         Starting Network Time Synchronization...
[[0;32m  OK  [0m] Started Network Time Synchronization.
[[0;32m  OK  [0m] Started Raise network interfaces.
[[0;32m  OK  [0m] Reached target Network.
         Starting OpenBSD Secure Shell server...
         Starting Permit User Sessions...
[[0;32m  OK  [0m] Started Permit User Sessions.
[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.
Warning: Permanently added '10.128.0.27' (ECDSA) to the list of known hosts.
executing program
[[0m[0;31m*     [0m] A start job is running for dev-ttyS0.device (8s / 1min 30s)[K[[0;1;31m*[0m[0;31m*    [0m] A start job is running for dev-ttyS0.device (8s / 1min 30s)[K[[0;31m*[0;1;31m*[0m[0;31m*   [0m] A start job is running for dev-ttyS0.device (9s / 1min 30s)[K[ [0;31m*[0;1;31m*[0m[0;31m*  [0m] A start job is running for dev-ttyS0.device (10s / 1min 30s)[K[  [0;31m*[0;1;31m*[0m[0;31m* [0m] A start job is running for dev-ttyS0.device (10s / 1min 30s)[K[   [0;31m*[0;1;31m*[0m[0;31m*[0m] A start job is running for dev-ttyS0.device (11s / 1min 30s)[K[    [0;31m*[0;1;31m*[0m] A start job is running for dev-ttyS0.device (12s / 1min 30s)[K[     [0;31m*[0m] A start job is running for dev-ttyS0.device (12s / 1min 30s)[K[    [0;31m*[0;1;31m*[0m] A start job is running for dev-ttyS0.device (13s / 1min 30s)[K[   [0;31m*[0;1;31m*[0m[0;31m*[0m] A start job is running for dev-ttyS0.device (13s / 1min 30s)[K[  [0;31m*[0;1;31m*[0m[0;31m* [0m] A start job is running for dev-ttyS0.device (14s / 1min 30s)[   19.737925][   T22] audit: type=1400 audit(1589425958.235:8): avc:  denied  { execmem } for  pid=406 comm="syz-executor870" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   20.011301][  T115] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[K[ [0;31m*[0;1;31m*[0m[0;31m*  [0m] A start job is running for dev-ttyS0.device (15s / 1min 30s)[   20.370120][  T115] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   20.381082][  T115] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   20.391619][  T115] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   20.404965][  T115] usb 1-1: New USB device found, idVendor=20bc, idProduct=5500, bcdDevice= 0.00
[   20.414362][  T115] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   20.423304][  T115] usb 1-1: config 0 descriptor??
[K[[0;31m*[0;1;31m*[0m[0;31m*   [0m] A start job is running for dev-ttyS0.device (15s / 1min 30s)[   20.899189][  T115] betop 0003:20BC:5500.0001: unknown main item tag 0x0
[   20.906077][  T115] betop 0003:20BC:5500.0001: unknown main item tag 0x0
[   20.914481][  T115] betop 0003:20BC:5500.0001: unknown main item tag 0x0
[   20.922166][  T115] betop 0003:20BC:5500.0001: unknown main item tag 0x0
[   20.929734][  T115] betop 0003:20BC:5500.0001: unknown main item tag 0x0
[   20.936579][  T115] betop 0003:20BC:5500.0001: unknown main item tag 0x0
[   20.945364][  T115] betop 0003:20BC:5500.0001: unknown main item tag 0x0
[   20.953071][  T115] betop 0003:20BC:5500.0001: unknown main item tag 0x0
[   20.960784][  T115] betop 0003:20BC:5500.0001: unknown main item tag 0x0
[   20.967633][  T115] betop 0003:20BC:5500.0001: unknown main item tag 0x0
[   20.976030][  T115] betop 0003:20BC:5500.0001: unknown main item tag 0x0
[   20.983905][  T115] betop 0003:20BC:5500.0001: unknown main item tag 0x0
[   20.991592][  T115] betop 0003:20BC:5500.0001: unknown main item tag 0x0
