Warning: Permanently added '10.128.0.182' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.940307][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 28.180259][ T12] usb 1-1: Using ep0 maxpacket: 16 [ 28.300385][ T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.311443][ T12] usb 1-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00 [ 28.320619][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.329810][ T12] usb 1-1: config 0 descriptor?? [ 28.801846][ T12] acrux 0003:1A34:F705.0001: unknown main item tag 0x2 [ 28.808937][ T12] acrux 0003:1A34:F705.0001: unknown main item tag 0x2 [ 28.817516][ T12] acrux 0003:1A34:F705.0001: hidraw0: USB HID v0.00 Device [HID 1a34:f705] on usb-dummy_hcd.0-1/input0 [ 28.828730][ T12] ================================================================== [ 28.836857][ T12] BUG: KASAN: slab-out-of-bounds in ax_probe+0x369/0x540 [ 28.843941][ T12] Write of size 8 at addr ffff8881d538acc0 by task kworker/0:1/12 [ 28.851713][ T12] [ 28.854020][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.4.0-rc3+ #0 [ 28.861356][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.871776][ T12] Workqueue: usb_hub_wq hub_event [ 28.876772][ T12] Call Trace: [ 28.880042][ T12] dump_stack+0xca/0x13e [ 28.884306][ T12] ? ax_probe+0x369/0x540 [ 28.888608][ T12] ? ax_probe+0x369/0x540 [ 28.892913][ T12] print_address_description.constprop.0+0x36/0x50 [ 28.899389][ T12] ? ax_probe+0x369/0x540 [ 28.903691][ T12] ? ax_probe+0x369/0x540 [ 28.907994][ T12] __kasan_report.cold+0x1a/0x33 [ 28.912904][ T12] ? ax_probe+0x369/0x540 [ 28.917294][ T12] kasan_report+0xe/0x20 [ 28.921510][ T12] check_memory_region+0x128/0x190 [ 28.926594][ T12] ax_probe+0x369/0x540 [ 28.930732][ T12] ? ax_remove+0x20/0x20 [ 28.934959][ T12] hid_device_probe+0x2be/0x3f0 [ 28.939781][ T12] ? hid_match_device+0x1f0/0x1f0 [ 28.944781][ T12] really_probe+0x281/0x6d0 [ 28.949272][ T12] driver_probe_device+0x104/0x210 [ 28.954365][ T12] __device_attach_driver+0x1c2/0x220 [ 28.959724][ T12] ? driver_allows_async_probing+0x160/0x160 [ 28.965690][ T12] bus_for_each_drv+0x162/0x1e0 [ 28.970528][ T12] ? bus_rescan_devices+0x20/0x20 [ 28.975536][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 28.981322][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 28.986583][ T12] __device_attach+0x217/0x360 [ 28.991324][ T12] ? device_bind_driver+0xd0/0xd0 [ 28.996321][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 29.001594][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 29.006851][ T12] bus_probe_device+0x1e4/0x290 [ 29.011679][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 29.017552][ T12] device_add+0xae6/0x16f0 [ 29.021946][ T12] ? uevent_store+0x50/0x50 [ 29.026425][ T12] ? __debugfs_create_file+0x301/0x3f0 [ 29.031869][ T12] hid_add_device+0x33c/0x9a0 [ 29.036519][ T12] ? debug_object_fixup+0x30/0x30 [ 29.041526][ T12] ? __hid_bus_reprobe_drivers+0x130/0x130 [ 29.047304][ T12] ? lockdep_init_map+0x1b0/0x5e0 [ 29.052302][ T12] usbhid_probe+0xa81/0xfa0 [ 29.056779][ T12] usb_probe_interface+0x305/0x7a0 [ 29.061880][ T12] ? usb_probe_device+0x100/0x100 [ 29.066876][ T12] really_probe+0x281/0x6d0 [ 29.071351][ T12] driver_probe_device+0x104/0x210 [ 29.076432][ T12] __device_attach_driver+0x1c2/0x220 [ 29.081776][ T12] ? driver_allows_async_probing+0x160/0x160 [ 29.087726][ T12] bus_for_each_drv+0x162/0x1e0 [ 29.092547][ T12] ? bus_rescan_devices+0x20/0x20 [ 29.097552][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 29.103331][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 29.108586][ T12] __device_attach+0x217/0x360 [ 29.113333][ T12] ? device_bind_driver+0xd0/0xd0 [ 29.118331][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 