Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts. executing program [ 27.127403][ T94] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 27.337038][ T94] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.348120][ T94] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 27.358086][ T94] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 27.370920][ T94] usb 1-1: New USB device found, idVendor=20bc, idProduct=5500, bcdDevice= 0.00 [ 27.380056][ T94] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.389619][ T94] usb 1-1: config 0 descriptor?? [ 27.868628][ T94] betop 0003:20BC:5500.0001: unknown main item tag 0x0 [ 27.875629][ T94] betop 0003:20BC:5500.0001: unknown main item tag 0x0 [ 27.882573][ T94] betop 0003:20BC:5500.0001: unknown main item tag 0x0 [ 27.889579][ T94] betop 0003:20BC:5500.0001: unknown main item tag 0x0 [ 27.896439][ T94] betop 0003:20BC:5500.0001: unknown main item tag 0x0 [ 27.903459][ T94] betop 0003:20BC:5500.0001: unknown main item tag 0x0 [ 27.910418][ T94] betop 0003:20BC:5500.0001: unknown main item tag 0x0 [ 27.917452][ T94] betop 0003:20BC:5500.0001: unknown main item tag 0x0 [ 27.924320][ T94] betop 0003:20BC:5500.0001: unknown main item tag 0x0 [ 27.931228][ T94] betop 0003:20BC:5500.0001: unknown main item tag 0x0 [ 27.938166][ T94] betop 0003:20BC:5500.0001: unknown main item tag 0x0 [ 27.945030][ T94] betop 0003:20BC:5500.0001: unknown main item tag 0x0 [ 27.951958][ T94] betop 0003:20BC:5500.0001: unknown main item tag 0x0 [ 27.958862][ T94] betop 0003:20BC:5500.0001: unknown main item tag 0x0 [ 27.965723][ T94] betop 0003:20BC:5500.0001: unknown main item tag 0x0 [ 27.972690][ T94] betop 0003:20BC:5500.0001: unknown main item tag 0x0 [ 27.979603][ T94] betop 0003:20BC:5500.0001: unknown main item tag 0x0 [ 27.986468][ T94] betop 0003:20BC:5500.0001: unknown main item tag 0x0 [ 27.995692][ T94] betop 0003:20BC:5500.0001: hidraw0: USB HID v0.00 Device [HID 20bc:5500] on usb-dummy_hcd.0-1/input0 [ 28.007021][ T94] ================================================================== [ 28.015233][ T94] BUG: KASAN: slab-out-of-bounds in betop_probe+0x396/0x570 [ 28.022510][ T94] Write of size 8 at addr ffff8881d4f43ac0 by task kworker/1:2/94 [ 28.030296][ T94] [ 28.032613][ T94] CPU: 1 PID: 94 Comm: kworker/1:2 Not tainted 5.5.0-syzkaller #0 [ 28.040432][ T94] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.050486][ T94] Workqueue: usb_hub_wq hub_event [ 28.055498][ T94] Call Trace: [ 28.058812][ T94] dump_stack+0xef/0x16e [ 28.063045][ T94] ? betop_probe+0x396/0x570 [ 28.067623][ T94] ? betop_probe+0x396/0x570 [ 28.072206][ T94] print_address_description.constprop.0.cold+0xd3/0x314 [ 28.079218][ T94] ? betop_probe+0x396/0x570 [ 28.083799][ T94] ? betop_probe+0x396/0x570 [ 28.088487][ T94] __kasan_report.cold+0x37/0x77 [ 28.093417][ T94] ? betop_probe+0x396/0x570 [ 28.097998][ T94] kasan_report+0xe/0x20 [ 28.102309][ T94] check_memory_region+0x152/0x1c0 [ 28.107526][ T94] betop_probe+0x396/0x570 [ 28.114019][ T94] ? belkin_probe.cold+0x3c/0x3c [ 