[info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 14.355886][ C1] random: crng init done [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.229' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 33.548889][ T83] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 33.788403][ T83] usb 1-1: Using ep0 maxpacket: 8 [ 33.908496][ T83] usb 1-1: config 1 has an invalid descriptor of length 7, skipping remainder of the config [ 33.918759][ T83] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 34.008943][ T83] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 34.018026][ T83] usb 1-1: New USB device strings: Mfr=6, Product=0, SerialNumber=0 [ 34.059578][ T83] ================================================================== [ 34.067766][ T83] BUG: KASAN: slab-out-of-bounds in memcmp+0xa6/0xb0 [ 34.074557][ T83] Read of size 1 at addr ffff8881d4262f3b by task kworker/1:2/83 [ 34.082243][ T83] [ 34.084553][ T83] CPU: 1 PID: 83 Comm: kworker/1:2 Not tainted 5.3.0-rc2+ #25 [ 34.092089][ T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.104804][ T83] Workqueue: usb_hub_wq hub_event [ 34.109923][ T83] Call Trace: [ 34.113190][ T83] dump_stack+0xca/0x13e [ 34.117403][ T83] ? memcmp+0xa6/0xb0 [ 34.121358][ T83] ? memcmp+0xa6/0xb0 [ 34.125372][ T83] print_address_description+0x6a/0x32c [ 34.130896][ T83] ? memcmp+0xa6/0xb0 [ 34.134850][ T83] ? memcmp+0xa6/0xb0 [ 34.138805][ T83] __kasan_report.cold+0x1a/0x33 [ 34.143751][ T83] ? memcmp+0xa6/0xb0 [ 34.147711][ T83] kasan_report+0xe/0x12 [ 34.151925][ T83] memcmp+0xa6/0xb0 [ 34.155707][ T83] usbnet_generic_cdc_bind+0x71b/0x17c0 [ 34.161225][ T83] ? usbnet_cdc_unbind+0x210/0x210 [ 34.166312][ T83] ? lockdep_init_map+0x1b0/0x5e0 [ 34.171309][ T83] usbnet_cdc_bind+0x20/0x1a0 [ 34.175961][ T83] ? usbnet_ether_cdc_bind+0x50/0x50 [ 34.181233][ T83] usbnet_probe+0xb43/0x23d0 [ 34.185793][ T83] usb_probe_interface+0x305/0x7a0 [ 34.190876][ T83] ? usb_probe_device+0x100/0x100 [ 34.195875][ T83] really_probe+0x281/0x650 [ 34.200352][ T83] driver_probe_device+0x101/0x1b0 [ 34.205437][ T83] __device_attach_driver+0x1c2/0x220 [ 34.210782][ T83] ? driver_allows_async_probing+0x160/0x160 [ 34.216732][ T83] bus_for_each_drv+0x15c/0x1e0 [ 34.221608][ T83] ? bus_rescan_devices+0x20/0x20 [ 34.226604][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 34.232388][ T83] ? lockdep_hardirqs_on+0x379/0x580 [ 34.237644][ T83] __device_attach+0x217/0x360 [ 34.242384][ T83] ? device_bind_driver+0xd0/0xd0 [ 34.247384][ T83] ? kobject_uevent_env+0x29e/0x1160 [ 34.252641][ T83] ? kobject_uevent_env+0x2a8/0x1160 [ 34.257922][ T83] bus_probe_device+0x1e4/0x290 [ 34.262750][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 34.268614][ T83] device_add+0xae6/0x16f0 [ 34.273006][ T83] ? uevent_store+0x50/0x50 [ 34.277480][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 34.283274][ T83] usb_set_configuration+0xdf6/0x1670 [ 34.288618][ T83] generic_probe+0x9d/0xd5 [ 34.293012][ T83] usb_probe_device+0x99/0x100 [ 34.297748][ T83] ? usb_suspend+0x620/0x620 [ 34.302321][ T83] really_probe+0x281/0x650 [ 34.306795][ T83] driver_probe_device+0x101/0x1b0 [ 34.311878][ T83] __device_attach_driver+0x1c2/0x220 [ 34.317226][ T83] ? driver_allows_async_probing+0x160/0x160 [ 34.323177][ T83] bus_for_each_drv+0x15c/0x1e0 [ 34.328022][ T83] ? bus_rescan_devices+0x20/0x20 [ 34.333020][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 34.338799][ T83] ? lockdep_hardirqs_on+0x379/0x580 [ 34.344066][ T83] __device_attach+0x217/0x360 [ 34.348803][ T83] ? device_bind_driver+0xd0/0xd0 [ 34.353798][ T83] ? kobject_uevent_env+0x29e/0x1160 [ 34.359064][ T83] ? kobject_uevent_env+0x2a8/0x1160 [ 34.364322][ T83] bus_probe_device+0x1e4/0x290 [ 34.369158][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 34.375031][ T83] device_add+0xae6/0x16f0 [ 34.379417][ T83] ? uevent_store+0x50/0x50 [ 34.383894][ T83] usb_new_device.cold+0x6a4/0xe79 [ 34.388984][ T83] hub_event+0x1b5c/0x3640 [ 34.393375][ T83] ? hub_port_debounce+0x260/0x260 [ 34.398474][ T83] process_one_work+0x92b/0x1530 [ 34.403403][ T83] ? pwq_dec_nr_in_flight+0x310/0x310 [ 34.408747][ T83] ? do_raw_spin_lock+0x11a/0x280 [ 34.413834][ T83] worker_thread+0x96/0xe20 [ 34.418317][ T83] ? process_one_work+0x1530/0x1530 [ 34.423494][ T83] kthread+0x318/0x420 [ 34.427533][ T83] ? kthread_create_on_node+0xf0/0xf0 [ 34.432877][ T83] ret_from_fork+0x24/0x30 [ 34.437263][ T83] [ 34.439565][ T83] Allocated by task 83: [ 34.443699][ T83] save_stack+0x1b/0x80 [ 34.447834][ T83] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 34.453440][ T83] usb_get_configuration+0x30c/0x3070 [ 34.458797][ T83] usb_new_device+0xd3/0x160 [ 34.463380][ T83] hub_event+0x1b5c/0x3640 [ 34.467772][ T83] process_one_work+0x92b/0x1530 [ 34.472765][ T83] worker_thread+0x96/0xe20 [ 34.477244][ T83] kthread+0x318/0x420 [ 34.481289][ T83] ret_from_fork+0x24/0x30 [ 34.485671][ T83] [ 34.487979][ T83] Freed by task 269: [ 34.491850][ T83] save_stack+0x1b/0x80 [ 34.495998][ T83] __kasan_slab_free+0x130/0x180 [ 34.500917][ T83] kfree+0xe4/0x2f0 [ 34.504698][ T83] kobject_uevent_env+0x294/0x1160 [ 34.509797][ T83] kobject_synth_uevent+0x70a/0x81e [ 34.514968][ T83] uevent_store+0x20/0x50 [ 34.519278][ T83] dev_attr_store+0x50/0x80 [ 34.523760][ T83] sysfs_kf_write+0x110/0x160 [ 34.528411][ T83] kernfs_fop_write+0x2b0/0x470 [ 34.533233][ T83] __vfs_write+0x76/0x100 [ 34.537532][ T83] vfs_write+0x262/0x5c0 [ 34.541746][ T83] ksys_write+0x127/0x250 [ 34.546048][ T83] do_syscall_64+0xb7/0x580 [ 34.550524][ T83] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.556382][ T83] [ 34.558686][ T83] The buggy address belongs to the object at ffff8881d4262f00 [ 34.558686][ T83] which belongs to the cache kmalloc-64 of size 64 [ 34.572558][ T83] The buggy address is located 59 bytes inside of [ 34.572558][ T83] 64-byte region [ffff8881d4262f00, ffff8881d4262f40) [ 34.585632][ T83] The buggy address belongs to the page: [ 34.591237][ T83] page:ffffea0007509880 refcount:1 mapcount:0 mapping:ffff8881da003180 index:0x0 [ 34.600310][ T83] flags: 0x200000000000200(slab) [ 34.605242][ T83] raw: 0200000000000200 ffffea00074d1f00 0000001800000018 ffff8881da003180 [ 34.613807][ T83] raw: 0000000000000000 00000000802a002a 00000001ffffffff 0000000000000000 [ 34.622362][ T83] page dumped because: kasan: bad access detected [ 34.628743][ T83] [ 34.631044][ T83] Memory state around the buggy address: [ 34.636648][ T83] ffff8881d4262e00: fb fb fb fb fc fc fc fc 00 00 00 00 00 00 fc fc [ 34.644680][ T83] ffff8881d4262e80: fc fc fc fc fb fb fb fb fb fb fb fb fc fc fc fc [ 34.652715][ T83] >ffff8881d4262f00: 00 00 00 00 00 00 00 03 fc fc fc fc fb fb fb fb [ 34.660747][ T83] ^ [ 34.666620][ T83] ffff8881d4262f80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 34.674760][ T83] ffff8881d4263000: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fb fb [ 34.682794][ T83] ================================================================== [ 34.690843][ T83] Disabling lock debugging due to kernel taint [ 34.697091][ T83] Kernel panic - not syncing: panic_on_warn set ... [ 34.703671][ T83] CPU: 1 PID: 83 Comm: kworker/1:2 Tainted: G B 