
[   15.130508][    C1] random: crng init done
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.13' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   63.727435][   T83] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   63.967391][   T83] usb 1-1: Using ep0 maxpacket: 8
[   64.087499][   T83] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   64.098505][   T83] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   64.111381][   T83] usb 1-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[   64.120455][   T83] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   64.129873][   T83] usb 1-1: config 0 descriptor??
[   64.609166][   T83] logitech 0003:046D:C298.0001: unknown main item tag 0x0
[   64.616471][   T83] logitech 0003:046D:C298.0001: unknown main item tag 0x0
[   64.625442][   T83] logitech 0003:046D:C298.0001: hidraw0: USB HID v0.00 Device [HID 046d:c298] on usb-dummy_hcd.0-1/input0
[   64.636955][   T83] ==================================================================
[   64.645106][   T83] BUG: KASAN: slab-out-of-bounds in lg4ff_init+0x89c/0x1800
[   64.652414][   T83] Write of size 8 at addr ffff8881d81fe9c0 by task kworker/1:2/83
[   64.660207][   T83] 
[   64.662524][   T83] CPU: 1 PID: 83 Comm: kworker/1:2 Not tainted 5.3.0-rc2+ #25
[   64.669970][   T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.680067][   T83] Workqueue: usb_hub_wq hub_event
[   64.685313][   T83] Call Trace:
[   64.688596][   T83]  dump_stack+0xca/0x13e
[   64.692919][   T83]  ? lg4ff_init+0x89c/0x1800
[   64.697500][   T83]  ? lg4ff_init+0x89c/0x1800
[   64.702199][   T83]  print_address_description+0x6a/0x32c
[   64.707738][   T83]  ? lg4ff_init+0x89c/0x1800
[   64.712319][   T83]  ? lg4ff_init+0x89c/0x1800
[   64.716893][   T83]  __kasan_report.cold+0x1a/0x33
[   64.721836][   T83]  ? lg4ff_init+0x89c/0x1800
[   64.726622][   T83]  kasan_report+0xe/0x12
[   64.730867][   T83]  check_memory_region+0x128/0x190
[   64.736251][   T83]  lg4ff_init+0x89c/0x1800
[   64.740669][   T83]  ? lg4ff_raw_event+0x400/0x400
[   64.745603][   T83]  lg_probe+0x3b3/0x890
[   64.749792][   T83]  ? mutex_trylock+0x2c0/0x2c0
[   64.754556][   T83]  ? lg_remove+0xa0/0xa0
[   64.758785][   T83]  ? __mutex_unlock_slowpath+0xea/0x670
[   64.764319][   T83]  ? rwlock_bug.part.0+0x90/0x90
[   64.769243][   T83]  ? wait_for_completion+0x3c0/0x3c0
[   64.774520][   T83]  ? hid_match_one_id+0x9d/0x2c0
[   64.779450][   T83]  ? lg_remove+0xa0/0xa0
[   64.783721][   T83]  hid_device_probe+0x2be/0x3f0
[   64.788566][   T83]  ? hid_match_device+0x1f0/0x1f0
[   64.793694][   T83]  really_probe+0x281/0x650
[   64.798191][   T83]  driver_probe_device+0x101/0x1b0
[   64.803297][   T83]  __device_attach_driver+0x1c2/0x220
[   64.808662][   T83]  ? driver_allows_async_probing+0x160/0x160
[   64.814663][   T83]  bus_for_each_drv+0x15c/0x1e0
[   64.819511][   T83]  ? bus_rescan_devices+0x20/0x20
[   64.824523][   T83]  ? _raw_spin_unlock_irqrestore+0x3e/0x50
[   64.830355][   T83]  ? lockdep_hardirqs_on+0x379/0x580
[   64.835643][   T83]  __device_attach+0x217/0x360
[   64.840425][   T83]  ? device_bind_driver+0xd0/0xd0
[   64.845442][   T83]  ? kobject_uevent_env+0x29e/0x1160
[   64.850723][   T83]  ? kobject_uevent_env+0x2a8/0x1160
[   64.856041][   T83]  bus_probe_device+0x1e4/0x290
[   64.861016][   T83]  ? blocking_notifier_call_chain+0x54/0xa0
[   64.867076][   T83]  device_add+0xae6/0x16f0
[   64.871490][   T83]  ? up_write+0x97/0x270
[   64.875722][   T83]  ? uevent_store+0x50/0x50
[   64.880215][   T83]  ? __debugfs_create_file+0x2da/0x3c0
[   64.885846][   T83]  hid_add_device+0x33c/0x990
