[ 47.549749] audit: type=1800 audit(1555520911.350:27): pid=5370 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 47.569590] audit: type=1800 audit(1555520911.350:28): pid=5370 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 48.613599] audit: type=1800 audit(1555520912.440:29): pid=5370 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 48.633088] audit: type=1800 audit(1555520912.450:30): pid=5370 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.41' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 56.723572] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 56.963536] usb 1-1: Using ep0 maxpacket: 8 [ 57.083582] usb 1-1: config 0 has an invalid interface number: 213 but max is 0 [ 57.091171] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 57.100633] usb 1-1: config 0 has no interface number 0 [ 57.106100] usb 1-1: config 0 interface 213 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0 [ 57.115312] usb 1-1: New USB device found, idVendor=2201, idProduct=012c, bcdDevice=6c.23 [ 57.123717] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 57.133021] usb 1-1: config 0 descriptor?? [ 57.179566] ================================================================== [ 57.179569] BUG: KASAN: stack-out-of-bounds in string+0x1f6/0x220 [ 57.179572] Read of size 1 at addr ffff88809ec17260 by task kworker/0:2/533 [ 57.179574] [ 57.179577] CPU: 0 PID: 533 Comm: kworker/0:2 Not tainted 5.1.0-rc4-319354-g9a33b36 #3 [ 57.179581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.179583] Workqueue: usb_hub_wq hub_event [ 57.179585] Call Trace: [ 57.179587] dump_stack+0xe8/0x16e [ 57.179589] ? string+0x1f6/0x220 [ 57.179590] ? string+0x1f6/0x220 [ 57.179593] print_address_description+0x6c/0x236 [ 57.179594] ? string+0x1f6/0x220 [ 57.179596] ? string+0x1f6/0x220 [ 57.179598] kasan_report.cold+0x1a/0x3c [ 57.179600] ? __sanitizer_cov_trace_const_cmp4+0x20/0x20 [ 57.179601] ? string+0x1f6/0x220 [ 57.179603] string+0x1f6/0x220 [ 57.179605] ? widen_string+0x2a0/0x2a0 [ 57.179606] vsnprintf+0xa14/0x16b0 [ 57.179608] ? pointer+0x910/0x910 [ 57.179610] ? put_dec_trunc8+0x263/0x2f0 [ 57.179612] ? set_precision+0x170/0x170 [ 57.179613] pointer+0x60b/0x910 [ 57.179615] ? address_val+0x80/0x80 [ 57.179617] vsnprintf+0x5a0/0x16b0 [ 57.179618] ? pointer+0x910/0x910 [ 57.179620] ? noop_count+0x40/0x40 [ 57.179621] vscnprintf+0x29/0x80 [ 57.179623] vprintk_store+0x45/0x4a0 [ 57.179625] vprintk_emit+0x210/0x5a0 [ 57.179627] dev_vprintk_emit+0x50e/0x553 [ 57.179629] ? dev_attr_show.cold+0x3a/0x3a [ 57.179631] ? lockdep_hardirqs_on+0x37e/0x580 [ 57.179632] ? depot_save_stack+0x1d6/0x450 [ 57.179634] ? __bfs+0x27/0x560 [ 57.179636] ? lockdep_on+0x50/0x50 [ 57.179637] dev_printk_emit+0xbf/0xf6 [ 57.179639] ? dev_vprintk_emit+0x553/0x553 [ 57.179641] ? check_usage+0x520/0x520 [ 57.179643] __dev_printk+0x1ed/0x215 [ 57.179644] _dev_info+0xdc/0x10e [ 57.179646] ? _dev_notice+0x10e/0x10e [ 57.179648] ? refcount_inc_checked+0x1d/0x60 [ 57.179650] ? usb_string+0x3ad/0x510 [ 57.179651] vub300_probe+0x25e/0xd80 [ 57.179653] ? __pm_runtime_set_status+0x703/0xa10 [ 57.179655] ? mark_held_locks+0xe0/0xe0 [ 57.179657] ? mmc_signal_sdio_irq+0xf0/0xf0 [ 57.179659] ? mark_held_locks+0x9f/0xe0 [ 57.179661] ? find_held_lock+0x2d/0x110 [ 57.179663] ? usb_probe_interface+0x5fe/0x820 [ 57.179665] ? mark_held_locks+0x9f/0xe0 [ 57.179667] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 57.179669] usb_probe_interface+0x31d/0x820 [ 57.179671] ? usb_probe_device+0x150/0x150 [ 57.179673] really_probe+0x2da/0xb10 [ 57.179675] driver_probe_device+0x21d/0x350 [ 57.179677] __device_attach_driver+0x1d8/0x290 [ 57.179679] ? driver_allows_async_probing+0x160/0x160 [ 