Warning: Permanently added '10.128.10.47' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 25.927246][ T83] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 26.287348][ T83] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 26.298315][ T83] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 26.467341][ T83] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 26.476410][ T83] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 26.484436][ T83] usb 1-1: Product: syz [ 26.488634][ T83] usb 1-1: Manufacturer: syz [ 26.493378][ T83] usb 1-1: SerialNumber: syz executing program [ 26.847381][ T83] ================================================================== [ 26.855556][ T83] BUG: KASAN: slab-out-of-bounds in parse_term_proc_unit+0x57a/0x5e0 [ 26.863598][ T83] Read of size 1 at addr ffff8881d48eeca9 by task kworker/1:2/83 [ 26.871567][ T83] [ 26.873890][ T83] CPU: 1 PID: 83 Comm: kworker/1:2 Not tainted 5.4.0-rc3+ #0 [ 26.881284][ T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.891327][ T83] Workqueue: usb_hub_wq hub_event [ 26.896332][ T83] Call Trace: [ 26.899606][ T83] dump_stack+0xca/0x13e [ 26.903916][ T83] ? parse_term_proc_unit+0x57a/0x5e0 [ 26.909275][ T83] ? parse_term_proc_unit+0x57a/0x5e0 [ 26.914640][ T83] print_address_description.constprop.0+0x36/0x50 [ 26.921135][ T83] ? parse_term_proc_unit+0x57a/0x5e0 [ 26.926497][ T83] ? parse_term_proc_unit+0x57a/0x5e0 [ 26.931849][ T83] __kasan_report.cold+0x1a/0x33 [ 26.936761][ T83] ? parse_term_proc_unit+0x57a/0x5e0 [ 26.942107][ T83] kasan_report+0xe/0x20 [ 26.946325][ T83] parse_term_proc_unit+0x57a/0x5e0 [ 26.951523][ T83] __check_input_term+0xc32/0x13f0 [ 26.956622][ T83] parse_audio_unit+0x101d/0x36f0 [ 26.961710][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 26.967502][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 26.972794][ T83] ? stack_depot_save+0x252/0x440 [ 26.977794][ T83] ? build_audio_procunit+0x13f0/0x13f0 [ 26.983315][ T83] ? save_stack+0x1b/0x80 [ 26.987626][ T83] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 26.993407][ T83] ? snd_usb_create_mixer+0x180/0x1890 [ 26.998841][ T83] ? usb_audio_probe+0xc76/0x2010 [ 27.003844][ T83] ? usb_probe_interface+0x305/0x7a0 [ 27.009107][ T83] ? really_probe+0x281/0x6d0 [ 27.013780][ T83] ? driver_probe_device+0x104/0x210 [ 27.019051][ T83] ? __device_attach_driver+0x1c2/0x220 [ 27.024716][ T83] ? bus_for_each_drv+0x162/0x1e0 [ 27.029729][ T83] ? __device_attach+0x217/0x360 [ 27.034650][ T83] ? bus_probe_device+0x1e4/0x290 [ 27.039664][ T83] ? device_add+0xae6/0x16f0 [ 27.044236][ T83] ? usb_set_configuration+0xdf6/0x1670 [ 27.049760][ T83] ? validate_desc.part.0+0x17f/0x240 [ 27.055111][ T83] snd_usb_mixer_controls+0x715/0xb90 [ 27.060461][ T83] ? parse_audio_unit+0x36f0/0x36f0 [ 27.065634][ T83] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 27.071370][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 27.076637][ T83] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 27.082600][ T83] ? kasan_unpoison_shadow+0x30/0x40 [ 27.087873][ T83] ? usb_ifnum_to_if+0x12b/0x180 [ 27.092838][ T83] snd_usb_create_mixer+0x2b5/0x1890 [ 27.098113][ T83] ? mark_lock+0xbc/0x1160 [ 27.102524][ T83] ? mark_held_locks+0x9f/0xe0 [ 27.107280][ T83] ? snd_usb_mixer_interrupt+0x800/0x800 [ 27.112891][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 27.118153][ T83] ? usb_driver_claim_interface+0x210/0x420 [ 27.124114][ T83] ? snd_usb_create_stream+0x16a/0x4c0 [ 27.129559][ T83] usb_audio_probe+0xc76/0x2010 [ 27.134384][ T83] ? usb_audio_resume+0x20/0x20 [ 27.139214][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 