INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.1.28' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 36.979581][ T22] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 37.219533][ T22] usb 1-1: Using ep0 maxpacket: 8
[ 37.339653][ T22] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 37.350762][ T22] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 37.363579][ T22] usb 1-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00
[ 37.372652][ T22] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 37.382615][ T22] usb 1-1: config 0 descriptor??
[ 37.861161][ T22] acrux 0003:1A34:F705.0001: unknown main item tag 0x3
[ 37.868302][ T22] acrux 0003:1A34:F705.0001: unknown main item tag 0xd
[ 37.876902][ T22] acrux 0003:1A34:F705.0001: hidraw0: USB HID v8.00 Device [HID 1a34:f705] on usb-dummy_hcd.0-1/input0
[ 37.888123][ T22] ==================================================================
[ 37.896274][ T22] BUG: KASAN: slab-out-of-bounds in ax_probe+0x369/0x540
[ 37.903278][ T22] Write of size 8 at addr ffff8881d5e545c0 by task kworker/1:1/22
[ 37.911070][ T22]
[ 37.913385][ T22] CPU: 1 PID: 22 Comm: kworker/1:1 Not tainted 5.3.0+ #0
[ 37.920395][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 37.930461][ T22] Workqueue: usb_hub_wq hub_event
[ 37.935464][ T22] Call Trace:
[ 37.938734][ T22] dump_stack+0xca/0x13e
[ 37.942956][ T22] ? ax_probe+0x369/0x540
[ 37.947272][ T22] ? ax_probe+0x369/0x540
[ 37.951586][ T22] print_address_description.constprop.0+0x36/0x50
[ 37.958080][ T22] ? ax_probe+0x369/0x540
[ 37.962393][ T22] ? ax_probe+0x369/0x540
[ 37.966723][ T22] __kasan_report.cold+0x1a/0x33
[ 37.971723][ T22] ? ax_probe+0x369/0x540
[ 37.976093][ T22] kasan_report+0xe/0x12
[ 37.980368][ T22] check_memory_region+0x128/0x190
[ 37.985463][ T22] ax_probe+0x369/0x540
[ 37.989598][ T22] ? ax_remove+0x20/0x20
[ 37.993817][ T22] hid_device_probe+0x2be/0x3f0
[ 37.998641][ T22] ? hid_match_device+0x1f0/0x1f0
[ 38.003643][ T22] really_probe+0x281/0x6d0
[ 38.008198][ T22] driver_probe_device+0x104/0x210
[ 38.013309][ T22] __device_attach_driver+0x1c2/0x220
[ 38.018738][ T22] ? driver_allows_async_probing+0x160/0x160
[ 38.024768][ T22] bus_for_each_drv+0x162/0x1e0
[ 38.029617][ T22] ? bus_rescan_devices+0x20/0x20
[ 38.034622][ T22] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 38.040429][ T22] ? lockdep_hardirqs_on+0x382/0x580
[ 38.045707][ T22] __device_attach+0x217/0x360
[ 38.050450][ T22] ? device_bind_driver+0xd0/0xd0
[ 38.055467][ T22] ? kobject_uevent_env+0x29e/0x1150
[ 38.060794][ T22] ? kobject_uevent_env+0x2a8/0x1150
[ 38.066111][ T22] bus_probe_device+0x1e4/0x290
[ 38.070950][ T22] ? blocking_notifier_call_chain+0x54/0xa0
[ 38.076822][ T22] device_add+0xae6/0x16f0
[ 38.081243][ T22] ? uevent_store+0x50/0x50
[ 38.085728][ T22] ? __debugfs_create_file+0x2da/0x3c0
[ 38.091167][ T22] hid_add_device+0x33c/0x990
[ 38.095836][ T22] ? debug_object_fixup+0x30/0x30
[ 38.100838][ T22] ? __hid_bus_reprobe_drivers+0x130/0x130
[ 38.106634][ T22] ? lockdep_init_map+0x1b0/0x5e0
[ 38.111648][ T22] usbhid_probe+0xa81/0xfa0
[ 38.116128][ T22] usb_probe_interface+0x305/0x7a0
[ 38.121226][ T22] ? usb_probe_device+0x100/0x100
[ 38.126237][ T22] really_probe+0x281/0x6d0
[ 38.130805][ T22] driver_probe_device+0x104/0x210
