Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 55.569708] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 55.809642] usb 1-1: Using ep0 maxpacket: 8 [ 55.929720] usb 1-1: config 0 has an invalid interface number: 170 but max is 0 [ 55.937525] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 55.947802] usb 1-1: config 0 has no interface number 0 [ 55.953778] usb 1-1: config 0 interface 170 has no altsetting 0 [ 55.960511] usb 1-1: New USB device found, idVendor=0742, idProduct=200a, bcdDevice=c2.97 [ 55.969048] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.978407] usb 1-1: config 0 descriptor?? [ 56.022343] ================================================================== [ 56.029995] BUG: KASAN: stack-out-of-bounds in hfcsusb_probe.cold+0x1a43/0x267f [ 56.038205] Read of size 4 at addr ffff8880a84c72f0 by task kworker/0:1/12 [ 56.045458] [ 56.047454] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.1.0-rc4-319354-g9a33b36 #3 [ 56.055614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.065425] Workqueue: usb_hub_wq hub_event [ 56.069743] Call Trace: [ 56.072322] dump_stack+0xe8/0x16e [ 56.076007] ? hfcsusb_probe.cold+0x1a43/0x267f [ 56.080775] ? hfcsusb_probe.cold+0x1a43/0x267f [ 56.085429] print_address_description+0x6c/0x236 [ 56.090493] ? hfcsusb_probe.cold+0x1a43/0x267f [ 56.095289] ? hfcsusb_probe.cold+0x1a43/0x267f [ 56.100287] kasan_report.cold+0x1a/0x3c [ 56.104388] ? hfcsusb_probe.cold+0x1a43/0x267f [ 56.109213] hfcsusb_probe.cold+0x1a43/0x267f [ 56.113739] ? handle_led+0x780/0x780 [ 56.117541] ? __pm_runtime_set_status+0x5d6/0xa10 [ 56.122575] usb_probe_interface+0x31d/0x820 [ 56.126986] ? usb_probe_device+0x150/0x150 [ 56.131306] really_probe+0x2da/0xb10 [ 56.135136] driver_probe_device+0x21d/0x350 [ 56.139776] __device_attach_driver+0x1d8/0x290 [ 56.144825] ? driver_allows_async_probing+0x160/0x160 [ 56.150207] bus_for_each_drv+0x163/0x1e0 [ 56.154356] ? bus_rescan_devices+0x30/0x30 [ 56.158852] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 56.164168] ? lockdep_hardirqs_on+0x37e/0x580 [ 56.169040] __device_attach+0x223/0x3a0 [ 56.173167] ? device_bind_driver+0xe0/0xe0 [ 56.177488] ? kobject_uevent_env+0x295/0x13d0 [ 56.182212] bus_probe_device+0x1f1/0x2a0 [ 56.186424] ? blocking_notifier_call_chain+0x59/0xb0 [ 56.191753] device_add+0xad2/0x16e0 [ 56.195593] ? get_device_parent.isra.0+0x560/0x560 [ 56.200607] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 56.205814] usb_set_configuration+0xdf7/0x1740 [ 56.210722] generic_probe+0xa2/0xda [ 56.214433] usb_probe_device+0xc0/0x150 [ 56.218658] ? usb_suspend+0x5f0/0x5f0 [ 56.222550] really_probe+0x2da/0xb10 [ 56.226648] driver_probe_device+0x21d/0x350 [ 56.231110] __device_attach_driver+0x1d8/0x290 [ 56.235788] ? driver_allows_async_probing+0x160/0x160 [ 56.241197] bus_for_each_drv+0x163/0x1e0 [ 56.245354] ? bus_rescan_devices+0x30/0x30 [ 56.249845] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 56.255193] ? lockdep_hardirqs_on+0x37e/0x580 [ 56.259887] __device_attach+0x223/0x3a0 [ 56.264103] ? device_bind_driver+0xe0/0xe0 [ 56.268414] ? kobject_uevent_env+0x295/0x13d0 [ 56.273180] bus_probe_device+0x1f1/0x2a0 [ 56.277327] ? blocking_notifier_call_chain+0x59/0xb0 [ 56.282514] device_add+0xad2/0x16e0 [ 56.286313] ? get_device_parent.isra.0+0x560/0x560 [ 56.291414] usb_new_device.cold+0x537/0xccf [ 56.295885] hub_event+0x138e/0x3b00 [ 56.299734] ? hub_port_debounce+0x350/0x350 [ 56.304216] ? _raw_spin_unlock_irq+0x29/0x40 [ 56.308945] process_one_work+0x90f/0x1580 [ 56.313422] ? wq_pool_ids_show+0x300/0x300 [ 56.317740] ? do_raw_spin_lock+0x11f/0x290 [ 56.322061] worker_thread+0x9b/0xe20 [ 56.325920] ? process_one_work+0x1580/0x1580 [ 56.330720] kthread+0x313/0x420 [ 56.334131] ? kthread_park+0x1a0/0x1a0 [ 56.338208] ret_from_fork+0x3a/0x50 [ 56.342142] [ 56.343761] The buggy address belongs to the page: [ 56.348872] page:ffffea0002a131c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 56.357107] flags: 