29.123599][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 29.128864][ T12] bus_probe_device+0x1e4/0x290 [ 29.133690][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 29.139562][ T12] device_add+0xae6/0x16f0 [ 29.143950][ T12] ? uevent_store+0x50/0x50 [ 29.148427][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 29.154208][ T12] usb_set_configuration+0xdf6/0x1670 [ 29.159647][ T12] generic_probe+0x9d/0xd5 [ 29.164049][ T12] usb_probe_device+0x99/0x100 [ 29.168787][ T12] ? usb_suspend+0x620/0x620 [ 29.173351][ T12] really_probe+0x281/0x6d0 [ 29.177827][ T12] driver_probe_device+0x104/0x210 [ 29.182931][ T12] __device_attach_driver+0x1c2/0x220 [ 29.188290][ T12] ? driver_allows_async_probing+0x160/0x160 [ 29.194302][ T12] bus_for_each_drv+0x162/0x1e0 [ 29.199163][ T12] ? bus_rescan_devices+0x20/0x20 [ 29.204231][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 29.210023][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 29.215424][ T12] __device_attach+0x217/0x360 [ 29.220189][ T12] ? device_bind_driver+0xd0/0xd0 [ 29.225207][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 29.230505][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 29.235769][ T12] bus_probe_device+0x1e4/0x290 [ 29.240609][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 29.246475][ T12] device_add+0xae6/0x16f0 [ 29.250867][ T12] ? uevent_store+0x50/0x50 [ 29.255357][ T12] usb_new_device.cold+0x6a4/0xe79 [ 29.260442][ T12] hub_event+0x1dd0/0x37e0 [ 29.264831][ T12] ? hub_port_debounce+0x260/0x260 [ 29.269920][ T12] ? find_held_lock+0x2d/0x110 [ 29.274672][ T12] ? mark_held_locks+0xe0/0xe0 [ 29.279424][ T12] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 29.284948][ T12] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 29.290220][ T12] process_one_work+0x92b/0x1530 [ 29.295298][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 29.300655][ T12] ? do_raw_spin_lock+0x11a/0x280 [ 29.305658][ T12] worker_thread+0x96/0xe20 [ 29.310160][ T12] ? process_one_work+0x1530/0x1530 [ 29.315347][ T12] kthread+0x318/0x420 [ 29.319398][ T12] ? kthread_create_on_node+0xf0/0xf0 [ 29.324746][ T12] ret_from_fork+0x24/0x30 [ 29.329219][ T12] [ 29.331520][ T12] Allocated by task 12: [ 29.335666][ T12] save_stack+0x1b/0x80 [ 29.339795][ T12] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 29.345399][ T12] hidraw_connect+0x4b/0x3e0 [ 29.349970][ T12] hid_connect+0x5c7/0xbb0 [ 29.354386][ T12] hid_hw_start+0xa2/0x130 [ 29.358784][ T12] ax_probe+0x52/0x540 [ 29.362876][ T12] hid_device_probe+0x2be/0x3f0 [ 29.367708][ T12] really_probe+0x281/0x6d0 [ 29.372191][ T12] driver_probe_device+0x104/0x210 [ 29.377324][ T12] __device_attach_driver+0x1c2/0x220 [ 29.382680][ T12] bus_for_each_drv+0x162/0x1e0 [ 29.387507][ T12] __device_attach+0x217/0x360 [ 29.392252][ T12] bus_probe_device+0x1e4/0x290 [ 29.397074][ T12] device_add+0xae6/0x16f0 [ 29.401467][ T12] hid_add_device+0x33c/0x9a0 [ 29.406117][ T12] usbhid_probe+0xa81/0xfa0 [ 29.410599][ T12] usb_probe_interface+0x305/0x7a0 [ 29.415683][ T12] really_probe+0x281/0x6d0 [ 29.420167][ T12] driver_probe_device+0x104/0x210 [ 29.425258][ T12] __device_attach_driver+0x1c2/0x220 [ 29.430600][ T12] bus_for_each_drv+0x162/0x1e0 [ 29.435434][ T12] __device_attach+0x217/0x360 [ 29.440176][ T12] bus_probe_device+0x1e4/0x290 [ 29.445097][ T12] device_add+0xae6/0x16f0 [ 29.449484][ T12] usb_set_configuration+0xdf6/0x1670 [ 29.454827][ T12] generic_probe+0x9d/0xd5 [ 29.459216][ T12] usb_probe_device+0x99/0x100 [ 29.463950][ T12] really_probe+0x281/0x6d0 [ 29.468424][ T12] driver_probe_device+0x104/0x210 [ 29.473515][ T12] __device_attach_driver+0x1c2/0x220 [ 29.478859][ T12] bus_for_each_drv+0x162/0x1e0 [ 29.483680][ T12] __device_attach+0x217/0x360 [ 29.488414][ T12] bus_probe_device+0x1e4/0x290 [ 29.493238][ T12] device_add+0xae6/0x16f0 [ 29.497627][ T12] usb_new_device.cold+0x6a4/0xe79 [ 29.502771][ T12] hub_event+0x1dd0/0x37e0 [ 29.507159][ T12] process_one_work+0x92b/0x1530 [ 29.512068][ T12] worker_thread+0x96/0xe20 [ 29.516545][ T12] kthread+0x318/0x420 [ 29.520586][ T12] ret_from_fork+0x24/0x30 [ 29.524968][ T12] [ 29.527269][ T12] Freed by task 101: [ 29.531144][ T12] save_stack+0x1b/0x80 [ 29.535272][ T12] __kasan_slab_free+0x130/0x180 [ 29.540187][ T12] kfree+0xe4/0x320 [ 29.543984][ T12] usb_free_urb.part.0+0x7a/0xc0 [ 29.548900][ T12] usb_free_urb+0x1b/0x30 [ 29.553201][ T12] usb_start_wait_urb+0x1e5/0x2b0 [ 29.558197][ T12] usb_control_msg+0x31c/0x4a0 [ 29.562931][ T12] hub_ext_port_status+0x125/0x460 [ 29.568035][ T12] hub_activate+0x497/0x1570 [ 29.572598][ T12] process_one_work+0x92b/0x1530 [ 29.577507][ T12] worker_thread+0x96/0xe20 [ 29.581984][ T12] kthread+0x318/0x420 [ 29.586027][ T12] ret_from_fork+0x24/0x30 [ 29.590411][ T12] [ 29.592719][ T12] The buggy address belongs to the object at ffff8881d538ac00 [ 29.592719][ T12] which belongs to the cache kmalloc-192 of size 192 [ 29.606752][ T12] The buggy address is located 0 bytes to the right of [ 29.606752][ T12] 192-byte region [ffff8881d538ac00, ffff8881d538acc0) [ 29.621640][ T12] The buggy address belongs to the page: [ 29.627247][ T12] page:ffffea000754e280 refcount:1 mapcount:0 mapping:ffff8881da002a00 index:0x0 [ 29.636321][ T12] flags: 0x200000000000200(slab) [ 29.641243][ T12] raw: 0200000000000200 ffffea00075499c0 0000000c0000000c ffff8881da002a00 [ 29.649810][ T12] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 29.658363][ T12] page dumped because: kasan: bad access detected [ 29.664744][ T12] [ 29.667047][ T12] Memory state around the buggy address: [ 29.672671][ T12] ffff8881d538ab80: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.680704][ T12] ffff8881d538ac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.688738][ T12] >ffff8881d538ac80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 29.696767][ T12] ^ [ 29.702892][ T12] ffff8881d538ad00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.710926][ T12] ffff8881d538ad80: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 29.718956][ T12] ================================================================== [ 29.726996][ T12] Disabling lock debugging due to kernel taint [ 29.733410][ T12] Kernel panic - not syncing: panic_on_warn set ... [ 29.740015][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G B 5.4.0-rc3+ #0 [ 29.748776][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.758819][ T12] Workqueue: usb_hub_wq hub_event [ 29.763818][ T12] Call Trace: [ 29.767097][ T12] dump_stack+0xca/0x13e [ 29.771335][ T12] panic+0x2aa/0x6e1 [ 29.775213][ T12] ? add_taint.cold+0x16/0x16 [ 29.779877][ T12] ? retint_kernel+0x10/0x10 [ 29.784538][ T12] ? trace_hardirqs_on+0x55/0x1e0 [ 29.789543][ T12] ? ax_probe+0x369/0x540 [ 29.793848][ T12] end_report+0x43/0x49 [ 29.797994][ T12] ? ax_probe+0x369/0x540 [ 29.802300][ T12] __kasan_report.cold+0xd/0x33 [ 29.807129][ T12] ? ax_probe+0x369/0x540 [ 29.811432][ T12] kasan_report+0xe/0x20 [ 29.815662][ T12] check_memory_region+0x128/0x190 [ 29.820746][ T12] ax_probe+0x369/0x540 [ 29.827136][ T12] ? ax_remove+0x20/0x20 [ 29.831357][ T12] hid_device_probe+0x2be/0x3f0 [ 29.836191][ T12] ? hid_match_device+0x1f0/0x1f0 [ 29.841210][ T12] really_probe+0x281/0x6d0 [ 29.845699][ T12] driver_probe_device+0x104/0x210 [ 29.850793][ T12] __device_attach_driver+0x1c2/0x220 [ 29.856145][ T12] ? driver_allows_async_probing+0x160/0x160 [ 29.862106][ T12] bus_for_each_drv+0x162/0x1e0 [ 29.866934][ T12] ? bus_rescan_devices+0x20/0x20 [ 29.871934][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 