[info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 15.020638][ C1] random: crng init done [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.61' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 49.449155][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 49.689085][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 49.809187][ T12] usb 1-1: config 0 has an invalid interface number: 26 but max is 0 [ 49.817324][ T12] usb 1-1: config 0 has no interface number 0 [ 49.823476][ T12] usb 1-1: config 0 interface 26 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0 [ 49.833465][ T12] usb 1-1: New USB device found, idVendor=2040, idProduct=4902, bcdDevice=ff.51 [ 49.842719][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 49.852113][ T12] usb 1-1: config 0 descriptor?? [ 50.109187][ T12] hdpvr 1-1:0.26: firmware version 0x6 dated ¶ÐÅÊÙz&Ö¡>–ﶀ?û¿èŽe §GdÄ[ËÀw‹ÐÆÖ$½´ aliases.conf [ 50.120347][ T12] hdpvr 1-1:0.26: untested firmware, the driver might not work. executing program [ 50.861219][ T12] ir-kbd-i2c 0-0071: IR for HDPVR is known to cause problems during recording, use enable_hdpvr modparam to enable [ 50.889230][ T12] hdpvr 1-1:0.26: Could not setup controls [ 50.895279][ T12] hdpvr 1-1:0.26: registering videodev failed [ 50.904391][ T12] hdpvr: probe of 1-1:0.26 failed with error -71 [ 50.912277][ T12] usb 1-1: USB disconnect, device number 2 [ 51.269553][ T12] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 51.509172][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 51.629188][ T12] usb 1-1: config 0 has an invalid interface number: 26 but max is 0 [ 51.637278][ T12] usb 1-1: config 0 has no interface number 0 [ 51.643565][ T12] usb 1-1: config 0 interface 26 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0 [ 51.653419][ T12] usb 1-1: New USB device found, idVendor=2040, idProduct=4902, bcdDevice=ff.51 [ 51.662496][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.671649][ T12] usb 1-1: config 0 descriptor?? [ 51.929182][ T12] hdpvr 1-1:0.26: firmware version 0x6 dated ¶ÐÅÊÙz&Ö¡>–ﶀ?û¿èŽe §GdÄ[ËÀw‹ÐÆÖ$½´ [ 51.939161][ T12] hdpvr 1-1:0.26: untested firmware, the driver might not work. executing program [ 52.680127][ T12] ir-kbd-i2c 0-0071: IR for HDPVR is known to cause problems during recording, use enable_hdpvr modparam to enable [ 52.709189][ T12] hdpvr 1-1:0.26: Could not setup controls [ 52.715188][ T12] hdpvr 1-1:0.26: registering videodev failed [ 52.723063][ T12] hdpvr: probe of 1-1:0.26 failed with error -71 [ 52.730147][ T12] usb 1-1: USB disconnect, device number 3 [ 53.079086][ T12] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 53.319103][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 53.439125][ T12] usb 1-1: config 0 has an invalid interface number: 26 but max is 0 [ 53.447298][ T12] usb 1-1: config 0 has no interface number 0 [ 53.453421][ T12] usb 1-1: config 0 interface 26 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0 [ 53.463311][ T12] usb 1-1: New USB device found, idVendor=2040, idProduct=4902, bcdDevice=ff.51 [ 53.472377][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 53.481321][ T12] usb 1-1: config 0 descriptor?? [ 53.739198][ T12] hdpvr 1-1:0.26: firmware version 0x6 dated ¶ÐÅÊÙz&Ö¡>–ﶀ?