INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.100572][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 41.340549][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 41.460662][ T12] usb 1-1: config 0 has an invalid interface number: 234 but max is 0 [ 41.468885][ T12] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 41.479140][ T12] usb 1-1: config 0 has no interface number 0 [ 41.485270][ T12] usb 1-1: config 0 interface 234 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 0 [ 41.495369][ T12] usb 1-1: New USB device found, idVendor=1618, idProduct=9113, bcdDevice=9a.da [ 41.504576][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.514443][ T12] usb 1-1: config 0 descriptor?? executing program [ 41.781075][ T12] usb 1-1: string descriptor 0 read error: -71 [ 41.789090][ T12] rsi_91x: rsi_probe: Failed to init usb interface [ 41.796996][ T12] ================================================================== [ 41.805295][ T12] BUG: KASAN: double-free or invalid-free in rsi_91x_deinit+0x270/0x2f0 [ 41.813707][ T12] [ 41.816065][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.2.0-rc6+ #13 [ 41.823538][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.833629][ T12] Workqueue: usb_hub_wq hub_event [ 41.838645][ T12] Call Trace: [ 41.841955][ T12] dump_stack+0xca/0x13e [ 41.846221][ T12] print_address_description+0x67/0x231 [ 41.851985][ T12] ? rsi_91x_deinit+0x270/0x2f0 [ 41.856950][ T12] kasan_report_invalid_free+0x61/0xa0 [ 41.864754][ T12] ? rsi_91x_deinit+0x270/0x2f0 [ 41.869596][ T12] __kasan_slab_free+0x162/0x180 [ 41.874720][ T12] ? rsi_91x_deinit+0x270/0x2f0 [ 41.879549][ T12] kfree+0xd7/0x280 [ 41.883654][ T12] rsi_91x_deinit+0x270/0x2f0 [ 41.888325][ T12] rsi_probe+0xcec/0x15a0 [ 41.892757][ T12] ? rsi_disconnect+0x630/0x630 [ 41.897791][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 41.903204][ T12] ? __pm_runtime_resume+0x111/0x180 [ 41.908486][ T12] usb_probe_interface+0x305/0x7a0 [ 41.913581][ T12] ? usb_probe_device+0x100/0x100 [ 41.918747][ T12] really_probe+0x281/0x660 [ 41.923244][ T12] driver_probe_device+0x104/0x210 [ 41.928459][ T12] __device_attach_driver+0x1c2/0x220 [ 41.933827][ T12] ? driver_allows_async_probing+0x160/0x160 [ 41.940095][ T12] bus_for_each_drv+0x15c/0x1e0 [ 41.944941][ T12] ? bus_rescan_devices+0x20/0x20 [ 41.950200][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 41.956002][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 41.961397][ T12] __device_attach+0x217/0x360 [ 41.966473][ T12] ? device_bind_driver+0xd0/0xd0 [ 41.971585][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 41.976864][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 41.982216][ T12] bus_probe_device+0x1e4/0x290 [ 41.987054][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 41.993093][ T12] device_add+0xae6/0x16f0 [ 41.997510][ T12] ? uevent_store+0x50/0x50 [ 42.002016][ T12] usb_set_configuration+0xdf6/0x1670 [ 42.007629][ T12] generic_probe+0x9d/0xd5 [ 42.012130][ T12] usb_probe_device+0x99/0x100 [ 42.016906][ T12] ? usb_suspend+0x620/0x620 [ 42.021483][ T12] really_probe+0x281/0x660 [ 42.025972][ T12] driver_probe_device+0x104/0x210 [ 