5.3.0-rc2+ #25 [ 34.712487][ T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.722529][ T83] Workqueue: usb_hub_wq hub_event [ 34.727529][ T83] Call Trace: [ 34.730796][ T83] dump_stack+0xca/0x13e [ 34.735029][ T83] panic+0x2a3/0x6da [ 34.738903][ T83] ? add_taint.cold+0x16/0x16 [ 34.743560][ T83] ? memcmp+0xa6/0xb0 [ 34.747518][ T83] ? trace_hardirqs_on+0x55/0x1e0 [ 34.752517][ T83] ? memcmp+0xa6/0xb0 [ 34.756476][ T83] end_report+0x43/0x49 [ 34.760608][ T83] ? memcmp+0xa6/0xb0 [ 34.764564][ T83] __kasan_report.cold+0xd/0x33 [ 34.769386][ T83] ? memcmp+0xa6/0xb0 [ 34.773340][ T83] kasan_report+0xe/0x12 [ 34.777555][ T83] memcmp+0xa6/0xb0 [ 34.781362][ T83] usbnet_generic_cdc_bind+0x71b/0x17c0 [ 34.786880][ T83] ? usbnet_cdc_unbind+0x210/0x210 [ 34.791965][ T83] ? lockdep_init_map+0x1b0/0x5e0 [ 34.796959][ T83] usbnet_cdc_bind+0x20/0x1a0 [ 34.801610][ T83] ? usbnet_ether_cdc_bind+0x50/0x50 [ 34.806866][ T83] usbnet_probe+0xb43/0x23d0 [ 34.811433][ T83] usb_probe_interface+0x305/0x7a0 [ 34.816519][ T83] ? usb_probe_device+0x100/0x100 [ 34.821519][ T83] really_probe+0x281/0x650 [ 34.826018][ T83] driver_probe_device+0x101/0x1b0 [ 34.831117][ T83] __device_attach_driver+0x1c2/0x220 [ 34.836534][ T83] ? driver_allows_async_probing+0x160/0x160 [ 34.842485][ T83] bus_for_each_drv+0x15c/0x1e0 [ 34.847310][ T83] ? bus_rescan_devices+0x20/0x20 [ 34.852311][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 34.858091][ T83] ? lockdep_hardirqs_on+0x379/0x580 [ 34.863368][ T83] __device_attach+0x217/0x360 [ 34.868105][ T83] ? device_bind_driver+0xd0/0xd0 [ 34.873105][ T83] ? kobject_uevent_env+0x29e/0x1160 [ 34.878367][ T83] ? kobject_uevent_env+0x2a8/0x1160 [ 34.883635][ T83] bus_probe_device+0x1e4/0x290 [ 34.888468][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 34.894334][ T83] device_add+0xae6/0x16f0 [ 34.898736][ T83] ? uevent_store+0x50/0x50 [ 34.903212][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 34.909080][ T83] usb_set_configuration+0xdf6/0x1670 [ 34.914423][ T83] generic_probe+0x9d/0xd5 [ 34.918830][ T83] usb_probe_device+0x99/0x100 [ 34.923567][ T83] ? usb_suspend+0x620/0x620 [ 34.928148][ T83] really_probe+0x281/0x650 [ 34.932625][ T83] driver_probe_device+0x101/0x1b0 [ 34.937714][ T83] __device_attach_driver+0x1c2/0x220 [ 34.943083][ T83] ? driver_allows_async_probing+0x160/0x160 [ 34.949049][ T83] bus_for_each_drv+0x15c/0x1e0 [ 34.953875][ T83] ? bus_rescan_devices+0x20/0x20 [ 34.958875][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 34.964656][ T83] ? lockdep_hardirqs_on+0x379/0x580 [ 34.969914][ T83] __device_attach+0x217/0x360 [ 34.974651][ T83] ? device_bind_driver+0xd0/0xd0 [ 34.979651][ T83] ? kobject_uevent_env+0x29e/0x1160 [ 34.984907][ T83] ? kobject_uevent_env+0x2a8/0x1160 [ 34.990167][ T83] bus_probe_device+0x1e4/0x290 [ 34.995000][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 35.000865][ T83] device_add+0xae6/0x16f0 [ 35.005255][ T83] ? uevent_store+0x50/0x50 [ 35.009744][ T83] usb_new_device.cold+0x6a4/0xe79 [ 35.014827][ T83] hub_event+0x1b5c/0x3640 [ 35.019220][ T83] ? hub_port_debounce+0x260/0x260 [ 35.024306][ T83] process_one_work+0x92b/0x1530 [ 35.029218][ T83] ? pwq_dec_nr_in_flight+0x310/0x310 [ 35.034576][ T83] ? do_raw_spin_lock+0x11a/0x280 [ 35.039595][ T83] worker_thread+0x96/0xe20 [ 35.044075][ T83] ? process_one_work+0x1530/0x1530 [ 35.049249][ T83] kthread+0x318/0x420 [ 35.053296][ T83] ? kthread_create_on_node+0xf0/0xf0 [ 35.058641][ T83] ret_from_fork+0x24/0x30 [ 35.063884][ T83] Kernel Offset: disabled [ 35.068191][ T83] Rebooting in 86400 seconds..