Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts. executing program [ 35.702809][ T7] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 35.952611][ T7] usb 1-1: Using ep0 maxpacket: 32 [ 36.082686][ T7] usb 1-1: config 199 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 36.093833][ T7] usb 1-1: New USB device found, idVendor=7300, idProduct=128c, bcdDevice=ed.06 [ 36.103117][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 executing program [ 36.402680][ T7] usb 1-1: string descriptor 0 read error: -71 [ 36.416128][ T7] usb 1-1: MIDIStreaming interface descriptor not found [ 36.423644][ T7] ================================================================== [ 36.431825][ T7] BUG: KASAN: slab-out-of-bounds in snd_usbmidi_get_ms_info+0xeaf/0x10e0 [ 36.440255][ T7] Read of size 1 at addr ffff888119b80722 by task kworker/0:1/7 [ 36.448724][ T7] [ 36.451033][ T7] CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.12.0-syzkaller #0 [ 36.458823][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.468864][ T7] Workqueue: usb_hub_wq hub_event [ 36.473884][ T7] Call Trace: [ 36.477150][ T7] dump_stack+0x143/0x1db [ 36.481491][ T7] ? snd_usbmidi_get_ms_info+0xeaf/0x10e0 [ 36.487233][ T7] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 36.494256][ T7] ? snd_usbmidi_get_ms_info+0xeaf/0x10e0 [ 36.499974][ T7] ? snd_usbmidi_get_ms_info+0xeaf/0x10e0 [ 36.506557][ T7] kasan_report.cold+0x7c/0xd8 [ 36.511310][ T7] ? snd_usbmidi_get_ms_info+0xeaf/0x10e0 [ 36.517012][ T7] snd_usbmidi_get_ms_info+0xeaf/0x10e0 [ 36.522545][ T7] __snd_usbmidi_create+0x393/0x1ba0 [ 36.527816][ T7] ? lock_downgrade+0x6e0/0x6e0 [ 36.532670][ T7] ? snd_info_create_entry+0x225/0x420 [ 36.538208][ T7] ? snd_usbmidi_input_close+0x40/0x40 [ 36.543661][ T7] ? mutex_lock_io_nested+0xf50/0xf50 [ 36.549020][ T7] ? snd_info_create_entry+0x32d/0x420 [ 36.554464][ T7] snd_usb_create_quirk+0xa5/0xe0 [ 36.559484][ T7] usb_audio_probe+0xcf0/0x2c90 [ 36.564325][ T7] ? snd_usb_create_stream.isra.0+0x530/0x530 [ 36.570403][ T7] ? mark_held_locks+0x9f/0xe0 [ 36.575157][ T7] ? ktime_get_mono_fast_ns+0x181/0x220 [ 36.580690][ T7] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 36.586657][ T7] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 36.594883][ T7] usb_probe_interface+0x315/0x7f0 [ 36.599983][ T7] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 36.605344][ T7] really_probe+0x291/0xf60 [ 36.609835][ T7] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 36.616063][ T7] driver_probe_device+0x298/0x410 [ 36.621166][ T7] __device_attach_driver+0x203/0x2c0 [ 36.626525][ T7] ? driver_allows_async_probing+0x150/0x150 [ 36.632496][ T7] bus_for_each_drv+0x15f/0x1e0 [ 36.637352][ T7] ? bus_for_each_dev+0x1d0/0x1d0 [ 36.642363][ T7] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 36.648350][ T7] ? trace_hardirqs_on+0x5b/0x1a0 [ 36.654578][ T7] __device_attach+0x228/0x4b0 [ 36.659332][ T7] ? __driver_attach_async_helper+0x330/0x330 [ 36.665386][ T7] ? kobject_uevent_env+0x2bb/0x1650 [ 36.670656][ T7] bus_probe_device+0x1e4/0x290 [ 36.675521][ T7] device_add+0xbe0/0x2100 [ 36.679925][ T7] ? wait_for_completion_io+0x270/0x270 [ 36.685458][ T7] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 36.691700][ T7] ? kfree+0xdb/0x3b0 [ 36.695672][ T7] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 