[   20.999274][  T115] betop 0003:20BC:5500.0001: unknown main item tag 0x0
[   21.006116][  T115] betop 0003:20BC:5500.0001: unknown main item tag 0x0
[   21.014390][  T115] betop 0003:20BC:5500.0001: unknown main item tag 0x0
[   21.021962][  T115] betop 0003:20BC:5500.0001: unknown main item tag 0x0
[   21.029658][  T115] betop 0003:20BC:5500.0001: unknown main item tag 0x0
[   21.037111][  T115] betop 0003:20BC:5500.0001: hidraw0: USB HID v0.00 Device [HID 20bc:5500] on usb-dummy_hcd.0-1/input0
[   21.049724][  T115] ==================================================================
[   21.057780][  T115] BUG: KASAN: use-after-free in input_ff_create+0x157/0x350
[   21.065052][  T115] Write of size 8 at addr ffff8881d029d168 by task kworker/1:1/115
[   21.072923][  T115] 
[   21.075259][  T115] CPU: 1 PID: 115 Comm: kworker/1:1 Not tainted 5.4.40-syzkaller-00122-g79c00997a007 #0
[   21.084941][  T115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   21.094982][  T115] Workqueue: usb_hub_wq hub_event
[   21.101373][  T115] Call Trace:
[   21.104656][  T115]  dump_stack+0x14a/0x1ce
[   21.108967][  T115]  ? show_regs_print_info+0x12/0x12
[   21.114187][  T115]  ? printk+0xd2/0x114
[   21.118309][  T115]  print_address_description+0x93/0x620
[   21.123850][  T115]  __kasan_report+0x16d/0x1e0
[   21.128506][  T115]  ? input_ff_create+0x157/0x350
[   21.133430][  T115]  kasan_report+0x34/0x60
[   21.137767][  T115]  ? __mutex_init+0x9d/0xf0
[   21.142325][  T115]  input_ff_create+0x157/0x350
[   21.147099][  T115]  ? betop_probe+0x5c0/0x5c0
[   21.151723][  T115]  input_ff_create_memless+0x14d/0x6d0
[   21.157165][  T115]  betop_probe+0x3ee/0x5c0
[   21.161590][  T115]  hid_device_probe+0x27a/0x420
[   21.166541][  T115]  really_probe+0x707/0xf70
[   21.171040][  T115]  driver_probe_device+0xe6/0x230
[   21.176041][  T115]  ? coredump_store+0x90/0x90
[   21.180696][  T115]  bus_for_each_drv+0x17a/0x200
[   21.185522][  T115]  ? subsys_find_device_by_id+0x340/0x340
[   21.191218][  T115]  __device_attach+0x27b/0x420
[   21.195963][  T115]  ? skb_release_head_state+0x1d0/0x210
[   21.201499][  T115]  ? device_attach+0x20/0x20
[   21.206064][  T115]  bus_probe_device+0xbb/0x200
[   21.210806][  T115]  device_add+0x105a/0x1750
[   21.215292][  T115]  ? __d_instantiate+0x3c6/0x700
[   21.220231][  T115]  ? dev_set_name+0x120/0x120
[   21.224884][  T115]  ? hid_debug_register+0xcd/0x140
[   21.229979][  T115]  hid_add_device+0xd7e/0xfd0
[   21.234651][  T115]  ? gfp_pfmemalloc_allowed+0x130/0x130
[   21.240173][  T115]  ? snprintf+0xd9/0x120
[   21.244409][  T115]  ? usbhid_probe+0x6c2/0xcc0
[   21.249065][  T115]  ? hid_device_remove+0x390/0x390
[   21.254152][  T115]  ? kasan_kmalloc_large+0xff/0x110
[   21.259349][  T115]  ? init_timer_key+0x2c/0x1d0
[   21.264103][  T115]  usbhid_probe+0x94e/0xcc0
[   21.268590][  T115]  usb_probe_interface+0x631/0xad0
[   21.273681][  T115]  really_probe+0x764/0xf70
[   21.278160][  T115]  driver_probe_device+0xe6/0x230
[   21.283181][  T115]  ? coredump_store+0x90/0x90
[   21.287845][  T115]  bus_for_each_drv+0x17a/0x200
[   21.292674][  T115]  ? subsys_find_device_by_id+0x340/0x340
[   21.298371][  T115]  __device_attach+0x27b/0x420
[   21.303114][  T115]  ? skb_release_head_state+0x1d0/0x210
[   21.308636][  T115]  ? device_attach+0x20/0x20
[   21.313204][  T115]  bus_probe_device+0xbb/0x200