0xfff00000000000() [ 56.360894] raw: 00fff00000000000 ffffea0002a131c8 ffffea0002a131c8 0000000000000000 [ 56.368998] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 56.377478] page dumped because: kasan: bad access detected [ 56.383391] [ 56.385052] Memory state around the buggy address: [ 56.390380] ffff8880a84c7180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.397886] ffff8880a84c7200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 [ 56.405369] >ffff8880a84c7280: f1 f1 f1 f1 01 f2 00 00 00 00 00 00 00 00 f3 f3 [ 56.412921] ^ [ 56.420147] ffff8880a84c7300: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.427695] ffff8880a84c7380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.435129] ================================================================== [ 56.442642] Disabling lock debugging due to kernel taint [ 56.448450] Kernel panic - not syncing: panic_on_warn set ... [ 56.454365] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G B 5.1.0-rc4-319354-g9a33b36 #3 [ 56.463714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.473076] Workqueue: usb_hub_wq hub_event [ 56.477383] Call Trace: [ 56.479961] dump_stack+0xe8/0x16e [ 56.483628] panic+0x29d/0x5f2 [ 56.486812] ? __warn_printk+0xf8/0xf8 [ 56.490694] ? hfcsusb_probe.cold+0x1a43/0x267f [ 56.495493] ? trace_hardirqs_on+0x55/0x1c0 [ 56.499970] ? hfcsusb_probe.cold+0x1a43/0x267f [ 56.504623] end_report+0x48/0x4e [ 56.508170] ? hfcsusb_probe.cold+0x1a43/0x267f [ 56.513046] kasan_report.cold+0xd/0x3c [ 56.517017] ? hfcsusb_probe.cold+0x1a43/0x267f [ 56.521687] hfcsusb_probe.cold+0x1a43/0x267f [ 56.526434] ? handle_led+0x780/0x780 [ 56.530219] ? __pm_runtime_set_status+0x5d6/0xa10 [ 56.535309] usb_probe_interface+0x31d/0x820 [ 56.539875] ? usb_probe_device+0x150/0x150 [ 56.544180] really_probe+0x2da/0xb10 [ 56.548050] driver_probe_device+0x21d/0x350 [ 56.552637] __device_attach_driver+0x1d8/0x290 [ 56.557295] ? driver_allows_async_probing+0x160/0x160 [ 56.562832] bus_for_each_drv+0x163/0x1e0 [ 56.566963] ? bus_rescan_devices+0x30/0x30 [ 56.571885] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 56.577197] ? lockdep_hardirqs_on+0x37e/0x580 [ 56.581850] __device_attach+0x223/0x3a0 [ 56.586215] ? device_bind_driver+0xe0/0xe0 [ 56.590617] ? kobject_uevent_env+0x295/0x13d0 [ 56.595271] bus_probe_device+0x1f1/0x2a0 [ 56.599418] ? blocking_notifier_call_chain+0x59/0xb0 [ 56.604712] device_add+0xad2/0x16e0 [ 56.608411] ? get_device_parent.isra.0+0x560/0x560 [ 56.613407] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 56.618521] usb_set_configuration+0xdf7/0x1740 [ 56.623444] generic_probe+0xa2/0xda [ 56.627142] usb_probe_device+0xc0/0x150 [ 56.631414] ? usb_suspend+0x5f0/0x5f0 [ 56.635315] really_probe+0x2da/0xb10 [ 56.639109] driver_probe_device+0x21d/0x350 [ 56.643608] __device_attach_driver+0x1d8/0x290 [ 56.648264] ? driver_allows_async_probing+0x160/0x160 [ 56.653612] bus_for_each_drv+0x163/0x1e0 [ 56.657918] ? bus_rescan_devices+0x30/0x30 [ 56.662309] ? _raw_spin_unlock_irqrestore+0x4b/0x60 [ 56.667400] ? lockdep_hardirqs_on+0x37e/0x580 [ 56.671967] __device_attach+0x223/0x3a0 [ 56.676096] ? device_bind_driver+0xe0/0xe0 [ 56.680494] ? kobject_uevent_env+0x295/0x13d0 [ 56.685158] bus_probe_device+0x1f1/0x2a0 [ 56.689292] ? blocking_notifier_call_chain+0x59/0xb0 [ 56.694652] device_add+0xad2/0x16e0 [ 56.698462] ? get_device_parent.isra.0+0x560/0x560 [ 56.703679] usb_new_device.cold+0x537/0xccf [ 56.708247] hub_event+0x138e/0x3b00 [ 56.711951] ? hub_port_debounce+0x350/0x350 [ 56.716440] ? _raw_spin_unlock_irq+0x29/0x40 [ 56.721184] process_one_work+0x90f/0x1580 [ 56.725423] ? wq_pool_ids_show+0x300/0x300 [ 56.729834] ? do_raw_spin_lock+0x11f/0x290 [ 56.734231] worker_thread+0x9b/0xe20 [ 56.738020] ? process_one_work+0x1580/0x1580 [ 56.742933] kthread+0x313/0x420 [ 56.746285] ? kthread_park+0x1a0/0x1a0 [ 56.750338] ret_from_fork+0x3a/0x50 [ 56.755768] Kernel Offset: disabled [ 56.759665] Rebooting in 86400 seconds..