28.118946][ T94] hid_device_probe+0x2be/0x3f0 [ 28.123781][ T94] ? hid_match_device+0x1f0/0x1f0 [ 28.128797][ T94] really_probe+0x290/0xac0 [ 28.133303][ T94] driver_probe_device+0x223/0x350 [ 28.138412][ T94] __device_attach_driver+0x1d1/0x290 [ 28.143805][ T94] ? driver_allows_async_probing+0x160/0x160 [ 28.149802][ T94] bus_for_each_drv+0x162/0x1e0 [ 28.154656][ T94] ? bus_rescan_devices+0x20/0x20 [ 28.159677][ T94] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 28.165476][ T94] ? lockdep_hardirqs_on+0x382/0x580 [ 28.170752][ T94] __device_attach+0x217/0x390 [ 28.175510][ T94] ? device_bind_driver+0xd0/0xd0 [ 28.180524][ T94] bus_probe_device+0x1e4/0x290 [ 28.185358][ T94] device_add+0x1459/0x1bf0 [ 28.190012][ T94] ? device_link_remove+0x110/0x110 [ 28.195207][ T94] ? __debugfs_create_file+0x301/0x3f0 [ 28.200658][ T94] hid_add_device+0x33c/0x9a0 [ 28.205326][ T94] ? debug_object_fixup+0x30/0x30 [ 28.210468][ T94] ? __hid_bus_reprobe_drivers+0x130/0x130 [ 28.216401][ T94] ? lockdep_init_map+0x1b0/0x5e0 [ 28.221418][ T94] usbhid_probe+0xa81/0xfa0 [ 28.225915][ T94] usb_probe_interface+0x310/0x800 [ 28.231055][ T94] ? usb_probe_device+0x140/0x140 [ 28.236129][ T94] really_probe+0x290/0xac0 [ 28.240663][ T94] driver_probe_device+0x223/0x350 [ 28.245767][ T94] __device_attach_driver+0x1d1/0x290 [ 28.251219][ T94] ? driver_allows_async_probing+0x160/0x160 [ 28.257208][ T94] bus_for_each_drv+0x162/0x1e0 [ 28.262052][ T94] ? bus_rescan_devices+0x20/0x20 [ 28.267119][ T94] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 28.272919][ T94] ? lockdep_hardirqs_on+0x382/0x580 [ 28.278198][ T94] __device_attach+0x217/0x390 [ 28.282958][ T94] ? device_bind_driver+0xd0/0xd0 [ 28.287973][ T94] bus_probe_device+0x1e4/0x290 [ 28.292821][ T94] device_add+0x1459/0x1bf0 [ 28.297366][ T94] ? wait_for_completion+0x3c0/0x3c0 [ 28.302638][ T94] ? device_link_remove+0x110/0x110 [ 28.307818][ T94] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 28.313618][ T94] usb_set_configuration+0xe47/0x17d0 [ 28.319030][ T94] generic_probe+0x9d/0xd5 [ 28.323448][ T94] usb_probe_device+0xaf/0x140 [ 28.328219][ T94] ? usb_suspend+0x5f0/0x5f0 [ 28.332813][ T94] really_probe+0x290/0xac0 [ 28.337427][ T94] driver_probe_device+0x223/0x350 [ 28.342539][ T94] __device_attach_driver+0x1d1/0x290 [ 28.347985][ T94] ? driver_allows_async_probing+0x160/0x160 [ 28.353956][ T94] bus_for_each_drv+0x162/0x1e0 [ 28.358803][ T94] ? bus_rescan_devices+0x20/0x20 [ 28.363822][ T94] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 28.369621][ T94] ? lockdep_hardirqs_on+0x382/0x580 [ 28.374901][ T94] __device_attach+0x217/0x390 [ 28.379679][ T94] ? device_bind_driver+0xd0/0xd0 [ 28.384699][ T94] bus_probe_device+0x1e4/0x290 [ 28.389662][ T94] device_add+0x1459/0x1bf0 [ 28.394159][ T94] ? device_link_remove+0x110/0x110 [ 28.399351][ T94] usb_new_device.cold+0x540/0xcd0 [ 28.404457][ T94] hub_event+0x21cb/0x4300 [ 28.409033][ T94] ? hub_port_debounce+0x350/0x350 [ 28.414140][ T94] ? find_held_lock+0x2d/0x110 [ 28.418896][ T94] ? mark_held_locks+0xe0/0xe0 [ 28.423662][ T94] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 28.429217][ T94] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 28.434549][ T94] process_one_work+0x94b/0x1620 [ 28.439484][ T94] ? pwq_dec_nr_in_flight+0x310/0x310 [ 28.444935][ T94] ? do_raw_spin_lock+0x129/0x290 [ 28.449957][ T94] worker_thread+0x96/0xe20 [ 28.454573][ T94] ? process_one_work+0x1620/0x1620 [ 28.459765][ T94] kthread+0x318/0x420 [ 28.463836][ T94] ? kthread_create_on_node+0xf0/0xf0 [ 28.469237][ T94] ret_from_fork+0x24/0x30 [ 28.473633][ T94] [ 28.475951][ T94] Allocated by task 94: [ 28.480102][ T94] save_stack+0x1b/0x80 [ 28.484290][ T94] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 28.490039][ T94] hidraw_connect+0x4b/0x3e0 [ 28.494652][ T94] hid_connect+0x5c7/0xbb0 [ 28.499116][ T94] hid_hw_start+0xa2/0x130 [ 28.503530][ T94] betop_probe+0xbc/0x570 [ 28.507852][ T94] hid_device_probe+0x2be/0x3f0 [ 28.512691][ T94] really_probe+0x290/0xac0 [ 28.517193][ T94] driver_probe_device+0x223/0x350 [ 28.522293][ T94] __device_attach_driver+0x1d1/0x290 [ 28.527761][ T94] bus_for_each_drv+0x162/0x1e0 [ 28.532618][ T94] __device_attach+0x217/0x390 [ 28.537379][ T94] bus_probe_device+0x1e4/0x290 [ 28.542226][ T94] device_add+0x1459/0x1bf0 [ 28.546736][ T94] hid_add_device+0x33c/0x9a0 [ 28.551407][ T94] usbhid_probe+0xa81/0xfa0 [ 28.555904][ T94] usb_probe_interface+0x310/0x800 [ 28.561008][ T94] really_probe+0x290/0xac0 [ 28.565498][ T94] driver_probe_device+0x223/0x350 [ 28.570609][ T94] __device_attach_driver+0x1d1/0x290 [ 28.575975][ T94] bus_for_each_drv+0x162/0x1e0 [ 28.580830][ T94] __device_attach+0x217/0x390 [ 28.585575][ T94] bus_probe_device+0x1e4/0x290 [ 28.590420][ T94] device_add+0x1459/0x1bf0 [ 28.594922][ T94] usb_set_configuration+0xe47/0x17d0 [ 28.600326][ T94] generic_probe+0x9d/0xd5 [ 28.604739][ T94] usb_probe_device+0xaf/0x140 [ 28.609492][ T94] really_probe+0x290/0xac0 [ 28.613993][ T94] driver_probe_device+0x223/0x350 [ 28.619119][ T94] __device_attach_driver+0x1d1/0x290 [ 28.624487][ T94] bus_for_each_drv+0x162/0x1e0 [ 28.629382][ T94] __device_attach+0x217/0x390 [ 28.634129][ T94] bus_probe_device+0x1e4/0x290 [ 28.639138][ T94] device_add+0x1459/0x1bf0 [ 28.643706][ T94] usb_new_device.cold+0x540/0xcd0 [ 28.648812][ T94] hub_event+0x21cb/0x4300 [ 28.653280][ T94] process_one_work+0x94b/0x1620 [ 28.658211][ T94] worker_thread+0x96/0xe20 [ 28.662705][ T94] kthread+0x318/0x420 [ 28.666820][ T94] ret_from_fork+0x24/0x30 [ 28.671234][ T94] [ 28.673571][ T94] Freed by task 12: [ 28.677367][ T94] save_stack+0x1b/0x80 [ 28.681519][ T94] __kasan_slab_free+0x117/0x160 [ 28.686445][ T94] kfree+0xd5/0x300 [ 28.690245][ T94] usb_free_urb.part.0+0xaf/0x110 [ 28.695264][ T94] usb_free_urb+0x1b/0x30 [ 28.699592][ T94] usb_start_wait_urb+0x1e8/0x4c0 [ 28.704648][ T94] usb_control_msg+0x31c/0x4a0 [ 28.709405][ T94] hub_ext_port_status+0x125/0x460 [ 28.714518][ T94] hub_activate+0x51f/0x17c0 [ 28.719211][ T94] process_one_work+0x94b/0x1620 [ 28.724402][ T94] worker_thread+0x96/0xe20 [ 28.728899][ T94] kthread+0x318/0x420 [ 28.733125][ T94] ret_from_fork+0x24/0x30 [ 28.737594][ T94] [ 28.739908][ T94] The buggy address belongs to the object at ffff8881d4f43a00 [ 28.739908][ T94] which belongs to the cache kmalloc-192 of size 192 [ 28.754207][ T94] The buggy address is located 0 bytes to the right of [ 28.754207][ T94] 192-byte region [ffff8881d4f43a00, ffff8881d4f43ac0) [ 28.767873][ T94] The buggy address belongs to the page: [ 28.773505][ T94] page:ffffea000753d0c0 refcount:1 mapcount:0 mapping:ffff8881da002a00 index:0x0 [ 28.782694][ T94] flags: 0x200000000000200(slab) [ 28.787649][ T94] raw: 0200000000000200 ffffea0007567200 0000000300000003 ffff8881da002a00 [ 28.796327][ T94] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 28.804939][ T94] page dumped because: kasan: bad access detected [ 28.811340][ T94] [ 28.813656][ T94] Memory state around the buggy address: [ 28.819320][ T94] ffff8881d4f43980: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 28.827420][ T94] ffff8881d4f43a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.835529][ T94] >ffff8881d4f43a80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 28.843648][ T94] ^ [ 28.849799][ T94] ffff8881d4f43b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.857852][ T94] ffff8881d4f43b80: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 28.865943][ T94] ================================================================== [ 28.874111][ T94] Disabling lock debugging due to kernel taint [ 28.880348][ T94] Kernel panic - not syncing: panic_on_warn set ... [ 28.886941][ T94] CPU: 1 PID: 94 Comm: kworker/1:2 Tainted: G B 5.5.0-syzkaller #0 [ 28.896121][ T94] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.906182][ T94] Workqueue: usb_hub_wq hub_event [ 28.911194][ T94] Call Trace: [ 28.914493][ T94] dump_stack+0xef/0x16e [ 28.918734][ T94] panic+0x2aa/0x6e1 [ 28.922625][ T94] ? add_taint.cold+0x16/0x16 [ 28.927391][ T94] ? retint_kernel+0x10/0x10 [ 28.931978][ T94] ? trace_hardirqs_on+0x55/0x200 [ 28.936993][ T94] ? betop_probe+0x396/0x570 [ 28.941580][ T94] end_report+0x43/0x49 [ 28.945735][ T94] ? betop_probe+0x396/0x570 [ 28.950322][ T94] __kasan_report.cold+0x55/0x77 [ 28.955616][ T94] ? betop_probe+0x396/0x570 [ 28.960201][ T94] kasan_report+0xe/0x20 [ 28.964439][ T94] check_memory_region+0x152/0x1c0 [ 28.969547][ T94] betop_probe+0x396/0x570 [ 28.973959][ T94] ? belkin_probe.cold+0x3c/0x3c [ 28.978902][ T94] hid_device_probe+0x2be/0x3f0 [ 28.983759][ T94] ? hid_match_device+0x1f0/0x1f0 [ 28.988787][ T94] really_probe+0x290/0xac0 [ 28.993289][ T94] driver_probe_device+0x223/0x350 [ 28.998399][ T94] __device_attach_driver+0x1d1/0x290 [ 29.003774][ T94] ? driver_allows_async_probing+0x160/0x160 [ 29.009762][ T94] bus_for_each_drv+0x162/0x1e0 [ 29.014617][ T94] ? bus_rescan_devices+0x20/0x20 [ 29.019639][ T94] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 29.025432][ T94] ? lockdep_hardirqs_on+0x382/0x580 [ 29.030718][ T94] __device_attach+0x217/0x390 [ 29.035500][ T94] ? device_bind_driver+0xd0/0xd0 [ 