740][ T83] bus_probe_device+0x1e4/0x290 [ 63.494686][ T83] device_add+0xae6/0x16f0 [ 63.499199][ T83] usb_new_device.cold+0x6a4/0xe79 [ 63.504302][ T83] hub_event+0x1b5c/0x3640 [ 63.509112][ T83] process_one_work+0x92b/0x1530 [ 63.510089][ T12] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 63.514150][ T83] worker_thread+0x96/0xe20 [ 63.514161][ T83] kthread+0x318/0x420 [ 63.514172][ T83] ret_from_fork+0x24/0x30 [ 63.514175][ T83] [ 63.514182][ T83] Freed by task 12: [ 63.514199][ T83] save_stack+0x1b/0x80 [ 63.545583][ T83] __kasan_slab_free+0x130/0x180 [ 63.550511][ T83] kfree+0xe4/0x2f0 [ 63.554350][ T83] disconnect_rio+0x12b/0x1b0 [ 63.559033][ T83] usb_unbind_interface+0x1bd/0x8a0 [ 63.564225][ T83] device_release_driver_internal+0x42f/0x500 [ 63.570291][ T83] bus_remove_device+0x2dc/0x4a0 [ 63.575208][ T83] device_del+0x420/0xb10 [ 63.579531][ T83] usb_disable_device+0x211/0x690 [ 63.584541][ T83] usb_disconnect+0x284/0x8d0 [ 63.589200][ T83] hub_event+0x1454/0x3640 [ 63.589960][ T102] usb 1-1: Using ep0 maxpacket: 8 [ 63.593608][ T83] process_one_work+0x92b/0x1530 [ 63.593619][ T83] worker_thread+0x96/0xe20 [ 63.593628][ T83] kthread+0x318/0x420 [ 63.593643][ T83] ret_from_fork+0x24/0x30 [ 63.616615][ T83] [ 63.618927][ T83] The buggy address belongs to the object at ffff8881d2539100 [ 63.618927][ T83] which belongs to the cache kmalloc-4k of size 4096 [ 63.632964][ T83] The buggy address is located 0 bytes inside of [ 63.632964][ T83] 4096-byte region [ffff8881d2539100, ffff8881d253a100) [ 63.646215][ T83] The buggy address belongs to the page: [ 63.651846][ T83] page:ffffea0007494e00 refcount:1 mapcount:0 mapping:ffff8881da00c280 index:0x0 compound_mapcount: 0 [ 63.662850][ T83] flags: 0x200000000010200(slab|head) [ 63.668366][ T83] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da00c280 [ 63.676957][ T83] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000 [ 63.685533][ T83] page dumped because: kasan: bad access detected [ 63.692027][ T83] [ 63.694457][ T83] Memory state around the buggy address: [ 63.700072][ T83] ffff8881d2539000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.708312][ T83] ffff8881d2539080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 63.710142][ T102] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 63.716363][ T83] >ffff8881d2539100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.716367][ T83] ^ [ 63.716375][ T83] ffff8881d2539180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.716383][ T83] ffff8881d2539200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.716393][ T83] ================================================================== [ 63.725625][ T102] usb 1-1: config 0 has no interface number 0 [ 63.733614][ T83] Disabling lock debugging due to kernel taint [ 63.733837][ T83] Kernel panic - not syncing: panic_on_warn set ... [ 63.739217][ T102] usb 1-1: New USB device found, idVendor=0841, idProduct=0001, bcdDevice=6e.90 executing program executing program [ 63.745900][ T83] CPU: 1 PID: 83 Comm: kworker/1:2 Tainted: G B 5.3.0+ #0 [ 63.745905][ T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.745919][ T83] Workqueue: usb_hub_wq hub_event [ 63.745925][ T83] Call Trace: [ 63.745947][ T83] dump_stack+0xca/0x13e [ 63.754052][ T102] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.762044][ T83] panic+0x2a3/0x6da [ 63.762054][ T83] ? add_taint.cold+0x16/0x16 [ 63.762066][ T83] ? disconnect_rio+0x12b/0x1b0 [ 63.762082][ T83] ? trace_hardirqs_on+0x55/0x1e0 [ 63.768355][ T12] usb 2-1: Using ep0 maxpacket: 8 [ 63.774279][ T83] ? disconnect_rio+0x12b/0x1b0 [ 63.774291][ T83] end_report+0x43/0x49 [ 63.774301][ T83] kasan_report_invalid_free+0x7d/0xa0 [ 63.774315][ T83] ? disconnect_rio+0x12b/0x1b0 [ 63.785289][ T102] usb 1-1: config 0 descriptor?? [ 63.790846][ T83] __kasan_slab_free+0x162/0x180 [ 63.790860][ T83] ? disconnect_rio+0x12b/0x1b0 [ 63.790868][ T83] kfree+0xe4/0x2f0 [ 63.790878][ T83] disconnect_rio+0x12b/0x1b0 [ 63.790896][ T83] usb_unbind_interface+0x1bd/0x8a0 [ 63.803410][ T5] usb 3-1: USB disconnect, device number 3 [ 63.809815][ T83] ? usb_autoresume_device+0x60/0x60 [ 63.809828][ T83] device_release_driver_internal+0x42f/0x500 [ 63.809848][ T83] bus_remove_device+0x2dc/0x4a0 [ 63.841177][ T102] rio500 1-1:0.67: USB Rio found at address 4 [ 63.844455][ T83] device_del+0x420/0xb10 [ 63.900017][ T12] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 63.903165][ T83] ? __device_links_no_driver+0x240/0x240 [ 63.903179][ T83] ? lockdep_hardirqs_on+0x379/0x580 [ 63.903196][ T83] ? remove_intf_ep_devs+0x13f/0x1d0 [ 63.909000][ T12] usb 2-1: config 0 has no interface number 0 [ 63.914264][ T83] usb_disable_device+0x211/0x690 [ 63.914274][ T83] usb_disconnect+0x284/0x8d0 [ 63.914283][ T83] hub_event+0x1454/0x3640 [ 63.914299][ T83] ? find_held_lock+0x2d/0x110 [ 63.920880][ T12] usb 2-1: New USB device found, idVendor=0841, idProduct=0001, bcdDevice=6e.90 [ 63.925357][ T83] ? mark_held_locks+0xe0/0xe0 [ 63.925368][ T83] ? hub_port_debounce+0x260/0x260 [ 63.925381][ T83] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.925395][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 63.931472][ T12] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.935773][ T83] process_one_work+0x92b/0x1530 [ 63.947827][ T12] usb 2-1: config 0 descriptor?? [ 63.949770][ T83] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.949781][ T83] ? do_raw_spin_lock+0x11a/0x280 [ 63.949792][ T83] worker_thread+0x96/0xe20 [ 63.949809][ T83] ? process_one_work+0x1530/0x1530 [ 63.993340][ T12] rio500 2-1:0.67: USB Rio found at address 4 [ 63.995309][ T83] kthread+0x318/0x420 [ 63.995321][ T83] ? kthread_create_on_node+0xf0/0xf0 [ 63.995333][ T83] ret_from_fork+0x24/0x30 [ 64.001018][ T83] Kernel Offset: disabled [ 64.079401][ T83] Rebooting in 86400 seconds..