./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3541718031
<...>
Warning: Permanently added '10.128.1.63' (ED25519) to the list of known hosts.
execve("./syz-executor3541718031", ["./syz-executor3541718031"], 0x7ffc9b100430 /* 10 vars */) = 0
brk(NULL) = 0x555576fe4000
brk(0x555576fe4d00) = 0x555576fe4d00
arch_prctl(ARCH_SET_FS, 0x555576fe4380) = 0
set_tid_address(0x555576fe4650) = 5093
set_robust_list(0x555576fe4660, 24) = 0
rseq(0x555576fe4ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3541718031", 4096) = 28
getrandom("\x2b\x75\x46\x95\xc4\x90\xdb\x99", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555576fe4d00
brk(0x555577005d00) = 0x555577005d00
brk(0x555577006000) = 0x555577006000
mprotect(0x7f21d9c2f000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
executing program
write(1, "executing program\n", 18) = 18
openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
ioctl(3, USB_RAW_IOCTL_INIT, 0x7fff098d6b90) = 0
ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff098d6b90) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff098d6b90) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff098d6b90) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff098d6b90) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff098d5b80) = 18
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff098d6b90) = 0
[ 76.520749][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff098d6b90) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff098d6b90) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff098d5b80) = 18
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff098d6b90) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff098d5b80) = 9
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff098d6b90) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff098d5b80) = 36
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff098d6b90) = 0
ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0
ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f21d9c353cc) = -1 EINVAL (Invalid argument)
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff098d5b80) = 0
[ 76.881554][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 76.892862][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 76.902738][ T9] usb 1-1: New USB device found, idVendor=0b05, idProduct=19b6, bcdDevice= 0.00
[ 76.911891][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 76.923960][ T9] usb 1-1: config 0 descriptor??
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff098d6bc0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff098d5bb0) = 0
ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff098d6bc0) = 0
ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff098d5bb0) = 5
[ 77.425495][ T9] ==================================================================
[ 77.433806][ T9] BUG: KASAN: slab-out-of-bounds in asus_report_fixup+0x857/0xed0
[ 77.441640][ T9] Read of size 1 at addr ffff88802472ad45 by task kworker/0:1/9
[ 77.449378][ T9]
[ 77.451722][ T9] CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.9.0-syzkaller-10219-g70ec81c2e2b4 #0
[ 77.461177][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 77.471230][ T9] Workqueue: usb_hub_wq hub_event
[ 77.476259][ T9] Call Trace:
[ 77.479535][ T9]
[ 77.482465][ T9] dump_stack_lvl+0x241/0x360
[ 77.487160][ T9] ? __pfx_dump_stack_lvl+0x10/0x10
