[info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[ 14.702025][ C1] random: crng init done [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 37.543325][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 37.783276][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 37.903404][ T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 37.914559][ T12] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 37.927405][ T12] usb 1-1: New USB device found, idVendor=046d, idProduct=ca03, bcdDevice= 0.00 [ 37.936465][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 37.945704][ T12] usb 1-1: config 0 descriptor?? [ 38.417330][ T12] logitech 0003:046D:CA03.0001: hidraw0: USB HID v0.00 Device [HID 046d:ca03] on usb-dummy_hcd.0-1/input0 [ 38.428865][ T12] ================================================================== [ 38.436986][ T12] BUG: KASAN: slab-out-of-bounds in lg4ff_init+0x89c/0x1800 [ 38.444351][ T12] Write of size 8 at addr ffff8881d5f147c0 by task kworker/0:1/12 [ 38.452123][ T12] [ 38.454438][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.3.0+ #0 [ 38.461467][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.471543][ T12] Workqueue: usb_hub_wq hub_event [ 38.476548][ T12] Call Trace: [ 38.479860][ T12] dump_stack+0xca/0x13e [ 38.484095][ T12] ? lg4ff_init+0x89c/0x1800 [ 38.488666][ T12] ? lg4ff_init+0x89c/0x1800 [ 38.493235][ T12] print_address_description.constprop.0+0x36/0x50 [ 38.499726][ T12] ? lg4ff_init+0x89c/0x1800 [ 38.504295][ T12] ? lg4ff_init+0x89c/0x1800 [ 38.508864][ T12] __kasan_report.cold+0x1a/0x33 [ 38.513808][ T12] ? lg4ff_init+0x89c/0x1800 [ 38.518376][ T12] kasan_report+0xe/0x12 [ 38.522609][ T12] check_memory_region+0x128/0x190 [ 38.527698][ T12] lg4ff_init+0x89c/0x1800 [ 38.532237][ T12] ? lg4ff_raw_event+0x400/0x400 [ 38.537969][ T12] lg_probe+0x3b3/0x8a0 [ 38.542116][ T12] ? mutex_trylock+0x2c0/0x2c0 [ 38.546862][ T12] ? lg_remove+0xa0/0xa0 [ 38.551080][ T12] ? __mutex_unlock_slowpath+0xea/0x670 [ 38.556602][ T12] ? rwlock_bug.part.0+0x90/0x90 [ 38.561525][ T12] ? wait_for_completion+0x3c0/0x3c0 [ 38.566804][ T12] ? hid_match_one_id+0x9d/0x2c0 [ 38.571738][ T12] ? lg_remove+0xa0/0xa0 [ 38.576048][ T12] hid_device_probe+0x2be/0x3f0 [ 38.580896][ T12] ? hid_match_device+0x1f0/0x1f0 [ 38.585907][ T12] really_probe+0x281/0x6d0 [ 38.590516][ T12] driver_probe_device+0x104/0x210 [ 38.595616][ T12] __device_attach_driver+0x1c2/0x220 [ 38.600987][ T12] ? driver_allows_async_probing+0x160/0x160 [ 38.606957][ T12] bus_for_each_drv+0x162/0x1e0 [ 38.611791][ T12] ? bus_rescan_devices+0x20/0x20 [ 38.616802][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 38.622644][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 38.627913][ T12] __device_attach+0x217/0x360 [ 38.632675][ T12] ? device_bind_driver+0xd0/0xd0 [ 38.637681][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 38.642944][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 38.648233][ T12] bus_probe_device+0x1e4/0x290 [ 38.653068][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 38.658943][ T12] device_add+0xae6/0x16f0 [ 38.663623][ T12] ? uevent_store+0x50/0x50 [ 38.668106][ T12] ? __debugfs_create_file+0x2da/0x3c0 [ 38.673545][ T12] hid_add_device+0x33c/0x990 [ 38.678205][ T12] ? debug_object_fixup+0x30/0x30 [ 38.683211][ T12] ? __hid_bus_reprobe_drivers+0x130/0x130 [ 38.689001][ T12] ? lockdep_init_map+0x1b0/0x5e0 [ 38.694005][ T12] usbhid_probe+0xa81/0xfa0 [ 38.698536][ T12] usb_probe_interface+0x305/0x7a0 [ 38.703632][ T12] ? usb_probe_device+0x100/0x100 [ 38.708637][ T12] really_probe+0x281/0x6d0 [ 38.713117][ T12] driver_probe_device+0x104/0x210 [ 38.718215][ T12] __device_attach_driver+0x1c2/0x220 [ 38.723568][ T12] ? driver_allows_async_probing+0x160/0x160 [ 38.729524][ T12] bus_for_each_drv+0x162/0x1e0 [ 38.734352][ T12] ? bus_rescan_devices+0x20/0x20 [ 38.740160][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 38.745977][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 38.751265][ T12] __device_attach+0x217/0x360 [ 38.756011][ T12] ? device_bind_driver+0xd0/0xd0 [ 38.761029][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 38.766318][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 38.771596][ T12] bus_probe_device+0x1e4/0x290 [ 38.776426][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 38.782414][ T12] device_add+0xae6/0x16f0 [ 38.786820][ T12] ? uevent_store+0x50/0x50 [ 38.791312][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 38.797102][ T12] usb_set_configuration+0xdf6/0x1670 [ 38.802453][ T12] generic_probe+0x9d/0xd5 [ 38.806846][ T12] usb_probe_device+0x99/0x100 [ 38.811600][ T12] ? usb_suspend+0x620/0x620 [ 38.816168][ T12] really_probe+0x281/0x6d0 [ 38.820680][ T12] driver_probe_device+0x104/0x210 [ 38.825783][ T12] __device_attach_driver+0x1c2/0x220 [ 38.831144][ T12] ? driver_allows_async_probing+0x160/0x160 [ 38.837099][ T12] bus_for_each_drv+0x162/0x1e0 [ 38.841927][ T12] ? bus_rescan_devices+0x20/0x20 [ 38.846942][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 38.852731][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 38.858002][ T12] __device_attach+0x217/0x360 [ 38.863012][ T12] ? device_bind_driver+0xd0/0xd0 [ 38.868032][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 38.873308][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 38.878572][ T12] bus_probe_device+0x1e4/0x290 [ 38.883403][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 38.889271][ T12] device_add+0xae6/0x16f0 [ 38.893663][ T12] ? uevent_store+0x50/0x50 [ 38.898144][ T12] usb_new_device.cold+0x6a4/0xe79 [ 38.903259][ T12] hub_event+0x1b5c/0x3640 [ 38.907655][ T12] ? hub_port_debounce+0x260/0x260 [ 38.912743][ T12] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 38.918285][ T12] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 38.923568][ T12] process_one_work+0x92b/0x1530 [ 38.928484][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 38.933831][ T12] ? do_raw_spin_lock+0x11a/0x280 [ 38.938848][ T12] worker_thread+0x96/0xe20 [ 38.943342][ T12] ? process_one_work+0x1530/0x1530 [ 38.948518][ T12] kthread+0x318/0x420 [ 38.952564][ T12] ? kthread_create_on_node+0xf0/0xf0 [ 38.957915][ T12] ret_from_fork+0x24/0x30 [ 38.962305][ T12] [ 38.964612][ T12] Allocated by task 12: [ 38.968762][ T12] save_stack+0x1b/0x80 [ 38.973027][ T12] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 38.978648][ T12] hidraw_connect+0x4b/0x3e0 [ 38.983224][ T12] hid_connect+0x5c7/0xbb0 [ 38.987627][ T12] hid_hw_start+0xa2/0x130 [ 38.992185][ T12] lg_probe+0x2a4/0x8a0 [ 38.996332][ T12] hid_device_probe+0x2be/0x3f0 [ 39.001168][ T12] really_probe+0x281/0x6d0 [ 39.005653][ T12] driver_probe_device+0x104/0x210 [ 39.010743][ T12] __device_attach_driver+0x1c2/0x220 [ 39.016094][ T12] bus_for_each_drv+0x162/0x1e0 [ 39.020921][ T12] __device_attach+0x217/0x360 [ 39.025661][ T12] bus_probe_device+0x1e4/0x290 [ 39.030486][ T12] device_add+0xae6/0x16f0 [ 39.034879][ T12] hid_add_device+0x33c/0x990 [ 39.039540][ T12] usbhid_probe+0xa81/0xfa0 [ 39.044040][ T12] usb_probe_interface+0x305/0x7a0 [ 39.049127][ T12] really_probe+0x281/0x6d0 [ 39.053608][ T12] driver_probe_device+0x104/0x210 [ 39.058700][ T12] __device_attach_driver+0x1c2/0x220 [ 39.064134][ T12] bus_for_each_drv+0x162/0x1e0 [ 39.072955][ T12] __device_attach+0x217/0x360 [ 39.077694][ T12] bus_probe_device+0x1e4/0x290 [ 39.082519][ T12] device_add+0xae6/0x16f0 [ 39.087096][ T12] usb_set_configuration+0xdf6/0x1670 [ 39.092457][ T12] generic_probe+0x9d/0xd5 [ 39.096848][ T12] usb_probe_device+0x99/0x100 [ 39.101605][ T12] really_probe+0x281/0x6d0 [ 39.106087][ T12] driver_probe_device+0x104/0x210 [ 39.111175][ T12] __device_attach_driver+0x1c2/0x220 [ 39.116543][ T12] bus_for_each_drv+0x162/0x1e0 [ 39.121373][ T12] __device_attach+0x217/0x360 [ 39.126113][ T12] bus_probe_device+0x1e4/0x290 [ 39.130957][ T12] device_add+0xae6/0x16f0 [ 39.135352][ T12] usb_new_device.cold+0x6a4/0xe79 [ 39.141047][ T12] hub_event+0x1b5c/0x3640 [ 39.145443][ T12] process_one_work+0x92b/0x1530 [ 39.150372][ T12] worker_thread+0x96/0xe20 [ 39.154851][ T12] kthread+0x318/0x420 [ 39.158896][ T12] ret_from_fork+0x24/0x30 [ 39.163284][ T12] [ 39.165590][ T12] Freed by task 12: [ 39.169392][ T12] save_stack+0x1b/0x80 [ 39.173528][ T12] __kasan_slab_free+0x130/0x180 [ 39.178442][ T12] kfree+0xe4/0x2f0 [ 39.182229][ T12] usb_free_urb.part.0+0x7a/0xc0 [ 39.187144][ T12] usb_free_urb+0x1b/0x30 [ 39.191451][ T12] usb_start_wait_urb+0x1e5/0x2b0 [ 39.196458][ T12] usb_control_msg+0x31c/0x4a0 [ 39.201198][ T12] set_port_feature+0x69/0x90 [ 39.205853][ T12] hub_suspend+0x769/0x910 [ 39.210246][ T12] usb_suspend_both+0x260/0x7b0 [ 39.215088][ T12] usb_runtime_suspend+0x46/0x120 [ 39.220090][ T12] __rpm_callback+0x27e/0x3c0 [ 39.224746][ T12] rpm_callback+0x18f/0x230 [ 39.229247][ T12] rpm_suspend+0x37a/0x1300 [ 39.233740][ T12] __pm_runtime_suspend+0xbb/0x150 [ 39.238839][ T12] usb_runtime_idle+0x44/0x60 [ 39.243499][ T12] __rpm_callback+0x27e/0x3c0 [ 39.248159][ T12] rpm_idle+0x200/0x8f0 [ 39.252292][ T12] pm_runtime_work+0x13e/0x180 [ 39.257033][ T12] process_one_work+0x92b/0x1530 [ 39.261945][ T12] worker_thread+0x96/0xe20 [ 39.266425][ T12] kthread+0x318/0x420 [ 39.270472][ T12] ret_from_fork+0x24/0x30 [ 39.274866][ T12] [ 39.277173][ T12] The buggy address belongs to the object at ffff8881d5f14700 [ 39.277173][ T12] which belongs to the cache kmalloc-192 of size 192 [ 39.291202][ T12] The buggy address is located 0 bytes to the right of [ 39.291202][ T12] 192-byte region [ffff8881d5f14700, ffff8881d5f147c0) [ 39.304809][ T12] The buggy address belongs to the page: [ 39.310437][ T12] page:ffffea000757c500 