[ 45.990453] audit: type=1800 audit(1555129659.500:27): pid=5271 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0
[ 46.010211] audit: type=1800 audit(1555129659.500:28): pid=5271 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 46.754713] audit: type=1800 audit(1555129660.300:29): pid=5271 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[ 46.774123] audit: type=1800 audit(1555129660.300:30): pid=5271 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.139' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 61.939442] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 62.179388] usb 1-1: Using ep0 maxpacket: 8
[ 62.299460] usb 1-1: config 0 has an invalid interface number: 249 but max is 0
[ 62.307344] usb 1-1: config 0 has no interface number 0
[ 62.312822] usb 1-1: New USB device found, idVendor=04fa, idProduct=2490, bcdDevice=89.a4
[ 62.321365] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 62.333698] usb 1-1: config 0 descriptor??
[ 62.569617] ==================================================================
[ 62.577497] BUG: KASAN: use-after-free in ds_probe+0x604/0x760
[ 62.583816] Read of size 1 at addr ffff8880a7996862 by task kworker/0:1/12
[ 62.590816]
[ 62.592463] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.1.0-rc4-319354-g9a33b36 #3
[ 62.600514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 62.610015] Workqueue: usb_hub_wq hub_event
[ 62.614369] Call Trace:
[ 62.616970] dump_stack+0xe8/0x16e
[ 62.620589] ? ds_probe+0x604/0x760
[ 62.624528] ? ds_probe+0x604/0x760
[ 62.628158] print_address_description+0x6c/0x236
[ 62.633191] ? ds_probe+0x604/0x760
[ 62.636818] ? ds_probe+0x604/0x760
[ 62.640773] kasan_report.cold+0x1a/0x3c
[ 62.644838] ? ds_probe+0x604/0x760
[ 62.648471] ds_probe+0x604/0x760
[ 62.651941] usb_probe_interface+0x31d/0x820
[ 62.656355] ? usb_probe_device+0x150/0x150
[ 62.660692] really_probe+0x2da/0xb10
[ 62.664763] driver_probe_device+0x21d/0x350
[ 62.669284] __device_attach_driver+0x1d8/0x290
[ 62.674080] ? driver_allows_async_probing+0x160/0x160
[ 62.679355] bus_for_each_drv+0x163/0x1e0
[ 62.683506] ? bus_rescan_devices+0x30/0x30
[ 62.688295] ? _raw_spin_unlock_irqrestore+0x4b/0x60
[ 62.693399] ? lockdep_hardirqs_on+0x37e/0x580
[ 62.697974] __device_attach+0x223/0x3a0
[ 62.702032] ? device_bind_driver+0xe0/0xe0
[ 62.706559] ? kobject_uevent_env+0x295/0x13d0
[ 62.711172] bus_probe_device+0x1f1/0x2a0
[ 62.715359] ? blocking_notifier_call_chain+0x59/0xb0
[ 62.720565] device_add+0xad2/0x16e0
[ 62.724383] ? get_device_parent.isra.0+0x560/0x560
[ 62.729483] ? _raw_spin_unlock_irqrestore+0x4b/0x60
[ 62.734582] usb_set_configuration+0xdf7/0x1740
[ 62.739261] generic_probe+0xa2/0xda
[ 62.742982] usb_probe_device+0xc0/0x150
[ 62.747039] ? usb_suspend+0x5f0/0x5f0
[ 62.750918] really_probe+0x2da/0xb10
[ 62.754809] driver_probe_device+0x21d/0x350
[ 62.759320] __device_attach_driver+0x1d8/0x290
[ 62.764039] ? driver_allows_async_probing+0x160/0x160
[ 62.769340] bus_for_each_drv+0x163/0x1e0
[ 62.773495] ? bus_rescan_devices+0x30/0x30
