[ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ 12.824045][ C1] random: crng init done [ 12.828674][ C1] random: 7 urandom warning(s) missed due to ratelimiting Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.61' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.244647][ T21] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 32.484614][ T21] usb 1-1: Using ep0 maxpacket: 8 [ 32.624624][ T21] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 32.635953][ T21] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 32.645697][ T21] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 32.658515][ T21] usb 1-1: New USB device found, idVendor=093a, idProduct=8001, bcdDevice= 0.00 [ 32.667572][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 32.677237][ T21] usb 1-1: config 0 descriptor?? executing program [ 33.355832][ T21] usb 1-1: USB disconnect, device number 2 [ 33.369270][ T21] ================================================================== [ 33.377399][ T21] BUG: KASAN: double-free or invalid-free in kfree+0xbe/0x470 [ 33.384824][ T21] [ 33.387182][ T21] CPU: 1 PID: 21 Comm: kworker/1:1 Not tainted 5.9.0-rc1-syzkaller #0 [ 33.395347][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.405389][ T21] Workqueue: usb_hub_wq hub_event [ 33.410392][ T21] Call Trace: [ 33.413676][ T21] dump_stack+0xf6/0x16e [ 33.417911][ T21] print_address_description.constprop.0+0x1c/0x210 [ 33.424475][ T21] ? vprintk_func+0x93/0x133 [ 33.429040][ T21] ? kfree+0xbe/0x470 [ 33.433026][ T21] kasan_report_invalid_free+0x51/0x80 [ 33.438459][ T21] ? kfree+0xbe/0x470 [ 33.442418][ T21] __kasan_slab_free+0x122/0x130 [ 33.447331][ T21] slab_free_freelist_hook+0x53/0x140 [ 33.452678][ T21] ? platform_device_release+0x64/0xf0 [ 33.458115][ T21] ? platform_device_release+0x64/0xf0 [ 33.463547][ T21] kfree+0xbe/0x470 [ 33.467334][ T21] platform_device_release+0x64/0xf0 [ 33.473462][ T21] ? platform_device_put+0x40/0x40 [ 33.478548][ T21] device_release+0x71/0x200 [ 33.483116][ T21] kobject_put+0x1c8/0x540 [ 33.487508][ T21] ? __device_link_free_srcu+0x120/0x120 [ 33.493132][ T21] klist_children_put+0x41/0x50 [ 33.497962][ T21] klist_prev+0x2a2/0x510 [ 33.502276][ T21] ? mfd_cell_disable+0xc0/0xc0 [ 33.507106][ T21] device_for_each_child_reverse+0xc0/0x180 [ 33.512984][ T21] ? device_find_child_by_name+0x1e0/0x1e0 [ 33.518771][ T21] ? mark_lock+0xbc/0x1590 [ 33.523164][ T21] mfd_remove_devices+0x75/0xa0 [ 33.528023][ T21] ? mfd_remove_devices_late+0xa0/0xa0 [ 33.533458][ T21] ? trace_hardirqs_on+0x5f/0x200 [ 33.538462][ T21] sensor_hub_remove+0x1d6/0x270 [ 33.543388][ T21] hid_device_remove+0xed/0x240 [ 33.548229][ T21] ? sensor_hub_raw_event+0xe00/0xe00 [ 33.553588][ T21] ? hid_register_report+0x3b0/0x3b0 [ 33.558853][ T21] __device_release_driver+0x3c6/0x6f0 [ 33.564290][ T21] device_release_driver+0x26/0x40 [ 33.569389][ T21] bus_remove_device+0x2eb/0x5a0 [ 33.574308][ T21] device_del+0x481/0xd90 [ 33.578619][ T21] ? device_link_add_missing_supplier_links+0x370/0x370 [ 33.585541][ T21] ? mark_held_locks+0x9f/0xe0 [ 33.590296][ T21] ? _raw_spin_unlock_irq+0x1f/0x30 [ 33.595469][ T21] hid_destroy_device+0xe1/0x150 [ 33.600382][ T21] usbhid_disconnect+0x9f/0xe0 [ 33.605122][ T21] usb_unbind_interface+0x1d8/0x8d0 [ 33.610431][ T21] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 33.615995][ T21] ? usb_unbind_device+0x1a0/0x1a0 [ 33.621081][ T21] __device_release_driver+0x3c6/0x6f0 [ 33.626516][ T21] device_release_driver+0x26/0x40 [ 33.631663][ T21] bus_remove_device+0x2eb/0x5a0 [ 33.636578][ T21] device_del+0x481/0xd90 [ 33.640883][ T21] ? device_link_add_missing_supplier_links+0x370/0x370 [ 33.647916][ T21] ? kobject_put+0x1f3/0x540 [ 33.652490][ T21] usb_disable_device+0x387/0x930 [ 33.657493][ T21] usb_disconnect.cold+0x27d/0x780 [ 33.662596][ T21] hub_event+0x1c93/0x4390 [ 33.666994][ T21] ? hub_port_debounce+0x3b0/0x3b0 [ 33.672082][ T21] ? init_pwq+0x210/0x350 [ 33.676388][ T21] ? lock_release+0x7f0/0x7f0 [ 33.681150][ T21] ? lock_downgrade+0x740/0x740 [ 33.685982][ T21] ? do_raw_spin_lock+0x120/0x260 [ 33.690984][ T21] ? _raw_spin_unlock_irq+0x1f/0x30 [ 33.696158][ T21] ? lockdep_hardirqs_on_prepare+0x322/0x4f0 [ 33.702115][ T21] process_one_work+0x94c/0x15f0 [ 33.707087][ T21] ? lock_release+0x7f0/0x7f0 [ 33.711740][ T21] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 33.717220][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 33.722145][ T21] worker_thread+0x64c/0x1120 [ 33.726798][ T21] ? __kthread_parkme+0x118/0x1d0 [ 33.732317][ T21] ? process_one_work+0x15f0/0x15f0 [ 33.737488][ T21] kthread+0x392/0x470 [ 33.741535][ T21] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 33.747444][ T21] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 33.753308][ T21] ret_from_fork+0x1f/0x30 [ 33.757691][ T21] [ 33.759993][ T21] Allocated by task 21: [ 33.764123][ T21] kasan_save_stack+0x1b/0x40 [ 33.768775][ T21] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 33.774382][ T21] __kmalloc_track_caller+0xf6/0x270 [ 33.779648][ T21] kmemdup+0x23/0x50 [ 33.783526][ T21] mfd_add_device+0x112/0x1190 [ 33.788264][ T21] mfd_add_devices+0xdb/0x170 [ 33.792914][ T21] sensor_hub_probe+0xa93/0xdc0 [ 33.797741][ T21] hid_device_probe+0x2bd/0x3f0 [ 33.802566][ T21] really_probe+0x291/0xde0 [ 33.807044][ T21] driver_probe_device+0x26b/0x3d0 [ 33.812134][ T21] __device_attach_driver+0x1d1/0x290 [ 33.817490][ T21] bus_for_each_drv+0x15f/0x1e0 [ 33.822321][ T21] __device_attach+0x228/0x4a0 [ 33.827150][ T21] bus_probe_device+0x1e4/0x290 [ 33.831979][ T21] device_add+0xb51/0x1c70 [ 33.836375][ T21] hid_add_device+0x344/0x9b0 [ 33.841068][ T21] usbhid_probe+0xaae/0xfc0 [ 33.845548][ T21] usb_probe_interface+0x315/0x7f0 [ 33.850634][ T21] really_probe+0x291/0xde0 [ 33.855113][ T21] driver_probe_device+0x26b/0x3d0 [ 33.860197][ T21] __device_attach_driver+0x1d1/0x290 [ 33.865585][ T21] bus_for_each_drv+0x15f/0x1e0 [ 33.870411][ T21] __device_attach+0x228/0x4a0 [ 33.875157][ T21] bus_probe_device+0x1e4/0x290 [ 33.879984][ T21] device_add+0xb51/0x1c70 [ 33.884378][ T21] usb_set_configuration+0xf05/0x18a0 [ 33.889723][ T21] usb_generic_driver_probe+0xba/0xf2 [ 33.895068][ T21] usb_probe_device+0xd9/0x250 [ 33.899806][ T21] really_probe+0x291/0xde0 [ 33.904282][ T21] driver_probe_device+0x26b/0x3d0 [ 33.909367][ T21] __device_attach_driver+0x1d1/0x290 [ 33.914713][ T21] bus_for_each_drv+0x15f/0x1e0 [ 33.919537][ T21] __device_attach+0x228/0x4a0 [ 33.924275][ T21] bus_probe_device+0x1e4/0x290 [ 33.929123][ T21] device_add+0xb51/0x1c70 [ 33.933513][ T21] usb_new_device.cold+0x71d/0xfd4 [ 33.938614][ T21] hub_event+0x2361/0x4390 [ 33.943007][ T21] process_one_work+0x94c/0x15f0 [ 33.947933][ T21] worker_thread+0x64c/0x1120 [ 33.952601][ T21] kthread+0x392/0x470 [ 33.956651][ T21] ret_from_fork+0x1f/0x30 [ 33.961041][ T21] [ 33.963361][ T21] Freed