[   44.560442] audit: type=1800 audit(1555394571.681:30): pid=5218 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.46' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   59.933798] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   60.173775] usb 1-1: Using ep0 maxpacket: 8
[   60.293824] usb 1-1: config 0 has an invalid interface number: 28 but max is 0
[   60.301403] usb 1-1: config 0 has no interface number 0
[   60.306861] usb 1-1: New USB device found, idVendor=04fa, idProduct=2490, bcdDevice=74.f9
[   60.315211] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   60.326406] usb 1-1: config 0 descriptor??
[   60.563971] ==================================================================
[   60.571508] BUG: KASAN: use-after-free in ds_probe+0x604/0x760
[   60.577466] Read of size 1 at addr ffff88809c49f982 by task kworker/1:0/17
[   60.584449] 
[   60.586056] CPU: 1 PID: 17 Comm: kworker/1:0 Not tainted 5.1.0-rc4-319354-g9a33b36 #3
[   60.593999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.603425] Workqueue: usb_hub_wq hub_event
[   60.607732] Call Trace:
[   60.610304]  dump_stack+0xe8/0x16e
[   60.613956]  ? ds_probe+0x604/0x760
[   60.617586]  ? ds_probe+0x604/0x760
[   60.621196]  print_address_description+0x6c/0x236
[   60.626017]  ? ds_probe+0x604/0x760
[   60.629622]  ? ds_probe+0x604/0x760
[   60.633236]  kasan_report.cold+0x1a/0x3c
[   60.637279]  ? ds_probe+0x604/0x760
[   60.640891]  ds_probe+0x604/0x760
[   60.644328]  usb_probe_interface+0x31d/0x820
[   60.648714]  ? usb_probe_device+0x150/0x150
[   60.653011]  really_probe+0x2da/0xb10
[   60.656857]  driver_probe_device+0x21d/0x350
[   60.661252]  __device_attach_driver+0x1d8/0x290
[   60.665901]  ? driver_allows_async_probing+0x160/0x160
[   60.671159]  bus_for_each_drv+0x163/0x1e0
[   60.675286]  ? bus_rescan_devices+0x30/0x30
[   60.679597]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   60.684684]  ? lockdep_hardirqs_on+0x37e/0x580
[   60.689248]  __device_attach+0x223/0x3a0
[   60.693286]  ? device_bind_driver+0xe0/0xe0
[   60.697590]  ? kobject_uevent_env+0x295/0x13d0
[   60.702216]  bus_probe_device+0x1f1/0x2a0
[   60.706356]  ? blocking_notifier_call_chain+0x59/0xb0
[   60.711526]  device_add+0xad2/0x16e0
[   60.715236]  ? get_device_parent.isra.0+0x560/0x560
[   60.720233]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   60.725335]  usb_set_configuration+0xdf7/0x1740
[   60.729989]  generic_probe+0xa2/0xda
[   60.733682]  usb_probe_device+0xc0/0x150
[   60.737720]  ? usb_suspend+0x5f0/0x5f0
[   60.741583]  really_probe+0x2da/0xb10
[   60.745362]  driver_probe_device+0x21d/0x350
[   60.749750]  __device_attach_driver+0x1d8/0x290
[   60.754399]  ? driver_allows_async_probing+0x160/0x160
[   60.759659]  bus_for_each_drv+0x163/0x1e0
[   60.763793]  ? bus_rescan_devices+0x30/0x30
[   60.768103]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   60.773187]  ? lockdep_hardirqs_on+0x37e/0x580
[   60.777857]  __device_attach+0x223/0x3a0