36.701908][ T7] usb_set_configuration+0x113f/0x1910 [ 36.707374][ T7] usb_generic_driver_probe+0xba/0x100 [ 36.712843][ T7] usb_probe_device+0xd9/0x2c0 [ 36.717616][ T7] ? usb_driver_release_interface+0x180/0x180 [ 36.723758][ T7] really_probe+0x291/0xf60 [ 36.728269][ T7] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 36.734523][ T7] driver_probe_device+0x298/0x410 [ 36.740322][ T7] __device_attach_driver+0x203/0x2c0 [ 36.745698][ T7] ? driver_allows_async_probing+0x150/0x150 [ 36.751667][ T7] bus_for_each_drv+0x15f/0x1e0 [ 36.756508][ T7] ? bus_for_each_dev+0x1d0/0x1d0 [ 36.761518][ T7] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 36.767486][ T7] ? trace_hardirqs_on+0x5b/0x1a0 [ 36.772499][ T7] __device_attach+0x228/0x4b0 [ 36.777251][ T7] ? __driver_attach_async_helper+0x330/0x330 [ 36.783306][ T7] ? kobject_uevent_env+0x2bb/0x1650 [ 36.788577][ T7] bus_probe_device+0x1e4/0x290 [ 36.793416][ T7] device_add+0xbe0/0x2100 [ 36.797818][ T7] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 36.804477][ T7] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 36.810705][ T7] usb_new_device.cold+0x721/0x1058 [ 36.815901][ T7] ? hub_disconnect+0x510/0x510 [ 36.820749][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 36.825677][ T7] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 36.831649][ T7] hub_event+0x2357/0x4330 [ 36.836079][ T7] ? hub_port_debounce+0x3c0/0x3c0 [ 36.841275][ T7] ? lock_pin_lock+0x211/0x2a0 [ 36.846039][ T7] ? __do_sys_prctl+0xc10/0xfd0 [ 36.850887][ T7] ? lock_release+0x6f0/0x6f0 [ 36.855658][ T7] ? lock_downgrade+0x6e0/0x6e0 [ 36.860595][ T7] ? do_raw_spin_lock+0x120/0x2b0 [ 36.865657][ T7] process_one_work+0x98d/0x1580 [ 36.870586][ T7] ? pwq_dec_nr_in_flight+0x320/0x320 [ 36.875949][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 36.880884][ T7] worker_thread+0x64c/0x1120 [ 36.885563][ T7] ? __kthread_parkme+0x118/0x1d0 [ 36.890577][ T7] ? process_one_work+0x1580/0x1580 [ 36.895761][ T7] kthread+0x38c/0x460 [ 36.899820][ T7] ? _raw_spin_unlock_irq+0x1f/0x30 [ 36.905009][ T7] ? __kthread_bind_mask+0xc0/0xc0 [ 36.910107][ T7] ret_from_fork+0x1f/0x30 [ 36.914522][ T7] [ 36.916828][ T7] Allocated by task 7: [ 36.920918][ T7] kasan_save_stack+0x1b/0x40 [ 36.925589][ T7] __kasan_kmalloc+0x7c/0x90 [ 36.930168][ T7] usb_get_configuration+0x321/0x3d60 [ 36.935541][ T7] usb_new_device+0x42c/0x7a0 [ 36.940207][ T7] hub_event+0x2357/0x4330 [ 36.944625][ T7] process_one_work+0x98d/0x1580 [ 36.949558][ T7] worker_thread+0x64c/0x1120 [ 36.954247][ T7] kthread+0x38c/0x460 [ 36.958303][ T7] ret_from_fork+0x1f/0x30 [ 36.962702][ T7] [ 36.965006][ T7] The buggy address belongs to the object at ffff888119b80700 [ 36.965006][ T7] which belongs to the cache kmalloc-64 of size 64 [ 36.978910][ T7] The buggy address is located 34 bytes inside of [ 36.978910][ T7] 64-byte region [ffff888119b80700, ffff888119b80740) [ 36.992220][ T7] The buggy address belongs to the page: [ 36.997836][ T7] page:ffffea000466e000 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888119b80680 pfn:0x119b80 [ 37.009445][ T7] flags: 0x200000000000200(slab|node=0|zone=2) [ 37.015657][ T7] raw: 0200000000000200 ffffea0004206f00 0000000900000009 ffff888100041640 [ 37.024261][ T7] raw: ffff888119b80680 000000008020001d 00000001ffffffff 