[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.0.27' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 66.495895][ T20] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 66.735763][ T20] usb 1-1: Using ep0 maxpacket: 8
[ 66.856019][ T20] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 66.867292][ T20] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 66.878524][ T20] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 66.892114][ T20] usb 1-1: New USB device found, idVendor=11c0, idProduct=5506, bcdDevice= 0.00
[ 66.901866][ T20] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 66.914149][ T20] usb 1-1: config 0 descriptor??
[ 67.404163][ T20] betop 0003:11C0:5506.0001: hidraw0: USB HID v0.00 Device [HID 11c0:5506] on usb-dummy_hcd.0-1/input0
[ 67.416075][ T20] ==================================================================
[ 67.424294][ T20] BUG: KASAN: slab-out-of-bounds in betop_probe+0x3bb/0x5e0
[ 67.431601][ T20] Write of size 8 at addr ffff888027a03dc0 by task kworker/1:0/20
[ 67.439447][ T20]
[ 67.441798][ T20] CPU: 1 PID: 20 Comm: kworker/1:0 Not tainted 5.13.0-rc2-next-20210518-syzkaller #0
[ 67.451281][ T20] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 67.461454][ T20] Workqueue: usb_hub_wq hub_event
[ 67.466477][ T20] Call Trace:
[ 67.469742][ T20] dump_stack_lvl+0x13e/0x1d6
[ 67.474416][ T20] ? betop_probe+0x3bb/0x5e0
[ 67.478987][ T20] print_address_description.constprop.0.cold+0x6c/0x309
[ 67.485995][ T20] ? betop_probe+0x3bb/0x5e0
[ 67.490583][ T20] ? betop_probe+0x3bb/0x5e0
[ 67.495161][ T20] kasan_report.cold+0x83/0xdf
[ 67.499912][ T20] ? betop_probe+0x3bb/0x5e0
[ 67.504490][ T20] kasan_check_range+0x13d/0x180
[ 67.509411][ T20] betop_probe+0x3bb/0x5e0
[ 67.513814][ T20] ? belkin_input_mapping+0x560/0x560
[ 67.519232][ T20] hid_device_probe+0x2bd/0x3f0
[ 67.524067][ T20] ? hid_match_device+0x390/0x390
[ 67.529076][ T20] really_probe+0x291/0xf60
[ 67.533662][ T20] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 67.539955][ T20] driver_probe_device+0x298/0x410
[ 67.545067][ T20] __device_attach_driver+0x203/0x2c0
[ 67.550425][ T20] ? driver_allows_async_probing+0x150/0x150
[ 67.556528][ T20] bus_for_each_drv+0x15f/0x1e0
[ 67.561613][ T20] ? bus_for_each_dev+0x1d0/0x1d0
[ 67.566629][ T20] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 67.572440][ T20] ? lockdep_hardirqs_on+0x79/0x100
[ 67.577640][ T20] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 67.583442][ T20] __device_attach+0x228/0x4a0
[ 67.588320][ T20] ? __driver_attach_async_helper+0x330/0x330
[ 67.594473][ T20] ? kobject_uevent_env+0x2bb/0x1650
[ 67.599750][ T20] bus_probe_device+0x1e4/0x290
[ 67.604609][ T20] device_add+0xbe0/0x2100
[ 67.609033][ T20] ? do_raw_spin_unlock+0x171/0x230
[ 67.614213][ T20] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0
[ 67.620534][ T20] ? __debugfs_create_file+0x362/0x4e0
[ 67.626072][ T20] hid_add_device+0x344/0x9d0
[ 67.630733][ T20] ? lockdep_init_map_type+0x2c3/0x7b0
[ 67.636193][ T20] ? modalias_show+0x150/0x150
[ 67.640972][ T20] ? lockdep_init_map_type+0x2c3/0x7b0
[ 67.646423][ T20] ? __raw_spin_lock_init+0x36/0x110
[ 67.651702][ T20] usbhid_probe+0xb88/0x1080
