Warning: Permanently added '10.128.0.236' (ECDSA) to the list of known hosts.
executing program
[   51.370472][   T20] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   51.620207][   T20] usb 1-1: Using ep0 maxpacket: 8
[   51.740449][   T20] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   51.751619][   T20] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   51.761990][   T20] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   51.775786][   T20] usb 1-1: New USB device found, idVendor=11c0, idProduct=5506, bcdDevice= 0.00
[   51.785221][   T20] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   51.796735][   T20] usb 1-1: config 0 descriptor??
[   52.287070][   T20] betop 0003:11C0:5506.0001: hidraw0: USB HID v0.00 Device [HID 11c0:5506] on usb-dummy_hcd.0-1/input0
[   52.301072][   T20] ==================================================================
[   52.309497][   T20] BUG: KASAN: slab-out-of-bounds in betop_probe+0x3e4/0x5b0
[   52.316909][   T20] Write of size 8 at addr ffff8880180fcbc0 by task kworker/1:0/20
[   52.325242][   T20] 
[   52.327724][   T20] CPU: 1 PID: 20 Comm: kworker/1:0 Not tainted 5.13.0-rc4-syzkaller #0
[   52.336628][   T20] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.347216][   T20] Workqueue: usb_hub_wq hub_event
[   52.352340][   T20] Call Trace:
[   52.355662][   T20]  dump_stack+0x202/0x31e
[   52.360000][   T20]  ? show_regs_print_info+0x12/0x12
[   52.365312][   T20]  ? printk+0xc0/0x108
[   52.369502][   T20]  ? wake_up_klogd+0xb2/0xf0
[   52.374101][   T20]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[   52.379811][   T20]  ? _raw_spin_lock_irqsave+0xbf/0x100
[   52.385397][   T20]  ? betop_probe+0x3c6/0x5b0
[   52.390257][   T20]  print_address_description+0x5f/0x3b0
[   52.395922][   T20]  kasan_report+0x15c/0x200
[   52.400815][   T20]  ? betop_probe+0x3e4/0x5b0
[   52.405400][   T20]  ? kmem_cache_alloc_trace+0x96/0x340
[   52.410954][   T20]  kasan_check_range+0x2b5/0x2f0
[   52.416071][   T20]  betop_probe+0x3e4/0x5b0
[   52.420495][   T20]  hid_device_probe+0x26c/0x410
[   52.425395][   T20]  ? really_probe+0x280/0x1020
[   52.430155][   T20]  really_probe+0x385/0x1020
[   52.434744][   T20]  driver_probe_device+0x178/0x350
[   52.439844][   T20]  ? __device_attach_driver+0x1cf/0x390
[   52.445394][   T20]  ? deferred_probe_work_func+0x240/0x240
[   52.454248][   T20]  bus_for_each_drv+0x16a/0x1f0
[   52.460094][   T20]  ? _raw_spin_lock+0x40/0x40
[   52.466981][   T20]  ? subsys_find_device_by_id+0x320/0x320
[   52.473663][   T20]  __device_attach+0x301/0x560
[   52.478492][   T20]  ? kobject_uevent_env+0x335/0x1700
[   52.483781][   T20]  ? device_attach+0x20/0x20
[   52.488361][   T20]  ? kobject_uevent_env+0x335/0x1700
[   52.493636][   T20]  bus_probe_device+0xb8/0x1f0
[   52.498388][   T20]  ? device_add+0x1078/0x1670
[   52.503053][   T20]  device_add+0x11fc/0x1670
[   52.507792][   T20]  ? virtual_device_parent+0x50/0x50
[   52.513082][   T20]  ? hid_debug_register+0xcd/0x140
[   52.518191][   T20]  hid_add_device+0xd4f/0xfa0
[   52.522861][   T20]  ? lockdep_init_map_type+0x9f/0x9a0
[   52.528223][   T20]  ? lockdep_softirqs_off+0x410/0x410
[   52.533580][   T20]  ? hid_device_remove+0x390/0x390
[   52.538687][   T20]  ? __raw_spin_lock_init+0x44/0x100
[   52.543972][   T20]  usbhid_probe+0xb4c/0xed0
[   52.548466][   T20]  usb_probe_interface+0x633/0xb40