0000000000000000 [ 37.032825][ T7] page dumped because: kasan: bad access detected [ 37.039217][ T7] page_owner tracks the page as allocated [ 37.045071][ T7] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 2653, ts 10410979522, free_ts 0 [ 37.060248][ T7] get_page_from_freelist+0xc97/0x26a0 [ 37.065712][ T7] __alloc_pages+0x1b2/0x4f0 [ 37.070296][ T7] alloc_pages+0x18c/0x2a0 [ 37.074717][ T7] allocate_slab+0x2c5/0x4c0 [ 37.079331][ T7] ___slab_alloc+0x476/0x7b0 [ 37.084039][ T7] __slab_alloc+0x68/0x80 [ 37.088362][ T7] kmem_cache_alloc_trace+0x27e/0x2a0 [ 37.093719][ T7] allocate_cgrp_cset_links+0x19c/0x240 [ 37.099268][ T7] find_css_set+0x6d3/0x1a40 [ 37.103844][ T7] cgroup_migrate_prepare_dst+0x105/0x830 [ 37.109564][ T7] cgroup_attach_task+0x39f/0x760 [ 37.114584][ T7] __cgroup1_procs_write.constprop.0+0x3a9/0x490 [ 37.120907][ T7] cgroup_file_write+0x1ec/0x780 [ 37.125851][ T7] kernfs_fop_write_iter+0x342/0x500 [ 37.131213][ T7] new_sync_write+0x426/0x650 [ 37.136316][ T7] vfs_write+0x743/0x9e0 [ 37.140668][ T7] page_owner free stack trace missing [ 37.146019][ T7] [ 37.148327][ T7] Memory state around the buggy address: [ 37.153980][ T7] ffff888119b80600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.162023][ T7] ffff888119b80680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.170070][ T7] >ffff888119b80700: 00 00 00 00 02 fc fc fc fc fc fc fc fc fc fc fc [ 37.178111][ T7] ^ [ 37.183200][ T7] ffff888119b80780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.191250][ T7] ffff888119b80800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.199302][ T7] ================================================================== [ 37.207352][ T7] Disabling lock debugging due to kernel taint [ 37.213531][ T7] Kernel panic - not syncing: panic_on_warn set ... [ 37.220112][ T7] CPU: 0 PID: 7 Comm: kworker/0:1 Tainted: G B 5.12.0-syzkaller #0 [ 37.229312][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.239373][ T7] Workqueue: usb_hub_wq hub_event [ 37.244411][ T7] Call Trace: [ 37.247686][ T7] dump_stack+0x143/0x1db [ 37.252033][ T7] panic+0x306/0x73d [ 37.263904][ T7] ? __warn_printk+0xf3/0xf3 [ 37.268487][ T7] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 37.274629][ T7] ? trace_hardirqs_on+0x38/0x1a0 [ 37.279644][ T7] ? trace_hardirqs_on+0x51/0x1a0 [ 37.284827][ T7] ? snd_usbmidi_get_ms_info+0xeaf/0x10e0 [ 37.290531][ T7] ? snd_usbmidi_get_ms_info+0xeaf/0x10e0 [ 37.296237][ T7] end_report.cold+0x5a/0x5a [ 37.300823][ T7] kasan_report.cold+0x6a/0xd8 [ 37.305568][ T7] ? snd_usbmidi_get_ms_info+0xeaf/0x10e0 [ 37.311268][ T7] snd_usbmidi_get_ms_info+0xeaf/0x10e0 [ 37.316793][ T7] __snd_usbmidi_create+0x393/0x1ba0 [ 37.322072][ T7] ? lock_downgrade+0x6e0/0x6e0 [ 37.326923][ T7] ? snd_info_create_entry+0x225/0x420 [ 37.332365][ T7] ? snd_usbmidi_input_close+0x40/0x40 [ 37.337809][ T7] ? mutex_lock_io_nested+0xf50/0xf50 [ 37.343163][ T7] ? snd_info_create_entry+0x32d/0x420 [ 37.348646][ T7] snd_usb_create_quirk+0xa5/0xe0 [ 37.353661][ T7] usb_audio_probe+0xcf0/0x2c90 [ 37.358495][ T7] ? snd_usb_create_stream.isra.0+0x530/0x530 [ 37.364541][ T7] ? mark_held_locks+0x9f/0xe0 [ 37.369289][ T7] ? ktime_get_mono_fast_ns+0x181/0x220 [ 37.374814][ T7] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 37.380775][ T7] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 