[info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 12.225009][ T1656] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 42.551547][ T1697] random: sshd: uninitialized urandom read (32 bytes read) [ 42.599397][ C1] random: crng init done Warning: Permanently added '10.128.0.48' (ECDSA) to the list of known hosts. executing program [ 62.105910][ T78] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 62.345970][ T78] usb 1-1: Using ep0 maxpacket: 8 [ 62.465915][ T78] usb 1-1: config 0 has an invalid interface number: 239 but max is 0 [ 62.474150][ T78] usb 1-1: config 0 has no interface number 0 [ 62.480247][ T78] usb 1-1: config 0 interface 239 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 62.490045][ T78] usb 1-1: config 0 interface 239 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 0 [ 62.499945][ T78] usb 1-1: New USB device found, idVendor=9022, idProduct=d421, bcdDevice=4f.12 [ 62.508959][ T78] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.517891][ T78] usb 1-1: config 0 descriptor?? [ 62.567384][ T78] dw2102: su3000_identify_state [ 62.572353][ T78] dvb-usb: found a 'TeVii S421 PCI' in warm state. [ 62.578925][ T78] dw2102: su3000_power_ctrl: 1, initialized 0 [ 62.585132][ T78] dvb-usb: bulk message failed: -22 (2/-738120320) [ 62.592793][ T78] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 62.616097][ T78] dvbdev: DVB: registering new adapter (TeVii S421 PCI) [ 62.623301][ T78] usb 1-1: media controller created [ 62.628759][ T78] dvb-usb: bulk message failed: -22 (6/-2036041824) [ 62.635391][ T78] dw2102: i2c transfer failed. [ 62.640235][ T78] dvb-usb: bulk message failed: -22 (6/-2036041824) [ 62.646817][ T78] dw2102: i2c transfer failed. [ 62.651553][ T78] dvb-usb: bulk message failed: -22 (6/-2036041824) [ 62.658148][ T78] dw2102: i2c transfer failed. [ 62.662892][ T78] dvb-usb: bulk message failed: -22 (6/-2036041824) [ 62.669492][ T78] dw2102: i2c transfer failed. [ 62.674243][ T78] dvb-usb: bulk message failed: -22 (6/-2036041824) [ 62.680826][ T78] dw2102: i2c transfer failed. [ 62.685587][ T78] dvb-usb: bulk message failed: -22 (6/-2036041824) [ 62.692169][ T78] dw2102: i2c transfer failed. [ 62.696931][ T78] dvb-usb: MAC address: 02:02:02:02:02:02 [ 62.705752][ T78] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 62.719342][ T78] dvb-usb: bulk message failed: -22 (1/0) [ 62.725076][ T78] dw2102: command 0x51 transfer failed. [ 62.731733][ T78] dvb-usb: bulk message failed: -22 (5/-2036041824) [ 62.738393][ T78] dw2102: i2c transfer failed. [ 62.743234][ T78] dvb-usb: bulk message failed: -22 (5/-2036041824) [ 62.749819][ T78] dw2102: i2c transfer failed. [ 62.754567][ T78] dvb-usb: bulk message failed: -22 (5/-2036041824) [ 62.761166][ T78] dw2102: i2c transfer failed. executing program [ 62.765941][ T78] dvb-usb: bulk message failed: -22 (5/-2036041824) [ 62.772528][ T78] dw2102: i2c transfer failed. [ 62.777419][ T78] dvb-usb: bulk message failed: -22 (5/-2036041824) [ 62.783972][ T78] dw2102: i2c transfer failed. [ 62.788750][ T78] dvb-usb: bulk message failed: -22 (5/-2036041824) [ 62.795310][ T78] dw2102: i2c transfer failed. [ 62.850120][ T78] dvb-usb: bulk message failed: -22 (5/-2036041824) [ 62.856723][ T78] dw2102: i2c transfer failed. [ 62.861482][ T78] dvb-usb: bulk message failed: -22 (5/-2036041824) [ 62.868076][ T78] dw2102: i2c transfer failed. [ 62.872842][ T78] dvb-usb: bulk message failed: -22 (5/-2036041824) [ 62.879443][ T78] dw2102: i2c transfer failed. [ 62.884223][ T78] dvb-usb: bulk message failed: -22 (5/-2036041824) [ 62.890803][ T78] dw2102: i2c transfer failed. [ 62.895557][ T78] dvb-usb: bulk message failed: -22 (5/-2036041824) [ 62.902138][ T78] dw2102: i2c transfer failed. [ 62.906902][ T78] dvb-usb: bulk message failed: -22 (5/-2036041824) [ 62.913541][ T78] dw2102: i2c transfer failed. [ 62.918333][ T78] ts2020 0-0060: Montage Technology TS2020 successfully identified [ 62.926511][ T78] dw2102: Attached RS2000/TS2020! [ 62.931618][ T78] usb 1-1: DVB: registering adapter 0 frontend 0 (M88RS2000 DVB-S)... [ 62.939941][ T78] dvbdev: dvb_create_media_entity: media entity 'M88RS2000 DVB-S' registered. [ 63.006058][ T78] Registered IR keymap rc-su3000 [ 63.011383][ T78] rc rc0: TeVii S421 PCI as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0 [ 63.020477][ T78] input: TeVii S421 PCI as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input5 [ 63.030425][ T78] dvb-usb: schedule remote query interval to 150 msecs. [ 63.037408][ T78] dw2102: su3000_power_ctrl: 0, initialized 1 [ 63.043451][ T78] dvb-usb: TeVii S421 PCI successfully initialized and connected. [ 63.052648][ T78] usb 1-1: USB disconnect, device number 2 [ 63.059279][ T78] ================================================================== [ 63.067397][ T78] BUG: KASAN: use-after-free in dvb_usb_device_exit+0x19a/0x1a0 [ 63.075029][ T78] Read of size 8 at addr ffff8881d33593e8 by task kworker/1:1/78 [ 63.082717][ T78] [ 63.085018][ T78] CPU: 1 PID: 78 Comm: kworker/1:1 Not tainted 5.4.0-rc1+ #0 [ 63.092350][ T78] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.102378][ T78] Workqueue: usb_hub_wq hub_event [ 63.107369][ T78] Call Trace: [ 63.110627][ T78] dump_stack+0xca/0x13e [ 63.114840][ T78] ? dvb_usb_device_exit+0x19a/0x1a0 [ 63.120091][ T78] ? dvb_usb_device_exit+0x19a/0x1a0 [ 63.125343][ T78] print_address_description.constprop.0+0x36/0x50 [ 63.131819][ T78] ? dvb_usb_device_exit+0x19a/0x1a0 [ 63.137071][ T78] ? dvb_usb_device_exit+0x19a/0x1a0 [ 63.142321][ T78] __kasan_report.cold+0x1a/0x33 [ 63.147228][ T78] ? _raw_spin_trylock_bh+0x60/0x70 [ 63.152392][ T78] ? dvb_usb_device_exit+0x19a/0x1a0 [ 63.157641][ T78] kasan_report+0xe/0x20 [ 63.161851][ T78] dvb_usb_device_exit+0x19a/0x1a0 [ 63.166930][ T78] ? dvb_usb_exit+0x290/0x290 [ 63.171573][ T78] ? usb_disable_endpoint+0x1ba/0x1f0 [ 63.176912][ T78] ? usb_disable_interface+0x140/0x1a0 [ 63.182349][ T78] usb_unbind_interface+0x1bd/0x8a0 [ 63.187519][ T78] ? usb_autoresume_device+0x60/0x60 [ 63.192771][ T78] device_release_driver_internal+0x42f/0x500 [ 63.198830][ T78] bus_remove_device+0x2dc/0x4a0 [ 63.203967][ T78] device_del+0x420/0xb20 [ 63.208307][ T78] ? __device_link_del+0x2f0/0x2f0 [ 63.213386][ T78] ? usb_remove_ep_devs+0x3e/0x80 [ 63.218378][ T78] ? remove_intf_ep_devs+0x13f/0x1d0 [ 63.223634][ T78] usb_disable_device+0x211/0x690 [ 63.228649][ T78] usb_disconnect+0x284/0x8d0 [ 63.233293][ T78] hub_event+0x1454/0x3640 [ 63.237679][ T78] ? find_held_lock+0x2d/0x110 [ 63.242411][ T78] ? mark_held_locks+0xe0/0xe0 [ 63.247148][ T78] ? hub_port_debounce+0x260/0x260 [ 63.252254][ T78] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.257763][ T78] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 63.263016][ T78] process_one_work+0x92b/0x1530 [ 63.267922][ T78] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.273259][ T78] ? do_raw_spin_lock+0x11a/0x280 [ 63.278250][ T78] worker_thread+0x7ab/0xe20 [ 63.282808][ T78] ? process_one_work+0x1530/0x1530 [ 63.287972][ T78] kthread+0x318/0x420 [ 63.292008][ T78] ? kthread_create_on_node+0xf0/0xf0 [ 63.297345][ T78] ret_from_fork+0x24/0x30 [ 63.301725][ T78] [ 63.304021][ T78] Allocated by task 78: [ 63.308148][ T78] save_stack+0x1b/0x80 [ 63.312271][ T78] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 63.317892][ T78] __kmalloc_track_caller+0xfd/0x330 [ 63.323147][ T78] kmemdup+0x23/0x50 [ 63.327031][ T78] dw2102_probe+0x627/0xc40 [ 63.331500][ T78] usb_probe_interface+0x305/0x7a0 [ 63.336581][ T78] really_probe+0x281/0x6d0 [ 63.341051][ T78] driver_probe_device+0x104/0x210 [ 63.346128][ T78] __device_attach_driver+0x1c2/0x220 [ 63.351483][ T78] bus_for_each_drv+0x162/0x1e0 [ 63.356308][ T78] __device_attach+0x217/0x360 [ 63.361043][ T78] bus_probe_device+0x1e4/0x290 [ 63.365969][ T78] device_add+0xae6/0x16f0 [ 63.370353][ T78] usb_set_configuration+0xdf6/0x1670 [ 63.375690][ T78] generic_probe+0x9d/0xd5 [ 63.380083][ T78] usb_probe_device+0x99/0x100 [ 63.384829][ T78] really_probe+0x281/0x6d0 [ 63.389316][ T78] driver_probe_device+0x104/0x210 [ 63.394395][ T78] __device_attach_driver+0x1c2/0x220 [ 63.399748][ T78] bus_for_each_drv+0x162/0x1e0 [ 63.404567][ T78] __device_attach+0x217/0x360 [ 63.409316][ T78] bus_probe_device+0x1e4/0x290 [ 63.414142][ T78] device_add+0xae6/0x16f0 [ 63.418530][ T78] usb_new_device.cold+0x6a4/0xe79 [ 63.423606][ T78] hub_event+0x1b5c/0x3640 [ 63.427993][ T78] process_one_work+0x92b/0x1530 [ 63.432894][ T78] worker_thread+0x96/0xe20 [ 63.437478][ T78] kthread+0x318/0x420 [ 63.441514][ T78] ret_from_fork+0x24/0x30 [ 63.445895][ T78] [ 63.448194][ T78] Freed by task 78: [ 63.451971][ T78] save_stack+0x1b/0x80 [ 63.456106][ T78] __kasan_slab_free+0x130/0x180 [ 63.461111][ T78] kfree+0xe4/0x2f0 [ 63.464892][ T78] dw2102_probe+0x871/0xc40 [ 63.469469][ T78] usb_probe_interface+0x305/0x7a0 [ 63.474546][ T78] really_probe+0x281/0x6d0 [ 63.479101][ T78] driver_probe_device+0x104/0x210 [ 63.484196][ T78] __device_attach_driver+0x1c2/0x220 [ 63.489534][ T78] bus_for_each_drv+0x162/0x1e0 [ 63.494355][ T78] __device_attach+0x217/0x360 [ 63.499187][ T78] bus_probe_device+0x1e4/0x290 [ 63.504117][ T78] device_add+0xae6/0x16f0 [ 63.508603][ T78] usb_set_configuration+0xdf6/0x1670 [ 63.513940][ T78] generic_probe+0x9d/0xd5 [ 63.518324][ T78] usb_probe_device+0x99/0x100 [ 63.523054][ T78] really_probe+0x281/0x6d0 [ 63.527537][ T78] driver_probe_device+0x104/0x210 [ 63.532616][ T78] __device_attach_driver+0x1c2/0x220 [ 63.537954][ T78] bus_for_each_drv+0x162/0x1e0 [ 63.542771][ T78] __device_attach+0x217/0x360 [ 63.547505][ T78] bus_probe_device+0x1e4/0x290 [ 63.552333][ T78] device_add+0xae6/0x16f0 [ 63.556722][ T78] usb_new_device.cold+0x6a4/0xe79 [ 63.561801][ T78] hub_event+0x1b5c/0x3640 [ 63.566205][ T78] process_one_work+0x92b/0x1530 [ 63.571119][ T78] worker_thread+0x96/0xe20 [ 63.575593][ T78] kthread+0x318/0x420 [ 63.579630][ T78] ret_from_fork+0x24/0x30 [ 63.584009][ T78] [ 63.586313][ T78] The buggy address belongs to the object at ffff8881d3359100 [ 63.586313][ T78] which belongs to the cache kmalloc-4k of size 4096 [ 63.600336][ T78] The buggy address is located 744 bytes inside of [ 63.600336][ T78] 4096-byte region [ffff8881d3359100, ffff8881d335a100) [ 63.613660][ T78] The buggy address belongs to the page: [ 63.619272][ T78] page:ffffea00074cd600 refcount:1 mapcount:0 mapping:ffff8881da00c280 index:0x0 compound_mapcount: 0 [ 63.630168][ T78] flags: 0x200000000010200(slab|head) [ 63.635509][ T78] raw: 0200000000010200 0000000000000000 0000000100000001 ffff8881da00c280 [ 63.644278][ T78] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000 [ 63.652824][ T78] page dumped because: kasan: bad access detected [ 63.659199][ T78] [ 63.661494][ T78] Memory state around the buggy address: [ 63.667193][ T78] ffff8881d3359280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.675237][ T78] ffff8881d3359300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.683272][ T78] >ffff8881d3359380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.691296][ T78] ^ [ 63.698724][ T78] ffff8881d3359400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.706868][ T78] ffff8881d3359480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.714895][ T78] ================================================================== [ 63.722937][ T78] Disabling lock debugging due to kernel taint [ 63.729113][ T78] Kernel panic - not syncing: panic_on_warn set ... [ 63.735691][ T78] CPU: 1 PID: 78 Comm: kworker/1:1 Tainted: G B 5.4.0-rc1+ #0 [ 63.744411][ T78] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.754441][ T78] Workqueue: usb_hub_wq hub_event [ 63.759449][ T78] Call Trace: [ 63.762704][ T78] dump_stack+0xca/0x13e [ 63.766927][ T78] panic+0x2a3/0x6da [ 63.770791][ T78] ? add_taint.cold+0x16/0x16 [ 63.775444][ T78] ? retint_kernel+0x10/0x10 [ 63.780000][ T78] ? trace_hardirqs_on+0x55/0x1e0 [ 63.784990][ T78] ? dvb_usb_device_exit+0x19a/0x1a0 [ 63.790326][ T78] end_report+0x43/0x49 [ 63.794447][ T78] ? dvb_usb_device_exit+0x19a/0x1a0 [ 63.799702][ T78] __kasan_report.cold+0xd/0x33 [ 63.804520][ T78] ? _raw_spin_trylock_bh+0x60/0x70 [ 63.809681][ T78] ? dvb_usb_device_exit+0x19a/0x1a0 [ 63.814929][ T78] kasan_report+0xe/0x20 [ 63.819138][ T78] dvb_usb_device_exit+0x19a/0x1a0 [ 63.824215][ T78] ? dvb_usb_exit+0x290/0x290 [ 63.829034][ T78] ? usb_disable_endpoint+0x1ba/0x1f0 [ 63.834384][ T78] ? usb_disable_interface+0x140/0x1a0 [ 63.839807][ T78] usb_unbind_interface+0x1bd/0x8a0 [ 63.844984][ T78] ? usb_autoresume_device+0x60/0x60 [ 63.850235][ T78] device_release_driver_internal+0x42f/0x500 [ 63.856267][ T78] bus_remove_device+0x2dc/0x4a0 [ 63.861182][ T78] device_del+0x420/0xb20 [ 63.865483][ T78] ? __device_link_del+0x2f0/0x2f0 [ 63.870561][ T78] ? usb_remove_ep_devs+0x3e/0x80 [ 63.875563][ T78] ? remove_intf_ep_devs+0x13f/0x1d0 [ 63.880813][ T78] usb_disable_device+0x211/0x690 [ 63.885818][ T78] usb_disconnect+0x284/0x8d0 [ 63.890475][ T78] hub_event+0x1454/0x3640 [ 63.894857][ T78] ? find_held_lock+0x2d/0x110 [ 63.899588][ T78] ? mark_held_locks+0xe0/0xe0 [ 63.904318][ T78] ? hub_port_debounce+0x260/0x260 [ 63.909394][ T78] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.914915][ T78] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 63.920170][ T78] process_one_work+0x92b/0x1530 [ 63.925076][ T78] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.930413][ T78] ? do_raw_spin_lock+0x11a/0x280 [ 63.935402][ T78] worker_thread+0x7ab/0xe20 [ 63.939958][ T78] ? process_one_work+0x1530/0x1530 [ 63.945134][ T78] kthread+0x318/0x420 [ 63.949175][ T78] ? kthread_create_on_node+0xf0/0xf0 [ 63.954512][ T78] ret_from_fork+0x24/0x30 [ 63.959500][ T78] Kernel Offset: disabled [ 63.963808][ T78] Rebooting in 86400 seconds..