[ 51.580444] audit: type=1800 audit(1555035170.442:27): pid=5340 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 51.600234] audit: type=1800 audit(1555035170.442:28): pid=5340 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 52.538329] audit: type=1800 audit(1555035171.442:29): pid=5340 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 52.557717] audit: type=1800 audit(1555035171.442:30): pid=5340 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.81' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 63.012817] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 63.372790] usb 1-1: config 0 has an invalid interface number: 158 but max is 0 [ 63.380408] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 63.389867] usb 1-1: config 0 has no interface number 0 [ 63.395322] usb 1-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=1a.78 [ 63.403714] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.412991] usb 1-1: config 0 descriptor?? [ 63.461406] ================================================================== [ 63.461410] BUG: KASAN: stack-out-of-bounds in string+0x1f6/0x220 [ 63.461413] Read of size 1 at addr ffff88809ee2f260 by task kworker/0:2/539 [ 63.461414] [ 63.461417] CPU: 0 PID: 539 Comm: kworker/0:2 Not tainted 5.1.0-rc4-319354-g9a33b36 #3 [ 63.461421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.461423] Workqueue: usb_hub_wq hub_event [ 63.461425] Call Trace: [ 63.461427] dump_stack+0xe8/0x16e [ 63.461429] ? string+0x1f6/0x220 [ 63.461430] ? string+0x1f6/0x220 [ 63.461433] print_address_description+0x6c/0x236 [ 63.461434] ? string+0x1f6/0x220 [ 63.461436] ? string+0x1f6/0x220 [ 63.461438] kasan_report.cold+0x1a/0x3c [ 63.461440] ? __sanitizer_cov_trace_const_cmp4+0x20/0x20 [ 63.461441] ? string+0x1f6/0x220 [ 63.461443] string+0x1f6/0x220 [ 63.461445] ? widen_string+0x2a0/0x2a0 [ 63.461446] vsnprintf+0xa14/0x16b0 [ 63.461448] ? pointer+0x910/0x910 [ 63.461450] ? put_dec_trunc8+0x263/0x2f0 [ 63.461452] ? set_precision+0x170/0x170 [ 63.461453] pointer+0x60b/0x910 [ 63.461455] ? address_val+0x80/0x80 [ 63.461457] vsnprintf+0x5a0/0x16b0 [ 63.461458] ? pointer+0x910/0x910 [ 63.461460] ? noop_count+0x40/0x40 [ 63.461461] vscnprintf+0x29/0x80 [ 63.461463] vprintk_store+0x45/0x4a0 [ 63.461465] vprintk_emit+0x210/0x5a0 [ 63.461467] dev_vprintk_emit+0x50e/0x553 [ 63.461468] ? dev_attr_show.cold+0x3a/0x3a [ 63.461470] ? lockdep_hardirqs_on+0x37e/0x580 [ 63.461472] ? depot_save_stack+0x1d6/0x450 [ 63.461474] ? __bfs+0x27/0x560 [ 63.461475] ? lockdep_on+0x50/0x50 [ 63.461477] dev_printk_emit+0xbf/0xf6 [ 63.461479] ? dev_vprintk_emit+0x553/0x553 [ 63.461481] ? check_usage+0x520/0x520 [ 63.461482] __dev_printk+0x1ed/0x215 [ 63.461484] _dev_info+0xdc/0x10e [ 63.461486] ? _dev_notice+0x10e/0x10e [ 63.461488] ? refcount_inc_checked+0x1d/0x60 [ 63.461489] ? usb_string+0x3ad/0x510 [ 63.461491] vub300_probe+0x25e/0xd80 [ 63.461493] ? __pm_runtime_set_status+0x703/0xa10 [ 63.461495] ? mark_held_locks+0xe0/0xe0 [ 63.461497] ? mmc_signal_sdio_irq+0xf0/0xf0 [ 63.461499] ? mark_held_locks+0x9f/0xe0 [ 63.461500] ? find_held_lock+0x2d/0x110 [ 63.461502] ? usb_probe_interface+0x5fe/0x820 [ 63.461504] ? mark_held_locks+0x9f/0xe0 [ 63.461506] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 63.461508] usb_probe_interface+0x31d/0x820 [ 63.461510] ? usb_probe_device+0x150/0x150 [ 63.461512] really_probe+0x2da/0xb10 [ 63.461514] driver_probe_device+0x21d/0x350 [ 63.461516] __device_attach_driver+0x1d8/0x290 [ 63.461518] ? driver_allows_async_probing+0x160/0x160 [ 63.461520] bus_for_each_drv+0x163/0x1e0 [ 63.461522] ? bus_rescan_devices+0x30/0x30 [ 63.461524] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 