[   21.317969][  T115]  device_add+0x105a/0x1750
[   21.322450][  T115]  ? dev_set_name+0x120/0x120
[   21.327118][  T115]  ? kfree+0x12b/0x600
[   21.331194][  T115]  usb_set_configuration+0x184c/0x1dc0
[   21.332198][  T413] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[   21.336639][  T115]  generic_probe+0x82/0x140
[   21.348563][  T115]  really_probe+0x764/0xf70
[   21.353073][  T115]  driver_probe_device+0xe6/0x230
[   21.358196][  T115]  ? coredump_store+0x90/0x90
[   21.363982][  T115]  bus_for_each_drv+0x17a/0x200
[   21.368873][  T115]  ? subsys_find_device_by_id+0x340/0x340
[   21.374576][  T115]  __device_attach+0x27b/0x420
[   21.379353][  T115]  ? skb_release_head_state+0x1d0/0x210
[   21.384890][  T115]  ? device_attach+0x20/0x20
[   21.389458][  T115]  bus_probe_device+0xbb/0x200
[   21.394194][  T115]  device_add+0x105a/0x1750
[   21.398670][  T115]  ? dev_set_name+0x120/0x120
[   21.403342][  T115]  usb_new_device+0xda7/0x1710
[   21.408170][  T115]  ? hub_port_init+0x1e9e/0x30e0
[   21.413084][  T115]  ? usb_disconnect+0x880/0x880
[   21.417921][  T115]  hub_event+0x2963/0x4fa0
[   21.422367][  T115]  ? led_work+0x530/0x530
[   21.426672][  T115]  ? pm_schedule_suspend+0x1d0/0x1d0
[   21.431932][  T115]  ? _raw_spin_lock+0x170/0x170
[   21.436756][  T115]  ? mutex_lock+0xa6/0x110
[   21.441582][  T115]  ? _raw_spin_lock_irq+0xa2/0x180
[   21.446687][  T115]  ? read_word_at_a_time+0xe/0x20
[   21.451717][  T115]  ? strscpy+0xa6/0x260
[   21.455853][  T115]  process_one_work+0x777/0xf90
[   21.460681][  T115]  worker_thread+0xa8f/0x1430
[   21.465356][  T115]  ? _raw_spin_lock+0x170/0x170
[   21.470299][  T115]  kthread+0x2df/0x300
[   21.474389][  T115]  ? process_one_work+0xf90/0xf90
[   21.474397][  T115]  ? kthread_destroy_worker+0x280/0x280
[   21.474406][  T115]  ret_from_fork+0x1f/0x30
[   21.474415][  T115] 
[   21.491698][  T115] Allocated by task 379:
[   21.495979][  T115]  __kasan_kmalloc+0x12c/0x1c0
[K[   21.500735][  T115]  kmem_cache_alloc+0x1d5/0x260
[   21.505935][  T115]  __alloc_file+0x26/0x390
[   21.510356][  T115]  alloc_empty_file+0xa9/0x1b0
[   21.515123][  T115]  path_openat+0x11e/0x3d10
[[   21.519627][  T115]  do_filp_open+0x20d/0x440
[   21.524210][  T115]  do_sys_open+0x387/0x7d0
[0;1;31m*[0m[[   21.528662][  T115]  do_syscall_64+0xcb/0x150
[   21.534548][  T115]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
0;31m*    [0m[   21.540439][  T115] 
[   21.543973][  T115] Freed by task 0:
[   21.547706][  T115]  __kasan_slab_free+0x181/0x230
[   21.552649][  T115]  slab_free_freelist_hook+0xd0/0x150
] [   21.558013][  T115]  kmem_cache_free+0xac/0x600
[   21.562836][  T115]  rcu_core+0xbf0/0x1360
A start job is r[   21.567088][  T115]  __do_softirq+0x2d5/0x725
[   21.572970][  T115] 
[   21.575311][  T115] The buggy address belongs to the object at ffff8881d029d140
[   21.575311][  T115]  which belongs to the cache filp of size 256
[   21.588773][  T115] The buggy address is located 40 bytes inside of
[   21.588773][  T115]  256-byte region [ffff8881d029d140, ffff8881d029d240)
[   21.602125][  T115] The buggy address belongs to the page:
unning for dev-t[   21.607775][  T115] page:ffffea000740a740 refcount:1 mapcount:0 mapping:ffff8881da8ef900 index:0x0
[   21.618266][  T115] flags: 0x8000000000000200(slab)
[   21.623302][  T115] raw: 8000000000000200 ffffea000742afc0 0000000a0000000a ffff8881da8ef900