[ 67.656309][ T20] usb_probe_interface+0x315/0x7f0
[ 67.661436][ T20] ? usb_match_dynamic_id+0x1a0/0x1a0
[ 67.666817][ T20] really_probe+0x291/0xf60
[ 67.671314][ T20] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 67.677575][ T20] driver_probe_device+0x298/0x410
[ 67.682725][ T20] __device_attach_driver+0x203/0x2c0
[ 67.688122][ T20] ? driver_allows_async_probing+0x150/0x150
[ 67.694087][ T20] bus_for_each_drv+0x15f/0x1e0
[ 67.698922][ T20] ? bus_for_each_dev+0x1d0/0x1d0
[ 67.703935][ T20] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 67.709733][ T20] ? lockdep_hardirqs_on+0x79/0x100
[ 67.714919][ T20] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 67.720718][ T20] __device_attach+0x228/0x4a0
[ 67.725480][ T20] ? __driver_attach_async_helper+0x330/0x330
[ 67.731562][ T20] ? kobject_uevent_env+0x2bb/0x1650
[ 67.736844][ T20] bus_probe_device+0x1e4/0x290
[ 67.741704][ T20] device_add+0xbe0/0x2100
[ 67.746127][ T20] ? wait_for_completion_io+0x270/0x270
[ 67.751656][ T20] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0
[ 67.757880][ T20] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 67.763668][ T20] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 67.769894][ T20] usb_set_configuration+0x113f/0x1910
[ 67.775362][ T20] usb_generic_driver_probe+0xba/0x100
[ 67.780820][ T20] usb_probe_device+0xd9/0x2c0
[ 67.785574][ T20] ? usb_driver_release_interface+0x180/0x180
[ 67.791633][ T20] really_probe+0x291/0xf60
[ 67.796155][ T20] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 67.802385][ T20] driver_probe_device+0x298/0x410
[ 67.807500][ T20] __device_attach_driver+0x203/0x2c0
[ 67.812856][ T20] ? driver_allows_async_probing+0x150/0x150
[ 67.818819][ T20] bus_for_each_drv+0x15f/0x1e0
[ 67.823652][ T20] ? bus_for_each_dev+0x1d0/0x1d0
[ 67.828674][ T20] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 67.834469][ T20] ? lockdep_hardirqs_on+0x79/0x100
[ 67.839661][ T20] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 67.845456][ T20] __device_attach+0x228/0x4a0
[ 67.850205][ T20] ? __driver_attach_async_helper+0x330/0x330
[ 67.856310][ T20] ? kobject_uevent_env+0x2bb/0x1650
[ 67.861589][ T20] bus_probe_device+0x1e4/0x290
[ 67.866429][ T20] device_add+0xbe0/0x2100
[ 67.870834][ T20] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0
[ 67.877060][ T20] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 67.883287][ T20] usb_new_device.cold+0x721/0x1058
[ 67.888472][ T20] ? hub_disconnect+0x510/0x510
[ 67.893304][ T20] ? rwlock_bug.part.0+0x90/0x90
[ 67.898256][ T20] ? _raw_spin_unlock_irq+0x1f/0x40
[ 67.903453][ T20] hub_event+0x2357/0x4330
[ 67.907868][ T20] ? hub_port_debounce+0x3c0/0x3c0
[ 67.912965][ T20] ? lock_release+0x720/0x720
[ 67.917622][ T20] ? lock_downgrade+0x6e0/0x6e0
[ 67.922451][ T20] ? do_raw_spin_lock+0x120/0x2b0
[ 67.927470][ T20] process_one_work+0x98d/0x1600
[ 67.932402][ T20] ? pwq_dec_nr_in_flight+0x320/0x320
[ 67.937764][ T20] ? rwlock_bug.part.0+0x90/0x90
[ 67.942680][ T20] ? _raw_spin_lock_irq+0x41/0x50
[ 67.947696][ T20] worker_thread+0x64c/0x1120
[ 67.952365][ T20] ? process_one_work+0x1600/0x1600
[ 67.957557][ T20] kthread+0x3b1/0x4a0
