Warning: Permanently added '10.128.0.68' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 30.171837][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 30.411783][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 30.531878][ T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.542889][ T12] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 30.555724][ T12] usb 1-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.40 [ 30.564854][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.574078][ T12] usb 1-1: config 0 descriptor?? [ 31.054302][ T12] acrux 0003:1A34:F705.0001: hidraw0: USB HID v0.00 Device [HID 1a34:f705] on usb-dummy_hcd.0-1/input0 [ 31.065539][ T12] ================================================================== [ 31.073639][ T12] BUG: KASAN: slab-out-of-bounds in ax_probe+0x369/0x540 [ 31.080650][ T12] Write of size 8 at addr ffff8881d5685bc0 by task kworker/0:1/12 [ 31.088439][ T12] [ 31.090749][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.3.0-rc5+ #28 [ 31.098176][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.108339][ T12] Workqueue: usb_hub_wq hub_event [ 31.113335][ T12] Call Trace: [ 31.116609][ T12] dump_stack+0xca/0x13e [ 31.120834][ T12] ? ax_probe+0x369/0x540 [ 31.125145][ T12] ? ax_probe+0x369/0x540 [ 31.129461][ T12] print_address_description+0x6a/0x32c [ 31.134979][ T12] ? ax_probe+0x369/0x540 [ 31.139281][ T12] ? ax_probe+0x369/0x540 [ 31.143582][ T12] __kasan_report.cold+0x1a/0x33 [ 31.148490][ T12] ? ax_probe+0x369/0x540 [ 31.152791][ T12] kasan_report+0xe/0x12 [ 31.157064][ T12] check_memory_region+0x128/0x190 [ 31.162235][ T12] ax_probe+0x369/0x540 [ 31.166370][ T12] ? ax_remove+0x20/0x20 [ 31.170586][ T12] hid_device_probe+0x2be/0x3f0 [ 31.175518][ T12] ? hid_match_device+0x1f0/0x1f0 [ 31.180520][ T12] really_probe+0x281/0x6d0 [ 31.185087][ T12] driver_probe_device+0x101/0x1b0 [ 31.190193][ T12] __device_attach_driver+0x1c2/0x220 [ 31.195652][ T12] ? driver_allows_async_probing+0x160/0x160 [ 31.201609][ T12] bus_for_each_drv+0x162/0x1e0 [ 31.206458][ T12] ? bus_rescan_devices+0x20/0x20 [ 31.211507][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 31.217466][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 31.222731][ T12] __device_attach+0x217/0x360 [ 31.227470][ T12] ? device_bind_driver+0xd0/0xd0 [ 31.232484][ T12] ? kobject_uevent_env+0x29e/0x1160 [ 31.237749][ T12] ? kobject_uevent_env+0x2a8/0x1160 [ 31.243014][ T12] bus_probe_device+0x1e4/0x290 [ 31.247845][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 31.253978][ T12] device_add+0xae6/0x16f0 [ 31.258382][ T12] ? up_write+0x97/0x270 [ 31.262601][ T12] ? uevent_store+0x50/0x50 [ 31.267078][ T12] ? __debugfs_create_file+0x2da/0x3c0 [ 31.272510][ T12] hid_add_device+0x33c/0x990 [ 31.277167][ T12] ? __hid_bus_reprobe_drivers+0x130/0x130 [ 31.282947][ T12] ? lockdep_init_map+0x1b0/0x5e0 [ 31.287994][ T12] usbhid_probe+0xa81/0xfa0 [ 31.292490][ T12] usb_probe_interface+0x305/0x7a0 [ 31.297599][ T12] ? usb_probe_device+0x100/0x100 [ 31.302608][ T12] really_probe+0x281/0x6d0 [ 31.307093][ T12] driver_probe_device+0x101/0x1b0 [ 31.312178][ T12] __device_attach_driver+0x1c2/0x220 [ 31.317527][ T12] ? driver_allows_async_probing+0x160/0x160 [ 31.323547][ T12] bus_for_each_drv+0x162/0x1e0 [ 31.328386][ T12] ? bus_rescan_devices+0x20/0x20 [ 31.333481][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 31.339265][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 31.344533][ T12] __device_attach+0x217/0x360 [ 31.349272][ T12] ? device_bind_driver+0xd0/0xd0 [ 31.354272][ T12] ? kobject_uevent_env+0x29e/0x1160 [ 31.359529][ T12] ? kobject_uevent_env+0x2a8/0x1160 [ 31.364786][ T12] bus_probe_device+0x1e4/0x290 [ 31.369624][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 31.375499][ T12] device_add+0xae6/0x16f0 [ 31.379898][ T12] ? uevent_store+0x50/0x50 [ 31.384477][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 31.390269][ T12] usb_set_configuration+0xdf6/0x1670 [ 31.395688][ T12] generic_probe+0x9d/0xd5 [ 31.400095][ T12] usb_probe_device+0x99/0x100 [ 31.404852][ T12] ? usb_suspend+0x620/0x620 [ 31.409431][ T12] really_probe+0x281/0x6d0 [ 31.414055][ T12] driver_probe_device+0x101/0x1b0 [ 31.419141][ T12] __device_attach_driver+0x1c2/0x220 [ 31.424618][ T12] ? driver_allows_async_probing+0x160/0x160 [ 31.430570][ T12] bus_for_each_drv+0x162/0x1e0 [ 31.435478][ T12] ? bus_rescan_devices+0x20/0x20 [ 31.440481][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 31.446423][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 31.451684][ T12] __device_attach+0x217/0x360 [ 31.456428][ T12] ? device_bind_driver+0xd0/0xd0 [ 31.461432][ T12] ? kobject_uevent_env+0x29e/0x1160 [ 31.466693][ T12] ? kobject_uevent_env+0x2a8/0x1160 [ 31.472085][ T12] bus_probe_device+0x1e4/0x290 [ 31.476914][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 31.482788][ T12] device_add+0xae6/0x16f0 [ 31.487248][ T12] ? uevent_store+0x50/0x50 [ 31.491747][ T12] usb_new_device.cold+0x6a4/0xe79 [ 31.496836][ T12] hub_event+0x1b5c/0x3640 [ 31.501232][ T12] ? hub_port_debounce+0x260/0x260 [ 31.506544][ T12] process_one_work+0x92b/0x1530 [ 31.511457][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 31.516813][ T12] ? do_raw_spin_lock+0x11a/0x280 [ 31.521821][ T12] worker_thread+0x96/0xe20 [ 31.526304][ T12] ? process_one_work+0x1530/0x1530 [ 31.531479][ T12] kthread+0x318/0x420 [ 31.535523][ T12] ? kthread_create_on_node+0xf0/0xf0 [ 31.540870][ T12] ret_from_fork+0x24/0x30 [ 31.545258][ T12] [ 31.547564][ T12] Allocated by task 12: [ 31.551698][ T12] save_stack+0x1b/0x80 [ 31.555843][ T12] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 31.561452][ T12] hidraw_connect+0x4b/0x3e0 [ 31.566030][ T12] hid_connect+0x5c7/0xbb0 [ 31.570433][ T12] hid_hw_start+0xa2/0x130 [ 31.574821][ T12] ax_probe+0x52/0x540 [ 31.578862][ T12] hid_device_probe+0x2be/0x3f0 [ 31.583687][ T12] really_probe+0x281/0x6d0 [ 31.588179][ T12] driver_probe_device+0x101/0x1b0 [ 31.593276][ T12] __device_attach_driver+0x1c2/0x220 [ 31.598630][ T12] bus_for_each_drv+0x162/0x1e0 [ 31.603515][ T12] __device_attach+0x217/0x360 [ 31.608261][ T12] bus_probe_device+0x1e4/0x290 [ 31.613272][ T12] device_add+0xae6/0x16f0 [ 31.617666][ T12] hid_add_device+0x33c/0x990 [ 31.622318][ T12] usbhid_probe+0xa81/0xfa0 [ 31.626793][ T12] usb_probe_interface+0x305/0x7a0 [ 31.631904][ T12] really_probe+0x281/0x6d0 [ 31.636383][ T12] driver_probe_device+0x101/0x1b0 [ 31.641470][ T12] __device_attach_driver+0x1c2/0x220 [ 31.646815][ T12] bus_for_each_drv+0x162/0x1e0 [ 31.651649][ T12] __device_attach+0x217/0x360 [ 31.656386][ T12] bus_probe_device+0x1e4/0x290 [ 31.661207][ T12] device_add+0xae6/0x16f0 [ 31.665599][ T12] usb_set_configuration+0xdf6/0x1670 [ 31.670945][ T12] generic_probe+0x9d/0xd5 [ 31.675340][ T12] usb_probe_device+0x99/0x100 [ 31.680081][ T12] really_probe+0x281/0x6d0 [ 31.684561][ T12] driver_probe_device+0x101/0x1b0 [ 31.689644][ T12] __device_attach_driver+0x1c2/0x220 [ 31.694985][ T12] bus_for_each_drv+0x162/0x1e0 [ 31.699960][ T12] __device_attach+0x217/0x360 [ 31.704709][ T12] bus_probe_device+0x1e4/0x290 [ 31.709789][ T12] device_add+0xae6/0x16f0 [ 31.714182][ T12] usb_new_device.cold+0x6a4/0xe79 [ 31.719268][ T12] hub_event+0x1b5c/0x3640 [ 31.723665][ T12] process_one_work+0x92b/0x1530 [ 31.728577][ T12] worker_thread+0x96/0xe20 [ 31.733057][ T12] kthread+0x318/0x420 [ 31.737115][ T12] ret_from_fork+0x24/0x30 [ 31.741505][ T12] [ 31.743808][ T12] Freed by task 1: [ 31.747506][ T12] save_stack+0x1b/0x80 [ 31.751641][ T12] __kasan_slab_free+0x130/0x180 [ 31.756552][ T12] kfree+0xe4/0x2f0 [ 31.760350][ T12] usb_free_urb.part.0+0x7a/0xc0 [ 31.765273][ T12] usb_free_urb+0x1b/0x30 [ 31.769577][ T12] usb_start_wait_urb+0x1e5/0x2b0 [ 31.774573][ T12] usb_control_msg+0x31c/0x4a0 [ 31.779308][ T12] hub_probe.cold+0xbb8/0x2201 [ 31.784044][ T12] usb_probe_interface+0x305/0x7a0 [ 31.789129][ T12] really_probe+0x281/0x6d0 [ 31.793618][ T12] driver_probe_device+0x101/0x1b0 [ 31.798733][ T12] __device_attach_driver+0x1c2/0x220 [ 31.804077][ T12] bus_for_each_drv+0x162/0x1e0 [ 31.808900][ T12] __device_attach+0x217/0x360 [ 31.813638][ T12] bus_probe_device+0x1e4/0x290 [ 31.818465][ T12] device_add+0xae6/0x16f0 [ 31.822861][ T12] usb_set_configuration+0xdf6/0x1670 [ 31.828207][ T12] generic_probe+0x9d/0xd5 [ 31.832765][ T12] usb_probe_device+0x99/0x100 [ 31.837511][ T12] really_probe+0x281/0x6d0 [ 31.841989][ T12] driver_probe_device+0x101/0x1b0 [ 31.847084][ T12] __device_attach_driver+0x1c2/0x220 [ 31.852434][ T12] bus_for_each_drv+0x162/0x1e0 [ 31.857262][ T12] __device_attach+0x217/0x360 [ 31.861998][ T12] bus_probe_device+0x1e4/0x290 [ 31.866823][ T12] device_add+0xae6/0x16f0 [ 31.871230][ T12] usb_new_device.cold+0x6a4/0xe79 [ 31.876402][ T12] usb_add_hcd.cold+0x108c/0x142f [ 31.881407][ T12] dummy_hcd_probe+0x19f/0x312 [ 31.886146][ T12] platform_drv_probe+0xce/0x1a0 [ 31.891057][ T12] really_probe+0x281/0x6d0 [ 31.895532][ T12] driver_probe_device+0x101/0x1b0 [ 31.900622][ T12] __device_attach_driver+0x1c2/0x220 [ 31.905967][ T12] bus_for_each_drv+0x162/0x1e0 [ 31.910806][ T12] __device_attach+0x217/0x360 [ 31.915545][ T12] bus_probe_device+0x1e4/0x290 [ 31.920367][ T12] device_add+0xae6/0x16f0 [ 31.924755][ T12] platform_device_add+0x34d/0x6c0 [ 31.929842][ T12] init+0x4b5/0x997 [ 31.933625][ T12] do_one_initcall+0xf0/0x614 [ 31.938282][ T12] kernel_init_freeable+0x4a9/0x596 [ 