tyS0.device (16s[   21.631901][  T115] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[   21.641878][  T115] page dumped because: kasan: bad access detected
[   21.648284][  T115] 
[   21.650602][  T115] Memory state around the buggy address:
[   21.656235][  T115]  ffff8881d029d000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.664300][  T115]  ffff8881d029d080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.672391][  T115] >ffff8881d029d100: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   21.680449][  T115]                                                           ^
 / 1min 30s)[   21.687916][  T115]  ffff8881d029d180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   21.697009][  T115]  ffff8881d029d200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   21.705056][  T115] ==================================================================
[   21.713111][  T115] Disabling lock debugging due to kernel taint
[   21.719563][  T115] ------------[ cut here ]------------
[   21.725059][  T115] WARNING: CPU: 1 PID: 115 at mm/page_alloc.c:4809 __alloc_pages_nodemask+0x529/0x7c0
[   21.734583][  T115] Modules linked in:
[   21.738461][  T115] CPU: 1 PID: 115 Comm: kworker/1:1 Tainted: G    B             5.4.40-syzkaller-00122-g79c00997a007 #0
[   21.749576][  T115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   21.759629][  T115] Workqueue: usb_hub_wq hub_event
[   21.764704][  T115] RIP: 0010:__alloc_pages_nodemask+0x529/0x7c0
[   21.770856][  T115] Code: 24 e0 00 00 00 0f 85 a3 02 00 00 4c 89 e0 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 41 f7 c6 00 20 00 00 0f 85 c9 fc ff ff <0f> 0b 45 31 e4 eb 96 31 db e9 24 fc ff ff 65 48 8b 1c 25 00 ed 01
[   21.790463][  T115] RSP: 0018:ffff8881d9c36620 EFLAGS: 00010046
[   21.796652][  T115] RAX: ffff8881d9c366a0 RBX: 0000000000000012 RCX: 0000000000000000
[   21.804620][  T115] RDX: 0000000000000028 RSI: 0000000000000000 RDI: ffff8881d9c366c8
[   21.812573][  T115] RBP: ffff8881d9c36758 R08: dffffc0000000000 R09: ffff8881d9c366a0
[   21.820550][  T115] R10: ffffed103b386cd9 R11: 0000000000000000 R12: 0000000020000007
[   21.828518][  T115] R13: ffff8881d9c366a0 R14: 0000000000040a20 R15: dffffc0000000000
[   21.836488][  T115] FS:  0000000000000000(0000) GS:ffff8881db900000(0000) knlGS:0000000000000000
[   21.845411][  T115] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   21.852008][  T115] CR2: 00007f68ca763010 CR3: 00000001c6356003 CR4: 00000000001606e0
[   21.859974][  T115] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   21.867941][  T115] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   21.875905][  T115] Call Trace:
[   21.879197][  T115]  ? gfp_pfmemalloc_allowed+0x130/0x130
[   21.884728][  T115]  kmalloc_order_trace+0x2a/0xf0
[   21.889773][  T115]  __kmalloc+0x268/0x2d0
[   21.894013][  T115]  hid_alloc_report_buf+0x73/0xc0
[   21.899131][  T115]  usbhid_submit_report+0x499/0xb50
[   21.904340][  T115]  ? __kasan_report+0x1c6/0x1e0
[   21.909236][  T115]  ? usbhid_init_reports+0x2a0/0x2a0
[   21.914507][  T115]  ? input_ff_create+0x2c3/0x350
[   21.919442][  T115]  ? usbhid_parse+0xe60/0xe60
[   21.924682][  T115]  betop_probe+0x550/0x5c0
[   21.929095][  T115]  hid_device_probe+0x27a/0x420
[   21.933954][  T115]  really_probe+0x707/0xf70
[   21.938448][  T115]  driver_probe_device+0xe6/0x230