27.145005][ T83] usb_probe_interface+0x305/0x7a0 [ 27.150113][ T83] ? usb_probe_device+0x100/0x100 [ 27.155133][ T83] really_probe+0x281/0x6d0 [ 27.159614][ T83] driver_probe_device+0x104/0x210 [ 27.164715][ T83] __device_attach_driver+0x1c2/0x220 [ 27.170066][ T83] ? driver_allows_async_probing+0x160/0x160 [ 27.176118][ T83] bus_for_each_drv+0x162/0x1e0 [ 27.180948][ T83] ? bus_rescan_devices+0x20/0x20 [ 27.185946][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 27.191730][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 27.196993][ T83] __device_attach+0x217/0x360 [ 27.201735][ T83] ? device_bind_driver+0xd0/0xd0 [ 27.206734][ T83] ? kobject_uevent_env+0x29e/0x1150 [ 27.211995][ T83] ? kobject_uevent_env+0x2a8/0x1150 [ 27.217274][ T83] bus_probe_device+0x1e4/0x290 [ 27.222215][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 27.228085][ T83] device_add+0xae6/0x16f0 [ 27.232495][ T83] ? uevent_store+0x50/0x50 [ 27.236972][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 27.242754][ T83] usb_set_configuration+0xdf6/0x1670 [ 27.248112][ T83] generic_probe+0x9d/0xd5 [ 27.252503][ T83] usb_probe_device+0x99/0x100 [ 27.257242][ T83] ? usb_suspend+0x620/0x620 [ 27.261821][ T83] really_probe+0x281/0x6d0 [ 27.266299][ T83] driver_probe_device+0x104/0x210 [ 27.271404][ T83] __device_attach_driver+0x1c2/0x220 [ 27.276768][ T83] ? driver_allows_async_probing+0x160/0x160 [ 27.282730][ T83] bus_for_each_drv+0x162/0x1e0 [ 27.287565][ T83] ? bus_rescan_devices+0x20/0x20 [ 27.292571][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 27.298355][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 27.303638][ T83] __device_attach+0x217/0x360 [ 27.308537][ T83] ? device_bind_driver+0xd0/0xd0 [ 27.313551][ T83] ? kobject_uevent_env+0x29e/0x1150 [ 27.318818][ T83] ? kobject_uevent_env+0x2a8/0x1150 [ 27.324171][ T83] bus_probe_device+0x1e4/0x290 [ 27.329023][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 27.334896][ T83] device_add+0xae6/0x16f0 [ 27.339371][ T83] ? uevent_store+0x50/0x50 [ 27.343879][ T83] usb_new_device.cold+0x6a4/0xe79 [ 27.348982][ T83] hub_event+0x1dd0/0x37e0 [ 27.353382][ T83] ? hub_port_debounce+0x260/0x260 [ 27.358470][ T83] ? find_held_lock+0x2d/0x110 [ 27.364340][ T83] ? mark_held_locks+0xe0/0xe0 [ 27.369077][ T83] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 27.374598][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 27.379870][ T83] process_one_work+0x92b/0x1530 [ 27.384784][ T83] ? pwq_dec_nr_in_flight+0x310/0x310 [ 27.390218][ T83] ? do_raw_spin_lock+0x11a/0x280 [ 27.395219][ T83] worker_thread+0x96/0xe20 [ 27.400985][ T83] ? process_one_work+0x1530/0x1530 [ 27.406166][ T83] kthread+0x318/0x420 [ 27.410211][ T83] ? kthread_create_on_node+0xf0/0xf0 [ 27.415563][ T83] ret_from_fork+0x24/0x30 [ 27.420077][ T83] [ 27.422389][ T83] Allocated by task 83: [ 27.426659][ T83] save_stack+0x1b/0x80 [ 27.430814][ T83] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 27.436670][ T83] usb_get_configuration+0x314/0x3050 [ 27.442025][ T83] usb_new_device+0xd3/0x160 [ 27.446594][ T83] hub_event+0x1dd0/0x37e0 [ 27.450992][ T83] process_one_work+0x92b/0x1530 [ 27.455921][ T83] worker_thread+0x96/0xe20 [ 27.460536][ T83] kthread+0x318/0x420 [ 27.464859][ T83] ret_from_fork+0x24/0x30 [ 27.469259][ T83] [ 27.471678][ T83] Freed by task 0: [ 27.475382][ T83] save_stack+0x1b/0x80 [ 27.479520][ T83] __kasan_slab_free+0x130/0x180 [ 27.484435][ T83] kfree+0xe4/0x320 [ 27.488247][ T83] free_task+0xe3/0x110 [ 27.492393][ T83] __put_task_struct+0x1e2/0x4c0 [ 27.497304][ T83] delayed_put_task_struct+0x1b4/0x2c0 [ 27.502754][ T83] rcu_core+0x630/0x1ca0 [ 27.506975][ T83] __do_softirq+0x221/0x912 [ 27.511629][ T83] [ 27.513936][ T83] The buggy address belongs to the object at ffff8881d48eec00 [ 27.513936][ T83] which belongs to the cache kmalloc-192 of size 192 [ 27.527990][ T83] The buggy address is located 169 bytes inside of [ 27.527990][ T83] 192-byte region [ffff8881d48eec00, ffff8881d48eecc0) [ 27.541244][ T83] The buggy address belongs to the page: [ 27.547014][ T83] page:ffffea0007523b80 refcount:1 mapcount:0 mapping:ffff8881da002a00 index:0x0 [ 27.556194][ T83] flags: 0x200000000000200(slab) [ 27.561120][ T83] raw: 0200000000000200 ffffea000753ce40 0000000e0000000e ffff8881da002a00 [ 27.569688][ T83] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 27.578248][ T83] page dumped because: kasan: bad access detected [ 27.584640][ T83] [ 27.586961][ T83] Memory state around the buggy address: [ 27.592570][ T83] ffff8881d48eeb80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.600608][ T83] ffff8881d48eec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.608643][ T83] >ffff8881d48eec80: 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc fc [ 27.616680][ T83] ^ [ 27.622022][ T83] ffff8881d48eed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.630056][ T83] ffff8881d48eed80: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 27.638497][ T83] ================================================================== [ 27.646630][ T83] Disabling lock debugging due to kernel taint [ 27.652846][ T83] Kernel panic - not syncing: panic_on_warn set ... [ 27.659426][ T83] CPU: 1 PID: 83 Comm: kworker/1:2 Tainted: G B 5.4.0-rc3+ #0 [ 27.668172][ T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.678600][ T83] Workqueue: usb_hub_wq hub_event [ 27.683807][ T83] Call Trace: [ 27.687088][ T83] dump_stack+0xca/0x13e [ 27.691489][ T83] panic+0x2aa/0x6e1 [ 27.695365][ T83] ? add_taint.cold+0x16/0x16 [ 27.700020][ T83] ? retint_kernel+0x10/0x10 [ 27.704588][ T83] ? trace_hardirqs_on+0x55/0x1e0 [ 27.709773][ T83] ? parse_term_proc_unit+0x57a/0x5e0 [ 27.715122][ T83] end_report+0x43/0x49 [ 27.719257][ T83] ? parse_term_proc_unit+0x57a/0x5e0 [ 27.724629][ T83] __kasan_report.cold+0xd/0x33 [ 27.729649][ T83] ? parse_term_proc_unit+0x57a/0x5e0 [ 27.735086][ T83] kasan_report+0xe/0x20 [ 27.739416][ T83] parse_term_proc_unit+0x57a/0x5e0 [ 27.744598][ T83] __check_input_term+0xc32/0x13f0 [ 27.751693][ T83] parse_audio_unit+0x101d/0x36f0 [ 27.756911][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 27.762955][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 27.768226][ T83] ? stack_depot_save+0x252/0x440 [ 27.773231][ T83] ? build_audio_procunit+0x13f0/0x13f0 [ 27.778754][ T83] ? save_stack+0x1b/0x80 [ 27.783240][ T83] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 27.789037][ T83] ? snd_usb_create_mixer+0x180/0x1890 [ 27.795024][ T83] ? usb_audio_probe+0xc76/0x2010 [ 27.800116][ T83] ? usb_probe_interface+0x305/0x7a0 [ 27.805395][ T83] ? really_probe+0x281/0x6d0 [ 27.810052][ T83] ? driver_probe_device+0x104/0x210 [ 27.815322][ T83] ? __device_attach_driver+0x1c2/0x220 [ 27.820854][ T83] ? bus_for_each_drv+0x162/0x1e0 [ 27.826030][ T83] ? __device_attach+0x217/0x360 [ 27.830955][ T83] ? bus_probe_device+0x1e4/0x290 [ 27.835962][ T83] ? device_add+0xae6/0x16f0 [ 27.840712][ T83] ? usb_set_configuration+0xdf6/0x1670 [ 27.846252][ T83] ? validate_desc.part.0+0x17f/0x240 [ 27.851639][ T83] snd_usb_mixer_controls+0x715/0xb90 [ 27.856991][ T83] ? parse_audio_unit+0x36f0/0x36f0 [ 27.862181][ T83] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 27.867793][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 