Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 23.256494][ T83] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 23.496488][ T83] usb 1-1: Using ep0 maxpacket: 32 [ 23.616660][ T83] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 23.627849][ T83] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 23.796562][ T83] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 23.805704][ T83] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 23.813732][ T83] usb 1-1: Product: syz [ 23.817943][ T83] usb 1-1: Manufacturer: syz [ 23.822536][ T83] usb 1-1: SerialNumber: syz executing program [ 24.176662][ T83] ================================================================== [ 24.184956][ T83] BUG: KASAN: slab-out-of-bounds in build_audio_procunit+0xeab/0x13f0 [ 24.193090][ T83] Read of size 1 at addr ffff8881d58a6549 by task kworker/1:2/83 [ 24.200813][ T83] [ 24.203123][ T83] CPU: 1 PID: 83 Comm: kworker/1:2 Not tainted 5.4.0-rc3+ #0 [ 24.210461][ T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.220503][ T83] Workqueue: usb_hub_wq hub_event [ 24.225522][ T83] Call Trace: [ 24.228802][ T83] dump_stack+0xca/0x13e [ 24.233026][ T83] ? build_audio_procunit+0xeab/0x13f0 [ 24.238457][ T83] ? build_audio_procunit+0xeab/0x13f0 [ 24.243892][ T83] print_address_description.constprop.0+0x36/0x50 [ 24.250364][ T83] ? build_audio_procunit+0xeab/0x13f0 [ 24.255796][ T83] ? build_audio_procunit+0xeab/0x13f0 [ 24.261673][ T83] __kasan_report.cold+0x1a/0x33 [ 24.266585][ T83] ? build_audio_procunit+0xeab/0x13f0 [ 24.272017][ T83] kasan_report+0xe/0x20 [ 24.276231][ T83] build_audio_procunit+0xeab/0x13f0 [ 24.281520][ T83] parse_audio_unit+0x1812/0x36f0 [ 24.286530][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 24.292336][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 24.297597][ T83] ? stack_depot_save+0x252/0x440 [ 24.302596][ T83] ? build_audio_procunit+0x13f0/0x13f0 [ 24.308120][ T83] ? save_stack+0x4c/0x80 [ 24.312425][ T83] ? save_stack+0x1b/0x80 [ 24.316729][ T83] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 24.322523][ T83] ? snd_usb_create_mixer+0x180/0x1890 [ 24.327958][ T83] ? usb_audio_probe+0xc76/0x2010 [ 24.332958][ T83] ? usb_probe_interface+0x305/0x7a0 [ 24.338218][ T83] ? really_probe+0x281/0x6d0 [ 24.342874][ T83] ? driver_probe_device+0x104/0x210 [ 24.348134][ T83] ? __device_attach_driver+0x1c2/0x220 [ 24.353669][ T83] ? bus_for_each_drv+0x162/0x1e0 [ 24.358676][ T83] ? __device_attach+0x217/0x360 [ 24.363589][ T83] ? bus_probe_device+0x1e4/0x290 [ 24.368606][ T83] ? device_add+0xae6/0x16f0 [ 24.373170][ T83] ? usb_set_configuration+0xdf6/0x1670 [ 24.378866][ T83] ? validate_desc.part.0+0x17f/0x240 [ 24.384231][ T83] snd_usb_mixer_controls+0x715/0xb90 [ 24.389585][ T83] ? parse_audio_unit+0x36f0/0x36f0 [ 24.394760][ T83] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 24.400378][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 24.405639][ T83] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 24.411421][ T83] ? kasan_unpoison_shadow+0x30/0x40 [ 