57.179681] bus_for_each_drv+0x163/0x1e0 [ 57.179683] ? bus_rescan_devices+0x30/0x30 [ 57.179685] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 57.179687] ? lockdep_hardirqs_on+0x37e/0x580 [ 57.179689] __device_attach+0x223/0x3a0 [ 57.179691] ? device_bind_driver+0xe0/0xe0 [ 57.179692] ? kobject_uevent_env+0x295/0x13d0 [ 57.179694] bus_probe_device+0x1f1/0x2a0 [ 57.179696] ? blocking_notifier_call_chain+0x59/0xb0 [ 57.179698] device_add+0xad2/0x16e0 [ 57.179700] ? get_device_parent.isra.0+0x560/0x560 [ 57.179702] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 57.179704] usb_set_configuration+0xdf7/0x1740 [ 57.179706] generic_probe+0xa2/0xda [ 57.179708] usb_probe_device+0xc0/0x150 [ 57.179710] ? usb_suspend+0x5f0/0x5f0 [ 57.179711] really_probe+0x2da/0xb10 [ 57.179713] driver_probe_device+0x21d/0x350 [ 57.179715] __device_attach_driver+0x1d8/0x290 [ 57.179717] ? driver_allows_async_probing+0x160/0x160 [ 57.179719] bus_for_each_drv+0x163/0x1e0 [ 57.179721] ? bus_rescan_devices+0x30/0x30 [ 57.179723] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 57.179725] ? lockdep_hardirqs_on+0x37e/0x580 [ 57.179727] __device_attach+0x223/0x3a0 [ 57.179729] ? device_bind_driver+0xe0/0xe0 [ 57.179731] ? kobject_uevent_env+0x295/0x13d0 [ 57.179733] bus_probe_device+0x1f1/0x2a0 [ 57.179735] ? blocking_notifier_call_chain+0x59/0xb0 [ 57.179736] device_add+0xad2/0x16e0 [ 57.179738] ? get_device_parent.isra.0+0x560/0x560 [ 57.179740] usb_new_device.cold+0x537/0xccf [ 57.179742] hub_event+0x138e/0x3b00 [ 57.179744] ? hub_port_debounce+0x350/0x350 [ 57.179746] ? _raw_spin_unlock_irq+0x29/0x40 [ 57.179748] process_one_work+0x90f/0x1580 [ 57.179750] ? wq_pool_ids_show+0x300/0x300 [ 57.179752] ? do_raw_spin_lock+0x11f/0x290 [ 57.179753] worker_thread+0x9b/0xe20 [ 57.179755] ? process_one_work+0x1580/0x1580 [ 57.179757] kthread+0x313/0x420 [ 57.179759] ? kthread_park+0x1a0/0x1a0 [ 57.179760] ret_from_fork+0x3a/0x50 [ 57.179761] [ 57.179764] The buggy address belongs to the page: [ 57.179767] page:ffffea00027b05c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 57.179770] flags: 0xfff00000000000() [ 57.179773] raw: 00fff00000000000 ffffea00027b05c8 ffffea00027b05c8 0000000000000000 [ 57.179777] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 57.179781] page dumped because: kasan: bad access detected [ 57.179783] [ 57.179785] Memory state around the buggy address: [ 57.179788] ffff88809ec17100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.179791] ffff88809ec17180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.179794] >ffff88809ec17200: 00 00 f1 f1 f1 f1 f1 f1 00 00 00 00 f2 f2 f2 f2 [ 57.179796] ^ [ 57.179799] ffff88809ec17280: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 f3 f3 [ 57.179802] ffff88809ec17300: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.179805] ================================================================== [ 57.179808] Disabling lock debugging due to kernel taint [ 57.179810] Kernel panic - not syncing: panic_on_warn set ... [ 57.179814] CPU: 0 PID: 533 Comm: kworker/0:2 Tainted: G B 5.1.0-rc4-319354-g9a33b36 #3 [ 57.179817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.179819] Workqueue: usb_hub_wq hub_event [ 57.179821] Call Trace: [ 57.179823] dump_stack+0xe8/0x16e [ 57.179825] panic+0x29d/0x5f2 [ 57.179826] ? __warn_printk+0xf8/0xf8 [ 57.179828] ? lock_downgrade+0x640/0x640 [ 57.179830] ? print_shadow_for_address+0xbd/0x119 [ 57.179832] ? trace_hardirqs_off+0x50/0x1c0 [ 57.179834] ? string+0x1f6/0x220 [ 57.179835] end_report+0x48/0x4e [ 57.179837] ? string+0x1f6/0x220 [ 57.179839] kasan_report.cold+0xd/0x3c [ 57.179852] ? __sanitizer_cov_trace_const_cmp4+0x20/0x20 [ 57.179854] ? string+0x1f6/0x220 [ 