[ 77.492366][ T9] ? __pfx__printk+0x10/0x10
[ 77.496979][ T9] ? _printk+0xd5/0x120
[ 77.501157][ T9] ? __virt_addr_valid+0x183/0x520
[ 77.506283][ T9] ? __virt_addr_valid+0x183/0x520
[ 77.511502][ T9] print_report+0x169/0x550
[ 77.516025][ T9] ? __virt_addr_valid+0x183/0x520
[ 77.522036][ T9] ? __virt_addr_valid+0x183/0x520
[ 77.527421][ T9] ? __virt_addr_valid+0x44e/0x520
[ 77.532790][ T9] ? __phys_addr+0xba/0x170
[ 77.537316][ T9] ? asus_report_fixup+0x857/0xed0
[ 77.542441][ T9] kasan_report+0x143/0x180
[ 77.546965][ T9] ? asus_report_fixup+0x857/0xed0
[ 77.552100][ T9] asus_report_fixup+0x857/0xed0
[ 77.557083][ T9] ? __asan_memcpy+0x40/0x70
[ 77.561704][ T9] ? __pfx_asus_report_fixup+0x10/0x10
[ 77.567174][ T9] hid_open_report+0x1ba/0x14a0
[ 77.572042][ T9] ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 77.577984][ T9] ? lockdep_hardirqs_on+0x99/0x150
[ 77.583198][ T9] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 77.589092][ T9] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 77.595432][ T9] ? __pfx_hid_open_report+0x10/0x10
[ 77.600733][ T9] asus_probe+0x82e/0xc90
[ 77.605074][ T9] ? __pfx_asus_probe+0x10/0x10
[ 77.609928][ T9] ? hid_match_id+0x308/0x330
[ 77.614607][ T9] ? hid_lookup_quirk+0x32e/0x580
[ 77.619626][ T9] hid_device_probe+0x26e/0x4f0
[ 77.624484][ T9] ? driver_sysfs_add+0x1de/0x1f0
[ 77.629511][ T9] ? __pfx_hid_device_probe+0x10/0x10
[ 77.634907][ T9] really_probe+0x2b8/0xad0
[ 77.639415][ T9] __driver_probe_device+0x1a2/0x390
[ 77.644699][ T9] driver_probe_device+0x50/0x430
[ 77.649725][ T9] __device_attach_driver+0x2d6/0x530
[ 77.655121][ T9] bus_for_each_drv+0x24e/0x2e0
[ 77.659972][ T9] ? __pfx___device_attach_driver+0x10/0x10
[ 77.665866][ T9] ? __pfx_bus_for_each_drv+0x10/0x10
[ 77.671275][ T9] __device_attach+0x333/0x520
[ 77.676062][ T9] ? __pfx___device_attach+0x10/0x10
[ 77.681365][ T9] bus_probe_device+0x189/0x260
[ 77.686238][ T9] device_add+0x8ff/0xca0
[ 77.690573][ T9] hid_add_device+0x3b6/0x520
[ 77.695277][ T9] usbhid_probe+0xb38/0xea0
[ 77.699782][ T9] usb_probe_interface+0x645/0xbb0
[ 77.704899][ T9] ? __pfx_usb_probe_interface+0x10/0x10
[ 77.710530][ T9] really_probe+0x2b8/0xad0
[ 77.715120][ T9] __driver_probe_device+0x1a2/0x390
[ 77.720490][ T9] driver_probe_device+0x50/0x430
[ 77.725514][ T9] __device_attach_driver+0x2d6/0x530
[ 77.730898][ T9] bus_for_each_drv+0x24e/0x2e0
[ 77.735775][ T9] ? __pfx___device_attach_driver+0x10/0x10
[ 77.741680][ T9] ? __pfx_bus_for_each_drv+0x10/0x10
[ 77.747057][ T9] __device_attach+0x333/0x520
[ 77.751820][ T9] ? __pfx_lock_release+0x10/0x10
[ 77.756839][ T9] ? __pfx___device_attach+0x10/0x10
[ 77.762122][ T9] ? do_raw_spin_unlock+0x13c/0x8b0
[ 77.767336][ T9] bus_probe_device+0x189/0x260
[ 77.772206][ T9] device_add+0x8ff/0xca0
[ 77.776540][ T9] usb_set_configuration+0x1976/0x1fb0
[ 77.782018][ T9] usb_generic_driver_probe+0x88/0x140
[ 77.787481][ T9] usb_probe_device+0x1b8/0x380
[ 77.792342][ T9] ? __pfx_usb_probe_device+0x10/0x10
[ 77.797716][ T9] really_probe+0x2b8/0xad0
[ 77.802228][ T9] __driver_probe_device+0x1a2/0x390
[ 77.807516][ T9] driver_probe_device+0x50/0x430
[ 77.812541][ T9] __device_attach_driver+0x2d6/0x530
[ 77.817919][ T9] bus_for_each_drv+0x24e/0x2e0
[ 77.822773][ T9] ? __pfx___device_attach_driver+0x10/0x10
[ 77.828665][ T9] ? __pfx_bus_for_each_drv+0x10/0x10
