[info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[ 14.037705][ C1] random: crng init done [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.194' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 36.628828][ T83] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 36.868807][ T83] usb 1-1: Using ep0 maxpacket: 32 [ 36.988926][ T83] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 36.999812][ T83] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 37.168918][ T83] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 37.177988][ T83] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.186021][ T83] usb 1-1: Product: syz [ 37.190202][ T83] usb 1-1: Manufacturer: syz [ 37.194774][ T83] usb 1-1: SerialNumber: syz executing program [ 37.549012][ T83] ================================================================== [ 37.557247][ T83] BUG: KASAN: use-after-free in parse_term_proc_unit+0x57a/0x5e0 [ 37.564946][ T83] Read of size 1 at addr ffff8881d5346d0e by task kworker/1:2/83 [ 37.572630][ T83] [ 37.574938][ T83] CPU: 1 PID: 83 Comm: kworker/1:2 Not tainted 5.4.0-rc3+ #0 [ 37.582282][ T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.592365][ T83] Workqueue: usb_hub_wq hub_event [ 37.597363][ T83] Call Trace: [ 37.600676][ T83] dump_stack+0xca/0x13e [ 37.604909][ T83] ? parse_term_proc_unit+0x57a/0x5e0 [ 37.610259][ T83] ? parse_term_proc_unit+0x57a/0x5e0 [ 37.615609][ T83] print_address_description.constprop.0+0x36/0x50 [ 37.622096][ T83] ? parse_term_proc_unit+0x57a/0x5e0 [ 37.627453][ T83] ? parse_term_proc_unit+0x57a/0x5e0 [ 37.632800][ T83] __kasan_report.cold+0x1a/0x33 [ 37.637714][ T83] ? parse_term_proc_unit+0x57a/0x5e0 [ 37.643068][ T83] kasan_report+0xe/0x20 [ 37.647294][ T83] parse_term_proc_unit+0x57a/0x5e0 [ 37.652475][ T83] __check_input_term+0xc32/0x13f0 [ 37.657566][ T83] parse_audio_unit+0x101d/0x36f0 [ 37.662568][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 37.668356][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 37.673616][ T83] ? stack_depot_save+0x252/0x440 [ 37.678619][ T83] ? build_audio_procunit+0x13f0/0x13f0 [ 37.684154][ T83] ? save_stack+0x1b/0x80 [ 37.688458][ T83] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 37.694238][ T83] ? snd_usb_create_mixer+0x180/0x1890 [ 37.699669][ T83] ? usb_audio_probe+0xc76/0x2010 [ 37.704668][ T83] ? usb_probe_interface+0x305/0x7a0 [ 37.709927][ T83] ? really_probe+0x281/0x6d0 [ 37.714577][ T83] ? driver_probe_device+0x104/0x210 [ 37.719834][ T83] ? __device_attach_driver+0x1c2/0x220 [ 37.725354][ T83] ? bus_for_each_drv+0x162/0x1e0 [ 37.730354][ T83] ? __device_attach+0x217/0x360 [ 37.735383][ T83] ? bus_probe_device+0x1e4/0x290 [ 37.740389][ T83] ? device_add+0xae6/0x16f0 [ 37.744953][ T83] ? usb_set_configuration+0xdf6/0x1670 [ 37.750484][ T83] ? validate_desc.part.0+0x17f/0x240 [ 37.755828][ T83] snd_usb_mixer_controls+0x715/0xb90 [ 37.761175][ T83] ? parse_audio_unit+0x36f0/0x36f0 [ 37.766347][ T83] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 37.771951][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 37.777214][ T83] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 37.782994][ T83] ? kasan_unpoison_shadow+0x30/0x40 [ 37.788265][ T83] ? usb_ifnum_to_if+0x12b/0x180 [ 37.793178][ T83] snd_usb_create_mixer+0x2b5/0x1890 [ 37.798535][ T83] ? mark_lock+0xbc/0x1160 [ 37.802939][ T83] ? mark_held_locks+0x9f/0xe0 [ 37.807679][ T83] ? snd_usb_mixer_interrupt+0x800/0x800 [ 37.813287][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 37.818549][ T83] ? usb_driver_claim_interface+0x210/0x420 [ 37.824415][ T83] ? snd_usb_create_stream+0x16a/0x4c0 [ 37.829858][ T83] usb_audio_probe+0xc76/0x2010 [ 37.834683][ T83] ? usb_audio_resume+0x20/0x20 [ 37.839509][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 