[   52.553597][   T20]  really_probe+0x3cb/0x1020
[   52.558187][   T20]  driver_probe_device+0x178/0x350
[   52.563279][   T20]  ? __device_attach_driver+0x1cf/0x390
[   52.568809][   T20]  ? deferred_probe_work_func+0x240/0x240
[   52.574532][   T20]  bus_for_each_drv+0x16a/0x1f0
[   52.579466][   T20]  ? _raw_spin_lock+0x40/0x40
[   52.584139][   T20]  ? subsys_find_device_by_id+0x320/0x320
[   52.589847][   T20]  __device_attach+0x301/0x560
[   52.594606][   T20]  ? kobject_uevent_env+0x335/0x1700
[   52.599876][   T20]  ? device_attach+0x20/0x20
[   52.604464][   T20]  ? kobject_uevent_env+0x335/0x1700
[   52.609757][   T20]  bus_probe_device+0xb8/0x1f0
[   52.614502][   T20]  ? device_add+0x1078/0x1670
[   52.619175][   T20]  device_add+0x11fc/0x1670
[   52.623670][   T20]  ? virtual_device_parent+0x50/0x50
[   52.628943][   T20]  usb_set_configuration+0x1a86/0x2100
[   52.634397][   T20]  usb_generic_driver_probe+0x83/0x140
[   52.639841][   T20]  usb_probe_device+0x13a/0x260
[   52.644673][   T20]  really_probe+0x3cb/0x1020
[   52.649248][   T20]  driver_probe_device+0x178/0x350
[   52.654338][   T20]  ? __device_attach_driver+0x1cf/0x390
[   52.660038][   T20]  ? deferred_probe_work_func+0x240/0x240
[   52.665752][   T20]  bus_for_each_drv+0x16a/0x1f0
[   52.671197][   T20]  ? _raw_spin_lock+0x40/0x40
[   52.675881][   T20]  ? subsys_find_device_by_id+0x320/0x320
[   52.681596][   T20]  __device_attach+0x301/0x560
[   52.686511][   T20]  ? kobject_uevent_env+0x335/0x1700
[   52.691793][   T20]  ? device_attach+0x20/0x20
[   52.696478][   T20]  ? kobject_uevent_env+0x335/0x1700
[   52.701749][   T20]  bus_probe_device+0xb8/0x1f0
[   52.706499][   T20]  ? device_add+0x1078/0x1670
[   52.711160][   T20]  device_add+0x11fc/0x1670
[   52.715666][   T20]  ? virtual_device_parent+0x50/0x50
[   52.720980][   T20]  usb_new_device+0xd45/0x1790
[   52.725739][   T20]  ? usb_disconnect+0x8a0/0x8a0
[   52.730756][   T20]  ? _raw_spin_unlock_irq+0x1f/0x40
[   52.735953][   T20]  ? lockdep_hardirqs_on+0x8d/0x130
[   52.741168][   T20]  hub_port_connect+0x1055/0x27a0
[   52.746198][   T20]  ? descriptors_changed+0x9f0/0x9f0
[   52.751468][   T20]  ? __mutex_unlock_slowpath+0x17b/0x5a0
[   52.757086][   T20]  hub_port_connect_change+0x5d0/0xbf0
[   52.762540][   T20]  ? hub_port_reset+0x11b0/0x11b0
[   52.767662][   T20]  ? hub_ext_port_status+0x470/0x670
[   52.772929][   T20]  ? hub_handle_remote_wakeup+0x18d/0x3f0
[   52.778644][   T20]  port_event+0xaee/0x1140
[   52.783051][   T20]  ? hub_event+0x47f/0xd90
[   52.787465][   T20]  ? mutex_lock_io_nested+0x60/0x60
[   52.792781][   T20]  ? lockdep_hardirqs_on_prepare+0x3e2/0x750
[   52.798781][   T20]  ? hub_quiesce+0x330/0x330
[   52.803383][   T20]  ? hrtimer_nanosleep_restart+0x2f0/0x410
[   52.809499][   T20]  ? lockdep_hardirqs_on+0x8d/0x130
[   52.815035][   T20]  hub_event+0x48d/0xd90
[   52.819358][   T20]  ? led_work+0x710/0x710
[   52.823799][   T20]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[   52.829790][   T20]  ? _raw_spin_unlock_irq+0x1f/0x40
[   52.834979][   T20]  process_one_work+0x833/0x10c0
[   52.840101][   T20]  ? worker_detach_from_pool+0x260/0x260
[   52.845741][   T20]  ? _raw_spin_lock_irqsave+0x100/0x100
[   52.851280][   T20]  ? kthread_data+0x4d/0xc0
[   52.856010][   T20]  ? wq_worker_running+0x8b/0x140
[   52.861050][   T20]  worker_thread+0xac1/0x1300