[   64.890545][   T83]  ? hid_allocate_device+0x440/0x440
[   64.895825][   T83]  ? lockdep_init_map+0x1b0/0x5e0
[   64.900840][   T83]  usbhid_probe+0xa81/0xfa0
[   64.905328][   T83]  usb_probe_interface+0x305/0x7a0
[   64.910422][   T83]  ? usb_probe_device+0x100/0x100
[   64.915430][   T83]  really_probe+0x281/0x650
[   64.919916][   T83]  driver_probe_device+0x101/0x1b0
[   64.925019][   T83]  __device_attach_driver+0x1c2/0x220
[   64.930460][   T83]  ? driver_allows_async_probing+0x160/0x160
[   64.936431][   T83]  bus_for_each_drv+0x15c/0x1e0
[   64.941282][   T83]  ? bus_rescan_devices+0x20/0x20
[   64.946349][   T83]  ? _raw_spin_unlock_irqrestore+0x3e/0x50
[   64.952174][   T83]  ? lockdep_hardirqs_on+0x379/0x580
[   64.957486][   T83]  __device_attach+0x217/0x360
[   64.962252][   T83]  ? device_bind_driver+0xd0/0xd0
[   64.967276][   T83]  ? kobject_uevent_env+0x29e/0x1160
[   64.972562][   T83]  ? kobject_uevent_env+0x2a8/0x1160
[   64.977835][   T83]  bus_probe_device+0x1e4/0x290
[   64.982777][   T83]  ? blocking_notifier_call_chain+0x54/0xa0
[   64.988656][   T83]  device_add+0xae6/0x16f0
[   64.993063][   T83]  ? uevent_store+0x50/0x50
[   64.997692][   T83]  usb_set_configuration+0xdf6/0x1670
[   65.003057][   T83]  generic_probe+0x9d/0xd5
[   65.007465][   T83]  usb_probe_device+0x99/0x100
[   65.012305][   T83]  ? usb_suspend+0x620/0x620
[   65.017018][   T83]  really_probe+0x281/0x650
[   65.021514][   T83]  driver_probe_device+0x101/0x1b0
[   65.026677][   T83]  __device_attach_driver+0x1c2/0x220
[   65.032109][   T83]  ? driver_allows_async_probing+0x160/0x160
[   65.038148][   T83]  bus_for_each_drv+0x15c/0x1e0
[   65.043005][   T83]  ? bus_rescan_devices+0x20/0x20
[   65.048028][   T83]  ? _raw_spin_unlock_irqrestore+0x3e/0x50
[   65.053880][   T83]  ? lockdep_hardirqs_on+0x379/0x580
[   65.059174][   T83]  __device_attach+0x217/0x360
[   65.063985][   T83]  ? device_bind_driver+0xd0/0xd0
[   65.069092][   T83]  ? kobject_uevent_env+0x29e/0x1160
[   65.074378][   T83]  ? kobject_uevent_env+0x2a8/0x1160
[   65.079656][   T83]  bus_probe_device+0x1e4/0x290
[   65.084548][   T83]  ? blocking_notifier_call_chain+0x54/0xa0
[   65.090440][   T83]  device_add+0xae6/0x16f0
[   65.094852][   T83]  ? uevent_store+0x50/0x50
[   65.099400][   T83]  usb_new_device.cold+0x6a4/0xe79
[   65.104595][   T83]  hub_event+0x1b5c/0x3640
[   65.109005][   T83]  ? hub_port_debounce+0x260/0x260
[   65.114104][   T83]  process_one_work+0x92b/0x1530
[   65.119083][   T83]  ? pwq_dec_nr_in_flight+0x310/0x310
[   65.124456][   T83]  ? do_raw_spin_lock+0x11a/0x280
[   65.129525][   T83]  worker_thread+0x96/0xe20
[   65.134025][   T83]  ? process_one_work+0x1530/0x1530
[   65.139261][   T83]  kthread+0x318/0x420
[   65.143325][   T83]  ? kthread_create_on_node+0xf0/0xf0
[   65.148699][   T83]  ret_from_fork+0x24/0x30
[   65.153103][   T83] 
[   65.155462][   T83] Allocated by task 83:
[   65.159715][   T83]  save_stack+0x1b/0x80
[   65.163972][   T83]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   65.169603][   T83]  hidraw_connect+0x4b/0x3e0
[   65.174295][   T83]  hid_connect+0x5c7/0xbb0
[   65.178763][   T83]  hid_hw_start+0xa2/0x130
[   65.183332][   T83]  lg_probe+0x2a4/0x890
[   65.187500][   T83]  hid_device_probe+0x2be/0x3f0
[   65.192392][   T83]  really_probe+0x281/0x650
[   65.196884][   T83]  driver_probe_device+0x101/0x1b0
[   65.202060][   T83]  __device_attach_driver+0x1c2/0x220
[   65.207427][   T83]  bus_for_each_drv+0x15c/0x1e0
[   65.212457][   T83]  __device_attach+0x217/0x360
[   65.217214][   T83]  bus_probe_device+0x1e4/0x290
[   65.222284][   T83]  device_add+0xae6/0x16f0