29.877716][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 29.883104][ T12] __device_attach+0x217/0x360 [ 29.887842][ T12] ? device_bind_driver+0xd0/0xd0 [ 29.892843][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 29.898137][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 29.903440][ T12] bus_probe_device+0x1e4/0x290 [ 29.908280][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 29.914157][ T12] device_add+0xae6/0x16f0 [ 29.918555][ T12] ? uevent_store+0x50/0x50 [ 29.923039][ T12] ? __debugfs_create_file+0x301/0x3f0 [ 29.928484][ T12] hid_add_device+0x33c/0x9a0 [ 29.933146][ T12] ? debug_object_fixup+0x30/0x30 [ 29.938149][ T12] ? __hid_bus_reprobe_drivers+0x130/0x130 [ 29.943937][ T12] ? lockdep_init_map+0x1b0/0x5e0 [ 29.948937][ T12] usbhid_probe+0xa81/0xfa0 [ 29.953420][ T12] usb_probe_interface+0x305/0x7a0 [ 29.958506][ T12] ? usb_probe_device+0x100/0x100 [ 29.963505][ T12] really_probe+0x281/0x6d0 [ 29.967984][ T12] driver_probe_device+0x104/0x210 [ 29.973079][ T12] __device_attach_driver+0x1c2/0x220 [ 29.978427][ T12] ? driver_allows_async_probing+0x160/0x160 [ 29.984379][ T12] bus_for_each_drv+0x162/0x1e0 [ 29.989206][ T12] ? bus_rescan_devices+0x20/0x20 [ 29.994206][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 29.999992][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 30.005252][ T12] __device_attach+0x217/0x360 [ 30.009991][ T12] ? device_bind_driver+0xd0/0xd0 [ 30.015088][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 30.020353][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 30.025614][ T12] bus_probe_device+0x1e4/0x290 [ 30.030441][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 30.036316][ T12] device_add+0xae6/0x16f0 [ 30.040709][ T12] ? uevent_store+0x50/0x50 [ 30.045198][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 30.050980][ T12] usb_set_configuration+0xdf6/0x1670 [ 30.056330][ T12] generic_probe+0x9d/0xd5 [ 30.060721][ T12] usb_probe_device+0x99/0x100 [ 30.065462][ T12] ? usb_suspend+0x620/0x620 [ 30.070029][ T12] really_probe+0x281/0x6d0 [ 30.074513][ T12] driver_probe_device+0x104/0x210 [ 30.079601][ T12] __device_attach_driver+0x1c2/0x220 [ 30.084948][ T12] ? driver_allows_async_probing+0x160/0x160 [ 30.090911][ T12] bus_for_each_drv+0x162/0x1e0 [ 30.095739][ T12] ? bus_rescan_devices+0x20/0x20 [ 30.100739][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 30.106522][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 30.111790][ T12] __device_attach+0x217/0x360 [ 30.116543][ T12] ? device_bind_driver+0xd0/0xd0 [ 30.121556][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 30.126826][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 30.132094][ T12] bus_probe_device+0x1e4/0x290 [ 30.137019][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 30.142885][ T12] device_add+0xae6/0x16f0 [ 30.147275][ T12] ? uevent_store+0x50/0x50 [ 30.151756][ T12] usb_new_device.cold+0x6a4/0xe79 [ 30.156842][ T12] hub_event+0x1dd0/0x37e0 [ 30.161233][ T12] ? hub_port_debounce+0x260/0x260 [ 30.166332][ T12] ? find_held_lock+0x2d/0x110 [ 30.171180][ T12] ? mark_held_locks+0xe0/0xe0 [ 30.175938][ T12] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 30.181468][ T12] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 30.186738][ T12] process_one_work+0x92b/0x1530 [ 30.191654][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 30.197173][ T12] ? do_raw_spin_lock+0x11a/0x280 [ 30.202171][ T12] worker_thread+0x96/0xe20 [ 30.206650][ T12] ? process_one_work+0x1530/0x1530 [ 30.211832][ T12] kthread+0x318/0x420 [ 30.215884][ T12] ? kthread_create_on_node+0xf0/0xf0 [ 30.221230][ T12] ret_from_fork+0x24/0x30 [ 30.226514][ T12] Kernel Offset: disabled [ 30.230822][ T12] Rebooting in 86400 seconds..