[   52.865732][   T20]  ? rcu_lock_release+0x20/0x20
[   52.870586][   T20]  kthread+0x39a/0x3c0
[   52.874656][   T20]  ? rcu_lock_release+0x20/0x20
[   52.879484][   T20]  ? kthread_blkcg+0xd0/0xd0
[   52.884057][   T20]  ret_from_fork+0x1f/0x30
[   52.888490][   T20] 
[   52.890797][   T20] Allocated by task 20:
[   52.894926][   T20]  ____kasan_kmalloc+0xc4/0xf0
[   52.899755][   T20]  kmem_cache_alloc_trace+0x96/0x340
[   52.905021][   T20]  hidraw_connect+0x54/0x420
[   52.909850][   T20]  hid_connect+0x55a/0xda0
[   52.914246][   T20]  hid_hw_start+0x99/0x100
[   52.918640][   T20]  betop_probe+0xa0/0x5b0
[   52.922961][   T20]  hid_device_probe+0x26c/0x410
[   52.927791][   T20]  really_probe+0x385/0x1020
[   52.932359][   T20]  driver_probe_device+0x178/0x350
[   52.937451][   T20]  bus_for_each_drv+0x16a/0x1f0
[   52.942303][   T20]  __device_attach+0x301/0x560
[   52.947086][   T20]  bus_probe_device+0xb8/0x1f0
[   52.951834][   T20]  device_add+0x11fc/0x1670
[   52.956611][   T20]  hid_add_device+0xd4f/0xfa0
[   52.961281][   T20]  usbhid_probe+0xb4c/0xed0
[   52.965770][   T20]  usb_probe_interface+0x633/0xb40
[   52.970893][   T20]  really_probe+0x3cb/0x1020
[   52.975564][   T20]  driver_probe_device+0x178/0x350
[   52.980697][   T20]  bus_for_each_drv+0x16a/0x1f0
[   52.985539][   T20]  __device_attach+0x301/0x560
[   52.990303][   T20]  bus_probe_device+0xb8/0x1f0
[   52.995080][   T20]  device_add+0x11fc/0x1670
[   52.999566][   T20]  usb_set_configuration+0x1a86/0x2100
[   53.005003][   T20]  usb_generic_driver_probe+0x83/0x140
[   53.010440][   T20]  usb_probe_device+0x13a/0x260
[   53.015268][   T20]  really_probe+0x3cb/0x1020
[   53.019836][   T20]  driver_probe_device+0x178/0x350
[   53.024925][   T20]  bus_for_each_drv+0x16a/0x1f0
[   53.029860][   T20]  __device_attach+0x301/0x560
[   53.034615][   T20]  bus_probe_device+0xb8/0x1f0
[   53.039355][   T20]  device_add+0x11fc/0x1670
[   53.043858][   T20]  usb_new_device+0xd45/0x1790
[   53.048617][   T20]  hub_port_connect+0x1055/0x27a0
[   53.053618][   T20]  hub_port_connect_change+0x5d0/0xbf0
[   53.059056][   T20]  port_event+0xaee/0x1140
[   53.063468][   T20]  hub_event+0x48d/0xd90
[   53.067776][   T20]  process_one_work+0x833/0x10c0
[   53.072714][   T20]  worker_thread+0xac1/0x1300
[   53.077401][   T20]  kthread+0x39a/0x3c0
[   53.081461][   T20]  ret_from_fork+0x1f/0x30
[   53.085856][   T20] 
[   53.088159][   T20] Last potentially related work creation:
[   53.093850][   T20]  kasan_save_stack+0x27/0x50
[   53.098521][   T20]  kasan_record_aux_stack+0xee/0x120
[   53.103783][   T20]  insert_work+0x54/0x400
[   53.108187][   T20]  __queue_work+0x90e/0xc40
[   53.112666][   T20]  queue_work_on+0x111/0x200
[   53.117235][   T20]  call_usermodehelper_exec+0x283/0x470
[   53.122790][   T20]  kobject_uevent_env+0x133d/0x1700
[   53.127968][   T20]  device_add+0x1020/0x1670
[   53.132450][   T20]  device_create+0x241/0x2d0
[   53.137019][   T20]  vcs_make_sysfs+0x33/0x90
[   53.141501][   T20]  vc_allocate+0x66a/0x780
[   53.145909][   T20]  con_install+0x9f/0x880
[   53.150301][   T20]  tty_init_dev+0xc6/0x4c0
[   53.154696][   T20]  tty_open+0x89a/0xdd0
[   53.158827][   T20]  chrdev_open+0x53b/0x5f0
[   53.163238][   T20]  do_dentry_open+0x7cb/0x1010
[   53.167994][   T20]  path_openat+0x28e6/0x39b0
[   53.172662][   T20]  do_filp_open+0x221/0x460