[ 77.834074][ T9] __device_attach+0x333/0x520
[ 77.838849][ T9] ? __pfx___device_attach+0x10/0x10
[ 77.844137][ T9] bus_probe_device+0x189/0x260
[ 77.848995][ T9] device_add+0x8ff/0xca0
[ 77.853328][ T9] usb_new_device+0x104a/0x19a0
[ 77.858184][ T9] ? __pfx_usb_new_device+0x10/0x10
[ 77.863395][ T9] ? _raw_spin_unlock_irq+0x23/0x50
[ 77.868591][ T9] ? lockdep_hardirqs_on+0x99/0x150
[ 77.873796][ T9] hub_event+0x2d6a/0x5150
[ 77.878234][ T9] ? __pfx_hub_event+0x10/0x10
[ 77.883008][ T9] ? __pfx_lock_acquire+0x10/0x10
[ 77.888137][ T9] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 77.894128][ T9] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 77.900462][ T9] ? process_scheduled_works+0x945/0x1830
[ 77.906180][ T9] process_scheduled_works+0xa2c/0x1830
[ 77.911738][ T9] ? __pfx_process_scheduled_works+0x10/0x10
[ 77.917717][ T9] ? assign_work+0x364/0x3d0
[ 77.922307][ T9] worker_thread+0x86d/0xd70
[ 77.926895][ T9] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 77.932805][ T9] ? __kthread_parkme+0x169/0x1d0
[ 77.937827][ T9] ? __pfx_worker_thread+0x10/0x10
[ 77.942933][ T9] kthread+0x2f0/0x390
[ 77.947006][ T9] ? __pfx_worker_thread+0x10/0x10
[ 77.952112][ T9] ? __pfx_kthread+0x10/0x10
[ 77.956699][ T9] ret_from_fork+0x4b/0x80
[ 77.961119][ T9] ? __pfx_kthread+0x10/0x10
[ 77.965797][ T9] ret_from_fork_asm+0x1a/0x30
[ 77.970570][ T9]
[ 77.973578][ T9]
[ 77.975893][ T9] Allocated by task 9:
[ 77.979952][ T9] kasan_save_track+0x3f/0x80
[ 77.984630][ T9] __kasan_kmalloc+0x98/0xb0
[ 77.989218][ T9] kmalloc_node_track_caller_noprof+0x22a/0x450
[ 77.995472][ T9] kmemdup_noprof+0x2a/0x60
[ 77.999977][ T9] hid_open_report+0x156/0x14a0
[ 78.004835][ T9] asus_probe+0x82e/0xc90
[ 78.009165][ T9] hid_device_probe+0x26e/0x4f0
[ 78.014014][ T9] really_probe+0x2b8/0xad0
[ 78.018510][ T9] __driver_probe_device+0x1a2/0x390
[ 78.023796][ T9] driver_probe_device+0x50/0x430
[ 78.028814][ T9] __device_attach_driver+0x2d6/0x530
[ 78.034181][ T9] bus_for_each_drv+0x24e/0x2e0
[ 78.039030][ T9] __device_attach+0x333/0x520
[ 78.043789][ T9] bus_probe_device+0x189/0x260
[ 78.048637][ T9] device_add+0x8ff/0xca0
[ 78.052960][ T9] hid_add_device+0x3b6/0x520
[ 78.057644][ T9] usbhid_probe+0xb38/0xea0
[ 78.062228][ T9] usb_probe_interface+0x645/0xbb0
[ 78.067352][ T9] really_probe+0x2b8/0xad0
[ 78.071867][ T9] __driver_probe_device+0x1a2/0x390
[ 78.077147][ T9] driver_probe_device+0x50/0x430
[ 78.082193][ T9] __device_attach_driver+0x2d6/0x530
[ 78.087578][ T9] bus_for_each_drv+0x24e/0x2e0
[ 78.092601][ T9] __device_attach+0x333/0x520
[ 78.097358][ T9] bus_probe_device+0x189/0x260
[ 78.102205][ T9] device_add+0x8ff/0xca0
[ 78.106525][ T9] usb_set_configuration+0x1976/0x1fb0
[ 78.111978][ T9] usb_generic_driver_probe+0x88/0x140
[ 78.117428][ T9] usb_probe_device+0x1b8/0x380
[ 78.122278][ T9] really_probe+0x2b8/0xad0
[ 78.126773][ T9] __driver_probe_device+0x1a2/0x390
[ 78.132063][ T9] driver_probe_device+0x50/0x430
[ 78.137081][ T9] __device_attach_driver+0x2d6/0x530
[ 78.142451][ T9] bus_for_each_drv+0x24e/0x2e0
[ 78.147298][ T9] __device_attach+0x333/0x520
[ 78.152055][ T9] bus_probe_device+0x189/0x260
[ 78.156905][ T9] device_add+0x8ff/0xca0
[ 78.161227][ T9] usb_new_device+0x104a/0x19a0
[ 78.166088][ T9] hub_event+0x2d6a/0x5150
[ 78.170622][ T9] process_scheduled_works+0xa2c/0x1830
