[info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 15.217524][ C1] random: crng init done [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.178' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 25.917300][ T83] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 26.166795][ T83] usb 1-1: Using ep0 maxpacket: 8 [ 26.286894][ T83] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.297956][ T83] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 26.310942][ T83] usb 1-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.40 [ 26.320023][ T83] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.329837][ T83] usb 1-1: config 0 descriptor?? [ 26.810635][ T83] acrux 0003:1A34:F705.0001: hidraw0: USB HID v0.00 Device [HID 1a34:f705] on usb-dummy_hcd.0-1/input0 [ 26.821984][ T83] ================================================================== [ 26.830181][ T83] BUG: KASAN: slab-out-of-bounds in ax_probe+0x369/0x540 [ 26.837190][ T83] Write of size 8 at addr ffff8881d5739ec0 by task kworker/1:2/83 [ 26.844981][ T83] [ 26.847296][ T83] CPU: 1 PID: 83 Comm: kworker/1:2 Not tainted 5.3.0-rc4+ #26 [ 26.854734][ T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.864788][ T83] Workqueue: usb_hub_wq hub_event [ 26.869830][ T83] Call Trace: [ 26.873595][ T83] dump_stack+0xca/0x13e [ 26.877824][ T83] ? ax_probe+0x369/0x540 [ 26.882129][ T83] ? ax_probe+0x369/0x540 [ 26.886449][ T83] print_address_description+0x6a/0x32c [ 26.891979][ T83] ? ax_probe+0x369/0x540 [ 26.896280][ T83] ? ax_probe+0x369/0x540 [ 26.900596][ T83] __kasan_report.cold+0x1a/0x33 [ 26.905507][ T83] ? ax_probe+0x369/0x540 [ 26.909810][ T83] kasan_report+0xe/0x12 [ 26.914027][ T83] check_memory_region+0x128/0x190 [ 26.919112][ T83] ax_probe+0x369/0x540 [ 26.923240][ T83] ? ax_remove+0x20/0x20 [ 26.927459][ T83] hid_device_probe+0x2be/0x3f0 [ 26.932283][ T83] ? hid_match_device+0x1f0/0x1f0 [ 26.937279][ T83] really_probe+0x281/0x6d0 [ 26.941836][ T83] driver_probe_device+0x101/0x1b0 [ 26.946935][ T83] __device_attach_driver+0x1c2/0x220 [ 26.952299][ T83] ? driver_allows_async_probing+0x160/0x160 [ 26.958253][ T83] bus_for_each_drv+0x162/0x1e0 [ 26.963083][ T83] ? bus_rescan_devices+0x20/0x20 [ 26.968164][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 26.973975][ T83] ? lockdep_hardirqs_on+0x379/0x580 [ 26.979249][ T83] __device_attach+0x217/0x360 [ 26.983992][ T83] ? device_bind_driver+0xd0/0xd0 [ 26.989043][ T83] ? kobject_uevent_env+0x29e/0x1160 [ 26.994323][ T83] ? kobject_uevent_env+0x2a8/0x1160 [ 26.999587][ T83] bus_probe_device+0x1e4/0x290 [ 27.004423][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 27.010356][ T83] device_add+0xae6/0x16f0 [ 27.014759][ T83] ? up_write+0x97/0x270 [ 27.018973][ T83] ? uevent_store+0x50/0x50 [ 27.023450][ T83] ? __debugfs_create_file+0x2da/0x3c0 [ 27.028929][ T83] hid_add_device+0x33c/0x990 [ 27.033589][ T83] ? __hid_bus_reprobe_drivers+0x130/0x130 [ 27.039367][ T83] ? lockdep_init_map+0x1b0/0x5e0 [ 27.044362][ T83] usbhid_probe+0xa81/0xfa0 [ 27.048839][ T83] usb_probe_interface+0x305/0x7a0 [ 27.053932][ T83] ? usb_probe_device+0x100/0x100 [ 27.058935][ T83] really_probe+0x281/0x6d0 [ 27.063407][ T83] driver_probe_device+0x101/0x1b0 [ 27.068496][ T83] __device_attach_driver+0x1c2/0x220 [ 27.073838][ T83] ? driver_allows_async_probing+0x160/0x160 [ 27.079790][ T83] bus_for_each_drv+0x162/0x1e0 [ 27.084612][ T83] ? bus_rescan_devices+0x20/0x20 [ 27.089620][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 27.096151][ T83] ? lockdep_hardirqs_on+0x379/0x580 [ 27.101413][ T83] __device_attach+0x217/0x360 [ 27.106199][ T83] ? device_bind_driver+0xd0/0xd0 [ 27.111215][ T83] ? kobject_uevent_env+0x29e/0x1160 [ 27.116476][ T83] ? kobject_uevent_env+0x2a8/0x1160 [ 27.121735][ T83] bus_probe_device+0x1e4/0x290 [ 27.126571][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 27.132440][ T83] device_add+0xae6/0x16f0 [ 27.136832][ T83] ? uevent_store+0x50/0x50 [ 27.141309][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 27.147174][ T83] usb_set_configuration+0xdf6/0x1670 [ 27.152521][ T83] generic_probe+0x9d/0xd5 [ 27.156906][ T83] usb_probe_device+0x99/0x100 [ 27.161641][ T83] ? usb_suspend+0x620/0x620 [ 27.166204][ T83] really_probe+0x281/0x6d0 [ 27.170682][ T83] driver_probe_device+0x101/0x1b0 [ 27.175780][ T83] __device_attach_driver+0x1c2/0x220 [ 27.181129][ T83] ? driver_allows_async_probing+0x160/0x160 [ 27.187079][ T83] bus_for_each_drv+0x162/0x1e0 [ 27.191957][ T83] ? bus_rescan_devices+0x20/0x20 [ 27.196964][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 27.202743][ T83] ? lockdep_hardirqs_on+0x379/0x580 [ 27.208003][ T83] __device_attach+0x217/0x360 [ 27.212749][ T83] ? device_bind_driver+0xd0/0xd0 [ 27.217748][ T83] ? kobject_uevent_env+0x29e/0x1160 [ 27.223003][ T83] ? kobject_uevent_env+0x2a8/0x1160 [ 27.228257][ T83] bus_probe_device+0x1e4/0x290 [ 27.233124][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 27.238997][ T83] device_add+0xae6/0x16f0 [ 27.243385][ T83] ? uevent_store+0x50/0x50 [ 27.247872][ T83] usb_new_device.cold+0x6a4/0xe79 [ 27.252960][ T83] hub_event+0x1b5c/0x3640 [ 27.257361][ T83] ? hub_port_debounce+0x260/0x260 [ 27.262575][ T83] process_one_work+0x92b/0x1530 [ 27.267828][ T83] ? pwq_dec_nr_in_flight+0x310/0x310 [ 27.273445][ T83] ? do_raw_spin_lock+0x11a/0x280 [ 27.278557][ T83] worker_thread+0x96/0xe20 [ 27.283036][ T83] ? process_one_work+0x1530/0x1530 [ 27.288214][ T83] kthread+0x318/0x420 [ 27.292257][ T83] ? kthread_create_on_node+0xf0/0xf0 [ 27.297616][ T83] ret_from_fork+0x24/0x30 [ 27.302152][ T83] [ 27.304468][ T83] Allocated by task 83: [ 27.308601][ T83] save_stack+0x1b/0x80 [ 27.312729][ T83] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 27.318349][ T83] hidraw_connect+0x4b/0x3e0 [ 27.322915][ T83] hid_connect+0x5c7/0xbb0 [ 27.327300][ T83] hid_hw_start+0xa2/0x130 [ 27.331686][ T83] ax_probe+0x52/0x540 [ 27.335727][ T83] hid_device_probe+0x2be/0x3f0 [ 27.340551][ T83] really_probe+0x281/0x6d0 [ 27.345084][ T83] driver_probe_device+0x101/0x1b0 [ 27.350186][ T83] __device_attach_driver+0x1c2/0x220 [ 27.355678][ T83] bus_for_each_drv+0x162/0x1e0 [ 27.360516][ T83] __device_attach+0x217/0x360 [ 27.365394][ T83] bus_probe_device+0x1e4/0x290 [ 27.370234][ T83] device_add+0xae6/0x16f0 [ 27.374628][ T83] hid_add_device+0x33c/0x990 [ 27.379345][ T83] usbhid_probe+0xa81/0xfa0 [ 27.383829][ T83] usb_probe_interface+0x305/0x7a0 [ 27.388999][ T83] really_probe+0x281/0x6d0 [ 27.393487][ T83] driver_probe_device+0x101/0x1b0 [ 27.398577][ T83] __device_attach_driver+0x1c2/0x220 [ 27.403927][ T83] bus_for_each_drv+0x162/0x1e0 [ 27.408802][ T83] __device_attach+0x217/0x360 [ 27.413551][ T83] bus_probe_device+0x1e4/0x290 [ 27.418442][ T83] device_add+0xae6/0x16f0 [ 27.422949][ T83] usb_set_configuration+0xdf6/0x1670 [ 27.428377][ T83] generic_probe+0x9d/0xd5 [ 27.432765][ T83] usb_probe_device+0x99/0x100 [ 27.437501][ T83] really_probe+0x281/0x6d0 [ 27.442112][ T83] driver_probe_device+0x101/0x1b0 [ 27.452387][ T83] __device_attach_driver+0x1c2/0x220 [ 27.457741][ T83] bus_for_each_drv+0x162/0x1e0 [ 27.462572][ T83] __device_attach+0x217/0x360 [ 27.467372][ T83] bus_probe_device+0x1e4/0x290 [ 27.472208][ T83] device_add+0xae6/0x16f0 [ 27.476606][ T83] usb_new_device.cold+0x6a4/0xe79 [ 27.481693][ T83] hub_event+0x1b5c/0x3640 [ 27.486083][ T83] process_one_work+0x92b/0x1530 [ 27.490998][ T83] worker_thread+0x96/0xe20 [ 27.495484][ T83] kthread+0x318/0x420 [ 27.499528][ T83] ret_from_fork+0x24/0x30 [ 27.503910][ T83] [ 27.506249][ T83] Freed by task 1: [ 27.510015][ T83] save_stack+0x1b/0x80 [ 27.514155][ T83] __kasan_slab_free+0x130/0x180 [ 27.519071][ T83] kfree+0xe4/0x2f0 [ 27.522856][ T83] usb_free_urb.part.0+0x7a/0xc0 [ 27.527771][ T83] usb_free_urb+0x1b/0x30 [ 27.532089][ T83] usb_start_wait_urb+0x1e5/0x2b0 [ 27.537161][ T83] usb_control_msg+0x31c/0x4a0 [ 27.541923][ T83] set_port_feature+0x69/0x90 [ 27.546581][ T83] hub_power_on+0xca/0x280 [ 27.551049][ T83] hub_activate+0xfb7/0x1570 [ 27.555754][ T83] hub_probe.cold+0x21f8/0x2201 [ 27.560584][ T83] usb_probe_interface+0x305/0x7a0 [ 27.565725][ T83] really_probe+0x281/0x6d0 [ 27.570223][ T83] driver_probe_device+0x101/0x1b0 [ 27.575320][ T83] __device_attach_driver+0x1c2/0x220 [ 27.580682][ T83] bus_for_each_drv+0x162/0x1e0 [ 27.585665][ T83] __device_attach+0x217/0x360 [ 27.590404][ T83] bus_probe_device+0x1e4/0x290 [ 27.595231][ T83] device_add+0xae6/0x16f0 [ 27.599674][ T83] usb_set_configuration+0xdf6/0x1670 [ 27.605034][ T83] generic_probe+0x9d/0xd5 [ 27.609429][ T83] usb_probe_device+0x99/0x100 [ 27.614166][ T83] really_probe+0x281/0x6d0 [ 27.618643][ T83] driver_probe_device+0x101/0x1b0 [ 27.623735][ T83] __device_attach_driver+0x1c2/0x220 [ 27.629146][ T83] bus_for_each_drv+0x162/0x1e0 [ 27.633981][ T83] __device_attach+0x217/0x360 [ 27.638926][ T83] bus_probe_device+0x1e4/0x290 [ 27.643753][ T83] device_add+0xae6/0x16f0 [ 27.648158][ T83] usb_new_device.cold+0x6a4/0xe79 [ 27.653249][ T83] usb_add_hcd.cold+0x108c/0x142f [ 27.658311][ T83] vhci_hcd_probe+0x16f/0x230 [ 27.663073][ T83] platform_drv_probe+0xce/0x1a0 [ 27.667987][ T83] really_probe+0x281/0x6d0 [ 27.672462][ T83] driver_probe_device+0x101/0x1b0 [ 27.677569][ T83] __device_attach_driver+0x1c2/0x220 [ 27.682915][ T83] bus_for_each_drv+0x162/0x1e0 [ 27.687793][ T83] __device_attach+0x217/0x360 [ 27.692543][ T83] bus_probe_device+0x1e4/0x290 [ 27.697373][ T83] device_add+0xae6/0x16f0 [ 27.701767][ T83] platform_device_add+0x34d/0x6c0 [ 27.706855][ T83] vhci_hcd_init+0x344/0x488 [ 27.711418][ T83] do_one_initcall+0xf0/0x614 [ 27.716071][ T83] kernel_init_freeable+0x4a9/0x596 [ 27.721249][ T83] kernel_init+0xd/0x1bf [ 27.725525][ T83] ret_from_fork+0x24/0x30 [ 27.729918][ T83] [ 27.732233][ T83] The buggy address belongs to the object at ffff8881d5739e00 [ 27.732233][ T83] which belongs to the cache kmalloc-192 of size 192 [ 27.746271][ T83] The buggy address is located 0 bytes to the right of [ 27.746271][ T83] 192-byte region [ffff8881d5739e00, ffff8881d5739ec0) [ 27.759868][ T83] The buggy address belongs to the page: [ 27.765526][ T83] page:ffffea000755ce40 refcount:1 mapcount:0 mapping:ffff8881da002a00 index:0x0 [ 27.774675][ T83] flags: 0x200000000000200(slab) [ 27.779607][ T83] raw: 0200000000000200 ffffea000755cb80 0000000700000007 ffff8881da002a00 [ 27.788282][ T83] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 27.796842][ T83] page dumped because: kasan: bad access detected [ 27.803230][ T83] [ 27.805533][ T83] Memory state around the buggy address: [ 27.811137][ T83] ffff8881d5739d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.819177][ T83] ffff8881d5739e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.827220][ T83] >ffff8881d5739e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.835257][ T83] ^ [ 27.841482][ T83] ffff8881d5739f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.849520][ T83] ffff8881d5739f80: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 27.857560][ T83] ================================================================== [ 27.865603][ T83] Disabling lock debugging due to kernel taint [ 27.871858][ T83] Kernel panic - not syncing: panic_on_warn set ... [ 27.878457][ T83] CPU: 1 PID: 83 Comm: kworker/1:2 Tainted: G B 5.3.0-rc4+ #26 [ 27.887289][ T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.897430][ T83] Workqueue: usb_hub_wq hub_event [ 27.902434][ T83] Call Trace: [ 27.905716][ T83] dump_stack+0xca/0x13e [ 27.909951][ T83] panic+0x2a3/0x6da [ 27.913830][ T83] ? add_taint.cold+0x16/0x16 [ 27.918503][ T83] ? ax_probe+0x369/0x540 [ 27.922820][ T83] ? trace_hardirqs_on+0x55/0x1e0 [ 27.927831][ T83] ? ax_probe+0x369/0x540 [ 27.932150][ T83] end_report+0x43/0x49 [ 27.936296][ T83] ? ax_probe+0x369/0x540 [ 27.940615][ T83] __kasan_report.cold+0xd/0x33 [ 27.945452][ T83] ? ax_probe+0x369/0x540 [ 27.949769][ T83] kasan_report+0xe/0x12 [ 27.954008][ T83] check_memory_region+0x128/0x190 [ 27.959116][ T83] ax_probe+0x369/0x540 [ 27.963388][ T83] ? ax_remove+0x20/0x20 [ 27.967699][ T83] hid_device_probe+0x2be/0x3f0 [ 27.972663][ T83] ? hid_match_device+0x1f0/0x1f0 [ 27.977676][ T83] really_probe+0x281/0x6d0 [ 27.982153][ T83] driver_probe_device+0x101/0x1b0 [ 27.987238][ T83] __device_attach_driver+0x1c2/0x220 [ 27.992579][ T83] ? driver_allows_async_probing+0x160/0x160 [ 27.998528][ T83] bus_for_each_drv+0x162/0x1e0 [ 28.003346][ T83] ? bus_rescan_devices+0x20/0x20 [ 28.008341][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 28.014128][ T83] ? lockdep_hardirqs_on+0x379/0x580 [ 28.019393][ T83] __device_attach+0x217/0x360 [ 28.024129][ T83] ? device_bind_driver+0xd0/0xd0 [ 28.029127][ T83] ? kobject_uevent_env+0x29e/0x1160 [ 28.034378][ T83] ? kobject_uevent_env+0x2a8/0x1160 [ 28.039640][ T83] bus_probe_device+0x1e4/0x290 [ 28.044468][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 28.050329][ T83] device_add+0xae6/0x16f0 [ 28.054722][ T83] ? up_write+0x97/0x270 [ 28.058942][ T83] ? uevent_store+0x50/0x50 [ 28.063487][ T83] ? __debugfs_create_file+0x2da/0x3c0 [ 28.068946][ T83] hid_add_device+0x33c/0x990 [ 28.073611][ T83] ? __hid_bus_reprobe_drivers+0x130/0x130 [ 28.079404][ T83] ? lockdep_init_map+0x1b0/0x5e0 [ 28.084416][ T83] usbhid_probe+0xa81/0xfa0 [ 28.088905][ T83] usb_probe_interface+0x305/0x7a0 [ 28.094005][ T83] ? usb_probe_device+0x100/0x100 [ 28.099023][ T83] really_probe+0x281/0x6d0 [ 28.103538][ T83] driver_probe_device+0x101/0x1b0 [ 28.108638][ T83] __device_attach_driver+0x1c2/0x220 [ 28.114000][ T83] ? driver_allows_async_probing+0x160/0x160 [ 28.119987][ T83] bus_for_each_drv+0x162/0x1e0 [ 28.124836][ T83] ? bus_rescan_devices+0x20/0x20 [ 28.129848][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 28.135660][ T83] ? lockdep_hardirqs_on+0x379/0x580 [ 28.140932][ T83] __device_attach+0x217/0x360 [ 28.145682][ T83] ? device_bind_driver+0xd0/0xd0 [ 28.150695][ T83] ? kobject_uevent_env+0x29e/0x1160 [ 28.155968][ T83] ? kobject_uevent_env+0x2a8/0x1160 [ 28.161255][ T83] bus_probe_device+0x1e4/0x290 [ 28.166105][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 28.172013][ T83] device_add+0xae6/0x16f0 [ 28.176414][ T83] ? uevent_store+0x50/0x50 [ 28.180906][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 28.186700][ T83] usb_set_configuration+0xdf6/0x1670 [ 28.192063][ T83] generic_probe+0x9d/0xd5 [ 28.196466][ T83] usb_probe_device+0x99/0x100 [ 28.201219][ T83] ? usb_suspend+0x620/0x620 [ 28.205815][ T83] really_probe+0x281/0x6d0 [ 28.210313][ T83] driver_probe_device+0x101/0x1b0 [ 28.215435][ T83] __device_attach_driver+0x1c2/0x220 [ 28.220795][ T83] ? driver_allows_async_probing+0x160/0x160 [ 28.226760][ T83] bus_for_each_drv+0x162/0x1e0 [ 28.231597][ T83] ? bus_rescan_devices+0x20/0x20 [ 28.236611][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 28.242407][ T83] ? lockdep_hardirqs_on+0x379/0x580 [ 28.247684][ T83] __device_attach+0x217/0x360 [ 28.252434][ T83] ? device_bind_driver+0xd0/0xd0 [ 28.257449][ T83] ? kobject_uevent_env+0x29e/0x1160 [ 28.262720][ T83] ? kobject_uevent_env+0x2a8/0x1160 [ 28.267992][ T83] bus_probe_device+0x1e4/0x290 [ 28.272836][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 28.278713][ T83] device_add+0xae6/0x16f0 [ 28.283111][ T83] ? uevent_store+0x50/0x50 [ 28.287604][ T83] usb_new_device.cold+0x6a4/0xe79 [ 28.292700][ T83] hub_event+0x1b5c/0x3640 [ 28.297107][ T83] ? hub_port_debounce+0x260/0x260 [ 28.302209][ T83] process_one_work+0x92b/0x1530 [ 28.307145][ T83] ? pwq_dec_nr_in_flight+0x310/0x310 [ 28.312504][ T83] ? do_raw_spin_lock+0x11a/0x280 [ 28.317521][ T83] worker_thread+0x96/0xe20 [ 28.322019][ T83] ? process_one_work+0x1530/0x1530 [ 28.327204][ T83] kthread+0x318/0x420 [ 28.331259][ T83] ? kthread_create_on_node+0xf0/0xf0 [ 28.336617][ T83] ret_from_fork+0x24/0x30 [ 28.341309][ T83] Kernel Offset: disabled [ 28.345631][ T83] Rebooting in 86400 seconds..