[   60.781902]  ? device_bind_driver+0xe0/0xe0
[   60.786208]  ? kobject_uevent_env+0x295/0x13d0
[   60.790769]  bus_probe_device+0x1f1/0x2a0
[   60.794909]  ? blocking_notifier_call_chain+0x59/0xb0
[   60.800079]  device_add+0xad2/0x16e0
[   60.803778]  ? get_device_parent.isra.0+0x560/0x560
[   60.808846]  usb_new_device.cold+0x537/0xccf
[   60.813245]  hub_event+0x138e/0x3b00
[   60.816994]  ? hub_port_debounce+0x350/0x350
[   60.821395]  ? _raw_spin_unlock_irq+0x29/0x40
[   60.825874]  process_one_work+0x90f/0x1580
[   60.830089]  ? wq_pool_ids_show+0x300/0x300
[   60.834451]  ? do_raw_spin_lock+0x11f/0x290
[   60.838764]  worker_thread+0x9b/0xe20
[   60.842632]  ? process_one_work+0x1580/0x1580
[   60.847113]  kthread+0x313/0x420
[   60.850455]  ? kthread_park+0x1a0/0x1a0
[   60.854411]  ret_from_fork+0x3a/0x50
[   60.858106] 
[   60.859708] Allocated by task 1225:
[   60.863316]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   60.868223]  security_task_alloc+0x113/0x180
[   60.872607]  copy_process.part.0+0x1c62/0x76b0
[   60.877165]  _do_fork+0x234/0xed0
[   60.880595]  do_syscall_64+0xcf/0x4f0
[   60.884447]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   60.889617] 
[   60.891222] Freed by task 9:
[   60.894220]  __kasan_slab_free+0x130/0x180
[   60.898432]  slab_free_freelist_hook+0x5e/0x140
[   60.903077]  kfree+0xce/0x290
[   60.906163]  security_task_free+0x9a/0xf0
[   60.910405]  __put_task_struct+0xec/0x4d0
[   60.914541]  delayed_put_task_struct+0x189/0x290
[   60.919450]  rcu_core+0x83b/0x1a80
[   60.922970]  __do_softirq+0x22a/0x8cd
[   60.926743] 
[   60.928349] The buggy address belongs to the object at ffff88809c49f960
[   60.928349]  which belongs to the cache kmalloc-64 of size 64
[   60.940811] The buggy address is located 34 bytes inside of
[   60.940811]  64-byte region [ffff88809c49f960, ffff88809c49f9a0)
[   60.952486] The buggy address belongs to the page:
[   60.957407] page:ffffea00027127c0 count:1 mapcount:0 mapping:ffff88812c3f5600 index:0xffff88809c49f300
[   60.966836] flags: 0xfff00000000200(slab)
[   60.970971] raw: 00fff00000000200 ffffea00029dd880 0000001700000017 ffff88812c3f5600
[   60.978833] raw: ffff88809c49f300 00000000802a0028 00000001ffffffff 0000000000000000
[   60.986791] page dumped because: kasan: bad access detected
[   60.992532] 
[   60.994145] Memory state around the buggy address:
[   60.999053]  ffff88809c49f880: fc fc fc fc fb fb fb fb fb fb fb fb fc fc fc fc
[   61.006392]  ffff88809c49f900: 00 00 00 00 00 00 fc fc fc fc fc fc fb fb fb fb
[   61.013776] >ffff88809c49f980: fb fb fb fb fc fc fc fc fb fb fb fb fb fb fb fb
[   61.021124]                    ^
[   61.024469]  ffff88809c49fa00: fc fc fc fc 00 00 00 00 00 00 00 00 fc fc fc fc
[   61.031841]  ffff88809c49fa80: fb fb fb fb fb fb fb fb fc fc fc fc 00 00 00 00
[   61.039185] ==================================================================
[   61.046517] Disabling lock debugging due to kernel taint
[   61.052072] Kernel panic - not syncing: panic_on_warn set ...