37.845290][ T83] usb_probe_interface+0x305/0x7a0 [ 37.850381][ T83] ? usb_probe_device+0x100/0x100 [ 37.855381][ T83] really_probe+0x281/0x6d0 [ 37.859871][ T83] driver_probe_device+0x104/0x210 [ 37.865008][ T83] __device_attach_driver+0x1c2/0x220 [ 37.870381][ T83] ? driver_allows_async_probing+0x160/0x160 [ 37.876345][ T83] bus_for_each_drv+0x162/0x1e0 [ 37.881180][ T83] ? bus_rescan_devices+0x20/0x20 [ 37.886183][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 37.891977][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 37.897243][ T83] __device_attach+0x217/0x360 [ 37.901994][ T83] ? device_bind_driver+0xd0/0xd0 [ 37.906995][ T83] ? kobject_uevent_env+0x29e/0x1150 [ 37.912256][ T83] ? kobject_uevent_env+0x2a8/0x1150 [ 37.917519][ T83] bus_probe_device+0x1e4/0x290 [ 37.922348][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 37.928216][ T83] device_add+0xae6/0x16f0 [ 37.932609][ T83] ? uevent_store+0x50/0x50 [ 37.937089][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 37.942871][ T83] usb_set_configuration+0xdf6/0x1670 [ 37.948221][ T83] generic_probe+0x9d/0xd5 [ 37.952620][ T83] usb_probe_device+0x99/0x100 [ 37.957360][ T83] ? usb_suspend+0x620/0x620 [ 37.961923][ T83] really_probe+0x281/0x6d0 [ 37.966406][ T83] driver_probe_device+0x104/0x210 [ 37.971497][ T83] __device_attach_driver+0x1c2/0x220 [ 37.976844][ T83] ? driver_allows_async_probing+0x160/0x160 [ 37.982797][ T83] bus_for_each_drv+0x162/0x1e0 [ 37.987625][ T83] ? bus_rescan_devices+0x20/0x20 [ 37.992626][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 37.998409][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 38.003668][ T83] __device_attach+0x217/0x360 [ 38.008420][ T83] ? device_bind_driver+0xd0/0xd0 [ 38.013425][ T83] ? kobject_uevent_env+0x29e/0x1150 [ 38.018684][ T83] ? kobject_uevent_env+0x2a8/0x1150 [ 38.024033][ T83] bus_probe_device+0x1e4/0x290 [ 38.028860][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 38.034727][ T83] device_add+0xae6/0x16f0 [ 38.039122][ T83] ? uevent_store+0x50/0x50 [ 38.043622][ T83] usb_new_device.cold+0x6a4/0xe79 [ 38.048729][ T83] hub_event+0x1dd0/0x37e0 [ 38.053162][ T83] ? hub_port_debounce+0x260/0x260 [ 38.058260][ T83] ? find_held_lock+0x2d/0x110 [ 38.063004][ T83] ? mark_held_locks+0xe0/0xe0 [ 38.067762][ T83] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 38.073297][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 38.078566][ T83] process_one_work+0x92b/0x1530 [ 38.083522][ T83] ? pwq_dec_nr_in_flight+0x310/0x310 [ 38.088871][ T83] ? do_raw_spin_lock+0x11a/0x280 [ 38.093892][ T83] worker_thread+0x96/0xe20 [ 38.098385][ T83] ? process_one_work+0x1530/0x1530 [ 38.103587][ T83] kthread+0x318/0x420 [ 38.107636][ T83] ? kthread_create_on_node+0xf0/0xf0 [ 38.113013][ T83] ret_from_fork+0x24/0x30 [ 38.117404][ T83] [ 38.119713][ T83] Allocated by task 83: [ 38.123850][ T83] save_stack+0x1b/0x80 [ 38.127986][ T83] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 38.133606][ T83] usb_alloc_urb+0x65/0xb0 [ 38.137998][ T83] usb_control_msg+0x1c9/0x4a0 [ 38.142739][ T83] usb_get_descriptor+0xc1/0x1b0 [ 38.147659][ T83] usb_get_configuration+0x28e/0x3050 [ 38.153018][ T83] usb_new_device+0xd3/0x160 [ 38.157611][ T83] hub_event+0x1dd0/0x37e0 [ 38.162016][ T83] process_one_work+0x92b/0x1530 [ 38.166929][ T83] worker_thread+0x96/0xe20 [ 38.171409][ T83] kthread+0x318/0x420 [ 38.175454][ T83] ret_from_fork+0x24/0x30 [ 38.179839][ T83] [ 38.182143][ T83] Freed by task 83: [ 38.185976][ T83] save_stack+0x1b/0x80 [ 38.190151][ T83] __kasan_slab_free+0x130/0x180 [ 38.195073][ T83] kfree+0xe4/0x320 [ 38.198862][ T83] usb_free_urb.part.0+0x7a/0xc0 [ 38.203778][ T83] usb_free_urb+0x1b/0x30 [ 38.208108][ T83] usb_start_wait_urb+0x1e5/0x2b0 [ 38.213132][ T83] usb_control_msg+0x31c/0x4a0 [ 38.217875][ T83] usb_get_descriptor+0xc1/0x1b0 [ 38.222798][ T83] usb_get_configuration+0x28e/0x3050 [ 38.228154][ T83] usb_new_device+0xd3/0x160 [ 38.232725][ T83] hub_event+0x1dd0/0x37e0 [ 38.237129][ T83] process_one_work+0x92b/0x1530 [ 38.242050][ T83] worker_thread+0x96/0xe20 [ 38.246530][ T83] kthread+0x318/0x420 [ 38.250573][ T83] ret_from_fork+0x24/0x30 [ 38.254960][ T83] [ 38.257278][ T83] The buggy address belongs to the object at ffff8881d5346d00 [ 38.257278][ T83] which belongs to the cache kmalloc-192 of size 192 [ 38.271321][ T83] The buggy address is located 14 bytes inside of [ 38.271321][ T83] 192-byte region [ffff8881d5346d00, ffff8881d5346dc0) [ 38.284489][ T83] The buggy address belongs to the page: [ 38.290100][ T83] page:ffffea000754d180 refcount:1 mapcount:0 mapping:ffff8881da002a00 index:0x0 [ 38.299185][ T83] flags: 0x200000000000200(slab) [ 38.304115][ T83] raw: 0200000000000200 ffffea0007548ac0 0000000900000009 ffff8881da002a00 [ 38.312798][ T83] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 38.321359][ T83] page dumped because: kasan: bad access detected [ 38.327755][ T83] [ 38.330060][ T83] Memory state around the buggy address: [ 38.335699][ T83] ffff8881d5346c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.343737][ T83] ffff8881d5346c80: 00 00 00 00 05 fc fc fc fc fc fc fc fc fc fc fc [ 38.351782][ T83] >ffff8881d5346d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.359862][ T83] ^ [ 38.364174][ T83] ffff8881d5346d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 38.372219][ T83] ffff8881d5346e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.380263][ T83] ================================================================== [ 38.388568][ T83] Disabling lock debugging due to kernel taint [ 38.394812][ T83] Kernel panic - not syncing: panic_on_warn set ... [ 38.401403][ T83] CPU: 1 PID: 83 Comm: kworker/1:2 Tainted: G B 5.4.0-rc3+ #0 [ 38.410150][ T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.420351][ T83] Workqueue: usb_hub_wq hub_event [ 38.425349][ T83] Call Trace: [ 38.428621][ T83] dump_stack+0xca/0x13e [ 38.432854][ T83] panic+0x2aa/0x6e1 [ 38.436741][ T83] ? add_taint.cold+0x16/0x16 [ 38.442610][ T83] ? retint_kernel+0x10/0x10 [ 38.447190][ T83] ? trace_hardirqs_on+0x55/0x1e0 [ 38.452190][ T83] ? parse_term_proc_unit+0x57a/0x5e0 [ 38.457535][ T83] end_report+0x43/0x49 [ 38.461664][ T83] ? parse_term_proc_unit+0x57a/0x5e0 [ 38.467010][ T83] __kasan_report.cold+0xd/0x33 [ 38.471837][ T83] ? parse_term_proc_unit+0x57a/0x5e0 [ 38.477183][ T83] kasan_report+0xe/0x20 [ 38.481416][ T83] parse_term_proc_unit+0x57a/0x5e0 [ 38.486597][ T83] __check_input_term+0xc32/0x13f0 [ 38.491680][ T83] parse_audio_unit+0x101d/0x36f0 [ 38.496678][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 38.502467][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 38.507726][ T83] ? stack_depot_save+0x252/0x440 [ 38.512733][ T83] ? build_audio_procunit+0x13f0/0x13f0 [ 38.518270][ T83] ? save_stack+0x1b/0x80 [ 38.522576][ T83] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 38.528355][ T83] ? snd_usb_create_mixer+0x180/0x1890 [ 38.533787][ T83] ? usb_audio_probe+0xc76/0x2010 [ 38.538788][ T83] ? usb_probe_interface+0x305/0x7a0 [ 38.544052][ T83] ? really_probe+0x281/0x6d0 [ 38.548802][ T83] ? driver_probe_device+0x104/0x210 [ 38.554072][ T83] ? __device_attach_driver+0x1c2/0x220 [ 38.559785][ T83] ? bus_for_each_drv+0x162/0x1e0 [ 38.565225][ T83] ? __device_attach+0x217/0x360 [ 38.570180][ T83] ? bus_probe_device+0x1e4/0x290 [ 38.575182][ T83] ? device_add+0xae6/0x16f0 [ 38.579751][ T83] ? usb_set_configuration+0xdf6/0x1670 [ 38.585280][ T83] ? validate_desc.part.0+0x17f/0x240 [ 38.590684][ T83] snd_usb_mixer_controls+0x715/0xb90 [ 