Warning: Permanently added '10.128.0.115' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.301205][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 26.661339][ T12] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 26.672246][ T12] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 26.841274][ T12] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 26.850455][ T12] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 26.858502][ T12] usb 1-1: Product: syz [ 26.862695][ T12] usb 1-1: Manufacturer: syz [ 26.867274][ T12] usb 1-1: SerialNumber: syz executing program [ 27.211425][ T12] ================================================================== [ 27.219658][ T12] BUG: KASAN: slab-out-of-bounds in build_audio_procunit+0xeab/0x13f0 [ 27.227931][ T12] Read of size 1 at addr ffff8881d78effe9 by task kworker/0:1/12 [ 27.235637][ T12] [ 27.237968][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.4.0-rc3+ #0 [ 27.245311][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.255355][ T12] Workqueue: usb_hub_wq hub_event [ 27.260365][ T12] Call Trace: [ 27.263639][ T12] dump_stack+0xca/0x13e [ 27.267863][ T12] ? build_audio_procunit+0xeab/0x13f0 [ 27.273312][ T12] ? build_audio_procunit+0xeab/0x13f0 [ 27.278767][ T12] print_address_description.constprop.0+0x36/0x50 [ 27.285250][ T12] ? build_audio_procunit+0xeab/0x13f0 [ 27.290686][ T12] ? build_audio_procunit+0xeab/0x13f0 [ 27.296122][ T12] __kasan_report.cold+0x1a/0x33 [ 27.301043][ T12] ? build_audio_procunit+0xeab/0x13f0 [ 27.306662][ T12] kasan_report+0xe/0x20 [ 27.310892][ T12] build_audio_procunit+0xeab/0x13f0 [ 27.316169][ T12] parse_audio_unit+0x1812/0x36f0 [ 27.321196][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 27.326981][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 27.332244][ T12] ? stack_depot_save+0x252/0x440 [ 27.337255][ T12] ? build_audio_procunit+0x13f0/0x13f0 [ 27.342806][ T12] ? save_stack+0x4c/0x80 [ 27.347140][ T12] ? save_stack+0x1b/0x80 [ 27.351516][ T12] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 27.357312][ T12] ? snd_usb_create_mixer+0x180/0x1890 [ 27.362756][ T12] ? usb_audio_probe+0xc76/0x2010 [ 27.367761][ T12] ? usb_probe_interface+0x305/0x7a0 [ 27.373024][ T12] ? really_probe+0x281/0x6d0 [ 27.377735][ T12] ? driver_probe_device+0x104/0x210 [ 27.383125][ T12] ? __device_attach_driver+0x1c2/0x220 [ 27.388669][ T12] ? bus_for_each_drv+0x162/0x1e0 [ 27.393674][ T12] ? __device_attach+0x217/0x360 [ 27.398593][ T12] ? bus_probe_device+0x1e4/0x290 [ 27.403605][ T12] ? device_add+0xae6/0x16f0 [ 27.408187][ T12] ? usb_set_configuration+0xdf6/0x1670 [ 27.413729][ T12] ? validate_desc.part.0+0x17f/0x240 [ 27.419082][ T12] snd_usb_mixer_controls+0x715/0xb90 [ 27.424440][ T12] ? parse_audio_unit+0x36f0/0x36f0 [ 27.429704][ T12] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 27.435334][ T12] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 27.440615][ T12] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 27.446400][ T12] ? kasan_unpoison_shadow+0x30/0x40 [ 27.451674][ T12] ? usb_ifnum_to_if+0x12b/0x180 [ 27.456668][ T12] snd_usb_create_mixer+0x2b5/0x1890 [ 27.462054][ T12] ? mark_lock+0xbc/0x1160 [ 27.466453][ T12] ? mark_held_locks+0x9f/0xe0 [ 27.471547][ T12] ? snd_usb_mixer_interrupt+0x800/0x800 [ 27.477447][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 27.482734][ T12] ? usb_driver_claim_interface+0x210/0x420 [ 27.488614][ T12] ? snd_usb_create_stream+0x16a/0x4c0 [ 27.494055][ T12] usb_audio_probe+0xc76/0x2010 [ 27.498891][ T12] ? usb_audio_resume+0x20/0x20 [ 27.503729][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 27.509518][ T12] usb_probe_interface+0x305/0x7a0 [ 27.514651][ T12] ? usb_probe_device+0x100/0x100 [ 27.519671][ T12] really_probe+0x281/0x6d0 [ 27.524157][ T12] driver_probe_device+0x104/0x210 [ 27.529443][ T12] __device_attach_driver+0x1c2/0x220 [ 27.534946][ T12] ? driver_allows_async_probing+0x160/0x160 [ 27.540926][ T12] bus_for_each_drv+0x162/0x1e0 [ 27.545761][ T12] ? bus_rescan_devices+0x20/0x20 [ 27.550781][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 27.556571][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 27.561844][ T12] __device_attach+0x217/0x360 [ 27.566586][ T12] ? device_bind_driver+0xd0/0xd0 [ 27.571594][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 27.576953][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 27.582217][ T12] bus_probe_device+0x1e4/0x290 [ 27.587058][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 27.593060][ T12] device_add+0xae6/0x16f0 [ 27.597473][ T12] ? uevent_store+0x50/0x50 [ 27.601976][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 27.607784][ T12] usb_set_configuration+0xdf6/0x1670 [ 27.613145][ T12] generic_probe+0x9d/0xd5 [ 27.617559][ T12] usb_probe_device+0x99/0x100 [ 27.622317][ T12] ? usb_suspend+0x620/0x620 [ 27.626914][ T12] really_probe+0x281/0x6d0 [ 27.631674][ T12] driver_probe_device+0x104/0x210 [ 27.636869][ T12] __device_attach_driver+0x1c2/0x220 [ 27.642250][ T12] ? driver_allows_async_probing+0x160/0x160 [ 27.648648][ T12] bus_for_each_drv+0x162/0x1e0 [ 27.653497][ T12] ? bus_rescan_devices+0x20/0x20 [ 27.658524][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 27.664326][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 27.669595][ T12] __device_attach+0x217/0x360 [ 27.674339][ T12] ? device_bind_driver+0xd0/0xd0 [ 27.679342][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 27.684616][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 27.689886][ T12] bus_probe_device+0x1e4/0x290 [ 27.694740][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 27.700620][ T12] device_add+0xae6/0x16f0 [ 27.705031][ T12] ? uevent_store+0x50/0x50 [ 27.709530][ T12] usb_new_device.cold+0x6a4/0xe79 [ 27.714637][ T12] hub_event+0x1dd0/0x37e0 [ 27.719031][ T12] ? hub_port_debounce+0x260/0x260 [ 27.724120][ T12] ? find_held_lock+0x2d/0x110 [ 27.729491][ T12] ? mark_held_locks+0xe0/0xe0 [ 27.734246][ T12] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 27.739784][ T12] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 27.745050][ T12] process_one_work+0x92b/0x1530 [ 27.749998][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 27.755608][ T12] ? do_raw_spin_lock+0x11a/0x280 [ 27.760698][ T12] worker_thread+0x96/0xe20 [ 27.765189][ T12] ? process_one_work+0x1530/0x1530 [ 27.770475][ T12] kthread+0x318/0x420 [ 27.774545][ T12] ? kthread_create_on_node+0xf0/0xf0 [ 27.779898][ T12] ret_from_fork+0x24/0x30 [ 27.784305][ T12] [ 27.786618][ T12] Allocated by task 12: [ 27.790933][ T12] save_stack+0x1b/0x80 [ 27.795092][ T12] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 27.800740][ T12] usb_get_configuration+0x314/0x3050 [ 27.806109][ T12] usb_new_device+0xd3/0x160 [ 27.810698][ T12] hub_event+0x1dd0/0x37e0 [ 27.815092][ T12] process_one_work+0x92b/0x1530 [ 27.820007][ T12] worker_thread+0x96/0xe20 [ 27.824485][ T12] kthread+0x318/0x420 [ 27.828544][ T12] ret_from_fork+0x24/0x30 [ 27.832934][ T12] [ 27.835241][ T12] Freed by task 102: [ 27.839117][ T12] save_stack+0x1b/0x80 [ 27.844640][ T12] __kasan_slab_free+0x130/0x180 [ 27.849650][ T12] kfree+0xe4/0x320 [ 27.853450][ T12] usb_free_urb.part.0+0x7a/0xc0 [ 27.858363][ T12] usb_free_urb+0x1b/0x30 [ 27.862671][ T12] usb_start_wait_urb+0x1e5/0x2b0 [ 27.867683][ T12] usb_control_msg+0x31c/0x4a0 [ 27.872861][ T12] hub_ext_port_status+0x125/0x460 [ 27.878025][ T12] hub_activate+0x497/0x1570 [ 27.882600][ T12] process_one_work+0x92b/0x1530 [ 27.887560][ T12] worker_thread+0x96/0xe20 [ 27.892049][ T12] kthread+0x318/0x420 [ 27.896096][ T12] ret_from_fork+0x24/0x30 [ 27.900484][ T12] [ 27.902790][ T12] The buggy address belongs to the object at ffff8881d78eff00 [ 27.902790][ T12] which belongs to the cache kmalloc-192 of size 192 [ 27.916832][ T12] The buggy address is located 41 bytes to the right of [ 27.916832][ T12] 192-byte region [ffff8881d78eff00, ffff8881d78effc0) [ 27.930517][ T12] The buggy address belongs to the page: [ 27.936142][ T12] page:ffffea00075e3bc0 refcount:1 mapcount:0 mapping:ffff8881da002a00 index:0x0 [ 27.945237][ T12] flags: 0x200000000000200(slab) [ 27.950170][ T12] raw: 0200000000000200 ffffea00075e3f40 0000000900000009 ffff8881da002a00 [ 27.958741][ T12] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 27.967318][ T12] page dumped because: kasan: bad access detected [ 27.974319][ T12] [ 27.976633][ T12] Memory state around the buggy address: [ 27.982330][ T12] ffff8881d78efe80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 27.990716][ T12] ffff8881d78eff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.998756][ T12] >ffff8881d78eff80: 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc fc [ 28.006789][ T12] ^ [ 28.014221][ T12] ffff8881d78f0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.022273][ T12] ffff8881d78f0080: 00 00 00 00 fc fc fc fc fc fc fc fc 00 00 00 00 [ 28.030366][ T12] ================================================================== [ 28.038406][ T12] Disabling lock debugging due to kernel taint [ 28.044628][ T12] Kernel panic - not syncing: panic_on_warn set ... [ 28.051219][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G B 5.4.0-rc3+ #0 [ 28.059957][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.070003][ T12] Workqueue: usb_hub_wq hub_event [ 28.075029][ T12] Call Trace: [ 28.078300][ T12] dump_stack+0xca/0x13e [ 28.082521][ T12] panic+0x2aa/0x6e1 [ 28.086402][ T12] ? add_taint.cold+0x16/0x16 [ 28.091075][ T12] ? build_audio_procunit+0xeab/0x13f0 [ 28.096634][ T12] ? trace_hardirqs_on+0x55/0x1e0 [ 28.101642][ T12] ? build_audio_procunit+0xeab/0x13f0 [ 28.107211][ T12] end_report+0x43/0x49 [ 28.111358][ T12] ? build_audio_procunit+0xeab/0x13f0 [ 28.116802][ T12] __kasan_report.cold+0xd/0x33 [ 28.121659][ T12] ? build_audio_procunit+0xeab/0x13f0 [ 28.127093][ T12] kasan_report+0xe/0x20 [ 28.131325][ T12] build_audio_procunit+0xeab/0x13f0 [ 28.136654][ T12] parse_audio_unit+0x1812/0x36f0 [ 28.141669][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 28.147469][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 28.152751][ T12] ? stack_depot_save+0x252/0x440 [ 28.157812][ T12] ? build_audio_procunit+0x13f0/0x13f0 [ 28.163345][ T12] ? save_stack+0x4c/0x80 [ 28.167663][ T12] ? save_stack+0x1b/0x80 [ 28.171999][ T12] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 28.177786][ T12] ? snd_usb_create_mixer+0x180/0x1890 [ 28.183232][ T12] ? usb_audio_probe+0xc76/0x2010 [ 28.188234][ T12] ? usb_probe_interface+0x305/0x7a0 [ 28.193504][ T12] ? really_probe+0x281/0x6d0 [ 28.198157][ T12] ? driver_probe_device+0x104/0x210 [ 28.203852][ T12] ? __device_attach_driver+0x1c2/0x220 [ 28.209546][ T12] ? bus_for_each_drv+0x162/0x1e0 [ 28.214546][ T12] ? __device_attach+0x217/0x360 [ 28.219457][ T12] ? bus_probe_device+0x1e4/0x290 [ 28.224470][ T12] ? device_add+0xae6/0x16f0 [ 28.229069][ T12] ? usb_set_configuration+0xdf6/0x1670 [ 28.234591][ T12] ? validate_desc.part.0+0x17f/0x240 [ 28.239939][ T12] snd_usb_mixer_controls+0x715/0xb90 [ 28.245285][ T12] ? parse_audio_unit+0x36f0/0x36f0 [ 28.250459][ T12] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 