[   21.943471][  T115]  ? coredump_store+0x90/0x90
[   21.948148][  T115]  bus_for_each_drv+0x17a/0x200
[   21.953003][  T115]  ? subsys_find_device_by_id+0x340/0x340
[   21.958725][  T115]  __device_attach+0x27b/0x420
[   21.963508][  T115]  ? skb_release_head_state+0x1d0/0x210
[   21.969069][  T115]  ? device_attach+0x20/0x20
[   21.973651][  T115]  bus_probe_device+0xbb/0x200
[   21.978418][  T115]  device_add+0x105a/0x1750
[   21.982921][  T115]  ? __d_instantiate+0x3c6/0x700
[   21.987856][  T115]  ? dev_set_name+0x120/0x120
[   21.992528][  T115]  ? hid_debug_register+0xcd/0x140
[   21.997633][  T115]  hid_add_device+0xd7e/0xfd0
[   22.002311][  T115]  ? gfp_pfmemalloc_allowed+0x130/0x130
[   22.007848][  T115]  ? snprintf+0xd9/0x120
[   22.012094][  T115]  ? usbhid_probe+0x6c2/0xcc0
[   22.016764][  T115]  ? hid_device_remove+0x390/0x390
[   22.021886][  T115]  ? kasan_kmalloc_large+0xff/0x110
[   22.027083][  T115]  ? init_timer_key+0x2c/0x1d0
[   22.031852][  T115]  usbhid_probe+0x94e/0xcc0
[   22.036406][  T115]  usb_probe_interface+0x631/0xad0
[   22.041521][  T115]  really_probe+0x764/0xf70
[   22.046027][  T115]  driver_probe_device+0xe6/0x230
[   22.051051][  T115]  ? coredump_store+0x90/0x90
[   22.055834][  T115]  bus_for_each_drv+0x17a/0x200
[   22.060686][  T115]  ? subsys_find_device_by_id+0x340/0x340
[   22.066404][  T115]  __device_attach+0x27b/0x420
[   22.071181][  T115]  ? skb_release_head_state+0x1d0/0x210
[   22.076726][  T115]  ? device_attach+0x20/0x20
[   22.081335][  T115]  bus_probe_device+0xbb/0x200
[   22.086108][  T115]  device_add+0x105a/0x1750
[   22.090609][  T115]  ? dev_set_name+0x120/0x120
[   22.095324][  T115]  ? kfree+0x12b/0x600
[   22.099386][  T115]  usb_set_configuration+0x184c/0x1dc0
[   22.104836][  T115]  generic_probe+0x82/0x140
[   22.109343][  T115]  really_probe+0x764/0xf70
[   22.113894][  T115]  driver_probe_device+0xe6/0x230
[   22.118928][  T115]  ? coredump_store+0x90/0x90
[   22.123604][  T115]  bus_for_each_drv+0x17a/0x200
[   22.128453][  T115]  ? subsys_find_device_by_id+0x340/0x340
[   22.134173][  T115]  __device_attach+0x27b/0x420
[   22.138940][  T115]  ? skb_release_head_state+0x1d0/0x210
[   22.144478][  T115]  ? device_attach+0x20/0x20
[   22.149058][  T115]  bus_probe_device+0xbb/0x200
[   22.153811][  T115]  device_add+0x105a/0x1750
[   22.158304][  T115]  ? dev_set_name+0x120/0x120
[   22.162970][  T115]  usb_new_device+0xda7/0x1710
[   22.167732][  T115]  ? hub_port_init+0x1e9e/0x30e0
[   22.172666][  T115]  ? usb_disconnect+0x880/0x880
[   22.177513][  T115]  hub_event+0x2963/0x4fa0
[   22.181930][  T115]  ? led_work+0x530/0x530
[   22.186257][  T115]  ? pm_schedule_suspend+0x1d0/0x1d0
[   22.191541][  T115]  ? _raw_spin_lock+0x170/0x170
[   22.196379][  T115]  ? mutex_lock+0xa6/0x110
[   22.200789][  T115]  ? _raw_spin_lock_irq+0xa2/0x180
[   22.205896][  T115]  ? read_word_at_a_time+0xe/0x20
[   22.210913][  T115]  ? strscpy+0xa6/0x260
[   22.215071][  T115]  process_one_work+0x777/0xf90
[   22.219929][  T115]  worker_thread+0xa8f/0x1430
[   22.224606][  T115]  ? _raw_spin_lock+0x170/0x170
[   22.229452][  T115]  kthread+0x2df/0x300
[   22.233520][  T115]  ? process_one_work+0xf90/0xf90
[   22.238545][  T115]  ? kthread_destroy_worker+0x280/0x280
[   22.244082][  T115]  ret_from_fork+0x1f/0x30
[   22.248589][  T115] ---[ end trace ed459a7fa9582a96 ]---
[   22.254039][