[   61.057964] CPU: 1 PID: 17 Comm: kworker/1:0 Tainted: G    B             5.1.0-rc4-319354-g9a33b36 #3
[   61.067307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   61.076829] Workqueue: usb_hub_wq hub_event
[   61.081133] Call Trace:
[   61.083716]  dump_stack+0xe8/0x16e
[   61.087248]  panic+0x29d/0x5f2
[   61.090431]  ? __warn_printk+0xf8/0xf8
[   61.094308]  ? retint_kernel+0x10/0x10
[   61.098190]  ? trace_hardirqs_on+0x55/0x1c0
[   61.102505]  ? ds_probe+0x604/0x760
[   61.106123]  end_report+0x48/0x4e
[   61.109571]  ? ds_probe+0x604/0x760
[   61.113186]  kasan_report.cold+0xd/0x3c
[   61.117155]  ? ds_probe+0x604/0x760
[   61.120774]  ds_probe+0x604/0x760
[   61.124231]  usb_probe_interface+0x31d/0x820
[   61.128629]  ? usb_probe_device+0x150/0x150
[   61.132939]  really_probe+0x2da/0xb10
[   61.136760]  driver_probe_device+0x21d/0x350
[   61.141163]  __device_attach_driver+0x1d8/0x290
[   61.145822]  ? driver_allows_async_probing+0x160/0x160
[   61.151087]  bus_for_each_drv+0x163/0x1e0
[   61.155227]  ? bus_rescan_devices+0x30/0x30
[   61.159543]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   61.164641]  ? lockdep_hardirqs_on+0x37e/0x580
[   61.169218]  __device_attach+0x223/0x3a0
[   61.173268]  ? device_bind_driver+0xe0/0xe0
[   61.177588]  ? kobject_uevent_env+0x295/0x13d0
[   61.182161]  bus_probe_device+0x1f1/0x2a0
[   61.186302]  ? blocking_notifier_call_chain+0x59/0xb0
[   61.191501]  device_add+0xad2/0x16e0
[   61.195207]  ? get_device_parent.isra.0+0x560/0x560
[   61.200215]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   61.205317]  usb_set_configuration+0xdf7/0x1740
[   61.209983]  generic_probe+0xa2/0xda
[   61.213685]  usb_probe_device+0xc0/0x150
[   61.217734]  ? usb_suspend+0x5f0/0x5f0
[   61.221608]  really_probe+0x2da/0xb10
[   61.225401]  driver_probe_device+0x21d/0x350
[   61.229807]  __device_attach_driver+0x1d8/0x290
[   61.234468]  ? driver_allows_async_probing+0x160/0x160
[   61.239738]  bus_for_each_drv+0x163/0x1e0
[   61.243879]  ? bus_rescan_devices+0x30/0x30
[   61.248190]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   61.253280]  ? lockdep_hardirqs_on+0x37e/0x580
[   61.257859]  __device_attach+0x223/0x3a0
[   61.261913]  ? device_bind_driver+0xe0/0xe0
[   61.266228]  ? kobject_uevent_env+0x295/0x13d0
[   61.270809]  bus_probe_device+0x1f1/0x2a0
[   61.274963]  ? blocking_notifier_call_chain+0x59/0xb0
[   61.280141]  device_add+0xad2/0x16e0
[   61.283849]  ? get_device_parent.isra.0+0x560/0x560
[   61.288870]  usb_new_device.cold+0x537/0xccf
[   61.293426]  hub_event+0x138e/0x3b00
[   61.297148]  ? hub_port_debounce+0x350/0x350
[   61.301563]  ? _raw_spin_unlock_irq+0x29/0x40
[   61.306057]  process_one_work+0x90f/0x1580
[   61.310289]  ? wq_pool_ids_show+0x300/0x300
[   61.314631]  ? do_raw_spin_lock+0x11f/0x290
[   61.319295]  worker_thread+0x9b/0xe20
[   61.323094]  ? process_one_work+0x1580/0x1580
[   61.327585]  kthread+0x313/0x420
[   61.330960]  ? kthread_park+0x1a0/0x1a0
[   61.334930]  ret_from_fork+0x3a/0x50
[   61.339368] Kernel Offset: disabled
[   61.342985] Rebooting in 86400 seconds..