42.031064][ T12] __device_attach_driver+0x1c2/0x220 [ 42.036525][ T12] ? driver_allows_async_probing+0x160/0x160 [ 42.042495][ T12] bus_for_each_drv+0x15c/0x1e0 [ 42.047339][ T12] ? bus_rescan_devices+0x20/0x20 [ 42.052349][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 42.058143][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 42.063414][ T12] __device_attach+0x217/0x360 [ 42.068213][ T12] ? device_bind_driver+0xd0/0xd0 [ 42.073231][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 42.078623][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 42.083997][ T12] bus_probe_device+0x1e4/0x290 [ 42.089008][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 42.094892][ T12] device_add+0xae6/0x16f0 [ 42.099296][ T12] ? uevent_store+0x50/0x50 [ 42.103831][ T12] usb_new_device.cold+0x8c1/0x1016 [ 42.109080][ T12] ? usb_port_suspend+0xa40/0xa40 [ 42.114099][ T12] ? mark_held_locks+0x9f/0xe0 [ 42.118857][ T12] ? _raw_spin_unlock_irq+0x24/0x30 [ 42.124042][ T12] hub_event+0x1ada/0x3590 [ 42.128555][ T12] ? hub_port_debounce+0x260/0x260 [ 42.133670][ T12] process_one_work+0x905/0x1570 [ 42.138602][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 42.143974][ T12] ? do_raw_spin_lock+0x11a/0x280 [ 42.148997][ T12] worker_thread+0x96/0xe20 [ 42.153492][ T12] ? process_one_work+0x1570/0x1570 [ 42.158914][ T12] kthread+0x30b/0x410 [ 42.163294][ T12] ? kthread_park+0x1a0/0x1a0 [ 42.168024][ T12] ret_from_fork+0x24/0x30 [ 42.172428][ T12] [ 42.174749][ T12] Allocated by task 12: [ 42.178898][ T12] save_stack+0x1b/0x80 [ 42.183095][ T12] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 42.188719][ T12] rsi_probe+0x11a/0x15a0 [ 42.193080][ T12] usb_probe_interface+0x305/0x7a0 [ 42.198180][ T12] really_probe+0x281/0x660 [ 42.202663][ T12] driver_probe_device+0x104/0x210 [ 42.207758][ T12] __device_attach_driver+0x1c2/0x220 [ 42.213231][ T12] bus_for_each_drv+0x15c/0x1e0 [ 42.218072][ T12] __device_attach+0x217/0x360 [ 42.222819][ T12] bus_probe_device+0x1e4/0x290 [ 42.227656][ T12] device_add+0xae6/0x16f0 [ 42.232055][ T12] usb_set_configuration+0xdf6/0x1670 [ 42.237480][ T12] generic_probe+0x9d/0xd5 [ 42.241987][ T12] usb_probe_device+0x99/0x100 [ 42.246801][ T12] really_probe+0x281/0x660 [ 42.251294][ T12] driver_probe_device+0x104/0x210 [ 42.256383][ T12] __device_attach_driver+0x1c2/0x220 [ 42.261747][ T12] bus_for_each_drv+0x15c/0x1e0 [ 42.266701][ T12] __device_attach+0x217/0x360 [ 42.271489][ T12] bus_probe_device+0x1e4/0x290 [ 42.276365][ T12] device_add+0xae6/0x16f0 [ 42.280767][ T12] usb_new_device.cold+0x8c1/0x1016 [ 42.285946][ T12] hub_event+0x1ada/0x3590 [ 42.290357][ T12] process_one_work+0x905/0x1570 [ 42.295277][ T12] worker_thread+0x96/0xe20 [ 42.299758][ T12] kthread+0x30b/0x410 [ 42.303906][ T12] ret_from_fork+0x24/0x30 [ 42.308408][ T12] [ 42.310763][ T12] Freed by task 12: [ 42.314561][ T12] save_stack+0x1b/0x80 [ 42.318777][ T12] __kasan_slab_free+0x130/0x180 [ 42.323823][ T12] kfree+0xd7/0x280 [ 42.327624][ T12] rsi_probe+0xdfd/0x15a0 [ 42.332026][ T12] usb_probe_interface+0x305/0x7a0 [ 42.337196][ T12] really_probe+0x281/0x660 [ 42.341816][ T12] driver_probe_device+0x104/0x210 [ 42.346941][ T12] __device_attach_driver+0x1c2/0x220 [ 42.352427][ T12] bus_for_each_drv+0x15c/0x1e0 [ 42.357302][ T12] __device_attach+0x217/0x360 [ 42.362051][ T12] bus_probe_device+0x1e4/0x290 [ 42.366922][ T12] device_add+0xae6/0x16f0 [ 42.371374][ T12] usb_set_configuration+0xdf6/0x1670 [ 42.376733][ T12] generic_probe+0x9d/0xd5 [ 42.381310][ T12] usb_probe_device+0x99/0x100 [ 42.386063][ T12] really_probe+0x281/0x660 [ 42.390551][ T12] driver_probe_device+0x104/0x210 [ 42.395648][ T12] __device_attach_driver+0x1c2/0x220 [ 42.401003][ T12] bus_for_each_drv+0x15c/0x1e0 [ 42.405934][ T12] __device_attach+0x217/0x360 [ 42.410706][ T12] bus_probe_device+0x1e4/0x290 [ 42.415586][ T12] device_add+0xae6/0x16f0 [ 42.419993][ T12] usb_new_device.cold+0x8c1/0x1016 [ 42.425212][ T12] hub_event+0x1ada/0x3590 [ 42.429619][ T12] process_one_work+0x905/0x1570 [ 42.434540][ T12] worker_thread+0x96/0xe20 [ 42.439087][ T12] kthread+0x30b/0x410 [ 42.443144][ T12] ret_from_fork+0x24/0x30 [ 42.447575][ T12] [ 42.450005][ T12] The buggy address belongs to the object at ffff8881cf8a3400 [ 42.450005][ T12] which belongs to the cache kmalloc-512 of size 512 [ 42.464183][ T12] The buggy address is located 0 bytes inside of [ 42.464183][ T12] 512-byte region [ffff8881cf8a3400, ffff8881cf8a3600) [ 42.477395][ T12] The buggy address belongs to the page: [ 42.483028][ T12] page:ffffea00073e2880 refcount:1 mapcount:0 mapping:ffff8881dac02c00 index:0x0 compound_mapcount: 0 [ 42.493939][ T12] flags: 0x200000000010200(slab|head) [ 42.499406][ T12] raw: 0200000000010200 ffffea000740f200 0000000900000009 ffff8881dac02c00 [ 42.507978][ T12] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000 [ 42.516577][ T12] page dumped because: kasan: bad access detected [ 42.523012][ T12] [ 42.525335][ T12] Memory state around the buggy address: [ 42.530947][ T12] ffff8881cf8a3300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.539360][ T12] ffff8881cf8a3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.547416][ T12] >ffff8881cf8a3400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.555589][ T12] ^ [ 42.559646][ T12] ffff8881cf8a3480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.567809][ T12] ffff8881cf8a3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.575987][ T12] ================================================================== [ 42.584067][ T12] Disabling lock debugging due to kernel taint [ 42.590512][ T12] Kernel panic - not syncing: panic_on_warn set ... [ 42.597104][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G B 5.2.0-rc6+ #13 [ 42.605963][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.616129][ T12] Workqueue: usb_hub_wq hub_event [ 42.621129][ T12] Call Trace: [ 42.624408][ T12] dump_stack+0xca/0x13e [ 42.628635][ T12] panic+0x292/0x6c9 [ 42.632600][ T12] ? __warn_printk+0xf3/0xf3 [ 42.637260][ T12] ? retint_kernel+0x10/0x10 [ 42.641837][ T12] ? rsi_91x_deinit+0x270/0x2f0 [ 42.646971][ T12] ? trace_hardirqs_on+0x55/0x1c0 [ 42.651983][ T12] ? rsi_91x_deinit+0x270/0x2f0 [ 42.656919][ T12] end_report+0x43/0x49 [ 42.661108][ T12] kasan_report_invalid_free+0x7d/0xa0 [ 42.666555][ T12] ? rsi_91x_deinit+0x270/0x2f0 [ 