Warning: Permanently added '10.128.0.75' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.126665][ T7025] IPVS: ftp: loaded support on port[0] = 21 [ 41.451947][ T4076] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 41.691795][ T4076] usb 1-1: Using ep0 maxpacket: 32 [ 41.811871][ T4076] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 41.981725][ T4076] usb 1-1: New USB device found, idVendor=17e9, idProduct=3f57, bcdDevice= 6.02 [ 41.990873][ T4076] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 41.999297][ T4076] usb 1-1: Product: syz [ 42.003921][ T4076] usb 1-1: Manufacturer: syz [ 42.008497][ T4076] usb 1-1: SerialNumber: syz [ 42.019733][ T4076] usb 1-1: config 0 descriptor?? [ 42.323896][ T4076] ================================================================== [ 42.323899][ T4076] BUG: KASAN: slab-out-of-bounds in hex_string+0x416/0x520 [ 42.323901][ T4076] Read of size 1 at addr ffff8880a6c1301b by task kworker/1:8/4076 [ 42.323902][ T4076] [ 42.323905][ T4076] CPU: 1 PID: 4076 Comm: kworker/1:8 Not tainted 5.7.0-rc6-syzkaller #0 [ 42.323907][ T4076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.323909][ T4076] Workqueue: usb_hub_wq hub_event [ 42.323911][ T4076] Call Trace: [ 42.323912][ T4076] dump_stack+0x1e9/0x30e [ 42.323914][ T4076] print_address_description+0x74/0x5c0 [ 42.323915][ T4076] ? printk+0x62/0x83 [ 42.323916][ T4076] __kasan_report+0x103/0x1a0 [ 42.323917][ T4076] ? hex_string+0x416/0x520 [ 42.323919][ T4076] ? mark_lock+0x102/0x1b00 [ 42.323920][ T4076] ? hex_string+0x416/0x520 [ 42.323921][ T4076] kasan_report+0x4d/0x80 [ 42.323922][ T4076] ? mark_lock+0x102/0x1b00 [ 42.323923][ T4076] ? hex_string+0x416/0x520 [ 42.323925][ T4076] ? pointer+0x539/0x970 [ 42.323926][ T4076] ? vsnprintf+0xbf4/0x1aa0 [ 42.323927][ T4076] ? pointer+0x12d/0x970 [ 42.323928][ T4076] ? vsnprintf+0xbf4/0x1aa0 [ 42.323929][ T4076] ? vscnprintf+0x29/0x80 [ 42.323931][ T4076] ? vprintk_store+0x4b/0x680 [ 42.323932][ T4076] ? vprintk_emit+0x128/0x3c0 [ 42.323933][ T4076] ? dev_vprintk_emit+0x494/0x512 [ 42.323935][ T4076] ? _raw_spin_unlock_irqrestore+0xb4/0xd0 [ 42.323936][ T4076] ? debug_check_no_obj_freed+0x592/0x640 [ 42.323938][ T4076] ? lockdep_hardirqs_on+0x4a4/0x8a0 [ 42.323939][ T4076] ? dev_printk_emit+0x6a/0x8c [ 42.323940][ T4076] ? usb_control_msg+0x2f3/0x420 [ 42.323941][ T4076] ? _dev_info+0xb9/0xdb [ 42.323943][ T4076] ? dlfb_usb_probe+0x3ee/0x2080 [ 42.323944][ T4076] ? dlfb_usb_probe+0x443/0x2080 [ 42.323945][ T4076] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 42.323947][ T4076] ? _raw_spin_unlock_irqrestore+0xb4/0xd0 [ 42.323948][ T4076] ? __pm_runtime_set_status+0x89e/0xb50 [ 42.323950][ T4076] ? usb_probe_interface+0x614/0xac0 [ 42.323951][ T4076] ? really_probe+0x761/0xf60 [ 42.323952][ T4076] ? driver_probe_device+0xe6/0x230 [ 42.323954][ T4076] ? coredump_store+0x90/0x90 [ 42.323955][ T4076] ? bus_for_each_drv+0x108/0x170 [ 42.323956][ T4076] ? __device_attach+0x20c/0x3a0 [ 42.323958][ T4076] ? bus_probe_device+0xb8/0x1f0 [ 42.323959][ T4076] ? device_add+0x14a4/0x1ba0 [ 42.323960][ T4076] ? device_add+0x1828/0x1ba0 [ 42.323962][ T4076] ? usb_set_configuration+0x19d2/0x1f20 [ 42.323963][ T4076] ? usb_generic_driver_probe+0x82/0x140 [ 42.323964][ T4076] ? usb_probe_device+0x12d/0x1d0 [ 42.323966][ T4076] ? really_probe+0x761/0xf60 [ 42.323967][ T4076] ? driver_probe_device+0xe6/0x230 [ 42.323968][ T4076] ? coredump_store+0x90/0x90 [ 42.323969][ T4076] ? bus_for_each_drv+0x108/0x170 [ 42.323971][ T4076] ? __device_attach+0x20c/0x3a0 [ 42.323972][ T4076] ? bus_probe_device+0xb8/0x1f0 [ 42.323973][ T4076] ? device_add+0x14a4/0x1ba0 [ 42.323975][ T4076] ? device_add+0x1828/0x1ba0 [ 42.323976][ T4076] ? usb_new_device+0xcc3/0x1650 [ 42.323977][ T4076] ? hub_event+0x2823/0x4cb0 [ 42.323979][ T4076] ? rcu_read_lock_sched_held+0x106/0x170 [ 42.323980][ T4076] ? process_one_work+0x76e/0xfd0 [ 42.323981][ T4076] ? worker_thread+0xa7f/0x1450 [ 42.323982][ T4076] ? kthread+0x353/0x380 [ 42.323984][ T4076] ? rcu_lock_release+0x20/0x20 [ 42.323985][ T4076] ? kthread_blkcg+0xd0/0xd0 [ 42.323986][ T4076] ? ret_from_fork+0x24/0x30 [ 42.323987][ T4076] [ 42.323988][ T4076] Allocated by task 4076: [ 42.323990][ T4076] __kasan_kmalloc+0x114/0x160 [ 42.323991][ T4076] __kmalloc+0x24b/0x330 [ 42.323992][ T4076] usb_get_configuration+0x2d7/0x48e0 [ 42.323994][ T4076] usb_new_device+0xf4/0x1650 [ 42.323995][ T4076] hub_event+0x2823/0x4cb0 [ 42.323996][ T4076] process_one_work+0x76e/0xfd0 [ 42.323997][ T4076] worker_thread+0xa7f/0x1450 [ 42.323998][ T4076] kthread+0x353/0x380 [ 42.324000][ T4076] ret_from_fork+0x24/0x30 [ 42.324001][ T4076] [ 42.324002][ T4076] Freed by task 5147: [ 42.324003][ T4076] __kasan_slab_free+0x125/0x190 [ 42.324004][ T4076] kfree+0x10a/0x220 [ 42.324006][ T4076] tomoyo_check_open_permission+0x6e2/0x900 [ 42.324007][ T4076] security_file_open+0x50/0xc0 [ 42.324008][ T4076] do_dentry_open+0x35d/0x10b0 [ 42.324010][ T4076] path_openat+0x2790/0x38b0 [ 42.324011][ T4076] do_filp_open+0x191/0x3a0 [ 42.324012][ T4076] do_sys_openat2+0x463/0x770 [ 42.324013][ T4076] __x64_sys_open+0x1af/0x1e0 [ 42.324015][ T4076] do_syscall_64+0xf3/0x1b0 [ 42.324016][ T4076] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 42.324017][ T4076] [ 42.324019][ T4076] The buggy address belongs to the object at ffff8880a6c13000 [ 42.324021][ T4076] which belongs to the cache kmalloc-32 of size 32 [ 42.324022][ T4076] The buggy address is located 27 bytes inside of [ 42.324024][ T4076] 32-byte region [ffff8880a6c13000, ffff8880a6c13020) [ 42.324026][ T4076] The buggy address belongs to the page: [ 42.324028][ T4076] page:ffffea00029b04c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a6c13fc1 [ 42.324030][ T4076] flags: 0xfffe0000000200(slab) [ 42.324032][ T4076] raw: 00fffe0000000200 ffffea00025f7e88 ffffea0002a6ff48 ffff8880aa4001c0 [ 42.324034][ T4076] raw: ffff8880a6c13fc1 ffff8880a6c13000 000000010000003e 0000000000000000 [ 42.324036][ T4076] page dumped because: kasan: bad access detected [ 42.324037][ T4076] [ 42.324038][ T4076] Memory state around the buggy address: [ 42.324040][ T4076] ffff8880a6c12f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 42.324042][ T4076] ffff8880a6c12f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 42.324044][ T4076] >ffff8880a6c13000: 00 00 00 03 fc fc fc fc 00 00 01 fc fc fc fc fc [ 42.324045][ T4076] ^ [ 42.324047][ T4076] ffff8880a6c13080: fb fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc [ 42.324049][ T4076] ffff8880a6c13100: 00 00 01 fc fc fc fc fc 00 00 01 fc fc fc fc fc [ 42.324051][ T4076] ================================================================== [ 