INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.198' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   23.735887][   T95] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   23.825691][   T95] usb 1-1: Using ep0 maxpacket: 8
[   23.945510][   T95] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   23.956636][   T95] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   23.966435][   T95] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   23.979266][   T95] usb 1-1: New USB device found, idVendor=11c0, idProduct=5506, bcdDevice= 0.00
[   23.988395][   T95] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   23.998105][   T95] usb 1-1: config 0 descriptor??
[   24.325480][   T95] usbhid 1-1:0.0: can't add hid device: -71
[   24.331545][   T95] usbhid: probe of 1-1:0.0 failed with error -71
[   24.339461][   T95] usb 1-1: USB disconnect, device number 2
[   24.795424][   T95] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   24.885486][   T95] usb 1-1: Using ep0 maxpacket: 8
[   25.005962][   T95] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   25.016976][   T95] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   25.026784][   T95] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   25.039775][   T95] usb 1-1: New USB device found, idVendor=11c0, idProduct=5506, bcdDevice= 0.00
[   25.048862][   T95] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   25.057968][   T95] usb 1-1: config 0 descriptor??
[   25.537131][   T95] betop 0003:11C0:5506.0001: unknown main item tag 0x0
[   25.544132][   T95] betop 0003:11C0:5506.0001: unknown main item tag 0x0
[   25.551154][   T95] betop 0003:11C0:5506.0001: unknown main item tag 0x0
[   25.559608][   T95] betop 0003:11C0:5506.0001: hidraw0: USB HID v0.00 Device [HID 11c0:5506] on usb-dummy_hcd.0-1/input0
[   25.570893][   T95] ==================================================================
[   25.579101][   T95] BUG: KASAN: slab-out-of-bounds in betop_probe+0x396/0x570
[   25.586363][   T95] Write of size 8 at addr ffff8881d4f156c0 by task kworker/1:2/95
[   25.594135][   T95] 
[   25.596461][   T95] CPU: 1 PID: 95 Comm: kworker/1:2 Not tainted 5.6.0-rc3-syzkaller #0
[   25.604582][   T95] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.614639][   T95] Workqueue: usb_hub_wq hub_event
[   25.619638][   T95] Call Trace:
[   25.622908][   T95]  dump_stack+0xef/0x16e
[   25.627159][   T95]  ? betop_probe+0x396/0x570
[   25.631838][   T95]  ? betop_probe+0x396/0x570
[   25.636416][   T95]  print_address_description.constprop.0.cold+0xd3/0x314
[   25.643438][   T95]  ? betop_probe+0x396/0x570
[   25.648064][   T95]  ? betop_probe+0x396/0x570
[   25.652670][   T95]  __kasan_report.cold+0x37/0x77
[   25.657598][   T95]  ? betop_probe+0x396/0x570
[   25.662166][   T95]  kasan_report+0xe/0x20
[   25.666389][   T95]  check_memory_region+0x152/0x1c0
[   25.671661][   T95]  betop_probe+0x396/0x570
[   25.676063][   T95]  ? belkin_probe.cold+0x3c/0x3c
[   25.680975][   T95]  hid_device_probe+0x2be/0x3f0
[   25.685800][   T95]  ? hid_match_device+0x1f0/0x1f0
[   25.690799][   T95]  really_probe+0x290/0xac0
[   25.695283][   T95]  driver_probe_device+0x223/0x350
[   25.700391][   T95]  __device_attach_driver+0x1d1/0x290
