[ 44.967104] audit: type=1800 audit(1555461265.686:27): pid=5196 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0
[ 44.986621] audit: type=1800 audit(1555461265.696:28): pid=5196 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 45.590039] audit: type=1800 audit(1555461266.346:29): pid=5196 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[ 45.609474] audit: type=1800 audit(1555461266.346:30): pid=5196 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.1.15' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 84.753161] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 84.993121] usb 1-1: Using ep0 maxpacket: 8
[ 85.123177] usb 1-1: config 0 has an invalid interface number: 28 but max is 0
[ 85.130765] usb 1-1: config 0 has no interface number 0
[ 85.136229] usb 1-1: New USB device found, idVendor=04fa, idProduct=2490, bcdDevice=74.f9
[ 85.144604] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 85.153768] usb 1-1: config 0 descriptor??
[ 85.393379] ==================================================================
[ 85.401130] BUG: KASAN: use-after-free in ds_probe+0x604/0x760
[ 85.407295] Read of size 1 at addr ffff88809f4c0802 by task kworker/0:2/532
[ 85.414482]
[ 85.416116] CPU: 0 PID: 532 Comm: kworker/0:2 Not tainted 5.1.0-rc4-319354-g9a33b36 #3
[ 85.424339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 85.433688] Workqueue: usb_hub_wq hub_event
[ 85.437990] Call Trace:
[ 85.440573] dump_stack+0xe8/0x16e
[ 85.444105] ? ds_probe+0x604/0x760
[ 85.447809] ? ds_probe+0x604/0x760
[ 85.451526] print_address_description+0x6c/0x236
[ 85.456469] ? ds_probe+0x604/0x760
[ 85.460084] ? ds_probe+0x604/0x760
[ 85.463703] kasan_report.cold+0x1a/0x3c
[ 85.467843] ? ds_probe+0x604/0x760
[ 85.471712] ds_probe+0x604/0x760
[ 85.475168] usb_probe_interface+0x31d/0x820
[ 85.479749] ? usb_probe_device+0x150/0x150
[ 85.484060] really_probe+0x2da/0xb10
[ 85.487984] driver_probe_device+0x21d/0x350
[ 85.492755] __device_attach_driver+0x1d8/0x290
[ 85.497759] ? driver_allows_async_probing+0x160/0x160
[ 85.503036] bus_for_each_drv+0x163/0x1e0
[ 85.507186] ? bus_rescan_devices+0x30/0x30
[ 85.511503] ? _raw_spin_unlock_irqrestore+0x4b/0x60
[ 85.516594] ? lockdep_hardirqs_on+0x37e/0x580
[ 85.521166] __device_attach+0x223/0x3a0
[ 85.525421] ? device_bind_driver+0xe0/0xe0
[ 85.529749] ? kobject_uevent_env+0x295/0x13d0
[ 85.534348] bus_probe_device+0x1f1/0x2a0
[ 85.538500] ? blocking_notifier_call_chain+0x59/0xb0
[ 85.543804] device_add+0xad2/0x16e0
[ 85.547512] ? get_device_parent.isra.0+0x560/0x560
[ 85.552520] ? _raw_spin_unlock_irqrestore+0x4b/0x60
[ 85.557616] usb_set_configuration+0xdf7/0x1740
[ 85.562297] generic_probe+0xa2/0xda
[ 85.566063] usb_probe_device+0xc0/0x150
[ 85.570245] ? usb_suspend+0x5f0/0x5f0
[ 85.574321] really_probe+0x2da/0xb10
[ 85.578150] driver_probe_device+0x21d/0x350
[ 85.582649] __device_attach_driver+0x1d8/0x290
[ 85.588008] ? driver_allows_async_probing+0x160/0x160
[ 85.593763] bus_for_each_drv+0x163/0x1e0
[ 85.598012] ? bus_rescan_devices+0x30/0x30
