[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.353262][ T7] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 35.593080][ T7] usb 1-1: Using ep0 maxpacket: 16 [ 35.883118][ T7] usb 1-1: New USB device found, idVendor=1a0a, idProduct=0102, bcdDevice=2b.12 [ 35.892256][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 35.900293][ T7] usb 1-1: Product: syz [ 35.904932][ T7] usb 1-1: Manufacturer: syz [ 35.909716][ T7] usb 1-1: SerialNumber: syz [ 35.917936][ T7] usb 1-1: config 0 descriptor?? [ 35.985530][ T7] ================================================================== [ 35.993754][ T7] BUG: KASAN: global-out-of-bounds in usb_match_device+0x4dc/0x550 [ 36.001774][ T7] Read of size 2 at addr ffffffff87bdfd50 by task kworker/0:1/7 [ 36.009526][ T7] [ 36.011841][ T7] CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.15.0-rc3-syzkaller #0 [ 36.019980][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.030040][ T7] Workqueue: usb_hub_wq hub_event [ 36.035083][ T7] Call Trace: [ 36.038354][ T7] dump_stack_lvl+0xcd/0x134 [ 36.042949][ T7] print_address_description.constprop.0.cold+0xf/0x309 [ 36.049875][ T7] ? usb_match_device+0x4dc/0x550 [ 36.054902][ T7] ? usb_match_device+0x4dc/0x550 [ 36.059929][ T7] kasan_report.cold+0x83/0xdf [ 36.064681][ T7] ? usb_match_device+0x4dc/0x550 [ 36.069696][ T7] usb_match_device+0x4dc/0x550 [ 36.074536][ T7] usb_match_id.part.0+0x10d/0x1b0 [ 36.079636][ T7] usb_match_id+0x23/0x40 [ 36.083959][ T7] ehset_prepare_port_for_testing+0x4a/0xf0 [ 36.089846][ T7] ehset_probe+0x271/0x460 [ 36.094298][ T7] ? ehset_prepare_port_for_testing+0xf0/0xf0 [ 36.100556][ T7] ? trace_hardirqs_on+0x5b/0x1a0 [ 36.105574][ T7] ? __pm_runtime_set_status+0x48a/0xc30 [ 36.111197][ T7] usb_probe_interface+0x315/0x7f0 [ 36.116448][ T7] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 36.121833][ T7] really_probe+0x245/0xcc0 [ 36.126340][ T7] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 36.132576][ T7] __driver_probe_device+0x338/0x4d0 [ 36.137856][ T7] driver_probe_device+0x4c/0x1a0 [ 36.142885][ T7] __device_attach_driver+0x20b/0x2f0 [ 36.148248][ T7] ? driver_allows_async_probing+0x150/0x150 [ 36.154229][ T7] bus_for_each_drv+0x15f/0x1e0 [ 36.159105][ T7] ? bus_for_each_dev+0x1d0/0x1d0 [ 36.164121][ T7] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 36.170110][ T7] ? trace_hardirqs_on+0x5b/0x1a0 [ 36.175120][ T7] __device_attach+0x228/0x4a0 [ 36.179905][ T7] ? device_driver_attach+0x210/0x210 [ 36.185280][ T7] ? kobject_uevent_env+0x2bb/0x1650 [ 36.190579][ T7] bus_probe_device+0x1e4/0x290 [ 36.195437][ T7] device_add+0xc35/0x21b0 [ 36.199854][ T7] ? mark_held_locks+0x9f/0xe0 [ 36.204619][ T7] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 36.210862][ T7] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 36.216841][ T7] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 36.222653][ T7] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 36.228928][ T7] usb_set_configuration+0x113f/0x1910 [ 36.234416][ T7] usb_generic_driver_probe+0xba/0x100 [ 36.239893][ T7] usb_probe_device+0xd9/0x2c0 [ 36.244686][ T7] ? usb_driver_release_interface+0x180/0x180 [ 36.250767][ T7] really_probe+0x245/0xcc0 [ 36.255432][ T7] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 36.261711][ T7] __driver_probe_device+0x338/0x4d0 [ 36.267544][ T7] driver_probe_device+0x4c/0x1a0 [ 36.272591][ T7] __device_attach_driver+0x20b/0x2f0 [ 36.277974][ T7] ? driver_allows_async_probing+0x150/0x150 [ 36.284052][ T7] bus_for_each_drv+0x15f/0x1e0 [ 36.288904][ T7] ? bus_for_each_dev+0x1d0/0x1d0 [ 36.293941][ T7] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 36.299939][ T7] ? trace_hardirqs_on+0x5b/0x1a0 [ 36.304975][ T7] __device_attach+0x228/0x4a0 [ 36.309927][ T7] ? device_driver_attach+0x210/0x210 [ 36.315319][ T7] ? kobject_uevent_env+0x2bb/0x1650 [ 36.320607][ T7] bus_probe_device+0x1e4/0x290 [ 36.325470][ T7] device_add+0xc35/0x21b0 [ 36.329904][ T7] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 36.336145][ T7] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 36.342388][ T7] usb_new_device.cold+0x63f/0x108e [ 36.347593][ T7] ? hub_disconnect+0x510/0x510 [ 36.352454][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 36.357403][ T7] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 36.363410][ T7] hub_event+0x2357/0x4330 [ 36.367840][ T7] ? hub_port_debounce+0x3c0/0x3c0 [ 36.373042][ T7] ? mark_lock+0x731/0x17b0 [ 36.377544][ T7] ? workqueue_congested+0x1f0/0x2f0 [ 36.382829][ T7] ? lock_release+0x6e0/0x6e0 [ 36.387505][ T7] ? lock_downgrade+0x6e0/0x6e0 [ 36.392354][ T7] ? do_raw_spin_lock+0x120/0x2b0 [ 36.397377][ T7] process_one_work+0x9bf/0x1620 [ 36.402330][ T7] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 36.407698][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 36.412649][ T7] worker_thread+0x658/0x11f0 [ 36.417328][ T7] ? __kthread_parkme+0x126/0x1f0 [ 36.422357][ T7] ? process_one_work+0x1620/0x1620 [ 36.427559][ T7] kthread+0x3c2/0x4a0 [ 36.431622][ T7] ? _raw_spin_unlock_irq+0x1f/0x30 [ 36.436821][ T7] ? set_kthread_struct+0x130/0x130 [ 36.442191][ T7] ret_from_fork+0x1f/0x30 [ 36.446692][ T7] [ 36.449008][ T7] The buggy address belongs to the variable: [ 36.454966][ T7] platform_bus+0x530/0x560 [ 36.459465][ T7] [ 36.461777][ T7] Memory state around the buggy address: [ 36.467394][ T7] ffffffff87bdfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.475447][ T7] ffffffff87bdfc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 executing program [ 36.483500][ T7] >ffffffff87bdfd00: 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 [ 36.491550][ T7] ^ [ 36.498382][ T7] ffffffff87bdfd80: 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 [ 36.506455][ T7] ffffffff87bdfe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.514502][ T7] ================================================================== [ 36.522633][ T7] Disabling lock debugging due to kernel taint [ 36.528890][ T7] Kernel panic - not syncing: panic_on_warn set ... [ 36.535473][ T7] CPU: 0 PID: 7 Comm: kworker/0:1 Tainted: G B 5.15.0-rc3-syzkaller #0 [ 36.545026][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.555093][ T7] Workqueue: usb_hub_wq hub_event [ 36.560132][ T7] Call Trace: [ 36.563406][ T7] dump_stack_lvl+0xcd/0x134 [ 36.568038][ T7] panic+0x2b0/0x6dd [ 36.571944][ T7] ? __warn_printk+0xf3/0xf3 [ 36.576538][ T7] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 36.582698][ T7] ? trace_hardirqs_on+0x38/0x1a0 [ 36.587744][ T7] ? trace_hardirqs_on+0x51/0x1a0 [ 36.592756][ T7] ? usb_match_device+0x4dc/0x550 [ 36.597764][ T7] ? usb_match_device+0x4dc/0x550 [ 36.602771][ T7] end_report.cold+0x63/0x6f [ 36.607386][ T7] kasan_report.cold+0x71/0xdf [ 36.612131][ T7] ? usb_match_device+0x4dc/0x550 [ 36.617137][ T7] usb_match_device+0x4dc/0x550 [ 36.621975][ T7] usb_match_id.part.0+0x10d/0x1b0 [ 36.627076][ T7] usb_match_id+0x23/0x40 [ 36.631386][ T7] ehset_prepare_port_for_testing+0x4a/0xf0 [ 36.637275][ T7] ehset_probe+0x271/0x460 [ 36.641681][ T7] ? ehset_prepare_port_for_testing+0xf0/0xf0 [ 36.647813][ T7] ? trace_hardirqs_on+0x5b/0x1a0 [ 36.652827][ T7] ? __pm_runtime_set_status+0x48a/0xc30 [ 36.658963][ T7] usb_probe_interface+0x315/0x7f0 [ 36.664056][ T7] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 36.669515][ T7] really_probe+0x245/0xcc0 [ 36.674015][ T7] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 36.680260][ T7] __driver_probe_device+0x338/0x4d0 [ 36.685551][ T7] driver_probe_device+0x4c/0x1a0 [ 36.690577][ T7] __device_attach_driver+0x20b/0x2f0 [ 36.695984][ T7] ? driver_allows_async_probing+0x150/0x150 [ 36.701968][ T7] bus_for_each_drv+0x15f/0x1e0 [ 36.706846][ T7] ? bus_for_each_dev+0x1d0/0x1d0 [ 36.711893][ T7] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 36.717863][ T7] ? trace_hardirqs_on+0x5b/0x1a0 [ 36.722883][ T7] __device_attach+0x228/0x4a0 [ 36.727646][ T7] ? device_driver_attach+0x210/0x210 [ 36.733030][ T7] ? kobject_uevent_env+0x2bb/0x1650 [ 36.738355][ T7] bus_probe_device+0x1e4/0x290 [ 36.743190][ T7] device_add+0xc35/0x21b0 [ 36.747587][ T7] ? mark_held_locks+0x9f/0xe0 [ 36.752340][ T7] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 36.758573][ T7] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 36.764533][ T7] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 36.770322][ T7] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 36.776550][ T7] usb_set_configuration+0x113f/0x1910 [ 36.781992][ T7] usb_generic_driver_probe+0xba/0x100 [ 36.787432][ T7] usb_probe_device+0xd9/0x2c0 [ 36.792185][ T7] ? usb_driver_release_interface+0x180/0x180 [ 36.798236][ T7] really_probe+0x245/0xcc0 [ 36.802722][ T7] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 36.809018][ T7] __driver_probe_device+0x338/0x4d0 [ 36.814325][ T7] driver_probe_device+0x4c/0x1a0 [ 36.819429][ T7] __device_attach_driver+0x20b/0x2f0 [ 36.824786][ T7] ? driver_allows_async_probing+0x150/0x150 [ 36.830752][ T7] bus_for_each_drv+0x15f/0x1e0 [ 36.835587][ T7] ? bus_for_each_dev+0x1d0/0x1d0 [ 36.840599][ T7] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 36.846578][ T7] ? trace_hardirqs_on+0x5b/0x1a0 [ 36.851581][ T7] __device_attach+0x228/0x4a0 [ 36.856327][ T7] ? device_driver_attach+0x210/0x210 [ 36.861785][ T7] ? kobject_uevent_env+0x2bb/0x1650 [ 36.867061][ T7] bus_probe_device+0x1e4/0x290 [ 36.871898][ T7] device_add+0xc35/0x21b0 [ 36.876296][ T7] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 36.882523][ T7] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 36.888768][ T7] usb_new_device.cold+0x63f/0x108e [ 36.893948][ T7] ? hub_disconnect+0x510/0x510 [ 36.898780][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 36.903697][ T7] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 36.909657][ T7] hub_event+0x2357/0x4330 [ 36.914057][ T7] ? hub_port_debounce+0x3c0/0x3c0 [ 36.919148][ T7] ? mark_lock+0x731/0x17b0 [ 36.923629][ T7] ? workqueue_congested+0x1f0/0x2f0 [ 36.928894][ T7] ? lock_release+0x6e0/0x6e0 [ 36.933550][ T7] ? lock_downgrade+0x6e0/0x6e0 [ 36.938378][ T7] ? do_raw_spin_lock+0x120/0x2b0 [ 36.943386][ T7] process_one_work+0x9bf/0x1620 [ 36.948302][ T7] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 36.953654][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 36.958572][ T7] worker_thread+0x658/0x11f0 [ 36.963233][ T7] ? __kthread_parkme+0x126/0x1f0 [ 36.968245][ T7] ? process_one_work+0x1620/0x1620 [ 36.973427][ T7] kthread+0x3c2/0x4a0 [ 36.977487][ T7] ? _raw_spin_unlock_irq+0x1f/0x30 [ 36.982756][ T7] ? set_kthread_struct+0x130/0x130 [ 36.987933][ T7] ret_from_fork+0x1f/0x30 [ 36.992603][ T7] Kernel Offset: disabled [ 36.996909][ T7] Rebooting in 86400 seconds..