[   25.705847][   T95]  ? driver_allows_async_probing+0x160/0x160
[   25.711803][   T95]  bus_for_each_drv+0x162/0x1e0
[   25.716646][   T95]  ? bus_rescan_devices+0x20/0x20
[   25.721657][   T95]  ? _raw_spin_unlock_irqrestore+0x39/0x40
[   25.727440][   T95]  ? lockdep_hardirqs_on+0x382/0x580
[   25.732716][   T95]  __device_attach+0x217/0x390
[   25.737506][   T95]  ? device_bind_driver+0xd0/0xd0
[   25.742564][   T95]  bus_probe_device+0x1e4/0x290
[   25.747531][   T95]  device_add+0x1459/0x1bf0
[   25.752029][   T95]  ? device_link_remove+0x110/0x110
[   25.757227][   T95]  ? __debugfs_create_file+0x301/0x3f0
[   25.762948][   T95]  hid_add_device+0x33c/0x9a0
[   25.767640][   T95]  ? debug_object_fixup+0x30/0x30
[   25.772673][   T95]  ? __hid_bus_reprobe_drivers+0x130/0x130
[   25.778476][   T95]  ? lockdep_init_map+0x1b0/0x5e0
[   25.783574][   T95]  usbhid_probe+0xa81/0xfa0
[   25.802326][   T95]  usb_probe_interface+0x310/0x800
[   25.807431][   T95]  ? usb_probe_device+0x230/0x230
[   25.812812][   T95]  really_probe+0x290/0xac0
[   25.818355][   T95]  driver_probe_device+0x223/0x350
[   25.823653][   T95]  __device_attach_driver+0x1d1/0x290
[   25.829010][   T95]  ? driver_allows_async_probing+0x160/0x160
[   25.834974][   T95]  bus_for_each_drv+0x162/0x1e0
[   25.840776][   T95]  ? bus_rescan_devices+0x20/0x20
[   25.845796][   T95]  ? _raw_spin_unlock_irqrestore+0x39/0x40
[   25.852122][   T95]  ? lockdep_hardirqs_on+0x382/0x580
[   25.858705][   T95]  __device_attach+0x217/0x390
[   25.863450][   T95]  ? device_bind_driver+0xd0/0xd0
[   25.868594][   T95]  bus_probe_device+0x1e4/0x290
[   25.873735][   T95]  device_add+0x1459/0x1bf0
[   25.878244][   T95]  ? wait_for_completion+0x3c0/0x3c0
[   25.883624][   T95]  ? device_link_remove+0x110/0x110
[   25.888948][   T95]  ? _raw_spin_unlock_irqrestore+0x39/0x40
[   25.894860][   T95]  usb_set_configuration+0xe47/0x17d0
[   25.900309][   T95]  usb_generic_driver_probe+0x9d/0xe0
[   25.905684][   T95]  usb_probe_device+0xd9/0x230
[   25.910434][   T95]  ? usb_suspend+0x5f0/0x5f0
[   25.915007][   T95]  really_probe+0x290/0xac0
[   25.919496][   T95]  driver_probe_device+0x223/0x350
[   25.924607][   T95]  __device_attach_driver+0x1d1/0x290
[   25.929961][   T95]  ? driver_allows_async_probing+0x160/0x160
[   25.936162][   T95]  bus_for_each_drv+0x162/0x1e0
[   25.941008][   T95]  ? bus_rescan_devices+0x20/0x20
[   25.946190][   T95]  ? _raw_spin_unlock_irqrestore+0x39/0x40
[   25.951984][   T95]  ? lockdep_hardirqs_on+0x382/0x580
[   25.957263][   T95]  __device_attach+0x217/0x390
[   25.962024][   T95]  ? device_bind_driver+0xd0/0xd0
[   25.967036][   T95]  bus_probe_device+0x1e4/0x290
[   25.971886][   T95]  device_add+0x1459/0x1bf0
[   25.976375][   T95]  ? device_link_remove+0x110/0x110
[   25.981655][   T95]  usb_new_device.cold+0x540/0xcd0
[   25.986749][   T95]  hub_event+0x21cb/0x4300
[   25.991326][   T95]  ? hub_port_debounce+0x350/0x350
[   25.996421][   T95]  ? find_held_lock+0x2d/0x110
[   26.001176][   T95]  ? mark_held_locks+0xe0/0xe0
[   26.005942][   T95]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   26.011704][   T95]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   26.016984][   T95]  process_one_work+0x94b/0x1620