27.873054][ T83] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 27.878837][ T83] ? kasan_unpoison_shadow+0x30/0x40 [ 27.884196][ T83] ? usb_ifnum_to_if+0x12b/0x180 [ 27.889117][ T83] snd_usb_create_mixer+0x2b5/0x1890 [ 27.894378][ T83] ? mark_lock+0xbc/0x1160 [ 27.898770][ T83] ? mark_held_locks+0x9f/0xe0 [ 27.903509][ T83] ? snd_usb_mixer_interrupt+0x800/0x800 [ 27.909119][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 27.914642][ T83] ? usb_driver_claim_interface+0x210/0x420 [ 27.920515][ T83] ? snd_usb_create_stream+0x16a/0x4c0 [ 27.925946][ T83] usb_audio_probe+0xc76/0x2010 [ 27.930772][ T83] ? usb_audio_resume+0x20/0x20 [ 27.935691][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 27.941473][ T83] usb_probe_interface+0x305/0x7a0 [ 27.946559][ T83] ? usb_probe_device+0x100/0x100 [ 27.951569][ T83] really_probe+0x281/0x6d0 [ 27.956077][ T83] driver_probe_device+0x104/0x210 [ 27.961172][ T83] __device_attach_driver+0x1c2/0x220 [ 27.966951][ T83] ? driver_allows_async_probing+0x160/0x160 [ 27.973425][ T83] bus_for_each_drv+0x162/0x1e0 [ 27.978251][ T83] ? bus_rescan_devices+0x20/0x20 [ 27.983248][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 27.989052][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 27.994320][ T83] __device_attach+0x217/0x360 [ 27.999331][ T83] ? device_bind_driver+0xd0/0xd0 [ 28.004330][ T83] ? kobject_uevent_env+0x29e/0x1150 [ 28.009602][ T83] ? kobject_uevent_env+0x2a8/0x1150 [ 28.014872][ T83] bus_probe_device+0x1e4/0x290 [ 28.019713][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 28.025586][ T83] device_add+0xae6/0x16f0 [ 28.029976][ T83] ? uevent_store+0x50/0x50 [ 28.034453][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 28.040244][ T83] usb_set_configuration+0xdf6/0x1670 [ 28.045762][ T83] generic_probe+0x9d/0xd5 [ 28.050170][ T83] usb_probe_device+0x99/0x100 [ 28.055027][ T83] ? usb_suspend+0x620/0x620 [ 28.059597][ T83] really_probe+0x281/0x6d0 [ 28.064091][ T83] driver_probe_device+0x104/0x210 [ 28.069312][ T83] __device_attach_driver+0x1c2/0x220 [ 28.074685][ T83] ? driver_allows_async_probing+0x160/0x160 [ 28.080766][ T83] bus_for_each_drv+0x162/0x1e0 [ 28.085613][ T83] ? bus_rescan_devices+0x20/0x20 [ 28.090616][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 28.096490][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 28.101760][ T83] __device_attach+0x217/0x360 [ 28.106852][ T83] ? device_bind_driver+0xd0/0xd0 [ 28.111866][ T83] ? kobject_uevent_env+0x29e/0x1150 [ 28.117255][ T83] ? kobject_uevent_env+0x2a8/0x1150 [ 28.123130][ T83] bus_probe_device+0x1e4/0x290 [ 28.127967][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 28.134010][ T83] device_add+0xae6/0x16f0 [ 28.138409][ T83] ? uevent_store+0x50/0x50 [ 28.142896][ T83] usb_new_device.cold+0x6a4/0xe79 [ 28.147980][ T83] hub_event+0x1dd0/0x37e0 [ 28.152538][ T83] ? hub_port_debounce+0x260/0x260 [ 28.157623][ T83] ? find_held_lock+0x2d/0x110 [ 28.162359][ T83] ? mark_held_locks+0xe0/0xe0 [ 28.167192][ T83] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 28.172715][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 28.177981][ T83] process_one_work+0x92b/0x1530 [ 28.182894][ T83] ? pwq_dec_nr_in_flight+0x310/0x310 [ 28.188259][ T83] ? do_raw_spin_lock+0x11a/0x280 [ 28.193267][ T83] worker_thread+0x96/0xe20 [ 28.197747][ T83] ? process_one_work+0x1530/0x1530 [ 28.202930][ T83] kthread+0x318/0x420 [ 28.206987][ T83] ? kthread_create_on_node+0xf0/0xf0 [ 28.212333][ T83] ret_from_fork+0x24/0x30 [ 28.217948][ T83] Kernel Offset: disabled [ 28.222268][ T83] Rebooting in 86400 seconds..