[ 38.135905][ T22] __device_attach_driver+0x1c2/0x220
[ 38.141356][ T22] ? driver_allows_async_probing+0x160/0x160
[ 38.147311][ T22] bus_for_each_drv+0x162/0x1e0
[ 38.152149][ T22] ? bus_rescan_devices+0x20/0x20
[ 38.157156][ T22] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 38.162938][ T22] ? lockdep_hardirqs_on+0x382/0x580
[ 38.168225][ T22] __device_attach+0x217/0x360
[ 38.172980][ T22] ? device_bind_driver+0xd0/0xd0
[ 38.177982][ T22] ? kobject_uevent_env+0x29e/0x1150
[ 38.183257][ T22] ? kobject_uevent_env+0x2a8/0x1150
[ 38.188538][ T22] bus_probe_device+0x1e4/0x290
[ 38.193370][ T22] ? blocking_notifier_call_chain+0x54/0xa0
[ 38.199240][ T22] device_add+0xae6/0x16f0
[ 38.203644][ T22] ? uevent_store+0x50/0x50
[ 38.208125][ T22] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 38.213907][ T22] usb_set_configuration+0xdf6/0x1670
[ 38.219256][ T22] generic_probe+0x9d/0xd5
[ 38.223651][ T22] usb_probe_device+0x99/0x100
[ 38.228403][ T22] ? usb_suspend+0x620/0x620
[ 38.232973][ T22] really_probe+0x281/0x6d0
[ 38.237453][ T22] driver_probe_device+0x104/0x210
[ 38.242543][ T22] __device_attach_driver+0x1c2/0x220
[ 38.247892][ T22] ? driver_allows_async_probing+0x160/0x160
[ 38.253846][ T22] bus_for_each_drv+0x162/0x1e0
[ 38.258674][ T22] ? bus_rescan_devices+0x20/0x20
[ 38.263673][ T22] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 38.269456][ T22] ? lockdep_hardirqs_on+0x382/0x580
[ 38.274717][ T22] __device_attach+0x217/0x360
[ 38.279467][ T22] ? device_bind_driver+0xd0/0xd0
[ 38.284527][ T22] ? kobject_uevent_env+0x29e/0x1150
[ 38.289822][ T22] ? kobject_uevent_env+0x2a8/0x1150
[ 38.295193][ T22] bus_probe_device+0x1e4/0x290
[ 38.300026][ T22] ? blocking_notifier_call_chain+0x54/0xa0
[ 38.305901][ T22] device_add+0xae6/0x16f0
[ 38.310300][ T22] ? uevent_store+0x50/0x50
[ 38.314802][ T22] usb_new_device.cold+0x6a4/0xe79
[ 38.319894][ T22] hub_event+0x1b5c/0x3640
[ 38.324301][ T22] ? hub_port_debounce+0x260/0x260
[ 38.329397][ T22] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 38.334943][ T22] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 38.340232][ T22] process_one_work+0x92b/0x1530
[ 38.345174][ T22] ? pwq_dec_nr_in_flight+0x310/0x310
[ 38.350588][ T22] ? do_raw_spin_lock+0x11a/0x280
[ 38.355593][ T22] worker_thread+0x96/0xe20
[ 38.360087][ T22] ? process_one_work+0x1530/0x1530
[ 38.365261][ T22] kthread+0x318/0x420
[ 38.369309][ T22] ? kthread_create_on_node+0xf0/0xf0
[ 38.374670][ T22] ret_from_fork+0x24/0x30
[ 38.379089][ T22]
[ 38.381464][ T22] Allocated by task 22:
[ 38.385621][ T22] save_stack+0x1b/0x80
[ 38.389764][ T22] __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 38.395381][ T22] hidraw_connect+0x4b/0x3e0
[ 38.400303][ T22] hid_connect+0x5c7/0xbb0
[ 38.404984][ T22] hid_hw_start+0xa2/0x130
[ 38.409516][ T22] ax_probe+0x52/0x540
[ 38.413575][ T22] hid_device_probe+0x2be/0x3f0
[ 38.418404][ T22] really_probe+0x281/0x6d0
[ 38.422883][ T22] driver_probe_device+0x104/0x210
[ 38.427968][ T22] __device_attach_driver+0x1c2/0x220
[ 38.433326][ T22] bus_for_each_drv+0x162/0x1e0
[ 38.438152][ T22] __device_attach+0x217/0x360
[ 38.442895][ T22] bus_probe_device+0x1e4/0x290
[ 38.447731][ T22] device_add+0xae6/0x16f0
[ 38.452126][ T22] hid_add_device+0x33c/0x990
[ 38.456780][ T22] usbhid_probe+0xa81/0xfa0
