Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.422546][ T101] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 32.662482][ T101] usb 1-1: Using ep0 maxpacket: 8 [ 32.782742][ T101] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 32.793832][ T101] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 32.962644][ T101] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 32.972054][ T101] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 32.980347][ T101] usb 1-1: Product: syz [ 32.984892][ T101] usb 1-1: Manufacturer: syz [ 32.989652][ T101] usb 1-1: SerialNumber: syz executing program [ 33.332827][ T101] ================================================================== [ 33.341082][ T101] BUG: KASAN: slab-out-of-bounds in build_audio_procunit+0x1306/0x13f0 [ 33.349436][ T101] Read of size 1 at addr ffff8881d537c7b7 by task kworker/0:2/101 [ 33.357225][ T101] [ 33.359549][ T101] CPU: 0 PID: 101 Comm: kworker/0:2 Not tainted 5.4.0-rc3+ #0 [ 33.366990][ T101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.377203][ T101] Workqueue: usb_hub_wq hub_event [ 33.382240][ T101] Call Trace: [ 33.385728][ T101] dump_stack+0xca/0x13e [ 33.390086][ T101] ? build_audio_procunit+0x1306/0x13f0 [ 33.395623][ T101] ? build_audio_procunit+0x1306/0x13f0 [ 33.401506][ T101] print_address_description.constprop.0+0x36/0x50 [ 33.408035][ T101] ? build_audio_procunit+0x1306/0x13f0 [ 33.413581][ T101] ? build_audio_procunit+0x1306/0x13f0 [ 33.419131][ T101] __kasan_report.cold+0x1a/0x33 [ 33.424067][ T101] ? build_audio_procunit+0x1306/0x13f0 [ 33.429842][ T101] kasan_report+0xe/0x20 [ 33.434197][ T101] build_audio_procunit+0x1306/0x13f0 [ 33.439566][ T101] parse_audio_unit+0x17e9/0x36f0 [ 33.445101][ T101] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 33.450896][ T101] ? lockdep_hardirqs_on+0x382/0x580 [ 33.456335][ T101] ? stack_depot_save+0x252/0x440 [ 33.461544][ T101] ? build_audio_procunit+0x13f0/0x13f0 [ 33.467237][ T101] ? save_stack+0x4c/0x80 [ 33.471553][ T101] ? save_stack+0x1b/0x80 [ 33.477249][ T101] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 33.483086][ T101] ? snd_usb_create_mixer+0x180/0x1890 [ 33.488561][ T101] ? usb_audio_probe+0xc76/0x2010 [ 33.493599][ T101] ? usb_probe_interface+0x305/0x7a0 [ 33.498976][ T101] ? really_probe+0x281/0x6d0 [ 33.503863][ T101] ? driver_probe_device+0x104/0x210 [ 33.509131][ T101] ? __device_attach_driver+0x1c2/0x220 [ 33.514682][ T101] ? bus_for_each_drv+0x162/0x1e0 [ 33.519886][ T101] ? __device_attach+0x217/0x360 [ 33.525129][ T101] ? bus_probe_device+0x1e4/0x290 [ 33.530488][ T101] ? device_add+0xae6/0x16f0 [ 33.535142][ T101] ? usb_set_configuration+0xdf6/0x1670 [ 33.541219][ T101] ? validate_desc.part.0+0x17f/0x240 [ 33.546789][ T101] snd_usb_mixer_controls+0x715/0xb90 [ 33.552157][ T101] ? parse_audio_unit+0x36f0/0x36f0 [ 33.557395][ T101] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 33.563874][ T101] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 33.569184][ T101] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 33.575010][ T101] ? kasan_unpoison_shadow+0x30/0x40 [ 33.580291][ T101] ? usb_ifnum_to_if+0x12b/0x180 [ 33.585232][ T101] snd_usb_create_mixer+0x2b5/0x1890 [ 33.590829][ T101] ? mark_lock+0xbc/0x1160 [ 33.595259][ T101] ? mark_held_locks+0x9f/0xe0 [ 33.600146][ T101] ? snd_usb_mixer_interrupt+0x800/0x800 [ 33.605781][ T101] ? lockdep_hardirqs_on+0x382/0x580 [ 33.611179][ T101] ? usb_driver_claim_interface+0x210/0x420 [ 33.617068][ T101] ? snd_usb_create_stream+0x16a/0x4c0 [ 33.622781][ T101] usb_audio_probe+0xc76/0x2010 [ 33.627722][ T101] ? usb_audio_resume+0x20/0x20 [ 33.632766][ T101] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 33.638556][ T101] usb_probe_interface+0x305/0x7a0 [ 33.643651][ T101] ? usb_probe_device+0x100/0x100 [ 33.648655][ T101] really_probe+0x281/0x6d0 [ 33.653261][ T101] driver_probe_device+0x104/0x210 [ 33.658377][ T101] __device_attach_driver+0x1c2/0x220 [ 33.663740][ T101] ? driver_allows_async_probing+0x160/0x160 [ 33.669740][ T101] bus_for_each_drv+0x162/0x1e0 [ 33.674606][ T101] ? bus_rescan_devices+0x20/0x20 [ 33.679663][ T101] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 33.685526][ T101] ? lockdep_hardirqs_on+0x382/0x580 [ 33.690954][ T101] __device_attach+0x217/0x360 [ 33.695725][ T101] ? device_bind_driver+0xd0/0xd0 [ 33.701351][ T101] ? kobject_uevent_env+0x29e/0x1150 [ 33.706632][ T101] ? kobject_uevent_env+0x2a8/0x1150 [ 33.711927][ T101] bus_probe_device+0x1e4/0x290 [ 33.716794][ T101] ? blocking_notifier_call_chain+0x54/0xa0 [ 33.722684][ T101] device_add+0xae6/0x16f0 [ 33.727205][ T101] ? uevent_store+0x50/0x50 [ 33.731698][ T101] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 33.737502][ T101] usb_set_configuration+0xdf6/0x1670 [ 33.743285][ T101] generic_probe+0x9d/0xd5 [ 33.747719][ T101] usb_probe_device+0x99/0x100 [ 33.752481][ T101] ? usb_suspend+0x620/0x620 [ 33.757074][ T101] really_probe+0x281/0x6d0 [ 33.761833][ T101] driver_probe_device+0x104/0x210 [ 33.766936][ T101] __device_attach_driver+0x1c2/0x220 [ 33.772420][ T101] ? driver_allows_async_probing+0x160/0x160 [ 33.778540][ T101] bus_for_each_drv+0x162/0x1e0 [ 33.783409][ T101] ? bus_rescan_devices+0x20/0x20 [ 33.788737][ T101] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 33.794558][ T101] ? lockdep_hardirqs_on+0x382/0x580 [ 33.799932][ T101] __device_attach+0x217/0x360 [ 33.804689][ T101] ? device_bind_driver+0xd0/0xd0 [ 33.809712][ T101] ? kobject_uevent_env+0x29e/0x1150 [ 33.815257][ T101] ? kobject_uevent_env+0x2a8/0x1150 [ 33.820550][ T101] bus_probe_device+0x1e4/0x290 [ 33.825404][ T101] ? blocking_notifier_call_chain+0x54/0xa0 [ 33.831534][ T101] device_add+0xae6/0x16f0 [ 33.835962][ T101] ? uevent_store+0x50/0x50 [ 33.840488][ T101] usb_new_device.cold+0x6a4/0xe79 [ 33.845590][ T101] hub_event+0x1dd0/0x37e0 [ 33.850014][ T101] ? hub_port_debounce+0x260/0x260 [ 33.855211][ T101] ? find_held_lock+0x2d/0x110 [ 33.859967][ T101] ? mark_held_locks+0xe0/0xe0 [ 33.864728][ T101] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 33.870303][ T101] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 33.875601][ T101] process_one_work+0x92b/0x1530 [ 33.880527][ T101] ? pwq_dec_nr_in_flight+0x310/0x310 [ 33.885896][ T101] ? do_raw_spin_lock+0x11a/0x280 [ 33.890930][ T101] worker_thread+0x96/0xe20 [ 33.895433][ T101] ? process_one_work+0x1530/0x1530 [ 33.900833][ T101] kthread+0x318/0x420 [ 33.905107][ T101] ? kthread_create_on_node+0xf0/0xf0 [ 33.910588][ T101] ret_from_fork+0x24/0x30 [ 33.915038][ T101] [ 33.917365][ T101] Allocated by task 101: [ 33.921609][ T101] save_stack+0x1b/0x80 [ 33.925876][ T101] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 33.931516][ T101] usb_get_configuration+0x314/0x3050 [ 33.936888][ T101] usb_new_device+0xd3/0x160 [ 33.941648][ T101] hub_event+0x1dd0/0x37e0 [ 33.946092][ T101] process_one_work+0x92b/0x1530 [ 33.951040][ T101] worker_thread+0x96/0xe20 [ 33.955532][ T101] kthread+0x318/0x420 [ 33.959661][ T101] ret_from_fork+0x24/0x30 [ 33.964184][ T101] [ 33.966933][ T101] Freed by task 17: [ 33.970729][ T101] save_stack+0x1b/0x80 [ 33.974880][ T101] __kasan_slab_free+0x130/0x180 [ 33.979797][ T101] kfree+0xe4/0x320 [ 33.983621][ T101] usb_free_urb.part.0+0x7a/0xc0 [ 33.988547][ T101] usb_free_urb+0x1b/0x30 [ 33.992869][ T101] usb_start_wait_urb+0x1e5/0x2b0 [ 33.997871][ T101] usb_control_msg+0x31c/0x4a0 [ 34.002816][ T101] hub_ext_port_status+0x125/0x460 [ 34.008046][ T101] hub_activate+0x497/0x1570 [ 34.012631][ T101] process_one_work+0x92b/0x1530 [ 34.017569][ T101] worker_thread+0x96/0xe20 [ 34.022063][ T101] kthread+0x318/0x420 [ 34.026453][ T101] ret_from_fork+0x24/0x30 [ 34.030924][ T101] [ 34.033267][ T101] The buggy address belongs to the object at ffff8881d537c700 [ 34.033267][ T101] which belongs to the cache kmalloc-192 of size 192 [ 34.047705][ T101] The buggy address is located 183 bytes inside of [ 34.047705][ T101] 192-byte region [ffff8881d537c700, ffff8881d537c7c0) [ 34.061298][ T101] The buggy address belongs to the page: [ 34.067153][ T101] page:ffffea000754df00 refcount:1 mapcount:0 mapping:ffff8881da002a00 index:0x0 [ 34.076271][ T101] flags: 0x200000000000200(slab) [ 34.081682][ T101] raw: 0200000000000200 ffffea000754d680 0000000600000006 ffff8881da002a00 [ 34.090271][ T101] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 34.098999][ T101] page dumped because: kasan: bad access detected [ 34.105395][ T101] [ 34.107721][ T101] Memory state around the buggy address: [ 34.113426][ T101] ffff8881d537c680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.121488][ T101] ffff8881d537c700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.129917][ T101] >ffff8881d537c780: 00 00 00 02 fc fc fc fc fc fc fc fc fc fc fc fc [ 34.137968][ T101] ^ [ 34.143659][ T101] ffff8881d537c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.151825][ T101] ffff8881d537c880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 34.160485][ T101] ================================================================== [ 34.169441][ T101] Disabling lock debugging due to kernel taint [ 34.176357][ T101] Kernel panic - not syncing: panic_on_warn set ... [ 34.182969][ T101] CPU: 0 PID: 101 Comm: kworker/0:2 Tainted: G B 5.4.0-rc3+ #0 [ 34.192387][ T101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.202454][ T101] Workqueue: usb_hub_wq hub_event [ 34.207470][ T101] Call Trace: [ 34.211008][ T101] dump_stack+0xca/0x13e [ 34.215556][ T101] panic+0x2aa/0x6e1 [ 34.220450][ T101] ? add_taint.cold+0x16/0x16 [ 34.225821][ T101] ? build_audio_procunit+0x1306/0x13f0 [ 34.231368][ T101] ? trace_hardirqs_on+0x55/0x1e0 [ 34.236627][ T101] ? build_audio_procunit+0x1306/0x13f0 [ 34.242533][ T101] end_report+0x43/0x49 [ 34.247104][ T101] ? build_audio_procunit+0x1306/0x13f0 [ 34.254019][ T101] __kasan_report.cold+0xd/0x33 [ 34.259340][ T101] ? build_audio_procunit+0x1306/0x13f0 [ 34.264970][ T101] kasan_report+0xe/0x20 [ 34.270195][ T101] build_audio_procunit+0x1306/0x13f0 [ 34.281252][ T101] parse_audio_unit+0x17e9/0x36f0 [ 34.286846][ T101] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 34.294100][ T101] ? lockdep_hardirqs_on+0x382/0x580 [ 34.299717][ T101] ? stack_depot_save+0x252/0x440 [ 34.305540][ T101] ? build_audio_procunit+0x13f0/0x13f0 [ 34.311932][ T101] ? save_stack+0x4c/0x80 [ 34.318765][ T101] ? save_stack+0x1b/0x80 [ 34.323171][ T101] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 34.330612][ T101] ? snd_usb_create_mixer+0x180/0x1890 [ 34.336500][ T101] ? usb_audio_probe+0xc76/0x2010 [ 34.342046][ T101] ? usb_probe_interface+0x305/0x7a0 [ 34.347829][ T101] ? really_probe+0x281/0x6d0 [ 34.352860][ T101] ? driver_probe_device+0x104/0x210 [ 34.358241][ T101] ? __device_attach_driver+0x1c2/0x220 [ 34.364816][ T101] ? bus_for_each_drv+0x162/0x1e0 [ 34.371099][ T101] ? __device_attach+0x217/0x360 [ 34.376268][ T101] ? bus_probe_device+0x1e4/0x290 [ 34.381291][ T101] ? device_add+0xae6/0x16f0 [ 34.385864][ T101] ? usb_set_configuration+0xdf6/0x1670 [ 34.391402][ T101] ? validate_desc.part.0+0x17f/0x240 [ 34.396844][ T101] snd_usb_mixer_controls+0x715/0xb90 [ 34.402555][ T101] ? parse_audio_unit+0x36f0/0x36f0 [ 34.408123][ T101] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 34.414183][ T101] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 34.419468][ T101] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 34.425347][ T101] ? kasan_unpoison_shadow+0x30/0x40 [ 34.431154][ T101] ? usb_ifnum_to_if+0x12b/0x180 [ 34.436261][ T101] snd_usb_create_mixer+0x2b5/0x1890 [ 34.441808][ T101] ? mark_lock+0xbc/0x1160 [ 34.446971][ T101] ? mark_held_locks+0x9f/0xe0 [ 34.453649][ T101] ? snd_usb_mixer_interrupt+0x800/0x800 [ 34.459797][ T101] ? lockdep_hardirqs_on+0x382/0x580 [ 34.466340][ T101] ? usb_driver_claim_interface+0x210/0x420 [ 34.473562][ T101] ? snd_usb_create_stream+0x16a/0x4c0 [ 34.480792][ T101] usb_audio_probe+0xc76/0x2010 [ 34.486398][ T101] ? usb_audio_resume+0x20/0x20 [ 