[ 78.176198][ T9] worker_thread+0x86d/0xd70
[ 78.180798][ T9] kthread+0x2f0/0x390
[ 78.184976][ T9] ret_from_fork+0x4b/0x80
[ 78.189399][ T9] ret_from_fork_asm+0x1a/0x30
[ 78.194177][ T9]
[ 78.196509][ T9] The buggy address belongs to the object at ffff88802472ad40
[ 78.196509][ T9] which belongs to the cache kmalloc-8 of size 8
[ 78.210205][ T9] The buggy address is located 0 bytes to the right of
[ 78.210205][ T9] allocated 5-byte region [ffff88802472ad40, ffff88802472ad45)
[ 78.224518][ T9]
[ 78.226833][ T9] The buggy address belongs to the physical page:
[ 78.233236][ T9] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2472a
[ 78.242001][ T9] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 78.249251][ T9] page_type: 0xffffefff(slab)
[ 78.253945][ T9] raw: 00fff00000000000 ffff888015041500 dead000000000100 dead000000000122
[ 78.262628][ T9] raw: 0000000000000000 0000000080800080 00000001ffffefff 0000000000000000
[ 78.271300][ T9] page dumped because: kasan: bad access detected
[ 78.277713][ T9] page_owner tracks the page as allocated
[ 78.283430][ T9] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 12879192655, free_ts 12811137824
[ 78.301843][ T9] post_alloc_hook+0x1f3/0x230
[ 78.306630][ T9] get_page_from_freelist+0x2e2d/0x2ee0
[ 78.312386][ T9] __alloc_pages_noprof+0x256/0x6c0
[ 78.317595][ T9] alloc_slab_page+0x5f/0x120
[ 78.322293][ T9] allocate_slab+0x5a/0x2e0
[ 78.326808][ T9] ___slab_alloc+0xcd1/0x14b0
[ 78.331485][ T9] __slab_alloc+0x58/0xa0
[ 78.335814][ T9] kmalloc_trace_noprof+0x1d5/0x2c0
[ 78.341016][ T9] usb_control_msg+0xbb/0x4c0
[ 78.345691][ T9] hub_power_on+0x1de/0x460
[ 78.350199][ T9] hub_activate+0x3cd/0x1c70
[ 78.354882][ T9] hub_probe+0x274f/0x3640
[ 78.359293][ T9] usb_probe_interface+0x645/0xbb0
[ 78.364404][ T9] really_probe+0x2b8/0xad0
[ 78.368906][ T9] __driver_probe_device+0x1a2/0x390
[ 78.374185][ T9] driver_probe_device+0x50/0x430
[ 78.379208][ T9] page last free pid 785 tgid 785 stack trace:
[ 78.385355][ T9] free_unref_page+0xd22/0xea0
[ 78.390135][ T9] vfree+0x186/0x2e0
[ 78.394072][ T9] delayed_vfree_work+0x56/0x80
[ 78.398954][ T9] process_scheduled_works+0xa2c/0x1830
[ 78.404503][ T9] worker_thread+0x86d/0xd70
[ 78.409113][ T9] kthread+0x2f0/0x390
[ 78.413184][ T9] ret_from_fork+0x4b/0x80
[ 78.417600][ T9] ret_from_fork_asm+0x1a/0x30
[ 78.422374][ T9]
[ 78.424692][ T9] Memory state around the buggy address:
[ 78.430324][ T9] ffff88802472ac00: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
[ 78.438390][ T9] ffff88802472ac80: 06 fc fc fc 06 fc fc fc fa fc fc fc fa fc fc fc
[ 78.446442][ T9] >ffff88802472ad00: fa fc fc fc fa fc fc fc 05 fc fc fc 05 fc fc fc
[ 78.454502][ T9] ^
[ 78.460674][ T9] ffff88802472ad80: fa fc fc fc fa fc fc fc 06 fc fc fc 06 fc fc fc
[ 78.468726][ T9] ffff88802472ae00: 07 fc fc fc 06 fc fc fc fa fc fc fc 00 fc fc fc
exit_group(0) = ?
[ 78.476864][ T9] ==================================================================
[ 78.487108][ T9] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 78.494332][ T9] CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.9.0-syzkaller-10219-g70ec81c2e2b4 #0
[ 78.503810][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 78.513892][ T9] Workqueue: usb_hub_wq hub_event
[ 78.518948][ T9] Call Trace:
[ 78.522225][ T9]
[ 78.525166][ T9] dump_stack_lvl+0x241/0x360
+++ exited with 0 +++
[