[ 38.461265][ T22] usb_probe_interface+0x305/0x7a0
[ 38.466353][ T22] really_probe+0x281/0x6d0
[ 38.471022][ T22] driver_probe_device+0x104/0x210
[ 38.476111][ T22] __device_attach_driver+0x1c2/0x220
[ 38.481458][ T22] bus_for_each_drv+0x162/0x1e0
[ 38.486286][ T22] __device_attach+0x217/0x360
[ 38.491023][ T22] bus_probe_device+0x1e4/0x290
[ 38.495848][ T22] device_add+0xae6/0x16f0
[ 38.500259][ T22] usb_set_configuration+0xdf6/0x1670
[ 38.505605][ T22] generic_probe+0x9d/0xd5
[ 38.510082][ T22] usb_probe_device+0x99/0x100
[ 38.514843][ T22] really_probe+0x281/0x6d0
[ 38.519320][ T22] driver_probe_device+0x104/0x210
[ 38.524422][ T22] __device_attach_driver+0x1c2/0x220
[ 38.529769][ T22] bus_for_each_drv+0x162/0x1e0
[ 38.534592][ T22] __device_attach+0x217/0x360
[ 38.539330][ T22] bus_probe_device+0x1e4/0x290
[ 38.544175][ T22] device_add+0xae6/0x16f0
[ 38.548588][ T22] usb_new_device.cold+0x6a4/0xe79
[ 38.553687][ T22] hub_event+0x1b5c/0x3640
[ 38.558082][ T22] process_one_work+0x92b/0x1530
[ 38.562995][ T22] worker_thread+0x96/0xe20
[ 38.567473][ T22] kthread+0x318/0x420
[ 38.571524][ T22] ret_from_fork+0x24/0x30
[ 38.575915][ T22]
[ 38.578232][ T22] Freed by task 12:
[ 38.582025][ T22] save_stack+0x1b/0x80
[ 38.586160][ T22] __kasan_slab_free+0x130/0x180
[ 38.591071][ T22] kfree+0xe4/0x2f0
[ 38.594867][ T22] usb_free_urb.part.0+0x7a/0xc0
[ 38.599781][ T22] usb_free_urb+0x1b/0x30
[ 38.604110][ T22] usb_start_wait_urb+0x1e5/0x2b0
[ 38.609108][ T22] usb_control_msg+0x31c/0x4a0
[ 38.613862][ T22] hub_ext_port_status+0x125/0x460
[ 38.618956][ T22] hub_activate+0x497/0x1570
[ 38.623542][ T22] process_one_work+0x92b/0x1530
[ 38.628458][ T22] worker_thread+0x96/0xe20
[ 38.632937][ T22] kthread+0x318/0x420
[ 38.636983][ T22] ret_from_fork+0x24/0x30
[ 38.641371][ T22]
[ 38.643677][ T22] The buggy address belongs to the object at ffff8881d5e54500
[ 38.643677][ T22] which belongs to the cache kmalloc-192 of size 192
[ 38.657718][ T22] The buggy address is located 0 bytes to the right of
[ 38.657718][ T22] 192-byte region [ffff8881d5e54500, ffff8881d5e545c0)
[ 38.671324][ T22] The buggy address belongs to the page:
[ 38.676936][ T22] page:ffffea0007579500 refcount:1 mapcount:0 mapping:ffff8881da002a00 index:0x0
[ 38.686016][ T22] flags: 0x200000000000200(slab)
[ 38.690933][ T22] raw: 0200000000000200 ffffea0007578ec0 0000000600000006 ffff8881da002a00
[ 38.699497][ T22] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 38.708052][ T22] page dumped because: kasan: bad access detected
[ 38.714443][ T22]
[ 38.716752][ T22] Memory state around the buggy address:
[ 38.722361][ T22] ffff8881d5e54480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 38.730400][ T22] ffff8881d5e54500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 38.738457][ T22] >ffff8881d5e54580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[ 38.746506][ T22] ^
[ 38.752637][ T22] ffff8881d5e54600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 38.760686][ T22] ffff8881d5e54680: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[ 38.768742][ T22] ==================================================================
[ 38.776822][ T22] Disabling lock debugging due to kernel taint
[ 38.783010][ T22] Kernel panic - not syncing: panic_on_warn set ...