37.386568][ T7] usb_probe_interface+0x315/0x7f0 [ 37.391709][ T7] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 37.397117][ T7] really_probe+0x291/0xf60 [ 37.401704][ T7] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 37.407943][ T7] driver_probe_device+0x298/0x410 [ 37.413044][ T7] __device_attach_driver+0x203/0x2c0 [ 37.418403][ T7] ? driver_allows_async_probing+0x150/0x150 [ 37.424393][ T7] bus_for_each_drv+0x15f/0x1e0 [ 37.429234][ T7] ? bus_for_each_dev+0x1d0/0x1d0 [ 37.434249][ T7] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 37.440324][ T7] ? trace_hardirqs_on+0x5b/0x1a0 [ 37.445334][ T7] __device_attach+0x228/0x4b0 [ 37.450089][ T7] ? __driver_attach_async_helper+0x330/0x330 [ 37.456154][ T7] ? kobject_uevent_env+0x2bb/0x1650 [ 37.461423][ T7] bus_probe_device+0x1e4/0x290 [ 37.466264][ T7] device_add+0xbe0/0x2100 [ 37.470691][ T7] ? wait_for_completion_io+0x270/0x270 [ 37.476223][ T7] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 37.483402][ T7] ? kfree+0xdb/0x3b0 [ 37.487384][ T7] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 37.493627][ T7] usb_set_configuration+0x113f/0x1910 [ 37.499074][ T7] usb_generic_driver_probe+0xba/0x100 [ 37.504527][ T7] usb_probe_device+0xd9/0x2c0 [ 37.509369][ T7] ? usb_driver_release_interface+0x180/0x180 [ 37.515420][ T7] really_probe+0x291/0xf60 [ 37.519915][ T7] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 37.526140][ T7] driver_probe_device+0x298/0x410 [ 37.531235][ T7] __device_attach_driver+0x203/0x2c0 [ 37.536697][ T7] ? driver_allows_async_probing+0x150/0x150 [ 37.542748][ T7] bus_for_each_drv+0x15f/0x1e0 [ 37.547582][ T7] ? bus_for_each_dev+0x1d0/0x1d0 [ 37.552677][ T7] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 37.558653][ T7] ? trace_hardirqs_on+0x5b/0x1a0 [ 37.563659][ T7] __device_attach+0x228/0x4b0 [ 37.568840][ T7] ? __driver_attach_async_helper+0x330/0x330 [ 37.574897][ T7] ? kobject_uevent_env+0x2bb/0x1650 [ 37.580164][ T7] bus_probe_device+0x1e4/0x290 [ 37.585001][ T7] device_add+0xbe0/0x2100 [ 37.589401][ T7] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 37.595649][ T7] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 37.601875][ T7] usb_new_device.cold+0x721/0x1058 [ 37.607065][ T7] ? hub_disconnect+0x510/0x510 [ 37.611902][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 37.616830][ T7] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 37.622794][ T7] hub_event+0x2357/0x4330 [ 37.627194][ T7] ? hub_port_debounce+0x3c0/0x3c0 [ 37.632285][ T7] ? lock_pin_lock+0x211/0x2a0 [ 37.637132][ T7] ? __do_sys_prctl+0xc10/0xfd0 [ 37.641963][ T7] ? lock_release+0x6f0/0x6f0 [ 37.646622][ T7] ? lock_downgrade+0x6e0/0x6e0 [ 37.651468][ T7] ? do_raw_spin_lock+0x120/0x2b0 [ 37.656485][ T7] process_one_work+0x98d/0x1580 [ 37.661405][ T7] ? pwq_dec_nr_in_flight+0x320/0x320 [ 37.666761][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 37.671681][ T7] worker_thread+0x64c/0x1120 [ 37.676352][ T7] ? __kthread_parkme+0x118/0x1d0 [ 37.681371][ T7] ? process_one_work+0x1580/0x1580 [ 37.686558][ T7] kthread+0x38c/0x460 [ 37.690621][ T7] ? _raw_spin_unlock_irq+0x1f/0x30 [ 37.695818][ T7] ? __kthread_bind_mask+0xc0/0xc0 [ 37.700923][ T7] ret_from_fork+0x1f/0x30 [ 37.706131][ T7] Kernel Offset: disabled [ 37.710445][ T7] Rebooting in 86400 seconds..