[   26.023338][   T95]  ? pwq_dec_nr_in_flight+0x310/0x310
[   26.029230][   T95]  ? do_raw_spin_lock+0x129/0x290
[   26.034258][   T95]  worker_thread+0x7ab/0xe20
[   26.038842][   T95]  ? process_one_work+0x1620/0x1620
[   26.044068][   T95]  kthread+0x318/0x420
[   26.048154][   T95]  ? kthread_create_on_node+0xf0/0xf0
[   26.053799][   T95]  ret_from_fork+0x24/0x30
[   26.058201][   T95] 
[   26.060527][   T95] Allocated by task 95:
[   26.065296][   T95]  save_stack+0x1b/0x80
[   26.072847][   T95]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   26.078501][   T95]  hidraw_connect+0x4b/0x3e0
[   26.083085][   T95]  hid_connect+0x5c7/0xbb0
[   26.087761][   T95]  hid_hw_start+0xa2/0x130
[   26.092190][   T95]  betop_probe+0xbc/0x570
[   26.096523][   T95]  hid_device_probe+0x2be/0x3f0
[   26.101489][   T95]  really_probe+0x290/0xac0
[   26.105985][   T95]  driver_probe_device+0x223/0x350
[   26.111102][   T95]  __device_attach_driver+0x1d1/0x290
[   26.116466][   T95]  bus_for_each_drv+0x162/0x1e0
[   26.121429][   T95]  __device_attach+0x217/0x390
[   26.126280][   T95]  bus_probe_device+0x1e4/0x290
[   26.131134][   T95]  device_add+0x1459/0x1bf0
[   26.135964][   T95]  hid_add_device+0x33c/0x9a0
[   26.140823][   T95]  usbhid_probe+0xa81/0xfa0
[   26.145370][   T95]  usb_probe_interface+0x310/0x800
[   26.150633][   T95]  really_probe+0x290/0xac0
[   26.155139][   T95]  driver_probe_device+0x223/0x350
[   26.161046][   T95]  __device_attach_driver+0x1d1/0x290
[   26.167127][   T95]  bus_for_each_drv+0x162/0x1e0
[   26.176239][   T95]  __device_attach+0x217/0x390
[   26.181002][   T95]  bus_probe_device+0x1e4/0x290
[   26.187502][   T95]  device_add+0x1459/0x1bf0
[   26.192134][   T95]  usb_set_configuration+0xe47/0x17d0
[   26.197533][   T95]  usb_generic_driver_probe+0x9d/0xe0
[   26.203171][   T95]  usb_probe_device+0xd9/0x230
[   26.208069][   T95]  really_probe+0x290/0xac0
[   26.212735][   T95]  driver_probe_device+0x223/0x350
[   26.217846][   T95]  __device_attach_driver+0x1d1/0x290
[   26.223401][   T95]  bus_for_each_drv+0x162/0x1e0
[   26.228250][   T95]  __device_attach+0x217/0x390
[   26.233422][   T95]  bus_probe_device+0x1e4/0x290
[   26.238275][   T95]  device_add+0x1459/0x1bf0
[   26.242776][   T95]  usb_new_device.cold+0x540/0xcd0
[   26.248756][   T95]  hub_event+0x21cb/0x4300
[   26.253185][   T95]  process_one_work+0x94b/0x1620
[   26.258244][   T95]  worker_thread+0x7ab/0xe20
[   26.262859][   T95]  kthread+0x318/0x420
[   26.266926][   T95]  ret_from_fork+0x24/0x30
[   26.271424][   T95] 
[   26.273754][   T95] Freed by task 1:
[   26.277482][   T95]  save_stack+0x1b/0x80
[   26.281629][   T95]  __kasan_slab_free+0x117/0x160
[   26.286565][   T95]  kfree+0xd5/0x300
[   26.290554][   T95]  usb_free_urb.part.0+0xaf/0x110
[   26.295566][   T95]  usb_free_urb+0x1b/0x30
[   26.299908][   T95]  usb_start_wait_urb+0x1e8/0x4c0
[   26.304923][   T95]  usb_control_msg+0x31c/0x4a0
[   26.309694][   T95]  set_port_feature+0x69/0x90
[   26.314375][   T95]  hub_power_on+0x186/0x400
[   26.318884][   T95]  hub_activate+0x1102/0x16e0
[   26.323769][   T95]  hub_probe.cold+0x2a1b/0x2a22
[   26.328636][   T95]  usb_probe_interface+0x310/0x800
[   26.333850][   T95]  really_probe+0x290/0xac0
[   26.338752][   T95]  driver_probe_device+0x223/0x350