[ 38.789692][ T22] CPU: 1 PID: 22 Comm: kworker/1:1 Tainted: G B 5.3.0+ #0
[ 38.798098][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 38.808166][ T22] Workqueue: usb_hub_wq hub_event
[ 38.813179][ T22] Call Trace:
[ 38.816451][ T22] dump_stack+0xca/0x13e
[ 38.820673][ T22] panic+0x2a3/0x6da
[ 38.824549][ T22] ? add_taint.cold+0x16/0x16
[ 38.829207][ T22] ? retint_kernel+0x10/0x10
[ 38.833781][ T22] ? trace_hardirqs_on+0x55/0x1e0
[ 38.838789][ T22] ? ax_probe+0x369/0x540
[ 38.843108][ T22] end_report+0x43/0x49
[ 38.847241][ T22] ? ax_probe+0x369/0x540
[ 38.851551][ T22] __kasan_report.cold+0xd/0x33
[ 38.856380][ T22] ? ax_probe+0x369/0x540
[ 38.860688][ T22] kasan_report+0xe/0x12
[ 38.864906][ T22] check_memory_region+0x128/0x190
[ 38.869998][ T22] ax_probe+0x369/0x540
[ 38.874150][ T22] ? ax_remove+0x20/0x20
[ 38.878390][ T22] hid_device_probe+0x2be/0x3f0
[ 38.883238][ T22] ? hid_match_device+0x1f0/0x1f0
[ 38.888256][ T22] really_probe+0x281/0x6d0
[ 38.892742][ T22] driver_probe_device+0x104/0x210
[ 38.897955][ T22] __device_attach_driver+0x1c2/0x220
[ 38.903325][ T22] ? driver_allows_async_probing+0x160/0x160
[ 38.909389][ T22] bus_for_each_drv+0x162/0x1e0
[ 38.914240][ T22] ? bus_rescan_devices+0x20/0x20
[ 38.919254][ T22] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 38.925054][ T22] ? lockdep_hardirqs_on+0x382/0x580
[ 38.930338][ T22] __device_attach+0x217/0x360
[ 38.935086][ T22] ? device_bind_driver+0xd0/0xd0
[ 38.940090][ T22] ? kobject_uevent_env+0x29e/0x1150
[ 38.945451][ T22] ? kobject_uevent_env+0x2a8/0x1150
[ 38.951149][ T22] bus_probe_device+0x1e4/0x290
[ 38.955979][ T22] ? blocking_notifier_call_chain+0x54/0xa0
[ 38.961850][ T22] device_add+0xae6/0x16f0
[ 38.966245][ T22] ? uevent_store+0x50/0x50
[ 38.970727][ T22] ? __debugfs_create_file+0x2da/0x3c0
[ 38.976167][ T22] hid_add_device+0x33c/0x990
[ 38.980830][ T22] ? debug_object_fixup+0x30/0x30
[ 38.985846][ T22] ? __hid_bus_reprobe_drivers+0x130/0x130
[ 38.991631][ T22] ? lockdep_init_map+0x1b0/0x5e0
[ 38.996635][ T22] usbhid_probe+0xa81/0xfa0
[ 39.001639][ T22] usb_probe_interface+0x305/0x7a0
[ 39.006727][ T22] ? usb_probe_device+0x100/0x100
[ 39.011749][ T22] really_probe+0x281/0x6d0
[ 39.016233][ T22] driver_probe_device+0x104/0x210
[ 39.021346][ T22] __device_attach_driver+0x1c2/0x220
[ 39.026698][ T22] ? driver_allows_async_probing+0x160/0x160
[ 39.032655][ T22] bus_for_each_drv+0x162/0x1e0