29.040521][ T94] bus_probe_device+0x1e4/0x290 [ 29.045372][ T94] device_add+0x1459/0x1bf0 [ 29.049876][ T94] ? device_link_remove+0x110/0x110 [ 29.055058][ T94] ? __debugfs_create_file+0x301/0x3f0 [ 29.060506][ T94] hid_add_device+0x33c/0x9a0 [ 29.065180][ T94] ? debug_object_fixup+0x30/0x30 [ 29.070202][ T94] ? __hid_bus_reprobe_drivers+0x130/0x130 [ 29.076003][ T94] ? lockdep_init_map+0x1b0/0x5e0 [ 29.081029][ T94] usbhid_probe+0xa81/0xfa0 [ 29.085529][ T94] usb_probe_interface+0x310/0x800 [ 29.090641][ T94] ? usb_probe_device+0x140/0x140 [ 29.095660][ T94] really_probe+0x290/0xac0 [ 29.100172][ T94] driver_probe_device+0x223/0x350 [ 29.105286][ T94] __device_attach_driver+0x1d1/0x290 [ 29.110772][ T94] ? driver_allows_async_probing+0x160/0x160 [ 29.116764][ T94] bus_for_each_drv+0x162/0x1e0 [ 29.121619][ T94] ? bus_rescan_devices+0x20/0x20 [ 29.126773][ T94] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 29.132577][ T94] ? lockdep_hardirqs_on+0x382/0x580 [ 29.137869][ T94] __device_attach+0x217/0x390 [ 29.142637][ T94] ? device_bind_driver+0xd0/0xd0 [ 29.147661][ T94] bus_probe_device+0x1e4/0x290 [ 29.152516][ T94] device_add+0x1459/0x1bf0 [ 29.157017][ T94] ? wait_for_completion+0x3c0/0x3c0 [ 29.162300][ T94] ? device_link_remove+0x110/0x110 [ 29.167492][ T94] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 29.173298][ T94] usb_set_configuration+0xe47/0x17d0 [ 29.178670][ T94] generic_probe+0x9d/0xd5 [ 29.183085][ T94] usb_probe_device+0xaf/0x140 [ 29.187851][ T94] ? usb_suspend+0x5f0/0x5f0 [ 29.192451][ T94] really_probe+0x290/0xac0 [ 29.196955][ T94] driver_probe_device+0x223/0x350 [ 29.202065][ T94] __device_attach_driver+0x1d1/0x290 [ 29.207433][ T94] ? driver_allows_async_probing+0x160/0x160 [ 29.213411][ T94] bus_for_each_drv+0x162/0x1e0 [ 29.218251][ T94] ? bus_rescan_devices+0x20/0x20 [ 29.223272][ T94] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 29.229090][ T94] ? lockdep_hardirqs_on+0x382/0x580 [ 29.234372][ T94] __device_attach+0x217/0x390 [ 29.239133][ T94] ? device_bind_driver+0xd0/0xd0 [ 29.244148][ T94] bus_probe_device+0x1e4/0x290 [ 29.249095][ T94] device_add+0x1459/0x1bf0 [ 29.253584][ T94] ? device_link_remove+0x110/0x110 [ 29.258777][ T94] usb_new_device.cold+0x540/0xcd0 [ 29.263898][ T94] hub_event+0x21cb/0x4300 [ 29.268312][ T94] ? hub_port_debounce+0x350/0x350 [ 29.273419][ T94] ? find_held_lock+0x2d/0x110 [ 29.278181][ T94] ? mark_held_locks+0xe0/0xe0 [ 29.282944][ T94] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 29.288492][ T94] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 29.293777][ T94] process_one_work+0x94b/0x1620 [ 29.298711][ T94] ? pwq_dec_nr_in_flight+0x310/0x310 [ 29.304067][ T94] ? do_raw_spin_lock+0x129/0x290 [ 29.309089][ T94] worker_thread+0x96/0xe20 [ 29.313607][ T94] ? process_one_work+0x1620/0x1620 [ 29.318811][ T94] kthread+0x318/0x420 [ 29.322887][ T94] ? kthread_create_on_node+0xf0/0xf0 [ 29.328248][ T94] ret_from_fork+0x24/0x30 [ 29.333559][ T94] Kernel Offset: disabled [ 29.337877][ T94] Rebooting in 86400 seconds..