[   26.344124][   T95]  __device_attach_driver+0x1d1/0x290
[   26.349588][   T95]  bus_for_each_drv+0x162/0x1e0
[   26.354440][   T95]  __device_attach+0x217/0x390
[   26.360124][   T95]  bus_probe_device+0x1e4/0x290
[   26.364996][   T95]  device_add+0x1459/0x1bf0
[   26.369502][   T95]  usb_set_configuration+0xe47/0x17d0
[   26.374982][   T95]  usb_generic_driver_probe+0x9d/0xe0
[   26.380449][   T95]  usb_probe_device+0xd9/0x230
[   26.385201][   T95]  really_probe+0x290/0xac0
[   26.389968][   T95]  driver_probe_device+0x223/0x350
[   26.395107][   T95]  __device_attach_driver+0x1d1/0x290
[   26.400493][   T95]  bus_for_each_drv+0x162/0x1e0
[   26.406298][   T95]  __device_attach+0x217/0x390
[   26.411067][   T95]  bus_probe_device+0x1e4/0x290
[   26.415914][   T95]  device_add+0x1459/0x1bf0
[   26.420420][   T95]  usb_new_device.cold+0x540/0xcd0
[   26.426153][   T95]  usb_add_hcd.cold+0x1386/0x1787
[   26.431203][   T95]  vhci_hcd_probe+0x1c9/0x3a0
[   26.436327][   T95]  platform_drv_probe+0x87/0x140
[   26.441415][   T95]  really_probe+0x290/0xac0
[   26.445940][   T95]  driver_probe_device+0x223/0x350
[   26.451323][   T95]  __device_attach_driver+0x1d1/0x290
[   26.456718][   T95]  bus_for_each_drv+0x162/0x1e0
[   26.461566][   T95]  __device_attach+0x217/0x390
[   26.466337][   T95]  bus_probe_device+0x1e4/0x290
[   26.471185][   T95]  device_add+0x1459/0x1bf0
[   26.475703][   T95]  platform_device_add+0x35c/0x820
[   26.480836][   T95]  vhci_hcd_init+0x344/0x488
[   26.485460][   T95]  do_one_initcall+0x10a/0x6b0
[   26.490399][   T95]  kernel_init_freeable+0x4e6/0x593
[   26.495773][   T95]  kernel_init+0xd/0x1b9
[   26.500096][   T95]  ret_from_fork+0x24/0x30
[   26.504493][   T95] 
[   26.508210][   T95] The buggy address belongs to the object at ffff8881d4f15600
[   26.508210][   T95]  which belongs to the cache kmalloc-192 of size 192
[   26.522269][   T95] The buggy address is located 0 bytes to the right of
[   26.522269][   T95]  192-byte region [ffff8881d4f15600, ffff8881d4f156c0)
[   26.535959][   T95] The buggy address belongs to the page:
[   26.541786][   T95] page:ffffea000753c540 refcount:1 mapcount:0 mapping:ffff8881da002a00 index:0x0
[   26.551025][   T95] flags: 0x200000000000200(slab)
[   26.555966][   T95] raw: 0200000000000200 ffffea0007538180 0000000400000004 ffff8881da002a00
[   26.567333][   T95] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   26.576424][   T95] page dumped because: kasan: bad access detected
[   26.583219][   T95] 
[   26.585556][   T95] Memory state around the buggy address:
[   26.591203][   T95]  ffff8881d4f15580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   26.599263][   T95]  ffff8881d4f15600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.607344][   T95] >ffff8881d4f15680: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   26.615409][   T95]                                            ^
[   26.621564][   T95]  ffff8881d4f15700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.629724][   T95]  ffff8881d4f15780: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   26.637788][   T95] ==================================================================
[   26.645838][   T95] Disabling lock debugging due to kernel taint
[