[   53.177145][   T20]  do_sys_openat2+0x124/0x460
[   53.181820][   T20]  __x64_sys_open+0x221/0x270
[   53.186512][   T20]  do_syscall_64+0x3f/0xb0
[   53.190922][   T20]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   53.196801][   T20] 
[   53.199141][   T20] Second to last potentially related work creation:
[   53.205705][   T20]  kasan_save_stack+0x27/0x50
[   53.210380][   T20]  kasan_record_aux_stack+0xee/0x120
[   53.215660][   T20]  insert_work+0x54/0x400
[   53.219998][   T20]  __queue_work+0x90e/0xc40
[   53.224519][   T20]  queue_work_on+0x111/0x200
[   53.229091][   T20]  call_usermodehelper_exec+0x283/0x470
[   53.234624][   T20]  cgroup1_release_agent+0x30b/0x3a0
[   53.239911][   T20]  process_one_work+0x833/0x10c0
[   53.244967][   T20]  worker_thread+0xac1/0x1300
[   53.249861][   T20]  kthread+0x39a/0x3c0
[   53.253929][   T20]  ret_from_fork+0x1f/0x30
[   53.258330][   T20] 
[   53.260639][   T20] The buggy address belongs to the object at ffff8880180fcb00
[   53.260639][   T20]  which belongs to the cache kmalloc-192 of size 192
[   53.274670][   T20] The buggy address is located 0 bytes to the right of
[   53.274670][   T20]  192-byte region [ffff8880180fcb00, ffff8880180fcbc0)
[   53.288279][   T20] The buggy address belongs to the page:
[   53.293889][   T20] page:ffffea0000603f00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x180fc
[   53.304018][   T20] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   53.311546][   T20] raw: 00fff00000000200 ffffea00005aeec0 0000000200000002 ffff888011841a00
[   53.320207][   T20] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   53.328852][   T20] page dumped because: kasan: bad access detected
[   53.335238][   T20] page_owner tracks the page as allocated
[   53.340928][   T20] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 2955159711, free_ts 2878953912
[   53.356537][   T20]  get_page_from_freelist+0x779/0xa20
[   53.361895][   T20]  __alloc_pages+0x26c/0x5f0
[   53.366482][   T20]  alloc_page_interleave+0x22/0x1b0
[   53.371754][   T20]  allocate_slab+0xf1/0x5b0
[   53.376239][   T20]  ___slab_alloc+0x1cf/0x350
[   53.380804][   T20]  __kmalloc_track_caller+0x2eb/0x390
[   53.386156][   T20]  krealloc+0x5c/0xf0
[   53.390130][   T20]  add_sysfs_param+0xc8/0x7f0
[   53.394786][   T20]  kernel_add_sysfs_param+0xb0/0x126
[   53.400049][   T20]  param_sysfs_builtin+0x145/0x1b9
[   53.405152][   T20]  param_sysfs_init+0x68/0x6c
[   53.409823][   T20]  do_one_initcall+0x1a7/0x400
[   53.414564][   T20]  do_initcall_level+0x14a/0x1f5
[   53.419479][   T20]  do_initcalls+0x4b/0x8c
[   53.423884][   T20]  kernel_init_freeable+0x3fd/0x58a
[   53.429055][   T20]  kernel_init+0xd/0x290
[   53.433295][   T20] page last free stack trace:
[   53.437943][   T20]  free_pcp_prepare+0x3ea/0x420
[   53.442783][   T20]  free_unref_page+0x7b/0x280
[   53.447443][   T20]  __vunmap+0x926/0xa60
[   53.451582][   T20]  free_work+0x66/0x90
[   53.455624][   T20]  process_one_work+0x833/0x10c0
[   53.460541][   T20]  worker_thread+0xac1/0x1300
[   53.465217][   T20]  kthread+0x39a/0x3c0
[   53.469262][   T20]  ret_from_fork+0x1f/0x30
[   53.473655][   T20] 
[   53.476064][   T20] Memory state around the buggy address:
[   53.481667][   T20]  ffff8880180fca80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   53.489717][   T20]  ffff8880180fcb0