refcount:1 mapcount:0 mapping:ffff8881da002a00 index:0x0 [ 39.319528][ T12] flags: 0x200000000000200(slab) [ 39.324468][ T12] raw: 0200000000000200 ffffea00075784c0 0000000600000006 ffff8881da002a00 [ 39.333034][ T12] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 39.341607][ T12] page dumped because: kasan: bad access detected [ 39.347999][ T12] [ 39.350333][ T12] Memory state around the buggy address: [ 39.355946][ T12] ffff8881d5f14680: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 39.363985][ T12] ffff8881d5f14700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.372038][ T12] >ffff8881d5f14780: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 39.380083][ T12] ^ [ 39.386263][ T12] ffff8881d5f14800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.394325][ T12] ffff8881d5f14880: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 39.402364][ T12] ================================================================== [ 39.410414][ T12] Disabling lock debugging due to kernel taint [ 39.416621][ T12] Kernel panic - not syncing: panic_on_warn set ... [ 39.423213][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G B 5.3.0+ #0 [ 39.431603][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.441645][ T12] Workqueue: usb_hub_wq hub_event [ 39.446646][ T12] Call Trace: [ 39.449934][ T12] dump_stack+0xca/0x13e [ 39.454169][ T12] panic+0x2a3/0x6da [ 39.458074][ T12] ? add_taint.cold+0x16/0x16 [ 39.462749][ T12] ? retint_kernel+0x10/0x10 [ 39.467410][ T12] ? trace_hardirqs_on+0x55/0x1e0 [ 39.472416][ T12] ? lg4ff_init+0x89c/0x1800 [ 39.476989][ T12] end_report+0x43/0x49 [ 39.481124][ T12] ? lg4ff_init+0x89c/0x1800 [ 39.485693][ T12] __kasan_report.cold+0xd/0x33 [ 39.490523][ T12] ? lg4ff_init+0x89c/0x1800 [ 39.495107][ T12] kasan_report+0xe/0x12 [ 39.499330][ T12] check_memory_region+0x128/0x190 [ 39.504421][ T12] lg4ff_init+0x89c/0x1800 [ 39.508817][ T12] ? lg4ff_raw_event+0x400/0x400 [ 39.513730][ T12] lg_probe+0x3b3/0x8a0 [ 39.517867][ T12] ? mutex_trylock+0x2c0/0x2c0 [ 39.522610][ T12] ? lg_remove+0xa0/0xa0 [ 39.526831][ T12] ? __mutex_unlock_slowpath+0xea/0x670 [ 39.532355][ T12] ? rwlock_bug.part.0+0x90/0x90 [ 39.537272][ T12] ? wait_for_completion+0x3c0/0x3c0 [ 39.542535][ T12] ? hid_match_one_id+0x9d/0x2c0 [ 39.547468][ T12] ? lg_remove+0xa0/0xa0 [ 39.551696][ T12] hid_device_probe+0x2be/0x3f0 [ 39.556529][ T12] ? hid_match_device+0x1f0/0x1f0 [ 39.561548][ T12] really_probe+0x281/0x6d0 [ 39.566049][ T12] driver_probe_device+0x104/0x210 [ 39.571138][ T12] __device_attach_driver+0x1c2/0x220 [ 39.576489][ T12] ? driver_allows_async_probing+0x160/0x160 [ 39.582445][ T12] bus_for_each_drv+0x162/0x1e0 [ 39.587287][ T12] ? bus_rescan_devices+0x20/0x20 [ 39.592305][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 39.598092][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 39.603354][ T12] __device_attach+0x217/0x360 [ 39.608095][ T12] ? device_bind_driver+0xd0/0xd0 [ 39.613103][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 39.618364][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 39.623627][ T12] bus_probe_device+0x1e4/0x290 [ 39.628459][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 39.634329][ T12] device_add+0xae6/0x16f0 [ 39.638723][ T12] ? uevent_store+0x50/0x50 [ 39.643205][ T12] ? __debugfs_create_file+0x2da/0x3c0 [ 39.648656][ T12] hid_add_device+0x33c/0x990 [ 39.653576][ T12] ? debug_object_fixup+0x30/0x30 [ 39.658619][ T12] ? __hid_bus_reprobe_drivers+0x130/0x130 [ 39.664406][ T12] ? lockdep_init_map+0x1b0/0x5e0 [ 39.669498][ T12] usbhid_probe+0xa81/0xfa0 [ 39.673981][ T12] usb_probe_interface+0x305/0x7a0 [ 39.679072][ T12] ? usb_probe_device+0x100/0x100 [ 39.684096][ T12] really_probe+0x281/0x6d0 [ 39.688577][ T12] driver_probe_device+0x104/0x210 [ 39.693675][ T12] __device_attach_driver+0x1c2/0x220 [ 39.699025][ T12] ? driver_allows_async_probing+0x160/0x160 [ 39.704984][ T12] bus_for_each_drv+0x162/0x1e0 [ 39.709816][ T12] ? bus_rescan_devices+0x20/0x20 [ 39.714839][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 39.720649][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 39.725916][ T12] __device_attach+0x217/0x360 [ 39.730660][ T12] ? device_bind_driver+0xd0/0xd0 [ 39.736019][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 39.741371][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 39.746635][ T12] bus_probe_device+0x1e4/0x290 [ 39.751464][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 39.757335][ T12] device_add+0xae6/0x16f0 [ 39.761732][ T12] ? uevent_store+0x50/0x50 [ 39.766218][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 39.772003][ T12] usb_set_configuration+0xdf6/0x1670 [ 39.777355][ T12] generic_probe+0x9d/0xd5 [ 39.781750][ T12] usb_probe_device+0x99/0x100 [ 39.786505][ T12] ? usb_suspend+0x620/0x620 [ 39.791095][ T12] really_probe+0x281/0x6d0 [ 39.795579][ T12] driver_probe_device+0x104/0x210 [ 39.800691][ T12] __device_attach_driver+0x1c2/0x220 [ 39.806044][ T12] ? driver_allows_async_probing+0x160/0x160 [ 39.812001][ T12] bus_for_each_drv+0x162/0x1e0 [ 39.816829][ T12] ? bus_rescan_devices+0x20/0x20 [ 39.821833][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 39.827619][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 39.832896][ T12] __device_attach+0x217/0x360 [ 39.837639][ T12] ? device_bind_driver+0xd0/0xd0 [ 39.842645][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 39.847912][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 39.853174][ T12] bus_probe_device+0x1e4/0x290 [ 39.858002][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 39.863890][ T12] device_add+0xae6/0x16f0 [ 39.868286][ T12] ? uevent_store+0x50/0x50 [ 39.872773][ T12] usb_new_device.cold+0x6a4/0xe79 [ 39.877862][ T12] hub_event+0x1b5c/0x3640 [ 39.882260][ T12] ? hub_port_debounce+0x260/0x260 [ 39.887358][ T12] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 39.892886][ T12] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 39.898168][ T12] process_one_work+0x92b/0x1530 [ 39.903083][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 39.908429][ T12] ? do_raw_spin_lock+0x11a/0x280 [ 39.913429][ T12] worker_thread+0x96/0xe20 [ 39.918003][ T12] ? process_one_work+0x1530/0x1530 [ 39.923181][ T12] kthread+0x318/0x420 [ 39.927230][ T12] ? kthread_create_on_node+0xf0/0xf0 [ 39.932579][ T12] ret_from_fork+0x24/0x30 [ 39.937657][ T12] Kernel Offset: disabled [ 39.941967][ T12] Rebooting in 86400 seconds..