[ 39.037483][ T22] ? bus_rescan_devices+0x20/0x20
[ 39.042489][ T22] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 39.048286][ T22] ? lockdep_hardirqs_on+0x382/0x580
[ 39.053550][ T22] __device_attach+0x217/0x360
[ 39.058320][ T22] ? device_bind_driver+0xd0/0xd0
[ 39.063337][ T22] ? kobject_uevent_env+0x29e/0x1150
[ 39.068617][ T22] ? kobject_uevent_env+0x2a8/0x1150
[ 39.073880][ T22] bus_probe_device+0x1e4/0x290
[ 39.078825][ T22] ? blocking_notifier_call_chain+0x54/0xa0
[ 39.084695][ T22] device_add+0xae6/0x16f0
[ 39.089102][ T22] ? uevent_store+0x50/0x50
[ 39.093598][ T22] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 39.099385][ T22] usb_set_configuration+0xdf6/0x1670
[ 39.104742][ T22] generic_probe+0x9d/0xd5
[ 39.109136][ T22] usb_probe_device+0x99/0x100
[ 39.113880][ T22] ? usb_suspend+0x620/0x620
[ 39.118449][ T22] really_probe+0x281/0x6d0
[ 39.122945][ T22] driver_probe_device+0x104/0x210
[ 39.128048][ T22] __device_attach_driver+0x1c2/0x220
[ 39.133398][ T22] ? driver_allows_async_probing+0x160/0x160
[ 39.139374][ T22] bus_for_each_drv+0x162/0x1e0
[ 39.144294][ T22] ? bus_rescan_devices+0x20/0x20
[ 39.149306][ T22] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 39.155092][ T22] ? lockdep_hardirqs_on+0x382/0x580
[ 39.160354][ T22] __device_attach+0x217/0x360
[ 39.165096][ T22] ? device_bind_driver+0xd0/0xd0
[ 39.170113][ T22] ? kobject_uevent_env+0x29e/0x1150
[ 39.175379][ T22] ? kobject_uevent_env+0x2a8/0x1150
[ 39.180656][ T22] bus_probe_device+0x1e4/0x290
[ 39.185486][ T22] ? blocking_notifier_call_chain+0x54/0xa0
[ 39.191359][ T22] device_add+0xae6/0x16f0
[ 39.195769][ T22] ? uevent_store+0x50/0x50
[ 39.200254][ T22] usb_new_device.cold+0x6a4/0xe79
[ 39.205358][ T22] hub_event+0x1b5c/0x3640
[ 39.209777][ T22] ? hub_port_debounce+0x260/0x260
[ 39.214898][ T22] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 39.220443][ T22] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 39.225716][ T22] process_one_work+0x92b/0x1530
[ 39.230640][ T22] ? pwq_dec_nr_in_flight+0x310/0x310
[ 39.235989][ T22] ? do_raw_spin_lock+0x11a/0x280
[ 39.240994][ T22] worker_thread+0x96/0xe20
[ 39.245475][ T22] ? process_one_work+0x1530/0x1530
[ 39.250649][ T22] kthread+0x318/0x420
[ 39.254698][ T22] ? kthread_create_on_node+0xf0/0xf0
[ 39.260052][ T22] ret_from_fork+0x24/0x30
[ 39.265007][ T22] Kernel Offset: disabled
[ 39.269322][ T22] Rebooting in 86400 seconds..