57.179855] string+0x1f6/0x220 [ 57.179857] ? widen_string+0x2a0/0x2a0 [ 57.179861] vsnprintf+0xa14/0x16b0 [ 57.179862] ? pointer+0x910/0x910 [ 57.179864] ? put_dec_trunc8+0x263/0x2f0 [ 57.179866] ? set_precision+0x170/0x170 [ 57.179868] pointer+0x60b/0x910 [ 57.179869] ? address_val+0x80/0x80 [ 57.179871] vsnprintf+0x5a0/0x16b0 [ 57.179873] ? pointer+0x910/0x910 [ 57.179874] ? noop_count+0x40/0x40 [ 57.179876] vscnprintf+0x29/0x80 [ 57.179878] vprintk_store+0x45/0x4a0 [ 57.179880] vprintk_emit+0x210/0x5a0 [ 57.179881] dev_vprintk_emit+0x50e/0x553 [ 57.179883] ? dev_attr_show.cold+0x3a/0x3a [ 57.179885] ? lockdep_hardirqs_on+0x37e/0x580 [ 57.179887] ? depot_save_stack+0x1d6/0x450 [ 57.179889] ? __bfs+0x27/0x560 [ 57.179890] ? lockdep_on+0x50/0x50 [ 57.179892] dev_printk_emit+0xbf/0xf6 [ 57.179894] ? dev_vprintk_emit+0x553/0x553 [ 57.179896] ? check_usage+0x520/0x520 [ 57.179897] __dev_printk+0x1ed/0x215 [ 57.179899] _dev_info+0xdc/0x10e [ 57.179901] ? _dev_notice+0x10e/0x10e [ 57.179903] ? refcount_inc_checked+0x1d/0x60 [ 57.179904] ? usb_string+0x3ad/0x510 [ 57.179906] vub300_probe+0x25e/0xd80 [ 57.179908] ? __pm_runtime_set_status+0x703/0xa10 [ 57.179910] ? mark_held_locks+0xe0/0xe0 [ 57.179912] ? mmc_signal_sdio_irq+0xf0/0xf0 [ 57.179914] ? mark_held_locks+0x9f/0xe0 [ 57.179915] ? find_held_lock+0x2d/0x110 [ 57.179917] ? usb_probe_interface+0x5fe/0x820 [ 57.179919] ? mark_held_locks+0x9f/0xe0 [ 57.179921] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 57.179923] usb_probe_interface+0x31d/0x820 [ 57.179925] ? usb_probe_device+0x150/0x150 [ 57.179927] really_probe+0x2da/0xb10 [ 57.179929] driver_probe_device+0x21d/0x350 [ 57.179930] __device_attach_driver+0x1d8/0x290 [ 57.179933] ? driver_allows_async_probing+0x160/0x160 [ 57.179935] bus_for_each_drv+0x163/0x1e0 [ 57.179936] ? bus_rescan_devices+0x30/0x30 [ 57.179938] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 57.179940] ? lockdep_hardirqs_on+0x37e/0x580 [ 57.179942] __device_attach+0x223/0x3a0 [ 57.179944] ? device_bind_driver+0xe0/0xe0 [ 57.179946] ? kobject_uevent_env+0x295/0x13d0 [ 57.179948] bus_probe_device+0x1f1/0x2a0 [ 57.179950] ? blocking_notifier_call_chain+0x59/0xb0 [ 57.179952] device_add+0xad2/0x16e0 [ 57.179954] ? get_device_parent.isra.0+0x560/0x560 [ 57.179956] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 57.179958] usb_set_configuration+0xdf7/0x1740 [ 57.179960] generic_probe+0xa2/0xda [ 57.179961] usb_probe_device+0xc0/0x150 [ 57.179963] ? usb_suspend+0x5f0/0x5f0 [ 57.179965] really_probe+0x2da/0xb10 [ 57.179967] driver_probe_device+0x21d/0x350 [ 57.179969] __device_attach_driver+0x1d8/0x290 [ 57.179971] ? driver_allows_async_probing+0x160/0x160 [ 57.179973] bus_for_each_drv+0x163/0x1e0 [ 57.179975] ? bus_rescan_devices+0x30/0x30 [ 57.179977] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 57.179979] ? lockdep_hardirqs_on+0x37e/0x580 [ 57.179980] __device_attach+0x223/0x3a0 [ 57.179982] ? device_bind_driver+0xe0/0xe0 [ 57.179984] ? kobject_uevent_env+0x295/0x13d0 [ 57.179986] bus_probe_device+0x1f1/0x2a0 [ 57.179988] ? blocking_notifier_call_chain+0x59/0xb0 [ 57.179990] device_add+0xad2/0x16e0 [ 57.179992] ? get_device_parent.isra.0+0x560/0x560 [ 57.179994] usb_new_device.cold+0x537/0xccf [ 57.179996] hub_event+0x138e/0x3b00 [ 57.179998] ? hub_port_debounce+0x350/0x350 [ 57.179999] ? _raw_spin_unlock_irq+0x29/0x40 [ 57.180001] process_one_work+0x90f/0x1580 [ 57.180003] ? wq_pool_ids_show+0x300/0x300 [ 57.180005] ? do_raw_spin_lock+0x11f/0x290 [ 57.180007] worker_thread+0x9b/0xe20 [ 57.180009] ? process_one_work+0x1580/0x1580 [ 57.180010] kthread+0x313/0x420 [ 57.180012] ? kthread_park+0x1a0/0x1a0 [ 57.180014] ret_from_fork+0x3a/0x50 [ 57.180016] Kernel Offset: disabled