[ 67.961606][ T20] ? __kthread_bind_mask+0xc0/0xc0
[ 67.966716][ T20] ret_from_fork+0x1f/0x30
[ 67.971142][ T20]
[ 67.973456][ T20] Allocated by task 20:
[ 67.977592][ T20] kasan_save_stack+0x1b/0x40
[ 67.982259][ T20] __kasan_kmalloc+0x9b/0xd0
[ 67.986908][ T20] hidraw_connect+0x4b/0x440
[ 67.991575][ T20] hid_connect+0x5be/0xbc0
[ 67.995993][ T20] hid_hw_start+0xa2/0x130
[ 68.000428][ T20] betop_probe+0xce/0x5e0
[ 68.004753][ T20] hid_device_probe+0x2bd/0x3f0
[ 68.009584][ T20] really_probe+0x291/0xf60
[ 68.014263][ T20] driver_probe_device+0x298/0x410
[ 68.019371][ T20] __device_attach_driver+0x203/0x2c0
[ 68.024728][ T20] bus_for_each_drv+0x15f/0x1e0
[ 68.029592][ T20] __device_attach+0x228/0x4a0
[ 68.034347][ T20] bus_probe_device+0x1e4/0x290
[ 68.039302][ T20] device_add+0xbe0/0x2100
[ 68.043728][ T20] hid_add_device+0x344/0x9d0
[ 68.048405][ T20] usbhid_probe+0xb88/0x1080
[ 68.052985][ T20] usb_probe_interface+0x315/0x7f0
[ 68.058079][ T20] really_probe+0x291/0xf60
[ 68.062583][ T20] driver_probe_device+0x298/0x410
[ 68.067696][ T20] __device_attach_driver+0x203/0x2c0
[ 68.073092][ T20] bus_for_each_drv+0x15f/0x1e0
[ 68.077925][ T20] __device_attach+0x228/0x4a0
[ 68.082674][ T20] bus_probe_device+0x1e4/0x290
[ 68.087508][ T20] device_add+0xbe0/0x2100
[ 68.091903][ T20] usb_set_configuration+0x113f/0x1910
[ 68.097361][ T20] usb_generic_driver_probe+0xba/0x100
[ 68.102805][ T20] usb_probe_device+0xd9/0x2c0
[ 68.107549][ T20] really_probe+0x291/0xf60
[ 68.112054][ T20] driver_probe_device+0x298/0x410
[ 68.117266][ T20] __device_attach_driver+0x203/0x2c0
[ 68.122759][ T20] bus_for_each_drv+0x15f/0x1e0
[ 68.127588][ T20] __device_attach+0x228/0x4a0
[ 68.132364][ T20] bus_probe_device+0x1e4/0x290
[ 68.137195][ T20] device_add+0xbe0/0x2100
[ 68.141614][ T20] usb_new_device.cold+0x721/0x1058
[ 68.146803][ T20] hub_event+0x2357/0x4330
[ 68.151203][ T20] process_one_work+0x98d/0x1600
[ 68.156141][ T20] worker_thread+0x64c/0x1120
[ 68.160800][ T20] kthread+0x3b1/0x4a0
[ 68.164857][ T20] ret_from_fork+0x1f/0x30
[ 68.169251][ T20]
[ 68.171557][ T20] Last potentially related work creation:
[ 68.177253][ T20] kasan_save_stack+0x1b/0x40
[ 68.181943][ T20] kasan_record_aux_stack+0xe5/0x110
[ 68.187213][ T20] insert_work+0x48/0x370
[ 68.191549][ T20] __queue_work+0x5c1/0xed0
[ 68.196039][ T20] queue_work_on+0xee/0x110
[ 68.200521][ T20] call_usermodehelper_exec+0x1f0/0x4c0
[ 68.206057][ T20] kobject_uevent_env+0xf8f/0x1650
[ 68.211179][ T20] device_del+0x7eb/0xd40
[ 68.215488][ T20] device_unregister+0x1f/0xc0
[ 68.220235][ T20] device_destroy+0x96/0xd0
[ 68.224720][ T20] vcs_remove_sysfs+0x1d/0x50
[ 68.229450][ T20] vc_deallocate+0x154/0x460
[ 68.234027][ T20] vt_ioctl+0x25dc/0x2ac0
[ 68.238354][ T20] tty_ioctl+0xe4d/0x1600
[ 68.242683][ T20] __x64_sys_ioctl+0x193/0x200
[ 68.247626][ T20] do_syscall_64+0x31/0xb0
[ 68.252049][ T20] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 68.257978][ T20]
[ 68.260286][ T20] Second to last potentially related work creation:
[ 68.266851][ T20] kasan_save_stack+0x1b/0x40
[ 68.271514][ T20] kasan_record_aux_stack+0xe5/0x110
[ 68.276786][ T20] insert_work+0x48/0x370
[ 68.281102][ T20] __queue_work+0x5c1/0xed0