û¿èŽe §GdÄ[ËÀw‹ÐÆÖ$½´ [ 53.749176][ T12] hdpvr 1-1:0.26: untested firmware, the driver might not work. executing program [ 54.490006][ T12] ir-kbd-i2c 0-0071: IR for HDPVR is known to cause problems during recording, use enable_hdpvr modparam to enable [ 54.519203][ T12] hdpvr 1-1:0.26: Could not setup controls [ 54.525353][ T12] hdpvr 1-1:0.26: registering videodev failed [ 54.533082][ T12] hdpvr: probe of 1-1:0.26 failed with error -71 [ 54.540124][ T12] usb 1-1: USB disconnect, device number 4 [ 54.889091][ T12] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 55.129116][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 55.249180][ T12] usb 1-1: config 0 has an invalid interface number: 26 but max is 0 [ 55.257275][ T12] usb 1-1: config 0 has no interface number 0 [ 55.263423][ T12] usb 1-1: config 0 interface 26 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0 [ 55.273292][ T12] usb 1-1: New USB device found, idVendor=2040, idProduct=4902, bcdDevice=ff.51 [ 55.282349][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.291349][ T12] usb 1-1: config 0 descriptor?? [ 55.550832][ T12] ================================================================== [ 55.550836][ T12] BUG: KASAN: slab-out-of-bounds in string_nocheck+0x1d2/0x200 [ 55.550839][ T12] Read of size 1 at addr ffff8881d2e8b8e0 by task kworker/0:1/12 [ 55.550840][ T12] [ 55.550843][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.2.0-rc6+ #14 [ 55.550846][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.550848][ T12] Workqueue: usb_hub_wq hub_event [ 55.550851][ T12] Call Trace: [ 55.550852][ T12] dump_stack+0xca/0x13e [ 55.550854][ T12] ? string_nocheck+0x1d2/0x200 [ 55.550856][ T12] ? string_nocheck+0x1d2/0x200 [ 55.550858][ T12] print_address_description+0x67/0x231 [ 55.550860][ T12] ? string_nocheck+0x1d2/0x200 [ 55.550861][ T12] ? string_nocheck+0x1d2/0x200 [ 55.550863][ T12] __kasan_report.cold+0x1a/0x32 [ 55.550865][ T12] ? string_nocheck+0x1d2/0x200 [ 55.550866][ T12] kasan_report+0xe/0x20 [ 55.550868][ T12] string_nocheck+0x1d2/0x200 [ 55.550870][ T12] ? widen_string+0x2a0/0x2a0 [ 55.550872][ T12] ? __lock_acquire+0x54a/0x5340 [ 55.550874][ T12] ? usb_new_device.cold+0x8c1/0x1016 [ 55.550876][ T12] ? hub_event+0x1b3d/0x35f0 [ 55.550878][ T12] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 55.550879][ T12] string+0xe5/0xf0 [ 55.550881][ T12] ? hex_string+0x4c0/0x4c0 [ 55.550883][ T12] vsnprintf+0x7d3/0x14f0 [ 55.550884][ T12] ? pointer+0x6b0/0x6b0 [ 55.550886][ T12] vscnprintf+0x29/0x80 [ 55.550887][ T12] vprintk_store+0x40/0x4b0 [ 55.550889][ T12] vprintk_emit+0xc8/0x3e0 [ 55.550891][ T12] vprintk_func+0x75/0x113 [ 55.550892][ T12] printk+0xba/0xed [ 55.550894][ T12] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 55.550896][ T12] ? refcount_inc_checked+0x1d/0x60 [ 55.550898][ T12] hdpvr_probe.cold+0x194/0x1247 [ 55.550900][ T12] usb_probe_interface+0x305/0x7a0 [ 55.550901][ T12] ? usb_probe_device+0x100/0x100 [ 55.550903][ T12] really_probe+0x281/0x660 [ 55.550905][ T12] driver_probe_device+0x104/0x210 [ 55.550907][ T12] __device_attach_driver+0x1c2/0x220 [ 55.550909][ T12] ? driver_allows_async_probing+0x160/0x160 [ 55.550911][ T12] bus_for_each_drv+0x15c/0x1e0 [ 55.550913][ T12] ? bus_rescan_devices+0x20/0x20 [ 55.550915][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 55.550917][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 55.550918][ T12] __device_attach+0x217/0x360 [ 55.550920][ T12] ? device_bind_driver+0xd0/0xd0 [ 55.550922][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 55.550924][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 55.550926][ T12] bus_probe_device+0x1e4/0x290 [ 55.550928][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 55.550929][ T12] device_add+0xae6/0x16f0 [ 55.550931][ T12] ? uevent_store+0x50/0x50 [ 55.550933][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 55.550935][ T12] usb_set_configuration+0xdf6/0x1670 [ 55.550937][ T12] generic_probe+0x9d/0xd5 [ 55.550939][ T12] usb_probe_device+0x99/0x100 [ 55.550940][ T12] ? usb_suspend+0x620/0x620 [ 55.550942][ T12] really_probe+0x281/0x660 [ 55.550944][ T12] driver_probe_device+0x104/0x210 [ 55.550946][ T12] __device_attach_driver+0x1c2/0x220 [ 55.550948][ T12] ? driver_allows_async_probing+0x160/0x160 [ 55.550950][ T12] bus_for_each_drv+0x15c/0x1e0 [ 55.550952][ T12] ? bus_rescan_devices+0x20/0x20 [ 55.550954][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 55.550956][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 55.550957][ T12] __device_attach+0x217/0x360 [ 55.550959][ T12] ? device_bind_driver+0xd0/0xd0 [ 55.550961][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 55.550963][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 55.550965][ T12] bus_probe_device+0x1e4/0x290 [ 55.550967][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 55.550968][ T12] device_add+0xae6/0x16f0 [ 55.550970][ T12] ? uevent_store+0x50/0x50 [ 55.550972][ T12] usb_new_device.cold+0x8c1/0x1016 [ 55.550974][ T12] ? usb_port_suspend+0xa40/0xa40 [ 55.550976][ T12] ? mark_held_locks+0x9f/0xe0 [ 55.550977][ T12] ? _raw_spin_unlock_irq+0x24/0x30 [ 55.550979][ T12] hub_event+0x1b3d/0x35f0 [ 55.550981][ T12] ? hub_port_debounce+0x260/0x260 [ 55.550983][ T12] process_one_work+0x905/0x1570 [ 55.550985][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 55.550986][ T12] ? do_raw_spin_lock+0x11a/0x280 [ 55.550988][ T12] worker_thread+0x7ab/0xe20 [ 55.550990][ T12] ? process_one_work+0x1570/0x1570 [ 55.550992][ T12] kthread+0x30b/0x410 [ 55.550993][ T12] ? kthread_park+0x1a0/0x1a0 [ 55.550995][ T12] ret_from_fork+0x24/0x30 [ 55.550996][ T12] [ 55.550998][ T12] Allocated by task 12: [ 55.550999][ T12] save_stack+0x1b/0x80 [ 55.551001][ T12] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 55.551003][ T12] hdpvr_probe+0x1ce/0xac0 [ 55.551005][ T12] usb_probe_interface+0x305/0x7a0 [ 55.551007][ T12] really_probe+0x281/0x660 [ 55.551009][ T12] driver_probe_device+0x104/0x210 [ 55.551010][ T12] __device_attach_driver+0x1c2/0x220 [ 55.551012][ T12] bus_for_each_drv+0x15c/0x1e0 [ 55.551014][ T12] __device_attach+0x217/0x360 [ 55.551016][ T12] bus_probe_device+0x1e4/0x290 [ 55.551017][ T12] device_add+0xae6/0x16f0 [ 55.551019][ T12] usb_set_configuration+0xdf6/0x1670 [ 55.551021][ T12] generic_probe+0x9d/0xd5 [ 55.551023][ T12] usb_probe_device+0x99/0x100 [ 55.551024][ T12] really_probe+0x281/0x660 [ 55.551026][ T12] driver_probe_device+0x104/0x210 [ 55.551028][ T12] __device_attach_driver+0x1c2/0x220 [ 55.551030][ T12] bus_for_each_drv+0x15c/0x1e0 [ 55.551032][ T12] __device_attach+0x217/0x360 [ 55.551033][ T12] bus_probe_device+0x1e4/0x290 [ 55.551035][ T12] device_add+0xae6/0x16f0 [ 55.551037][ T12] usb_new_device.cold+0x8c1/0x1016 [ 55.551039][ T12] hub_event+0x1b3d/0x35f0 [ 55.551040][ T12] process_one_work+0x905/0x1570 [ 55.551042][ T12] worker_thread+0x7ab/0xe20 [ 55.551044][ T12] kthread+0x30b/0x410 [ 55.551045][ T12] ret_from_fork+0x24/0x30 [ 55.551046][ T12] [ 55.551048][ T12] Freed by task 0: [ 55.551050][ T12] (stack is not available) [ 55.551051][ T12] [ 55.551054][ T12] The buggy address belongs to the object at ffff8881d2e8b8a0 [ 55.551056][ T12] which belongs to the cache kmalloc-64 of size 64 [ 55.551058][ T12] The buggy address is located 0 bytes to the right of [ 55.551061][ T12] 64-byte region [ffff8881d2e8b8a0, ffff8881d2e8b8e0) [ 55.551063][ T12] The buggy address belongs to the page: [ 55.551066][ T12] page:ffffea00074ba2c0 refcount:1 mapcount:0 mapping:ffff8881dac03600 index:0x0 [ 55.551069][ T12] flags: 0x200000000000200(slab) [ 55.551072][ T12] raw: 0200000000000200 dead000000000100 dead000000000200 ffff8881dac03600 [ 55.551075][ T12] raw: 0000000000000000 00000000802a002a 00000001ffffffff 0000000000000000 [ 55.551078][ T12] page dumped because: kasan: bad access detected [ 55.551079][ T12] [ 55.551081][ T12] Memory state around the buggy address: [ 55.551084][ T12] ffff8881d2e8b780: 00 00 00 00 00 00 fc fc fc fc fc fc fb fb fb fb [ 55.551087][ T12] ffff8881d2e8b800: fb fb fb fb fc fc fc fc fb fb fb fb fb fb fb fb [ 55.551089][ T12] >ffff8881d2e8b880: fc fc fc fc 00 00 00 00 00 00 00 00 fc fc fc fc [ 55.551092][ T12] ^ [ 55.551095][ T12] ffff8881d2e8b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.551098][ T12] ffff8881d2e8b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.551101][ T12] ================================================================== [ 55.551103][ T12] Disabling lock debugging due to kernel taint [ 55.551105][ T12] Kernel panic - not syncing: panic_on_warn set ... [ 55.551108][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G B 5.2.0-rc6+ #14 [ 55.551112][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.551113][ T12] Workqueue: usb_hub_wq hub_event [ 55.551116][ T12] Call Trace: [ 55.551117][ T12] dump_stack+0xca/0x13e [ 55.551119][ T12] panic+0x292/0x6c9 [ 55.551121][ T12] ? __warn_printk+0xf3/0xf3 [ 55.551122][ T12] ? lock_downgrade+0x630/0x630 [ 55.551124][ T12] ? print_shadow_for_address+0xb8/0x114 [ 55.551126][ T12] ? trace_hardirqs_off+0x50/0x1c0 [ 55.551128][ T12] ? string_nocheck+0x1d2/0x200 [ 55.551130][ T12] end_report+0x43/0x49 [ 55.551131][ T12] ? string_nocheck+0x1d2/0x200 [ 55.551133][ T12] __kasan_report.cold+0xd/0x32 [ 55.551135][ T12] ? string_nocheck+0x1d2/0x200 [ 55.551136][ T12] kasan_report+0xe/0x20 [ 55.551138][ T12] string_nocheck+0x1d2/0x200 [ 55.551140][ T12] ? widen_string+0x2a0/0x2a0 [ 55.551142][ T12] ? __lock_acquire+0x54a/0x5340 [ 55.551144][ T12] ? usb_new_device.cold+0x8c1/0x1016 [ 55.551145][ T12] ? hub_event+0x1b3d/0x35f0 [ 55.551147][ T12] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 55.551149][ T12] string+0xe5/0xf0 [ 55.551150][ T12] ? hex_string+0x4c0/0x4c0 [ 55.551152][ T12] vsnprintf+0x7d3/0x14f0 [ 55.551154][ T12] ? pointer+0x6b0/0x6b0 [ 55.551155][ T12] vscnprintf+0x29/0x80 [ 55.551157][ T12] vprintk_store+0x40/0x4b0 [ 55.551159][ T12] vprintk_emit+0xc8/0x3e0 [ 55.551160][ T12] vprintk_func+0x75/0x113 [ 55.551162][ T12] printk+0xba/0xed [ 55.551164][ T12] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 55.551166][ T12] ? refcount_inc_checked+0x1d/0x60 [ 55.551167][ T12] hdpvr_probe.cold+0x194/0x1247 [ 55.551169][ T12] usb_probe_interface+0x305/0x7a0 [ 55.551171][ T12] ? usb_probe_device+0x100/0x100 [ 55.551173][ T12] really_probe+0x281/0x660 [ 55.551175][ T12] driver_probe_device+0x104/0x210 [ 55.551177][ T12] __device_attach_driver+0x1c2/0x220 [ 55.551179][ T12] ? driver_allows_async_probing+0x160/0x160 [ 55.551180][ T12] bus_for_each_drv+0x15c/0x1e0 [ 55.551182][ T12] ? bus_rescan_devices+0x20/0x20 [ 55.551184][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 55.551186][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 55.551188][ T12] __device_attach+0x217/0x360 [ 55.551190][ T12] ? device_bind_driver+0xd0/0xd0 [ 55.551192][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 55.551194][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 55.551195][ T12] bus_probe_device+0x1e4/0x290 [ 55.551198][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 55.551199][ T12] device_add+0xae6/0x16f0 [ 55.551201][ T12] ? uevent_store+0x50/0x50 [ 55.551203][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 55.551205][ T12] usb_set_configuration+0xdf6/0x1670 [ 55.551207][ T12] generic_probe+0x9d/0xd5 [ 55.551209][ T12] usb_probe_device+0x99/0x100 [ 55.551210][ T12] ? usb_suspend+0x620/0x620 [ 55.551212][ T12] really_probe+0x281/0x660 [ 55.551214][ T12] driver_probe_device+0x104/0x210 [ 55.551216][ T12] __device_attach_driver+0x1c2/0x220 [ 55.551218][ T12] ? driver_allows_async_probing+0x160/0x160 [ 55.551220][ T12] bus_for_each_drv+0x15c/0x1e0 [ 55.551221][ T12] ? bus_rescan_devices+0x20/0x20 [ 55.551223][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 55.551225][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 55.551227][ T12] __device_attach+0x217/0x360 [ 55.551229][ T12] ? device_bind_driver+0xd0/0xd0 [ 55.551231][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 55.551233][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 55.551234][ T12] bus_probe_device+0x1e4/0x290 [ 55.551237][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 55.551238][ T12] device_add+0xae6/0x16f0 [ 55.551240][ T12] ? uevent_store+0x50/0x50 [ 55.551242][ T12] usb_new_device.cold+0x8c1/0x1016 [ 55.551244][ T12] ? usb_port_suspend+0xa40/0xa40 [ 55.551245][ T12] ? mark_held_locks+0x9f/0xe0 [ 55.551247][ T12] ? _raw_spin_unlock_irq+0x24/0x30 [ 55.551249][ T12] hub_event+0x1b3d/0x35f0 [ 55.551251][ T12] ? hub_port_debounce+0x260/0x260 [ 55.551253][ T12] process_one_work+0x905/0x1570 [ 55.551255][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 55.551256][ T12] ? do_raw_spin_lock+0x11a/0x280 [ 55.551258][ T12] worker_thread+0x7ab/0xe20 [ 55.551260][ T12] ? process_one_work+0x1570/0x1570 [ 55.551261][ T12] kthread+0x30b/0x410 [ 55.551263][ T12] ? kthread_park+0x1a0/0x1a0 [ 55.551265][ T12] ret_from_fork+0x24/0x30 [ 55.551267][ T12] Kernel Offset: disabled