34.495180][ T101] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 34.501816][ T101] usb_probe_interface+0x305/0x7a0 [ 34.506915][ T101] ? usb_probe_device+0x100/0x100 [ 34.511931][ T101] really_probe+0x281/0x6d0 [ 34.516429][ T101] driver_probe_device+0x104/0x210 [ 34.521819][ T101] __device_attach_driver+0x1c2/0x220 [ 34.527380][ T101] ? driver_allows_async_probing+0x160/0x160 [ 34.533586][ T101] bus_for_each_drv+0x162/0x1e0 [ 34.538601][ T101] ? bus_rescan_devices+0x20/0x20 [ 34.543606][ T101] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 34.549389][ T101] ? lockdep_hardirqs_on+0x382/0x580 [ 34.554824][ T101] __device_attach+0x217/0x360 [ 34.559755][ T101] ? device_bind_driver+0xd0/0xd0 [ 34.565140][ T101] ? kobject_uevent_env+0x29e/0x1150 [ 34.570510][ T101] ? kobject_uevent_env+0x2a8/0x1150 [ 34.575793][ T101] bus_probe_device+0x1e4/0x290 [ 34.580632][ T101] ? blocking_notifier_call_chain+0x54/0xa0 [ 34.587893][ T101] device_add+0xae6/0x16f0 [ 34.592286][ T101] ? uevent_store+0x50/0x50 [ 34.596765][ T101] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 34.602548][ T101] usb_set_configuration+0xdf6/0x1670 [ 34.607893][ T101] generic_probe+0x9d/0xd5 [ 34.612377][ T101] usb_probe_device+0x99/0x100 [ 34.617289][ T101] ? usb_suspend+0x620/0x620 [ 34.621899][ T101] really_probe+0x281/0x6d0 [ 34.626391][ T101] driver_probe_device+0x104/0x210 [ 34.631488][ T101] __device_attach_driver+0x1c2/0x220 [ 34.636847][ T101] ? driver_allows_async_probing+0x160/0x160 [ 34.642978][ T101] bus_for_each_drv+0x162/0x1e0 [ 34.647904][ T101] ? bus_rescan_devices+0x20/0x20 [ 34.653023][ T101] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 34.658925][ T101] ? lockdep_hardirqs_on+0x382/0x580 [ 34.664828][ T101] __device_attach+0x217/0x360 [ 34.669575][ T101] ? device_bind_driver+0xd0/0xd0 [ 34.674585][ T101] ? kobject_uevent_env+0x29e/0x1150 [ 34.679855][ T101] ? kobject_uevent_env+0x2a8/0x1150 [ 34.685115][ T101] bus_probe_device+0x1e4/0x290 [ 34.689960][ T101] ? blocking_notifier_call_chain+0x54/0xa0 [ 34.695843][ T101] device_add+0xae6/0x16f0 [ 34.700409][ T101] ? uevent_store+0x50/0x50 [ 34.704891][ T101] usb_new_device.cold+0x6a4/0xe79 [ 34.709989][ T101] hub_event+0x1dd0/0x37e0 [ 34.714380][ T101] ? hub_port_debounce+0x260/0x260 [ 34.719463][ T101] ? find_held_lock+0x2d/0x110 [ 34.724290][ T101] ? mark_held_locks+0xe0/0xe0 [ 34.729122][ T101] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 34.734763][ T101] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 34.740379][ T101] process_one_work+0x92b/0x1530 [ 34.745629][ T101] ? pwq_dec_nr_in_flight+0x310/0x310 [ 34.751138][ T101] ? do_raw_spin_lock+0x11a/0x280 [ 34.756175][ T101] worker_thread+0x96/0xe20 [ 34.760849][ T101] ? process_one_work+0x1530/0x1530 [ 34.766177][ T101] kthread+0x318/0x420 [ 34.770332][ T101] ? kthread_create_on_node+0xf0/0xf0 [ 34.776031][ T101] ret_from_fork+0x24/0x30 [ 34.780993][ T101] Kernel Offset: disabled [ 34.785418][ T101] Rebooting in 86400 seconds..