[ 85.602409] ? _raw_spin_unlock_irqrestore+0x4b/0x60
[ 85.607889] ? lockdep_hardirqs_on+0x37e/0x580
[ 85.612579] __device_attach+0x223/0x3a0
[ 85.616627] ? device_bind_driver+0xe0/0xe0
[ 85.621143] ? kobject_uevent_env+0x295/0x13d0
[ 85.625743] bus_probe_device+0x1f1/0x2a0
[ 85.629883] ? blocking_notifier_call_chain+0x59/0xb0
[ 85.636284] device_add+0xad2/0x16e0
[ 85.639991] ? get_device_parent.isra.0+0x560/0x560
[ 85.645018] usb_new_device.cold+0x537/0xccf
[ 85.649425] hub_event+0x138e/0x3b00
[ 85.653199] ? hub_port_debounce+0x350/0x350
[ 85.657610] ? _raw_spin_unlock_irq+0x29/0x40
[ 85.662102] process_one_work+0x90f/0x1580
[ 85.666451] ? wq_pool_ids_show+0x300/0x300
[ 85.670770] ? do_raw_spin_lock+0x11f/0x290
[ 85.675089] worker_thread+0x9b/0xe20
[ 85.679008] ? process_one_work+0x1580/0x1580
[ 85.683494] kthread+0x313/0x420
[ 85.686977] ? kthread_park+0x1a0/0x1a0
[ 85.691079] ret_from_fork+0x3a/0x50
[ 85.694784]
[ 85.696398] Allocated by task 3691:
[ 85.700016] __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 85.704930] security_task_alloc+0x113/0x180
[ 85.709324] copy_process.part.0+0x1c62/0x76b0
[ 85.713893] _do_fork+0x234/0xed0
[ 85.717350] do_syscall_64+0xcf/0x4f0
[ 85.721151] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 85.726322]
[ 85.727936] Freed by task 16:
[ 85.731288] __kasan_slab_free+0x130/0x180
[ 85.735517] slab_free_freelist_hook+0x5e/0x140
[ 85.741565] kfree+0xce/0x290
[ 85.744663] security_task_free+0x9a/0xf0
[ 85.748797] __put_task_struct+0xec/0x4d0
[ 85.752983] delayed_put_task_struct+0x189/0x290
[ 85.757738] rcu_core+0x83b/0x1a80
[ 85.761277] __do_softirq+0x22a/0x8cd
[ 85.765145]
[ 85.766755] The buggy address belongs to the object at ffff88809f4c07e0
[ 85.766755] which belongs to the cache kmalloc-64 of size 64
[ 85.779543] The buggy address is located 34 bytes inside of
[ 85.779543] 64-byte region [ffff88809f4c07e0, ffff88809f4c0820)
[ 85.791371] The buggy address belongs to the page:
[ 85.796292] page:ffffea00027d3000 count:1 mapcount:0 mapping:ffff88812c3f5600 index:0x0
[ 85.804429] flags: 0xfff00000000200(slab)
[ 85.808559] raw: 00fff00000000200 ffffea00025e0f40 0000000800000008 ffff88812c3f5600
[ 85.816425] raw: 0000000000000000 00000000802a002a 00000001ffffffff 0000000000000000
[ 85.824285] page dumped because: kasan: bad access detected
[ 85.830079]
[ 85.831690] Memory state around the buggy address:
[ 85.836603] ffff88809f4c0700: fc fc fc fc fb fb fb fb fb fb fb fb fc fc fc fc
[ 85.844151] ffff88809f4c0780: 00 00 00 00 00 00 fc fc fc fc fc fc fb fb fb fb
[ 85.851502] >ffff88809f4c0800: fb fb fb fb fc fc fc fc fb fb fb fb fb fb fb fb
[ 85.858843] ^
[ 85.862191] ffff88809f4c0880: fc fc fc fc fb fb fb fb fb fb fb fb fc fc fc fc
[ 85.869730] ffff88809f4c0900: fb fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb
[ 85.877082] ==================================================================
[ 85.884459] Disabling lock debugging due to kernel taint
[ 85.890031] Kernel panic - not syncing: panic_on_warn set ...