63.461526] ? lockdep_hardirqs_on+0x37e/0x580 [ 63.461527] __device_attach+0x223/0x3a0 [ 63.461529] ? device_bind_driver+0xe0/0xe0 [ 63.461531] ? kobject_uevent_env+0x295/0x13d0 [ 63.461533] bus_probe_device+0x1f1/0x2a0 [ 63.461535] ? blocking_notifier_call_chain+0x59/0xb0 [ 63.461537] device_add+0xad2/0x16e0 [ 63.461539] ? get_device_parent.isra.0+0x560/0x560 [ 63.461541] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 63.461543] usb_set_configuration+0xdf7/0x1740 [ 63.461545] generic_probe+0xa2/0xda [ 63.461547] usb_probe_device+0xc0/0x150 [ 63.461548] ? usb_suspend+0x5f0/0x5f0 [ 63.461550] really_probe+0x2da/0xb10 [ 63.461552] driver_probe_device+0x21d/0x350 [ 63.461554] __device_attach_driver+0x1d8/0x290 [ 63.461556] ? driver_allows_async_probing+0x160/0x160 [ 63.461558] bus_for_each_drv+0x163/0x1e0 [ 63.461560] ? bus_rescan_devices+0x30/0x30 [ 63.461562] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 63.461564] ? lockdep_hardirqs_on+0x37e/0x580 [ 63.461566] __device_attach+0x223/0x3a0 [ 63.461568] ? device_bind_driver+0xe0/0xe0 [ 63.461570] ? kobject_uevent_env+0x295/0x13d0 [ 63.461572] bus_probe_device+0x1f1/0x2a0 [ 63.461574] ? blocking_notifier_call_chain+0x59/0xb0 [ 63.461576] device_add+0xad2/0x16e0 [ 63.461578] ? get_device_parent.isra.0+0x560/0x560 [ 63.461580] usb_new_device.cold+0x537/0xccf [ 63.461581] hub_event+0x138e/0x3b00 [ 63.461583] ? hub_port_debounce+0x350/0x350 [ 63.461585] ? _raw_spin_unlock_irq+0x29/0x40 [ 63.461587] process_one_work+0x90f/0x1580 [ 63.461589] ? wq_pool_ids_show+0x300/0x300 [ 63.461591] ? do_raw_spin_lock+0x11f/0x290 [ 63.461592] worker_thread+0x9b/0xe20 [ 63.461594] ? process_one_work+0x1580/0x1580 [ 63.461596] kthread+0x313/0x420 [ 63.461598] ? kthread_park+0x1a0/0x1a0 [ 63.461599] ret_from_fork+0x3a/0x50 [ 63.461600] [ 63.461603] The buggy address belongs to the page: [ 63.461606] page:ffffea00027b8bc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 63.461609] flags: 0xfff00000000000() [ 63.461612] raw: 00fff00000000000 ffffea00027b8bc8 ffffea00027b8bc8 0000000000000000 [ 63.461615] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 63.461618] page dumped because: kasan: bad access detected [ 63.461619] [ 63.461621] Memory state around the buggy address: [ 63.461624] ffff88809ee2f100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.461627] ffff88809ee2f180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.461630] >ffff88809ee2f200: 00 00 f1 f1 f1 f1 f1 f1 00 00 00 00 f2 f2 f2 f2 [ 63.461633] ^ [ 63.461636] ffff88809ee2f280: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 f3 f3 [ 63.461639] ffff88809ee2f300: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.461642] ================================================================== [ 63.461644] Disabling lock debugging due to kernel taint [ 63.461647] Kernel panic - not syncing: panic_on_warn set ... [ 63.461650] CPU: 0 PID: 539 Comm: kworker/0:2 Tainted: G B 5.1.0-rc4-319354-g9a33b36 #3 [ 63.461654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.461655] Workqueue: usb_hub_wq hub_event [ 63.461658] Call Trace: [ 63.461659] dump_stack+0xe8/0x16e [ 63.461661] panic+0x29d/0x5f2 [ 63.461663] ? __warn_printk+0xf8/0xf8 [ 63.461665] ? lock_downgrade+0x640/0x640 [ 63.461667] ? print_shadow_for_address+0xbd/0x119 [ 63.461668] ? trace_hardirqs_off+0x50/0x1c0 [ 63.461670] ? string+0x1f6/0x220 [ 63.461672] end_report+0x48/0x4e [ 63.461673] ? string+0x1f6/0x220 [ 63.461675] kasan_report.cold+0xd/0x3c [ 63.461677] ? __sanitizer_cov_trace_const_cmp4+0x20/0x20 [ 63.461679] ? string+0x1f6/0x220 [ 63.461680] string+0x1f6/0x220 [ 63.461682] ? widen_string+0x2a0/0x2a0 [ 63.461684] vsnprintf+0xa14/0x16b0 [ 63.461685] ? pointer+0x910/0x910 [ 63.461687] ? put_dec_trunc8+0x263/0x2f0 [ 63.461689] ? set_precision+0x170/0x170 [ 63.461691] pointer+0x60b/0x910 [ 63.461692] ? address_val+0x80/0x80 [ 63.461694] vsnprintf+0x5a0/0x16b0 [ 63.461695] ? pointer+0x910/0x910 [ 63.461697] ? noop_count+0x40/0x40 [ 63.461699] vscnprintf+0x29/0x80 [ 63.461700] vprintk_store+0x45/0x4a0 [ 63.461702] vprintk_emit+0x210/0x5a0 [ 63.461704] dev_vprintk_emit+0x50e/0x553 [ 63.461705] ? dev_attr_show.cold+0x3a/0x3a [ 63.461707] ? lockdep_hardirqs_on+0x37e/0x580 [ 63.461709] ? depot_save_stack+0x1d6/0x450 [ 63.461711] ? __bfs+0x27/0x560 [ 63.461713] ? lockdep_on+0x50/0x50 [ 63.461714] dev_printk_emit+0xbf/0xf6 [ 63.461716] ? dev_vprintk_emit+0x553/0x553 [ 63.461718] ? check_usage+0x520/0x520 [ 63.461720] __dev_printk+0x1ed/0x215 [ 63.461722] _dev_info+0xdc/0x10e [ 63.461723] ? _dev_notice+0x10e/0x10e [ 63.461725] ? refcount_inc_checked+0x1d/0x60 [ 63.461727] ? usb_string+0x3ad/0x510 [ 63.461729] vub300_probe+0x25e/0xd80 [ 63.461731] ? __pm_runtime_set_status+0x703/0xa10 [ 63.461733] ? mark_held_locks+0xe0/0xe0 [ 63.461735] ? mmc_signal_sdio_irq+0xf0/0xf0 [ 63.461736] ? mark_held_locks+0x9f/0xe0 [ 63.461738] ? find_held_lock+0x2d/0x110 [ 63.461740] ? usb_probe_interface+0x5fe/0x820 [ 63.461742] ? mark_held_locks+0x9f/0xe0 [ 63.461744] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 63.461746] usb_probe_interface+0x31d/0x820 [ 63.461748] ? usb_probe_device+0x150/0x150 [ 63.461749] really_probe+0x2da/0xb10 [ 63.461751] driver_probe_device+0x21d/0x350 [ 63.461753] __device_attach_driver+0x1d8/0x290 [ 63.461755] ? driver_allows_async_probing+0x160/0x160 [ 63.461757] bus_for_each_drv+0x163/0x1e0 [ 63.461759] ? bus_rescan_devices+0x30/0x30 [ 63.461761] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 63.461763] ? lockdep_hardirqs_on+0x37e/0x580 [ 63.461765] __device_attach+0x223/0x3a0 [ 63.461767] ? device_bind_driver+0xe0/0xe0 [ 63.461769] ? kobject_uevent_env+0x295/0x13d0 [ 63.461771] bus_probe_device+0x1f1/0x2a0 [ 63.461773] ? blocking_notifier_call_chain+0x59/0xb0 [ 63.461775] device_add+0xad2/0x16e0 [ 63.461777] ? get_device_parent.isra.0+0x560/0x560 [ 63.461779] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 63.461781] usb_set_configuration+0xdf7/0x1740 [ 63.461782] generic_probe+0xa2/0xda [ 63.461784] usb_probe_device+0xc0/0x150 [ 63.461786] ? usb_suspend+0x5f0/0x5f0 [ 63.461788] really_probe+0x2da/0xb10 [ 63.461790] driver_probe_device+0x21d/0x350 [ 63.461792] __device_attach_driver+0x1d8/0x290 [ 63.461794] ? driver_allows_async_probing+0x160/0x160 [ 63.461796] bus_for_each_drv+0x163/0x1e0 [ 63.461797] ? bus_rescan_devices+0x30/0x30 [ 63.461800] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 63.461801] ? lockdep_hardirqs_on+0x37e/0x580 [ 63.461803] __device_attach+0x223/0x3a0 [ 63.461805] ? device_bind_driver+0xe0/0xe0 [ 63.461807] ? kobject_uevent_env+0x295/0x13d0 [ 63.461809] bus_probe_device+0x1f1/0x2a0 [ 63.461811] ? blocking_notifier_call_chain+0x59/0xb0 [ 63.461813] device_add+0xad2/0x16e0 [ 63.461815] ? get_device_parent.isra.0+0x560/0x560 [ 63.461817] usb_new_device.cold+0x537/0xccf [ 63.461818] hub_event+0x138e/0x3b00 [ 63.461820] ? hub_port_debounce+0x350/0x350 [ 63.461822] ? _raw_spin_unlock_irq+0x29/0x40 [ 63.461824] process_one_work+0x90f/0x1580 [ 63.461826] ? wq_pool_ids_show+0x300/0x300 [ 63.461828] ? do_raw_spin_lock+0x11f/0x290 [ 63.461829] worker_thread+0x9b/0xe20 [ 63.461831] ? process_one_work+0x1580/0x1580 [ 63.461833] kthread+0x313/0x420 [ 63.461835] ? kthread_park+0x1a0/0x1a0 [ 63.461836] ret_from_fork+0x3a/0x50 [ 63.461838] Kernel Offset: disabled