42.671446][ T12] __kasan_slab_free+0x162/0x180 [ 42.676575][ T12] ? rsi_91x_deinit+0x270/0x2f0 [ 42.681407][ T12] kfree+0xd7/0x280 [ 42.685418][ T12] rsi_91x_deinit+0x270/0x2f0 [ 42.690151][ T12] rsi_probe+0xcec/0x15a0 [ 42.694466][ T12] ? rsi_disconnect+0x630/0x630 [ 42.699308][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 42.704583][ T12] ? __pm_runtime_resume+0x111/0x180 [ 42.709936][ T12] usb_probe_interface+0x305/0x7a0 [ 42.715034][ T12] ? usb_probe_device+0x100/0x100 [ 42.720043][ T12] really_probe+0x281/0x660 [ 42.724533][ T12] driver_probe_device+0x104/0x210 [ 42.729621][ T12] __device_attach_driver+0x1c2/0x220 [ 42.734974][ T12] ? driver_allows_async_probing+0x160/0x160 [ 42.740935][ T12] bus_for_each_drv+0x15c/0x1e0 [ 42.745865][ T12] ? bus_rescan_devices+0x20/0x20 [ 42.750884][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 42.756673][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 42.761939][ T12] __device_attach+0x217/0x360 [ 42.766796][ T12] ? device_bind_driver+0xd0/0xd0 [ 42.771802][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 42.777257][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 42.782538][ T12] bus_probe_device+0x1e4/0x290 [ 42.787510][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 42.793515][ T12] device_add+0xae6/0x16f0 [ 42.798075][ T12] ? uevent_store+0x50/0x50 [ 42.802566][ T12] usb_set_configuration+0xdf6/0x1670 [ 42.808018][ T12] generic_probe+0x9d/0xd5 [ 42.812554][ T12] usb_probe_device+0x99/0x100 [ 42.817382][ T12] ? usb_suspend+0x620/0x620 [ 42.822033][ T12] really_probe+0x281/0x660 [ 42.826520][ T12] driver_probe_device+0x104/0x210 [ 42.831624][ T12] __device_attach_driver+0x1c2/0x220 [ 42.837086][ T12] ? driver_allows_async_probing+0x160/0x160 [ 42.843044][ T12] bus_for_each_drv+0x15c/0x1e0 [ 42.847891][ T12] ? bus_rescan_devices+0x20/0x20 [ 42.852951][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 42.858741][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 42.863998][ T12] __device_attach+0x217/0x360 [ 42.868750][ T12] ? device_bind_driver+0xd0/0xd0 [ 42.873767][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 42.879036][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 42.884514][ T12] bus_probe_device+0x1e4/0x290 [ 42.889352][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 42.895302][ T12] device_add+0xae6/0x16f0 [ 42.899879][ T12] ? uevent_store+0x50/0x50 [ 42.904461][ T12] usb_new_device.cold+0x8c1/0x1016 [ 42.909716][ T12] ? usb_port_suspend+0xa40/0xa40 [ 42.914728][ T12] ? mark_held_locks+0x9f/0xe0 [ 42.919484][ T12] ? _raw_spin_unlock_irq+0x24/0x30 [ 42.924678][ T12] hub_event+0x1ada/0x3590 [ 42.929086][ T12] ? hub_port_debounce+0x260/0x260 [ 42.934187][ T12] process_one_work+0x905/0x1570 [ 42.939117][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 42.944473][ T12] ? do_raw_spin_lock+0x11a/0x280 [ 42.949850][ T12] worker_thread+0x96/0xe20 [ 42.954386][ T12] ? process_one_work+0x1570/0x1570 [ 42.969825][ T12] kthread+0x30b/0x410 [ 42.973895][ T12] ? kthread_park+0x1a0/0x1a0 [ 42.978565][ T12] ret_from_fork+0x24/0x30 [ 42.983568][ T12] Kernel Offset: disabled [ 42.988036][ T12] Rebooting in 86400 seconds..