38.596045][ T83] ? parse_audio_unit+0x36f0/0x36f0 [ 38.601283][ T83] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 38.606916][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 38.612189][ T83] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 38.618096][ T83] ? kasan_unpoison_shadow+0x30/0x40 [ 38.623404][ T83] ? usb_ifnum_to_if+0x12b/0x180 [ 38.628320][ T83] snd_usb_create_mixer+0x2b5/0x1890 [ 38.633584][ T83] ? mark_lock+0xbc/0x1160 [ 38.637978][ T83] ? mark_held_locks+0x9f/0xe0 [ 38.642736][ T83] ? snd_usb_mixer_interrupt+0x800/0x800 [ 38.648358][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 38.653618][ T83] ? usb_driver_claim_interface+0x210/0x420 [ 38.659483][ T83] ? snd_usb_create_stream+0x16a/0x4c0 [ 38.664913][ T83] usb_audio_probe+0xc76/0x2010 [ 38.669749][ T83] ? usb_audio_resume+0x20/0x20 [ 38.674573][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 38.680352][ T83] usb_probe_interface+0x305/0x7a0 [ 38.685437][ T83] ? usb_probe_device+0x100/0x100 [ 38.690433][ T83] really_probe+0x281/0x6d0 [ 38.694909][ T83] driver_probe_device+0x104/0x210 [ 38.699996][ T83] __device_attach_driver+0x1c2/0x220 [ 38.705356][ T83] ? driver_allows_async_probing+0x160/0x160 [ 38.711308][ T83] bus_for_each_drv+0x162/0x1e0 [ 38.716130][ T83] ? bus_rescan_devices+0x20/0x20 [ 38.721128][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 38.726909][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 38.732181][ T83] __device_attach+0x217/0x360 [ 38.736924][ T83] ? device_bind_driver+0xd0/0xd0 [ 38.741939][ T83] ? kobject_uevent_env+0x29e/0x1150 [ 38.747197][ T83] ? kobject_uevent_env+0x2a8/0x1150 [ 38.752454][ T83] bus_probe_device+0x1e4/0x290 [ 38.757280][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 38.763148][ T83] device_add+0xae6/0x16f0 [ 38.767540][ T83] ? uevent_store+0x50/0x50 [ 38.772030][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 38.777823][ T83] usb_set_configuration+0xdf6/0x1670 [ 38.783177][ T83] generic_probe+0x9d/0xd5 [ 38.787574][ T83] usb_probe_device+0x99/0x100 [ 38.792315][ T83] ? usb_suspend+0x620/0x620 [ 38.796884][ T83] really_probe+0x281/0x6d0 [ 38.801364][ T83] driver_probe_device+0x104/0x210 [ 38.806454][ T83] __device_attach_driver+0x1c2/0x220 [ 38.811801][ T83] ? driver_allows_async_probing+0x160/0x160 [ 38.817758][ T83] bus_for_each_drv+0x162/0x1e0 [ 38.823279][ T83] ? bus_rescan_devices+0x20/0x20 [ 38.828290][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 38.834074][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 38.839332][ T83] __device_attach+0x217/0x360 [ 38.844072][ T83] ? device_bind_driver+0xd0/0xd0 [ 38.849091][ T83] ? kobject_uevent_env+0x29e/0x1150 [ 38.854366][ T83] ? kobject_uevent_env+0x2a8/0x1150 [ 38.859637][ T83] bus_probe_device+0x1e4/0x290 [ 38.864465][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 38.870342][ T83] device_add+0xae6/0x16f0 [ 38.874739][ T83] ? uevent_store+0x50/0x50 [ 38.879223][ T83] usb_new_device.cold+0x6a4/0xe79 [ 38.884319][ T83] hub_event+0x1dd0/0x37e0 [ 38.888720][ T83] ? hub_port_debounce+0x260/0x260 [ 38.893843][ T83] ? find_held_lock+0x2d/0x110 [ 38.898586][ T83] ? mark_held_locks+0xe0/0xe0 [ 38.903337][ T83] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 38.908866][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 38.914140][ T83] process_one_work+0x92b/0x1530 [ 38.919062][ T83] ? pwq_dec_nr_in_flight+0x310/0x310 [ 38.924411][ T83] ? do_raw_spin_lock+0x11a/0x280 [ 38.929412][ T83] worker_thread+0x96/0xe20 [ 38.933893][ T83] ? process_one_work+0x1530/0x1530 [ 38.939065][ T83] kthread+0x318/0x420 [ 38.943112][ T83] ? kthread_create_on_node+0xf0/0xf0 [ 38.948467][ T83] ret_from_fork+0x24/0x30 [ 38.953463][ T83] Kernel Offset: disabled [ 38.957789][ T83] Rebooting in 86400 seconds..