42.324053][ T4076] Disabling lock debugging due to kernel taint [ 42.324055][ T4076] Kernel panic - not syncing: panic_on_warn set ... [ 42.324057][ T4076] CPU: 1 PID: 4076 Comm: kworker/1:8 Tainted: G B 5.7.0-rc6-syzkaller #0 [ 42.324059][ T4076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.324061][ T4076] Workqueue: usb_hub_wq hub_event [ 42.324063][ T4076] Call Trace: [ 42.324064][ T4076] dump_stack+0x1e9/0x30e [ 42.324065][ T4076] panic+0x264/0x7a0 [ 42.324066][ T4076] ? trace_hardirqs_off+0x16/0x70 [ 42.324068][ T4076] __kasan_report+0x191/0x1a0 [ 42.324069][ T4076] ? hex_string+0x416/0x520 [ 42.324070][ T4076] ? mark_lock+0x102/0x1b00 [ 42.324071][ T4076] ? hex_string+0x416/0x520 [ 42.324072][ T4076] kasan_report+0x4d/0x80 [ 42.324074][ T4076] ? mark_lock+0x102/0x1b00 [ 42.324075][ T4076] ? hex_string+0x416/0x520 [ 42.324076][ T4076] ? pointer+0x539/0x970 [ 42.324077][ T4076] ? vsnprintf+0xbf4/0x1aa0 [ 42.324078][ T4076] ? pointer+0x12d/0x970 [ 42.324080][ T4076] ? vsnprintf+0xbf4/0x1aa0 [ 42.324081][ T4076] ? vscnprintf+0x29/0x80 [ 42.324082][ T4076] ? vprintk_store+0x4b/0x680 [ 42.324083][ T4076] ? vprintk_emit+0x128/0x3c0 [ 42.324085][ T4076] ? dev_vprintk_emit+0x494/0x512 [ 42.324086][ T4076] ? _raw_spin_unlock_irqrestore+0xb4/0xd0 [ 42.324088][ T4076] ? debug_check_no_obj_freed+0x592/0x640 [ 42.324089][ T4076] ? lockdep_hardirqs_on+0x4a4/0x8a0 [ 42.324090][ T4076] ? dev_printk_emit+0x6a/0x8c [ 42.324092][ T4076] ? usb_control_msg+0x2f3/0x420 [ 42.324093][ T4076] ? _dev_info+0xb9/0xdb [ 42.324094][ T4076] ? dlfb_usb_probe+0x3ee/0x2080 [ 42.324095][ T4076] ? dlfb_usb_probe+0x443/0x2080 [ 42.324097][ T4076] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 42.324098][ T4076] ? _raw_spin_unlock_irqrestore+0xb4/0xd0 [ 42.324100][ T4076] ? __pm_runtime_set_status+0x89e/0xb50 [ 42.324101][ T4076] ? usb_probe_interface+0x614/0xac0 [ 42.324102][ T4076] ? really_probe+0x761/0xf60 [ 42.324104][ T4076] ? driver_probe_device+0xe6/0x230 [ 42.324105][ T4076] ? coredump_store+0x90/0x90 [ 42.324106][ T4076] ? bus_for_each_drv+0x108/0x170 [ 42.324108][ T4076] ? __device_attach+0x20c/0x3a0 [ 42.324109][ T4076] ? bus_probe_device+0xb8/0x1f0 [ 42.324110][ T4076] ? device_add+0x14a4/0x1ba0 [ 42.324112][ T4076] ? device_add+0x1828/0x1ba0 [ 42.324113][ T4076] ? usb_set_configuration+0x19d2/0x1f20 [ 42.324115][ T4076] ? usb_generic_driver_probe+0x82/0x140 [ 42.324116][ T4076] ? usb_probe_device+0x12d/0x1d0 [ 42.324117][ T4076] ? really_probe+0x761/0xf60 [ 42.324118][ T4076] ? driver_probe_device+0xe6/0x230 [ 42.324120][ T4076] ? coredump_store+0x90/0x90 [ 42.324121][ T4076] ? bus_for_each_drv+0x108/0x170 [ 42.324122][ T4076] ? __device_attach+0x20c/0x3a0 [ 42.324124][ T4076] ? bus_probe_device+0xb8/0x1f0 [ 42.324125][ T4076] ? device_add+0x14a4/0x1ba0 [ 42.324126][ T4076] ? device_add+0x1828/0x1ba0 [ 42.324127][ T4076] ? usb_new_device+0xcc3/0x1650 [ 42.324129][ T4076] ? hub_event+0x2823/0x4cb0 [ 42.324130][ T4076] ? rcu_read_lock_sched_held+0x106/0x170 [ 42.324131][ T4076] ? process_one_work+0x76e/0xfd0 [ 42.324133][ T4076] ? worker_thread+0xa7f/0x1450 [ 42.324134][ T4076] ? kthread+0x353/0x380 [ 42.324135][ T4076] ? rcu_lock_release+0x20/0x20 [ 42.324136][ T4076] ? kthread_blkcg+0xd0/0xd0 [ 42.324138][ T4076] ? ret_from_fork+0x24/0x30 [ 42.324139][ T4076] Kernel Offset: disabled