[ 62.778015] ? _raw_spin_unlock_irqrestore+0x4b/0x60
[ 62.783205] ? lockdep_hardirqs_on+0x37e/0x580
[ 62.787795] __device_attach+0x223/0x3a0
[ 62.792009] ? device_bind_driver+0xe0/0xe0
[ 62.796445] ? kobject_uevent_env+0x295/0x13d0
[ 62.801258] bus_probe_device+0x1f1/0x2a0
[ 62.805453] ? blocking_notifier_call_chain+0x59/0xb0
[ 62.810749] device_add+0xad2/0x16e0
[ 62.814813] ? get_device_parent.isra.0+0x560/0x560
[ 62.819829] usb_new_device.cold+0x537/0xccf
[ 62.824241] hub_event+0x138e/0x3b00
[ 62.827963] ? hub_port_debounce+0x350/0x350
[ 62.832752] ? _raw_spin_unlock_irq+0x29/0x40
[ 62.837234] process_one_work+0x90f/0x1580
[ 62.841487] ? wq_pool_ids_show+0x300/0x300
[ 62.845846] ? do_raw_spin_lock+0x11f/0x290
[ 62.850518] worker_thread+0x9b/0xe20
[ 62.854325] ? process_one_work+0x1580/0x1580
[ 62.859101] kthread+0x313/0x420
[ 62.862716] ? kthread_park+0x1a0/0x1a0
[ 62.866689] ret_from_fork+0x3a/0x50
[ 62.870400]
[ 62.872022] Allocated by task 4260:
[ 62.875829] __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 62.880752] security_task_alloc+0x113/0x180
[ 62.885156] copy_process.part.0+0x1c62/0x76b0
[ 62.889732] _do_fork+0x234/0xed0
[ 62.893225] do_syscall_64+0xcf/0x4f0
[ 62.897132] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 62.902312]
[ 62.903933] Freed by task 1405:
[ 62.907888] __kasan_slab_free+0x130/0x180
[ 62.912112] slab_free_freelist_hook+0x5e/0x140
[ 62.916967] kfree+0xce/0x290
[ 62.920062] security_task_free+0x9a/0xf0
[ 62.924397] __put_task_struct+0xec/0x4d0
[ 62.928855] delayed_put_task_struct+0x189/0x290
[ 62.933697] rcu_core+0x83b/0x1a80
[ 62.937230] __do_softirq+0x22a/0x8cd
[ 62.941055]
[ 62.942677] The buggy address belongs to the object at ffff8880a7996840
[ 62.942677] which belongs to the cache kmalloc-64 of size 64
[ 62.955260] The buggy address is located 34 bytes inside of
[ 62.955260] 64-byte region [ffff8880a7996840, ffff8880a7996880)
[ 62.967313] The buggy address belongs to the page:
[ 62.972293] page:ffffea00029e6580 count:1 mapcount:0 mapping:ffff88812c3f5600 index:0x0
[ 62.980459] flags: 0xfff00000000200(slab)
[ 62.984618] raw: 00fff00000000200 ffffea000273f740 0000000500000005 ffff88812c3f5600
[ 62.992497] raw: 0000000000000000 00000000002a002a 00000001ffffffff 0000000000000000
[ 63.000658] page dumped because: kasan: bad access detected
[ 63.006361]
[ 63.007974] Memory state around the buggy address:
[ 63.013583] ffff8880a7996700: fc fc fc fc fb fb fb fb fb fb fb fb fc fc fc fc
[ 63.021039] ffff8880a7996780: 00 00 00 00 00 00 fc fc fc fc fc fc 00 00 00 00
[ 63.028400] >ffff8880a7996800: 00 00 fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 63.035754] ^
[ 63.042411] ffff8880a7996880: fc fc fc fc fb fb fb fb fb fb fb fb fc fc fc fc
[ 63.049934] ffff8880a7996900: fb fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb
[ 63.057481] ==================================================================
[ 63.064828] Disabling lock debugging due to kernel taint
[ 63.070428] Kernel panic - not syncing: panic_on_warn set ...