[ 85.896014] CPU: 0 PID: 532 Comm: kworker/0:2 Tainted: G B 5.1.0-rc4-319354-g9a33b36 #3
[ 85.905466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 85.914820] Workqueue: usb_hub_wq hub_event
[ 85.919142] Call Trace:
[ 85.921728] dump_stack+0xe8/0x16e
[ 85.925262] panic+0x29d/0x5f2
[ 85.928532] ? __warn_printk+0xf8/0xf8
[ 85.932421] ? retint_kernel+0x10/0x10
[ 85.936314] ? trace_hardirqs_on+0x55/0x1c0
[ 85.940651] ? ds_probe+0x604/0x760
[ 85.944285] end_report+0x48/0x4e
[ 85.947734] ? ds_probe+0x604/0x760
[ 85.951349] kasan_report.cold+0xd/0x3c
[ 85.955316] ? ds_probe+0x604/0x760
[ 85.958954] ds_probe+0x604/0x760
[ 85.962416] usb_probe_interface+0x31d/0x820
[ 85.966838] ? usb_probe_device+0x150/0x150
[ 85.971150] really_probe+0x2da/0xb10
[ 85.974944] driver_probe_device+0x21d/0x350
[ 85.979366] __device_attach_driver+0x1d8/0x290
[ 85.984028] ? driver_allows_async_probing+0x160/0x160
[ 85.989300] bus_for_each_drv+0x163/0x1e0
[ 85.993529] ? bus_rescan_devices+0x30/0x30
[ 85.997847] ? _raw_spin_unlock_irqrestore+0x4b/0x60
[ 86.002943] ? lockdep_hardirqs_on+0x37e/0x580
[ 86.007989] __device_attach+0x223/0x3a0
[ 86.012045] ? device_bind_driver+0xe0/0xe0
[ 86.016362] ? kobject_uevent_env+0x295/0x13d0
[ 86.020940] bus_probe_device+0x1f1/0x2a0
[ 86.025124] ? blocking_notifier_call_chain+0x59/0xb0
[ 86.030307] device_add+0xad2/0x16e0
[ 86.034017] ? get_device_parent.isra.0+0x560/0x560
[ 86.039024] ? _raw_spin_unlock_irqrestore+0x4b/0x60
[ 86.044137] usb_set_configuration+0xdf7/0x1740
[ 86.048810] generic_probe+0xa2/0xda
[ 86.052515] usb_probe_device+0xc0/0x150
[ 86.056569] ? usb_suspend+0x5f0/0x5f0
[ 86.060449] really_probe+0x2da/0xb10
[ 86.064247] driver_probe_device+0x21d/0x350
[ 86.068650] __device_attach_driver+0x1d8/0x290
[ 86.073313] ? driver_allows_async_probing+0x160/0x160
[ 86.087181] bus_for_each_drv+0x163/0x1e0
[ 86.091431] ? bus_rescan_devices+0x30/0x30
[ 86.095751] ? _raw_spin_unlock_irqrestore+0x4b/0x60
[ 86.100866] ? lockdep_hardirqs_on+0x37e/0x580
[ 86.105449] __device_attach+0x223/0x3a0
[ 86.109502] ? device_bind_driver+0xe0/0xe0
[ 86.113822] ? kobject_uevent_env+0x295/0x13d0
[ 86.118401] bus_probe_device+0x1f1/0x2a0
[ 86.122563] ? blocking_notifier_call_chain+0x59/0xb0
[ 86.127746] device_add+0xad2/0x16e0
[ 86.131455] ? get_device_parent.isra.0+0x560/0x560
[ 86.136477] usb_new_device.cold+0x537/0xccf
[ 86.140882] hub_event+0x138e/0x3b00
[ 86.144591] ? hub_port_debounce+0x350/0x350
[ 86.149232] ? _raw_spin_unlock_irq+0x29/0x40
[ 86.154147] process_one_work+0x90f/0x1580
[ 86.158446] ? wq_pool_ids_show+0x300/0x300
[ 86.162814] ? do_raw_spin_lock+0x11f/0x290
[ 86.167139] worker_thread+0x9b/0xe20
[ 86.170965] ? process_one_work+0x1580/0x1580
[ 86.175457] kthread+0x313/0x420
[ 86.178817] ? kthread_park+0x1a0/0x1a0
[ 86.182786] ret_from_fork+0x3a/0x50
[ 86.187283] Kernel Offset: disabled
[ 86.190907] Rebooting in 86400 seconds..