by task 21: [ 33.967155][ T21] kasan_save_stack+0x1b/0x40 [ 33.971899][ T21] kasan_set_track+0x1c/0x30 [ 33.976476][ T21] kasan_set_free_info+0x1b/0x30 [ 33.981400][ T21] __kasan_slab_free+0xf3/0x130 [ 33.986228][ T21] slab_free_freelist_hook+0x53/0x140 [ 33.991672][ T21] kfree+0xbe/0x470 [ 33.995483][ T21] mfd_remove_devices_fn+0xf9/0x140 [ 34.000662][ T21] device_for_each_child_reverse+0x110/0x180 [ 34.006618][ T21] mfd_remove_devices+0x75/0xa0 [ 34.011442][ T21] sensor_hub_remove+0x1d6/0x270 [ 34.016355][ T21] hid_device_remove+0xed/0x240 [ 34.021181][ T21] __device_release_driver+0x3c6/0x6f0 [ 34.026645][ T21] device_release_driver+0x26/0x40 [ 34.031736][ T21] bus_remove_device+0x2eb/0x5a0 [ 34.036651][ T21] device_del+0x481/0xd90 [ 34.040957][ T21] hid_destroy_device+0xe1/0x150 [ 34.045871][ T21] usbhid_disconnect+0x9f/0xe0 [ 34.050634][ T21] usb_unbind_interface+0x1d8/0x8d0 [ 34.055817][ T21] __device_release_driver+0x3c6/0x6f0 [ 34.061254][ T21] device_release_driver+0x26/0x40 [ 34.066345][ T21] bus_remove_device+0x2eb/0x5a0 [ 34.071362][ T21] device_del+0x481/0xd90 [ 34.075672][ T21] usb_disable_device+0x387/0x930 [ 34.080682][ T21] usb_disconnect.cold+0x27d/0x780 [ 34.085770][ T21] hub_event+0x1c93/0x4390 [ 34.090161][ T21] process_one_work+0x94c/0x15f0 [ 34.095087][ T21] worker_thread+0x64c/0x1120 [ 34.099743][ T21] kthread+0x392/0x470 [ 34.103786][ T21] ret_from_fork+0x1f/0x30 [ 34.108173][ T21] [ 34.110481][ T21] The buggy address belongs to the object at ffff8881d519fc00 [ 34.110481][ T21] which belongs to the cache kmalloc-192 of size 192 [ 34.124515][ T21] The buggy address is located 0 bytes inside of [ 34.124515][ T21] 192-byte region [ffff8881d519fc00, ffff8881d519fcc0) [ 34.137606][ T21] The buggy address belongs to the page: [ 34.143216][ T21] page:000000000c30de42 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d519f [ 34.154086][ T21] flags: 0x200000000000200(slab) [ 34.159008][ T21] raw: 0200000000000200 ffffea00074f1880 0000000700000007 ffff8881da041500 [ 34.167574][ T21] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 34.176142][ T21] page dumped because: kasan: bad access detected [ 34.182523][ T21] [ 34.184825][ T21] Memory state around the buggy address: [ 34.190430][ T21] ffff8881d519fb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.198471][ T21] ffff8881d519fb80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.206532][ T21] >ffff8881d519fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.214564][ T21] ^ [ 34.218606][ T21] ffff8881d519fc80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.226646][ T21] ffff8881d519fd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.234678][ T21] ================================================================== [ 34.242717][ T21] Disabling lock debugging due to kernel taint [ 34.248939][ T21] Kernel panic - not syncing: panic_on_warn set ... [ 34.255532][ T21] CPU: 1 PID: 21 Comm: kworker/1:1 Tainted: G B 5.9.0-rc1-syzkaller #0 [ 34.265153][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.275209][ T21] Workqueue: usb_hub_wq hub_event [ 34.280222][ T21] Call Trace: [ 34.283504][ T21] dump_stack+0xf6/0x16e [ 34.287752][ T21] panic+0x2aa/0x6e1 [ 34.291642][ T21] ? __warn_printk+0xf3/0xf3 [ 34.296296][ T21] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 34.302419][ T21] ? kfree+0xbe/0x470 [ 34.306380][ T21] ? trace_hardirqs_on+0x55/0x200 [ 34.311374][ T21] ? kfree+0xbe/0x470 [ 34.315329][ T21] end_report+0x4d/0x53 [ 34.319466][ T21] kasan_report_invalid_free+0x6d/0x80 [ 34.324900][ T21] ? kfree+0xbe/0x470 [ 34.328852][ T21] __kasan_slab_free+0x122/0x130 [ 34.333774][ T21] slab_free_freelist_hook+0x53/0x140 [ 34.339119][ T21] ? platform_device_release+0x64/0xf0 [ 34.344549][ T21] ? platform_device_release+0x64/0xf0 [ 34.349975][ T21] kfree+0xbe/0x470 [ 34.353766][ T21] platform_device_release+0x64/0xf0 [ 34.359029][ T21] ? platform_device_put+0x40/0x40 [ 34.364115][ T21] device_release+0x71/0x200 [ 34.368679][ T21] kobject_put+0x1c8/0x540 [ 34.373071][ T21] ? __device_link_free_srcu+0x120/0x120 [ 34.378787][ T21] klist_children_put+0x41/0x50 [ 34.383614][ T21] klist_prev+0x2a2/0x510 [ 34.387927][ T21] ? mfd_cell_disable+0xc0/0xc0 [ 34.392749][ T21] device_for_each_child_reverse+0xc0/0x180 [ 34.398620][ T21] ? device_find_child_by_name+0x1e0/0x1e0 [ 34.404407][ T21] ? mark_lock+0xbc/0x1590 [ 34.408797][ T21] mfd_remove_devices+0x75/0xa0 [ 34.413627][ T21] ? mfd_remove_devices_late+0xa0/0xa0 [ 34.419057][ T21] ? trace_hardirqs_on+0x5f/0x200 [ 34.424050][ T21] sensor_hub_remove+0x1d6/0x270 [ 34.428964][ T21] hid_device_remove+0xed/0x240 [ 34.433785][ T21] ? sensor_hub_raw_event+0xe00/0xe00 [ 34.439129][ T21] ? hid_register_report+0x3b0/0x3b0 [ 34.444386][ T21] __device_release_driver+0x3c6/0x6f0 [ 34.449814][ T21] device_release_driver+0x26/0x40 [ 34.454917][ T21] bus_remove_device+0x2eb/0x5a0 [ 34.459881][ T21] device_del+0x481/0xd90 [ 34.464183][ T21] ? device_link_add_missing_supplier_links+0x370/0x370 [ 34.471094][ T21] ? mark_held_locks+0x9f/0xe0 [ 34.475881][ T21] ? _raw_spin_unlock_irq+0x1f/0x30 [ 34.481050][ T21] hid_destroy_device+0xe1/0x150 [ 34.486078][ T21] usbhid_disconnect+0x9f/0xe0 [ 34.490815][ T21] usb_unbind_interface+0x1d8/0x8d0 [ 34.495994][ T21] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 34.501517][ T21] ? usb_unbind_device+0x1a0/0x1a0 [ 34.506599][ T21] __device_release_driver+0x3c6/0x6f0 [ 34.512027][ T21] device_release_driver+0x26/0x40 [ 34.517136][ T21] bus_remove_device+0x2eb/0x5a0 [ 34.522054][ T21] device_del+0x481/0xd90 [ 34.526369][ T21] ? device_link_add_missing_supplier_links+0x370/0x370 [ 34.533720][ T21] ? kobject_put+0x1f3/0x540 [ 34.538284][ T21] usb_disable_device+0x387/0x930 [ 34.543288][ T21] usb_disconnect.cold+0x27d/0x780 [ 34.548389][ T21] hub_event+0x1c93/0x4390 [ 34.552780][ T21] ? hub_port_debounce+0x3b0/0x3b0 [ 34.557868][ T21] ? init_pwq+0x210/0x350 [ 34.562173][ T21] ? lock_release+0x7f0/0x7f0 [ 34.566822][ T21] ? lock_downgrade+0x740/0x740 [ 34.571643][ T21] ? do_raw_spin_lock+0x120/0x260 [ 34.576641][ T21] ? _raw_spin_unlock_irq+0x1f/0x30 [ 34.581812][ T21] ? lockdep_hardirqs_on_prepare+0x322/0x4f0 [ 34.587769][ T21] process_one_work+0x94c/0x15f0 [ 34.592706][ T21] ? lock_release+0x7f0/0x7f0 [ 34.597364][ T21] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 34.602708][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 34.607615][ T21] worker_thread+0x64c/0x1120 [ 34.612282][ T21] ? __kthread_parkme+0x118/0x1d0 [ 34.617290][ T21] ? process_one_work+0x15f0/0x15f0 [ 34.622460][ T21] kthread+0x392/0x470 [ 34.626505][ T21] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 34.632373][ T21] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 34.638238][ T21] ret_from_fork+0x1f/0x30 [ 34.643175][ T21] Kernel Offset: disabled [ 34.647580][ T21] Rebooting in 86400 seconds..