[ 63.076364] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G B 5.1.0-rc4-319354-g9a33b36 #3
[ 63.085805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 63.095172] Workqueue: usb_hub_wq hub_event
[ 63.099492] Call Trace:
[ 63.102084] dump_stack+0xe8/0x16e
[ 63.105626] panic+0x29d/0x5f2
[ 63.108903] ? __warn_printk+0xf8/0xf8
[ 63.112808] ? retint_kernel+0x10/0x10
[ 63.116879] ? trace_hardirqs_on+0x55/0x1c0
[ 63.121287] ? ds_probe+0x604/0x760
[ 63.124909] end_report+0x48/0x4e
[ 63.128370] ? ds_probe+0x604/0x760
[ 63.132118] kasan_report.cold+0xd/0x3c
[ 63.136092] ? ds_probe+0x604/0x760
[ 63.139713] ds_probe+0x604/0x760
[ 63.143164] usb_probe_interface+0x31d/0x820
[ 63.147584] ? usb_probe_device+0x150/0x150
[ 63.151901] really_probe+0x2da/0xb10
[ 63.155696] driver_probe_device+0x21d/0x350
[ 63.160275] __device_attach_driver+0x1d8/0x290
[ 63.165133] ? driver_allows_async_probing+0x160/0x160
[ 63.170419] bus_for_each_drv+0x163/0x1e0
[ 63.174566] ? bus_rescan_devices+0x30/0x30
[ 63.178884] ? _raw_spin_unlock_irqrestore+0x4b/0x60
[ 63.183985] ? lockdep_hardirqs_on+0x37e/0x580
[ 63.188751] __device_attach+0x223/0x3a0
[ 63.192812] ? device_bind_driver+0xe0/0xe0
[ 63.197248] ? kobject_uevent_env+0x295/0x13d0
[ 63.202018] bus_probe_device+0x1f1/0x2a0
[ 63.206360] ? blocking_notifier_call_chain+0x59/0xb0
[ 63.211740] device_add+0xad2/0x16e0
[ 63.215456] ? get_device_parent.isra.0+0x560/0x560
[ 63.220487] ? _raw_spin_unlock_irqrestore+0x4b/0x60
[ 63.225592] usb_set_configuration+0xdf7/0x1740
[ 63.230277] generic_probe+0xa2/0xda
[ 63.234029] usb_probe_device+0xc0/0x150
[ 63.238085] ? usb_suspend+0x5f0/0x5f0
[ 63.242162] really_probe+0x2da/0xb10
[ 63.246057] driver_probe_device+0x21d/0x350
[ 63.250462] __device_attach_driver+0x1d8/0x290
[ 63.255136] ? driver_allows_async_probing+0x160/0x160
[ 63.260573] bus_for_each_drv+0x163/0x1e0
[ 63.264723] ? bus_rescan_devices+0x30/0x30
[ 63.269043] ? _raw_spin_unlock_irqrestore+0x4b/0x60
[ 63.274156] ? lockdep_hardirqs_on+0x37e/0x580
[ 63.278748] __device_attach+0x223/0x3a0
[ 63.282804] ? device_bind_driver+0xe0/0xe0
[ 63.287207] ? kobject_uevent_env+0x295/0x13d0
[ 63.291807] bus_probe_device+0x1f1/0x2a0
[ 63.296042] ? blocking_notifier_call_chain+0x59/0xb0
[ 63.301415] device_add+0xad2/0x16e0
[ 63.305140] ? get_device_parent.isra.0+0x560/0x560
[ 63.310158] usb_new_device.cold+0x537/0xccf
[ 63.314582] hub_event+0x138e/0x3b00
[ 63.318822] ? hub_port_debounce+0x350/0x350
[ 63.323234] ? _raw_spin_unlock_irq+0x29/0x40
[ 63.327850] process_one_work+0x90f/0x1580
[ 63.332094] ? wq_pool_ids_show+0x300/0x300
[ 63.336408] ? do_raw_spin_lock+0x11f/0x290
[ 63.340731] worker_thread+0x9b/0xe20
[ 63.344534] ? process_one_work+0x1580/0x1580
[ 63.349023] kthread+0x313/0x420
[ 63.352478] ? kthread_park+0x1a0/0x1a0
[ 63.356536] ret_from_fork+0x3a/0x50
[ 63.361503] Kernel Offset: disabled
[ 63.365216] Rebooting in 86400 seconds..