[ 68.285589][ T20] queue_work_on+0xee/0x110
[ 68.290088][ T20] call_usermodehelper_exec+0x1f0/0x4c0
[ 68.295646][ T20] kobject_uevent_env+0xf8f/0x1650
[ 68.300831][ T20] kobject_synth_uevent+0x701/0x850
[ 68.306014][ T20] uevent_store+0x20/0x50
[ 68.310325][ T20] dev_attr_store+0x50/0x80
[ 68.314806][ T20] sysfs_kf_write+0x110/0x160
[ 68.319464][ T20] kernfs_fop_write_iter+0x342/0x500
[ 68.324736][ T20] new_sync_write+0x426/0x650
[ 68.329429][ T20] vfs_write+0x75a/0xa40
[ 68.333850][ T20] ksys_write+0x12d/0x250
[ 68.338231][ T20] do_syscall_64+0x31/0xb0
[ 68.342632][ T20] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 68.348528][ T20]
[ 68.350836][ T20] The buggy address belongs to the object at ffff888027a03d00
[ 68.350836][ T20] which belongs to the cache kmalloc-192 of size 192
[ 68.364888][ T20] The buggy address is located 0 bytes to the right of
[ 68.364888][ T20] 192-byte region [ffff888027a03d00, ffff888027a03dc0)
[ 68.378505][ T20] The buggy address belongs to the page:
[ 68.384124][ T20] page:ffffea00009e80c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27a03
[ 68.394252][ T20] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 68.401833][ T20] raw: 00fff00000000200 ffffea00005eac00 0000000200000002 ffff888011041a00
[ 68.410460][ T20] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 68.419023][ T20] page dumped because: kasan: bad access detected
[ 68.425414][ T20] page_owner tracks the page as allocated
[ 68.431104][ T20] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 12850711408, free_ts 12412593932
[ 68.446906][ T20] get_page_from_freelist+0x125c/0x2ed0
[ 68.452441][ T20] __alloc_pages+0x1b2/0x500
[ 68.457027][ T20] alloc_page_interleave+0x1e/0x200
[ 68.462209][ T20] alloc_pages+0x238/0x2a0
[ 68.466623][ T20] allocate_slab+0x2c2/0x4c0
[ 68.471201][ T20] ___slab_alloc+0x4ba/0x820
[ 68.475805][ T20] __slab_alloc.constprop.0+0xa7/0xf0
[ 68.481157][ T20] kmem_cache_alloc_trace+0x30f/0x3c0
[ 68.486549][ T20] call_usermodehelper_setup+0x97/0x340
[ 68.492081][ T20] kobject_uevent_env+0xf73/0x1650
[ 68.497179][ T20] netdev_queue_update_kobjects+0x374/0x450
[ 68.503070][ T20] netdev_register_kobject+0x35a/0x430
[ 68.508506][ T20] register_netdevice+0xd33/0x1500
[ 68.513600][ T20] register_netdev+0x2d/0x50
[ 68.518169][ T20] ip6_tnl_init_net+0x479/0x890
[ 68.523011][ T20] ops_init+0xaf/0x470
[ 68.527059][ T20] page last free stack trace:
[ 68.531710][ T20] free_pcp_prepare+0x217/0x300
[ 68.536547][ T20] free_unref_page_list+0x19f/0x1050
[ 68.541816][ T20] release_pages+0x824/0x20b0
[ 68.546477][ T20] tlb_finish_mmu+0x165/0x8c0
[ 68.551139][ T20] exit_mmap+0x1ea/0x620
[ 68.555367][ T20] __mmput+0x122/0x470
[ 68.559419][ T20] mmput+0x58/0x60
[ 68.563124][ T20] free_bprm+0x65/0x2e0
[ 68.567286][ T20] kernel_execve+0x380/0x460
[ 68.571873][ T20] call_usermodehelper_exec_async+0x2e3/0x580
[ 68.577932][ T20] ret_from_fork+0x1f/0x30
[ 68.582348][ T20]
[ 68.584666][ T20] Memory state around the buggy address:
[ 68.590285][ T20] ffff888027a03c80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 68.598328][ T20] ffff888027a03d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 68.606371][ T20] >ffff888027a03d80