24.417029][ T83] ? usb_ifnum_to_if+0x12b/0x180 [ 24.421942][ T83] snd_usb_create_mixer+0x2b5/0x1890 [ 24.427204][ T83] ? mark_lock+0xbc/0x1160 [ 24.431595][ T83] ? mark_held_locks+0x9f/0xe0 [ 24.436332][ T83] ? snd_usb_mixer_interrupt+0x800/0x800 [ 24.441950][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 24.447224][ T83] ? usb_driver_claim_interface+0x210/0x420 [ 24.453106][ T83] ? snd_usb_create_stream+0x16a/0x4c0 [ 24.459493][ T83] usb_audio_probe+0xc76/0x2010 [ 24.464334][ T83] ? usb_audio_resume+0x20/0x20 [ 24.469173][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 24.474972][ T83] usb_probe_interface+0x305/0x7a0 [ 24.480072][ T83] ? usb_probe_device+0x100/0x100 [ 24.485083][ T83] really_probe+0x281/0x6d0 [ 24.489684][ T83] driver_probe_device+0x104/0x210 [ 24.494795][ T83] __device_attach_driver+0x1c2/0x220 [ 24.500154][ T83] ? driver_allows_async_probing+0x160/0x160 [ 24.506140][ T83] bus_for_each_drv+0x162/0x1e0 [ 24.510975][ T83] ? bus_rescan_devices+0x20/0x20 [ 24.515980][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 24.521762][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 24.527034][ T83] __device_attach+0x217/0x360 [ 24.531773][ T83] ? device_bind_driver+0xd0/0xd0 [ 24.536773][ T83] ? kobject_uevent_env+0x29e/0x1150 [ 24.542033][ T83] ? kobject_uevent_env+0x2a8/0x1150 [ 24.547290][ T83] bus_probe_device+0x1e4/0x290 [ 24.552117][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 24.558009][ T83] device_add+0xae6/0x16f0 [ 24.562548][ T83] ? uevent_store+0x50/0x50 [ 24.567030][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 24.572821][ T83] usb_set_configuration+0xdf6/0x1670 [ 24.578192][ T83] generic_probe+0x9d/0xd5 [ 24.582664][ T83] usb_probe_device+0x99/0x100 [ 24.587457][ T83] ? usb_suspend+0x620/0x620 [ 24.592027][ T83] really_probe+0x281/0x6d0 [ 24.596505][ T83] driver_probe_device+0x104/0x210 [ 24.601592][ T83] __device_attach_driver+0x1c2/0x220 [ 24.606954][ T83] ? driver_allows_async_probing+0x160/0x160 [ 24.612922][ T83] bus_for_each_drv+0x162/0x1e0 [ 24.617747][ T83] ? bus_rescan_devices+0x20/0x20 [ 24.622747][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 24.628541][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 24.633800][ T83] __device_attach+0x217/0x360 [ 24.638537][ T83] ? device_bind_driver+0xd0/0xd0 [ 24.643547][ T83] ? kobject_uevent_env+0x29e/0x1150 [ 24.648823][ T83] ? kobject_uevent_env+0x2a8/0x1150 [ 24.654092][ T83] bus_probe_device+0x1e4/0x290 [ 24.658918][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 24.664800][ T83] device_add+0xae6/0x16f0 [ 24.669190][ T83] ? uevent_store+0x50/0x50 [ 24.673668][ T83] usb_new_device.cold+0x6a4/0xe79 [ 24.678773][ T83] hub_event+0x1dd0/0x37e0 [ 24.683172][ T83] ? hub_port_debounce+0x260/0x260 [ 24.688276][ T83] ? find_held_lock+0x2d/0x110 [ 24.693027][ T83] ? mark_held_locks+0xe0/0xe0 [ 24.697773][ T83] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 24.703297][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 24.708575][ T83] process_one_work+0x92b/0x1530 [ 