[   65.226694][   T83]  hid_add_device+0x33c/0x990
[   65.231448][   T83]  usbhid_probe+0xa81/0xfa0
[   65.236077][   T83]  usb_probe_interface+0x305/0x7a0
[   65.241183][   T83]  really_probe+0x281/0x650
[   65.245679][   T83]  driver_probe_device+0x101/0x1b0
[   65.250920][   T83]  __device_attach_driver+0x1c2/0x220
[   65.256306][   T83]  bus_for_each_drv+0x15c/0x1e0
[   65.261148][   T83]  __device_attach+0x217/0x360
[   65.265894][   T83]  bus_probe_device+0x1e4/0x290
[   65.270857][   T83]  device_add+0xae6/0x16f0
[   65.275265][   T83]  usb_set_configuration+0xdf6/0x1670
[   65.280681][   T83]  generic_probe+0x9d/0xd5
[   65.285123][   T83]  usb_probe_device+0x99/0x100
[   65.289875][   T83]  really_probe+0x281/0x650
[   65.294382][   T83]  driver_probe_device+0x101/0x1b0
[   65.299529][   T83]  __device_attach_driver+0x1c2/0x220
[   65.304900][   T83]  bus_for_each_drv+0x15c/0x1e0
[   65.309917][   T83]  __device_attach+0x217/0x360
[   65.314673][   T83]  bus_probe_device+0x1e4/0x290
[   65.319520][   T83]  device_add+0xae6/0x16f0
[   65.323931][   T83]  usb_new_device.cold+0x6a4/0xe79
[   65.329070][   T83]  hub_event+0x1b5c/0x3640
[   65.333479][   T83]  process_one_work+0x92b/0x1530
[   65.338407][   T83]  worker_thread+0x96/0xe20
[   65.342940][   T83]  kthread+0x318/0x420
[   65.347211][   T83]  ret_from_fork+0x24/0x30
[   65.351608][   T83] 
[   65.353917][   T83] Freed by task 12:
[   65.357708][   T83]  save_stack+0x1b/0x80
[   65.361849][   T83]  __kasan_slab_free+0x130/0x180
[   65.366781][   T83]  kfree+0xe4/0x2f0
[   65.370578][   T83]  blk_free_flush_queue+0x3f/0x4c
[   65.376097][   T83]  blk_mq_hw_sysfs_release+0x98/0x160
[   65.381461][   T83]  kobject_put+0x171/0x280
[   65.386021][   T83]  blk_mq_release+0x258/0x3f0
[   65.390851][   T83]  __blk_release_queue+0x1ba/0x320
[   65.396092][   T83]  process_one_work+0x92b/0x1530
[   65.401037][   T83]  worker_thread+0x96/0xe20
[   65.405536][   T83]  kthread+0x318/0x420
[   65.409592][   T83]  ret_from_fork+0x24/0x30
[   65.414208][   T83] 
[   65.416702][   T83] The buggy address belongs to the object at ffff8881d81fe900
[   65.416702][   T83]  which belongs to the cache kmalloc-192 of size 192
[   65.431070][   T83] The buggy address is located 0 bytes to the right of
[   65.431070][   T83]  192-byte region [ffff8881d81fe900, ffff8881d81fe9c0)
[   65.445128][   T83] The buggy address belongs to the page:
[   65.450831][   T83] page:ffffea0007607f80 refcount:1 mapcount:0 mapping:ffff8881da002a00 index:0x0
[   65.460063][   T83] flags: 0x200000000000200(slab)
[   65.465033][   T83] raw: 0200000000000200 ffffea000760f000 0000000400000004 ffff8881da002a00
[   65.473626][   T83] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   65.482200][   T83] page dumped because: kasan: bad access detected
[   65.488685][   T83] 
[   65.491045][   T83] Memory state around the buggy address:
[   65.496766][   T83]  ffff8881d81fe880: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   65.504825][   T83]  ffff8881d81fe900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   65.513107][   T83] >ffff8881d81fe980: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   65.521163][   T83]                                            ^
[   65.527357][   T83]  ffff8881d81fea00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   65.535767][   T83]  ffff8881d81fea80: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[   65.543965][   T83] ==================================================================
[   65.552021][   T83] Disabling lock debugging due to kernel taint
[   65.558354][   T83] Kernel panic - not syncing: panic_on