31.943454][ T12] kernel_init+0xd/0x1bf [ 31.947681][ T12] ret_from_fork+0x24/0x30 [ 31.952067][ T12] [ 31.954370][ T12] The buggy address belongs to the object at ffff8881d5685b00 [ 31.954370][ T12] which belongs to the cache kmalloc-192 of size 192 [ 31.968398][ T12] The buggy address is located 0 bytes to the right of [ 31.968398][ T12] 192-byte region [ffff8881d5685b00, ffff8881d5685bc0) [ 31.981994][ T12] The buggy address belongs to the page: [ 31.987776][ T12] page:ffffea000755a140 refcount:1 mapcount:0 mapping:ffff8881da002a00 index:0x0 [ 31.996857][ T12] flags: 0x200000000000200(slab) [ 32.001779][ T12] raw: 0200000000000200 ffffea0007559e80 0000000900000009 ffff8881da002a00 [ 32.010339][ T12] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 32.018894][ T12] page dumped because: kasan: bad access detected [ 32.025276][ T12] [ 32.027712][ T12] Memory state around the buggy address: [ 32.033328][ T12] ffff8881d5685a80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.041412][ T12] ffff8881d5685b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.049525][ T12] >ffff8881d5685b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 32.057564][ T12] ^ [ 32.063699][ T12] ffff8881d5685c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.071740][ T12] ffff8881d5685c80: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 32.079774][ T12] ================================================================== [ 32.087809][ T12] Disabling lock debugging due to kernel taint [ 32.094036][ T12] Kernel panic - not syncing: panic_on_warn set ... [ 32.100605][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G B 5.3.0-rc5+ #28 [ 32.109526][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.119620][ T12] Workqueue: usb_hub_wq hub_event [ 32.124633][ T12] Call Trace: [ 32.127949][ T12] dump_stack+0xca/0x13e [ 32.132260][ T12] panic+0x2a3/0x6da [ 32.136184][ T12] ? add_taint.cold+0x16/0x16 [ 32.140849][ T12] ? ax_probe+0x369/0x540 [ 32.145154][ T12] ? trace_hardirqs_on+0x55/0x1e0 [ 32.150146][ T12] ? ax_probe+0x369/0x540 [ 32.154447][ T12] end_report+0x43/0x49 [ 32.158575][ T12] ? ax_probe+0x369/0x540 [ 32.162887][ T12] __kasan_report.cold+0xd/0x33 [ 32.167719][ T12] ? ax_probe+0x369/0x540 [ 32.172024][ T12] kasan_report+0xe/0x12 [ 32.176244][ T12] check_memory_region+0x128/0x190 [ 32.181384][ T12] ax_probe+0x369/0x540 [ 32.185642][ T12] ? ax_remove+0x20/0x20 [ 32.189867][ T12] hid_device_probe+0x2be/0x3f0 [ 32.194691][ T12] ? hid_match_device+0x1f0/0x1f0 [ 32.199692][ T12] really_probe+0x281/0x6d0 [ 32.204184][ T12] driver_probe_device+0x101/0x1b0 [ 32.209273][ T12] __device_attach_driver+0x1c2/0x220 [ 32.214620][ T12] ? driver_allows_async_probing+0x160/0x160 [ 32.220582][ T12] bus_for_each_drv+0x162/0x1e0 [ 32.225416][ T12] ? bus_rescan_devices+0x20/0x20 [ 32.230418][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 32.236207][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 32.241467][ T12] __device_attach+0x217/0x360 [ 32.246222][ T12] ? device_bind_driver+0xd0/0xd0 [ 32.251219][ T12] ? kobject_uevent_env+0x29e/0x1160 [ 32.256475][ T12] ? kobject_uevent_env+0x2a8/0x1160 [ 32.261744][ T12] bus_probe_device+0x1e4/0x290 [ 32.266572][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 32.272445][ T12] device_add+0xae6/0x16f0 [ 32.276846][ T12] ? up_write+0x97/0x270 [ 32.281061][ T12] ? uevent_store+0x50/0x50 [ 32.285536][ T12] ? __debugfs_create_file+0x2da/0x3c0 [ 32.291025][ T12] hid_add_device+0x33c/0x990 [ 32.295773][ T12] ? __hid_bus_reprobe_drivers+0x130/0x130 [ 32.301642][ T12] ? lockdep_init_map+0x1b0/0x5e0 [ 32.306653][ T12] usbhid_probe+0xa81/0xfa0 [ 32.311130][ T12] usb_probe_interface+0x305/0x7a0 [ 32.316215][ T12] ? usb_probe_device+0x100/0x100 [ 32.321217][ T12] really_probe+0x281/0x6d0 [ 32.325693][ T12] driver_probe_device+0x101/0x1b0 [ 32.330933][ T12] __device_attach_driver+0x1c2/0x220 [ 32.336279][ T12] ? driver_allows_async_probing+0x160/0x160 [ 32.342290][ T12] bus_for_each_drv+0x162/0x1e0 [ 32.347125][ T12] ? bus_rescan_devices+0x20/0x20 [ 32.352125][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 32.357907][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 32.363165][ T12] __device_attach+0x217/0x360 [ 32.367900][ T12] ? device_bind_driver+0xd0/0xd0 [ 32.372894][ T12] ? kobject_uevent_env+0x29e/0x1160 [ 32.378149][ T12] ? kobject_uevent_env+0x2a8/0x1160 [ 32.383404][ T12] bus_probe_device+0x1e4/0x290 [ 32.388222][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 32.394082][ T12] device_add+0xae6/0x16f0 [ 32.398469][ T12] ? uevent_store+0x50/0x50 [ 32.402956][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 32.408744][ T12] usb_set_configuration+0xdf6/0x1670 [ 32.414094][ T12] generic_probe+0x9d/0xd5 [ 32.418483][ T12] usb_probe_device+0x99/0x100 [ 32.423220][ T12] ? usb_suspend+0x620/0x620 [ 32.427785][ T12] really_probe+0x281/0x6d0 [ 32.432259][ T12] driver_probe_device+0x101/0x1b0 [ 32.437339][ T12] __device_attach_driver+0x1c2/0x220 [ 32.442686][ T12] ? driver_allows_async_probing+0x160/0x160 [ 32.448643][ T12] bus_for_each_drv+0x162/0x1e0 [ 32.453478][ T12] ? bus_rescan_devices+0x20/0x20 [ 32.458483][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 32.464327][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 32.469596][ T12] __device_attach+0x217/0x360 [ 32.474333][ T12] ? device_bind_driver+0xd0/0xd0 [ 32.479332][ T12] ? kobject_uevent_env+0x29e/0x1160 [ 32.484738][ T12] ? kobject_uevent_env+0x2a8/0x1160 [ 32.490002][ T12] bus_probe_device+0x1e4/0x290 [ 32.494833][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 32.500704][ T12] device_add+0xae6/0x16f0 [ 32.505091][ T12] ? uevent_store+0x50/0x50 [ 32.509570][ T12] usb_new_device.cold+0x6a4/0xe79 [ 32.514751][ T12] hub_event+0x1b5c/0x3640 [ 32.519141][ T12] ? hub_port_debounce+0x260/0x260 [ 32.524222][ T12] process_one_work+0x92b/0x1530 [ 32.529130][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 32.534474][ T12] ? do_raw_spin_lock+0x11a/0x280 [ 32.539468][ T12] worker_thread+0x96/0xe20 [ 32.543944][ T12] ? process_one_work+0x1530/0x1530 [ 32.549112][ T12] kthread+0x318/0x420 [ 32.553149][ T12] ? kthread_create_on_node+0xf0/0xf0 [ 32.558492][ T12] ret_from_fork+0x24/0x30 [ 32.563393][ T12] Kernel Offset: disabled [ 32.567701][ T12] Rebooting in 86400 seconds..