24.713490][ T83] ? pwq_dec_nr_in_flight+0x310/0x310 [ 24.718839][ T83] ? do_raw_spin_lock+0x11a/0x280 [ 24.723839][ T83] worker_thread+0x96/0xe20 [ 24.728330][ T83] ? process_one_work+0x1530/0x1530 [ 24.733503][ T83] kthread+0x318/0x420 [ 24.737666][ T83] ? kthread_create_on_node+0xf0/0xf0 [ 24.743021][ T83] ret_from_fork+0x24/0x30 [ 24.747416][ T83] [ 24.749733][ T83] Allocated by task 83: [ 24.753885][ T83] save_stack+0x1b/0x80 [ 24.758019][ T83] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 24.763629][ T83] usb_get_configuration+0x314/0x3050 [ 24.768977][ T83] usb_new_device+0xd3/0x160 [ 24.773539][ T83] hub_event+0x1dd0/0x37e0 [ 24.777942][ T83] process_one_work+0x92b/0x1530 [ 24.782865][ T83] worker_thread+0x96/0xe20 [ 24.787345][ T83] kthread+0x318/0x420 [ 24.791392][ T83] ret_from_fork+0x24/0x30 [ 24.795779][ T83] [ 24.798099][ T83] Freed by task 1: [ 24.801795][ T83] save_stack+0x1b/0x80 [ 24.805926][ T83] __kasan_slab_free+0x130/0x180 [ 24.810851][ T83] kfree+0xe4/0x320 [ 24.814642][ T83] scsi_probe_and_add_lun+0x2815/0x2cd0 [ 24.820160][ T83] __scsi_scan_target+0x273/0xc30 [ 24.825159][ T83] scsi_scan_channel.part.0+0x126/0x1a0 [ 24.830698][ T83] scsi_scan_host_selected+0x2bb/0x3f0 [ 24.836133][ T83] do_scsi_scan_host+0x1e8/0x260 [ 24.841199][ T83] scsi_scan_host+0x37c/0x440 [ 24.845988][ T83] virtscsi_probe+0x9b7/0xbb5 [ 24.850659][ T83] virtio_dev_probe+0x463/0x710 [ 24.855560][ T83] really_probe+0x281/0x6d0 [ 24.860048][ T83] driver_probe_device+0x104/0x210 [ 24.865303][ T83] device_driver_attach+0x108/0x140 [ 24.870530][ T83] __driver_attach+0xda/0x240 [ 24.875190][ T83] bus_for_each_dev+0x14b/0x1d0 [ 24.880024][ T83] bus_add_driver+0x457/0x5a0 [ 24.884680][ T83] driver_register+0x1c4/0x330 [ 24.889426][ T83] init+0xa1/0x115 [ 24.893127][ T83] do_one_initcall+0xf0/0x614 [ 24.897780][ T83] kernel_init_freeable+0x4a9/0x596 [ 24.902952][ T83] kernel_init+0xd/0x1bf [ 24.907168][ T83] ret_from_fork+0x24/0x30 [ 24.911568][ T83] [ 24.913876][ T83] The buggy address belongs to the object at ffff8881d58a6400 [ 24.913876][ T83] which belongs to the cache kmalloc-256 of size 256 [ 24.927929][ T83] The buggy address is located 73 bytes to the right of [ 24.927929][ T83] 256-byte region [ffff8881d58a6400, ffff8881d58a6500) [ 24.941617][ T83] The buggy address belongs to the page: [ 24.947245][ T83] page:ffffea0007562980 refcount:1 mapcount:0 mapping:ffff8881da002780 index:0x0 compound_mapcount: 0 [ 24.958154][ T83] flags: 0x200000000010200(slab|head) [ 24.963516][ T83] raw: 0200000000010200 ffffea0007562900 0000000300000003 ffff8881da002780 [ 24.972093][ T83] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 24.980646][ T83] page dumped because: kasan: bad access detected [ 24.987031][ T83] [ 24.989333][ T83] Memory state around the buggy address: [ 24.994951][ T83] ffff8881d58a6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.002987][ T83] ffff8881d58a6480: 00 00 00 00 00 00 00 00 05 fc fc fc fc fc fc fc [ 25.011036][ T83] >ffff8881d58a6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.019068][ T83] ^ [ 25.025459][ T83] ffff8881d58a6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.033493][ T83] ffff8881d58a6600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.041527][ T83] ================================================================== [ 25.049574][ T83] Disabling lock debugging due to kernel taint [ 25.055798][ T83] Kernel panic - not syncing: panic_on_warn set ... [ 25.062382][ T83] CPU: 1 PID: 83 Comm: kworker/1:2 Tainted: G B 5.4.0-rc3+ #0 [ 25.071230][ T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.081308][ T83] Workqueue: usb_hub_wq hub_event [ 25.086414][ T83] Call Trace: [ 25.089690][ T83] dump_stack+0xca/0x13e [ 25.093912][ T83] panic+0x2aa/0x6e1 [ 25.097789][ T83] ? add_taint.cold+0x16/0x16 [ 25.102462][ T83] ? build_audio_procunit+0xeab/0x13f0 [ 25.107912][ T83] ? trace_hardirqs_on+0x55/0x1e0 [ 25.112920][ T83] ? build_audio_procunit+0xeab/0x13f0 [ 25.118362][ T83] end_report+0x43/0x49 [ 25.122505][ T83] ? build_audio_procunit+0xeab/0x13f0 [ 25.127941][ T83] __kasan_report.cold+0xd/0x33 [ 25.132855][ T83] ? build_audio_procunit+0xeab/0x13f0 [ 25.138305][ T83] kasan_report+0xe/0x20 [ 25.142554][ T83] build_audio_procunit+0xeab/0x13f0 [ 25.147818][ T83] parse_audio_unit+0x1812/0x36f0 [ 25.152825][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 25.158613][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 25.164237][ T83] ? stack_depot_save+0x252/0x440 [ 25.169238][ T83] ? build_audio_procunit+0x13f0/0x13f0 [ 25.174780][ T83] ? save_stack+0x4c/0x80 [ 25.179336][ T83] ? save_stack+0x1b/0x80 [ 25.183655][ T83] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 25.189615][ T83] ? snd_usb_create_mixer+0x180/0x1890 [ 25.195057][ T83] ? usb_audio_probe+0xc76/0x2010 [ 25.200061][ T83] ? usb_probe_interface+0x305/0x7a0 [ 25.205329][ T83] ? really_probe+0x281/0x6d0 [ 25.209981][ T83] ? driver_probe_device+0x104/0x210 [ 25.215247][ T83] ? __device_attach_driver+0x1c2/0x220 [ 25.220768][ T83] ? bus_for_each_drv+0x162/0x1e0 [ 25.225766][ T83] ? __device_attach+0x217/0x360 [ 25.230679][ T83] ? bus_probe_device+0x1e4/0x290 [ 25.235693][ T83] ? device_add+0xae6/0x16f0 [ 25.240259][ T83] ? usb_set_configuration+0xdf6/0x1670 [ 25.245783][ T83] ? validate_desc.part.0+0x17f/0x240 [ 25.251258][ T83] snd_usb_mixer_controls+0x715/0xb90 [ 25.256608][ T83] ? parse_audio_unit+0x36f0/0x36f0 [ 25.261782][ T83] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 25.267505][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 25.272765][ T83] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 25.278563][ T83] ? kasan_unpoison_shadow+0x30/0x40 [ 25.284347][ T83] ? usb_ifnum_to_if+0x12b/0x180 [ 25.289259][ T83] snd_usb_create_mixer+0x2b5/0x1890 [ 25.294522][ T83] ? mark_lock+0xbc/0x1160 [ 25.298912][ T83] ? mark_held_locks+0x9f/0xe0 [ 25.303655][ T83] ? snd_usb_mixer_interrupt+0x800/0x800 [ 25.309276][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 25.314538][ T83] ? usb_driver_claim_interface+0x210/0x420 [ 25.320408][ T83] ? snd_usb_create_stream+0x16a/0x4c0 [ 25.325855][ T83] usb_audio_probe+0xc76/0x2010 [ 25.330689][ T83] ? usb_audio_resume+0x20/0x20 [ 25.335520][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 25.341325][ T83] usb_probe_interface+0x305/0x7a0 [ 25.346417][ T83] ? usb_probe_device+0x100/0x100 [ 25.351418][ T83] really_probe+0x281/0x6d0 [ 25.355898][ T83] driver_probe_device+0x104/0x210 [ 25.360985][ T83] __device_attach_driver+0x1c2/0x220 [ 25.366330][ T83] ? driver_allows_async_probing+0x160/0x160 [ 25.372289][ T83] bus_for_each_drv+0x162/0x1e0 [ 25.377130][ T83] ? bus_rescan_devices+0x20/0x20 [ 25.382138][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 25.387939][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 25.393220][ T83] __device_attach+0x217/0x360 [ 25.397959][ T83] ? device_bind_driver+0xd0/0xd0 [ 25.402958][ T83] ? kobject_uevent_env+0x29e/0x1150 [ 25.408232][ T83] ? kobject_uevent_env+0x2a8/0x1150 [ 25.413494][ T83] bus_probe_device+0x1e4/0x290 [ 25.418343][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 25.424208][ T83] device_add+0xae6/0x16f0 [ 25.428604][ T83] ? uevent_store+0x50/0x50 [ 25.433113][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 25.438895][ T83] usb_set_configuration+0xdf6/0x1670 [ 25.444243][ T83] generic_probe+0x9d/0xd5 [ 25.448652][ T83] usb_probe_device+0x99/0x100 [ 25.453410][ T83] ? usb_suspend+0x620/0x620 [ 25.457975][ T83] really_probe+0x281/0x6d0 [ 25.462453][ T83] driver_probe_device+0x104/0x210 [ 25.469713][ T83] __device_attach_driver+0x1c2/0x220 [ 25.475059][ T83] ? driver_allows_async_probing+0x160/0x160 [ 25.481014][ T83] bus_for_each_drv+0x162/0x1e0 [ 25.485843][ T83] ? bus_rescan_devices+0x20/0x20 [ 25.490843][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 25.496637][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 25.501896][ T83] __device_attach+0x217/0x360 [ 25.506637][ T83] ? device_bind_driver+0xd0/0xd0 [ 25.511640][ T83] ? kobject_uevent_env+0x29e/0x1150 [ 25.516909][ T83] ? kobject_uevent_env+0x2a8/0x1150 [ 25.522171][ T83] bus_probe_device+0x1e4/0x290 [ 25.527001][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 25.532868][ T83] device_add+0xae6/0x16f0 [ 25.537291][ T83] ? uevent_store+0x50/0x50 [ 25.541783][ T83] usb_new_device.cold+0x6a4/0xe79 [ 25.546884][ T83] hub_event+0x1dd0/0x37e0 [ 25.551403][ T83] ? hub_port_debounce+0x260/0x260 [ 25.556498][ T83] ? find_held_lock+0x2d/0x110 [ 25.561252][ T83] ? mark_held_locks+0xe0/0xe0 [ 25.566020][ T83] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 25.571545][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 25.576808][ T83] process_one_work+0x92b/0x1530 [ 25.581722][ T83] ? pwq_dec_nr_in_flight+0x310/0x310 [ 25.587071][ T83] ? do_raw_spin_lock+0x11a/0x280 [ 25.592071][ T83] worker_thread+0x96/0xe20 [ 25.596562][ T83] ? process_one_work+0x1530/0x1530 [ 25.601733][ T83] kthread+0x318/0x420 [ 25.605779][ T83] ? kthread_create_on_node+0xf0/0xf0 [ 25.611126][ T83] ret_from_fork+0x24/0x30 [ 25.616499][ T83] Kernel Offset: disabled [ 25.620817][ T83] Rebooting in 86400 seconds..