28.256065][ T12] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 28.261951][ T12] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 28.267732][ T12] ? kasan_unpoison_shadow+0x30/0x40 [ 28.272996][ T12] ? usb_ifnum_to_if+0x12b/0x180 [ 28.277909][ T12] snd_usb_create_mixer+0x2b5/0x1890 [ 28.283264][ T12] ? mark_lock+0xbc/0x1160 [ 28.287683][ T12] ? mark_held_locks+0x9f/0xe0 [ 28.292432][ T12] ? snd_usb_mixer_interrupt+0x800/0x800 [ 28.298150][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 28.303419][ T12] ? usb_driver_claim_interface+0x210/0x420 [ 28.309386][ T12] ? snd_usb_create_stream+0x16a/0x4c0 [ 28.314840][ T12] usb_audio_probe+0xc76/0x2010 [ 28.319753][ T12] ? usb_audio_resume+0x20/0x20 [ 28.324582][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 28.330384][ T12] usb_probe_interface+0x305/0x7a0 [ 28.335574][ T12] ? usb_probe_device+0x100/0x100 [ 28.340581][ T12] really_probe+0x281/0x6d0 [ 28.345076][ T12] driver_probe_device+0x104/0x210 [ 28.350310][ T12] __device_attach_driver+0x1c2/0x220 [ 28.355735][ T12] ? driver_allows_async_probing+0x160/0x160 [ 28.361717][ T12] bus_for_each_drv+0x162/0x1e0 [ 28.366561][ T12] ? bus_rescan_devices+0x20/0x20 [ 28.371575][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 28.377382][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 28.382876][ T12] __device_attach+0x217/0x360 [ 28.387722][ T12] ? device_bind_driver+0xd0/0xd0 [ 28.392913][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 28.398186][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 28.403464][ T12] bus_probe_device+0x1e4/0x290 [ 28.408389][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 28.414392][ T12] device_add+0xae6/0x16f0 [ 28.418791][ T12] ? uevent_store+0x50/0x50 [ 28.423270][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 28.429848][ T12] usb_set_configuration+0xdf6/0x1670 [ 28.435267][ T12] generic_probe+0x9d/0xd5 [ 28.439678][ T12] usb_probe_device+0x99/0x100 [ 28.444422][ T12] ? usb_suspend+0x620/0x620 [ 28.449032][ T12] really_probe+0x281/0x6d0 [ 28.453519][ T12] driver_probe_device+0x104/0x210 [ 28.458674][ T12] __device_attach_driver+0x1c2/0x220 [ 28.464043][ T12] ? driver_allows_async_probing+0x160/0x160 [ 28.470143][ T12] bus_for_each_drv+0x162/0x1e0 [ 28.475065][ T12] ? bus_rescan_devices+0x20/0x20 [ 28.480079][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 28.486331][ T12] ? lockdep_hardirqs_on+0x382/0x580 [ 28.492219][ T12] __device_attach+0x217/0x360 [ 28.497143][ T12] ? device_bind_driver+0xd0/0xd0 [ 28.502334][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 28.507958][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 28.513333][ T12] bus_probe_device+0x1e4/0x290 [ 28.518262][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 28.524149][ T12] device_add+0xae6/0x16f0 [ 28.528558][ T12] ? uevent_store+0x50/0x50 [ 28.533037][ T12] usb_new_device.cold+0x6a4/0xe79 [ 28.538122][ T12] hub_event+0x1dd0/0x37e0 [ 28.542918][ T12] ? hub_port_debounce+0x260/0x260 [ 28.548017][ T12] ? find_held_lock+0x2d/0x110 [ 28.552769][ T12] ? mark_held_locks+0xe0/0xe0 [ 28.557519][ T12] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 28.563049][ T12] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 28.568315][ T12] process_one_work+0x92b/0x1530 [ 28.573243][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 28.578591][ T12] ? do_raw_spin_lock+0x11a/0x280 [ 28.583589][ T12] worker_thread+0x96/0xe20 [ 28.589288][ T12] ? process_one_work+0x1530/0x1530 [ 28.594508][ T12] kthread+0x318/0x420 [ 28.598554][ T12] ? kthread_create_on_node+0xf0/0xf0 [ 28.603915][ T12] ret_from_fork+0x24/0x30 [ 28.609158][ T12] Kernel Offset: disabled [ 28.613521][ T12] Rebooting in 86400 seconds..