Warning: Permanently added '[localhost]:34348' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 162.476670][ T3079] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 162.726439][ T3079] usb 5-1: Using ep0 maxpacket: 32 [ 162.856821][ T3079] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 163.046773][ T3079] usb 5-1: New USB device found, idVendor=17e9, idProduct=3f57, bcdDevice= 6.02 [ 163.063275][ T3079] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.079463][ T3079] usb 5-1: Product: syz [ 163.086410][ T3079] usb 5-1: Manufacturer: syz [ 163.093489][ T3079] usb 5-1: SerialNumber: syz [ 163.107128][ T3079] usb 5-1: config 0 descriptor?? [ 163.416158][ T3079] ================================================================== [ 163.416158][ T3079] BUG: KASAN: slab-out-of-bounds in hex_string+0x439/0x4c0 [ 163.416158][ T3079] Read of size 1 at addr ffff88802825d85b by task kworker/1:2/3079 [ 163.416158][ T3079] [ 163.416158][ T3079] CPU: 1 PID: 3079 Comm: kworker/1:2 Not tainted 5.7.0-syzkaller #0 [ 163.416158][ T3079] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 163.416158][ T3079] Workqueue: usb_hub_wq hub_event [ 163.416158][ T3079] Call Trace: [ 163.416158][ T3079] dump_stack+0x188/0x20d [ 163.416158][ T3079] ? hex_string+0x439/0x4c0 [ 163.416158][ T3079] ? hex_string+0x439/0x4c0 [ 163.416158][ T3079] print_address_description.constprop.0.cold+0xd3/0x413 [ 163.416158][ T3079] ? mark_lock+0x11f/0xdd0 [ 163.416158][ T3079] ? vprintk_func+0x97/0x1a6 [ 163.416158][ T3079] ? hex_string+0x439/0x4c0 [ 163.416158][ T3079] kasan_report.cold+0x1f/0x37 [ 163.416158][ T3079] ? hex_string+0x439/0x4c0 [ 163.416158][ T3079] hex_string+0x439/0x4c0 [ 163.416158][ T3079] ? check_pointer+0x210/0x210 [ 163.416158][ T3079] ? number+0x82a/0xb00 [ 163.416158][ T3079] ? check_irq_usage+0x165/0xbe0 [ 163.416158][ T3079] pointer+0x346/0x7c0 [ 163.416158][ T3079] ? file_dentry_name+0x120/0x120 [ 163.416158][ T3079] ? check_usage_forwards+0x4e0/0x4e0 [ 163.416158][ T3079] ? __bfs+0x76/0x520 [ 163.416158][ T3079] vsnprintf+0x5ac/0x14f0 [ 163.416158][ T3079] ? pointer+0x7c0/0x7c0 [ 163.416158][ T3079] ? set_precision+0x170/0x170 [ 163.416158][ T3079] va_format.isra.0+0x129/0x1b0 [ 163.416158][ T3079] ? vsnprintf+0x14f0/0x14f0 [ 163.416158][ T3079] ? string_nocheck+0x1a9/0x220 [ 163.416158][ T3079] ? widen_string+0x2a0/0x2a0 [ 163.416158][ T3079] pointer+0x534/0x7c0 [ 163.416158][ T3079] ? file_dentry_name+0x120/0x120 [ 163.416158][ T3079] ? hex_string+0x4c0/0x4c0 [ 163.416158][ T3079] vsnprintf+0x5ac/0x14f0 [ 163.416158][ T3079] ? pointer+0x7c0/0x7c0 [ 163.416158][ T3079] ? lock_release+0x800/0x800 [ 163.416158][ T3079] vscnprintf+0x29/0x80 [ 163.416158][ T3079] vprintk_store+0x40/0x4b0 [ 163.416158][ T3079] vprintk_emit+0x139/0x730 [ 163.416158][ T3079] dev_vprintk_emit+0x4fc/0x541 [ 163.416158][ T3079] ? dev_attr_show.cold+0x3a/0x3a [ 163.416158][ T3079] ? device_add+0x132d/0x1c10 [ 163.416158][ T3079] ? bus_sort_breadthfirst+0x1f0/0x7e0 [ 163.416158][ T3079] ? __device_attach_driver+0x1c2/0x220 [ 163.416158][ T3079] ? bus_for_each_drv+0x162/0x1e0 [ 163.416158][ T3079] ? __device_attach+0x21a/0x360 [ 163.416158][ T3079] ? bus_probe_device+0x1e4/0x290 [ 163.416158][ T3079] ? device_add+0x132d/0x1c10 [ 163.416158][ T3079] ? usb_new_device.cold+0x753/0x103d [ 163.416158][ T3079] ? hub_event+0x1eca/0x38f0 [ 163.416158][ T3079] ? process_one_work+0x965/0x16a0 [ 163.416158][ T3079] ? worker_thread+0x96/0xe20 [ 163.416158][ T3079] ? mark_lock+0x11f/0xdd0 [ 163.416158][ T3079] dev_printk_emit+0xba/0xf1 [ 163.416158][ T3079] ? dev_vprintk_emit+0x541/0x541 [ 163.416158][ T3079] ? mark_held_locks+0x9f/0xe0 [ 163.416158][ T3079] ? kfree+0x1eb/0x2b0 [ 163.416158][ T3079] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 163.416158][ T3079] __dev_printk+0x1db/0x203 [ 163.416158][ T3079] _dev_info+0xd7/0x109 [ 163.416158][ T3079] ? _dev_notice+0x109/0x109 [ 163.416158][ T3079] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 163.416158][ T3079] ? usb_get_descriptor+0xcd/0x1b0 [ 163.416158][ T3079] ? usb_get_descriptor+0x13d/0x1b0 [ 163.416158][ T3079] ? __usb_get_extra_descriptor+0x15d/0x1a0 [ 163.416158][ T3079] dlfb_usb_probe.cold+0x103c/0x1ca3 [ 163.416158][ T3079] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 163.416158][ T3079] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 163.416158][ T3079] ? _raw_spin_unlock_irqrestore+0x9b/0xe0 [ 163.416158][ T3079] ? __pm_runtime_set_status+0x5d5/0xa10 [ 163.416158][ T3079] ? dlfb_ops_open+0x280/0x280 [ 163.416158][ T3079] ? _raw_spin_unlock_irqrestore+0x9b/0xe0 [ 163.416158][ T3079] ? __pm_runtime_resume+0x111/0x170 [ 163.416158][ T3079] usb_probe_interface+0x305/0x7a0 [ 163.416158][ T3079] ? usb_probe_device+0x1f0/0x1f0 [ 163.416158][ T3079] really_probe+0x281/0x6d0 [ 163.416158][ T3079] driver_probe_device+0x104/0x210 [ 163.416158][ T3079] __device_attach_driver+0x1c2/0x220 [ 163.416158][ T3079] ? driver_allows_async_probing+0x170/0x170 [ 163.416158][ T3079] bus_for_each_drv+0x162/0x1e0 [ 163.416158][ T3079] ? bus_rescan_devices+0x20/0x20 [ 163.416158][ T3079] ? _raw_spin_unlock_irqrestore+0x9b/0xe0 [ 163.416158][ T3079] __device_attach+0x21a/0x360 [ 163.416158][ T3079] ? device_bind_driver+0xd0/0xd0 [ 163.416158][ T3079] ? kobject_uevent_env+0x2aa/0x12e0 [ 163.416158][ T3079] bus_probe_device+0x1e4/0x290 [ 163.416158][ T3079] device_add+0x132d/0x1c10 [ 163.416158][ T3079] ? wait_for_completion+0x270/0x270 [ 163.416158][ T3079] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 163.416158][ T3079] ? uevent_show+0x360/0x360 [ 163.416158][ T3079] usb_set_configuration+0xec5/0x1740 [ 163.416158][ T3079] usb_generic_driver_probe+0x9d/0xe0 [ 163.416158][ T3079] usb_probe_device+0xc6/0x1f0 [ 163.416158][ T3079] ? usb_suspend+0x630/0x630 [ 163.416158][ T3079] really_probe+0x281/0x6d0 [ 163.416158][ T3079] driver_probe_device+0x104/0x210 [ 163.416158][ T3079] __device_attach_driver+0x1c2/0x220 [ 163.416158][ T3079] ? driver_allows_async_probing+0x170/0x170 [ 163.416158][ T3079] bus_for_each_drv+0x162/0x1e0 [ 163.416158][ T3079] ? bus_rescan_devices+0x20/0x20 [ 163.416158][ T3079] ? _raw_spin_unlock_irqrestore+0x9b/0xe0 [ 163.416158][ T3079] __device_attach+0x21a/0x360 [ 163.416158][ T3079] ? device_bind_driver+0xd0/0xd0 [ 163.416158][ T3079] ? kobject_uevent_env+0x2aa/0x12e0 [ 163.416158][ T3079] bus_probe_device+0x1e4/0x290 [ 163.416158][ T3079] device_add+0x132d/0x1c10 [ 163.416158][ T3079] ? uevent_show+0x360/0x360 [ 163.416158][ T3079] usb_new_device.cold+0x753/0x103d [ 163.416158][ T3079] ? hub_disconnect+0x4a0/0x4a0 [ 163.416158][ T3079] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 163.416158][ T3079] hub_event+0x1eca/0x38f0 [ 163.416158][ T3079] ? hub_port_debounce+0x260/0x260 [ 163.416158][ T3079] ? drain_workqueue+0x2a1/0x3c0 [ 163.416158][ T3079] ? debug_smp_processor_id+0x2f/0x185 [ 163.416158][ T3079] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 163.416158][ T3079] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 163.416158][ T3079] process_one_work+0x965/0x16a0 [ 163.416158][ T3079] ? lock_release+0x800/0x800 [ 163.416158][ T3079] ? pwq_dec_nr_in_flight+0x310/0x310 [ 163.416158][ T3079] ? rwlock_bug.part.0+0x90/0x90 [ 163.416158][ T3079] worker_thread+0x96/0xe20 [ 163.416158][ T3079] ? process_one_work+0x16a0/0x16a0 [ 163.416158][ T3079] kthread+0x388/0x470 [ 163.416158][ T3079] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 163.416158][ T3079] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 163.416158][ T3079] ret_from_fork+0x24/0x30 [ 163.416158][ T3079] [ 163.416158][ T3079] Allocated by task 3079: [ 163.416158][ T3079] save_stack+0x1b/0x40 [ 163.416158][ T3079] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 163.416158][ T3079] __kmalloc+0x161/0x7a0 [ 163.416158][ T3079] usb_get_configuration+0x30e/0x3770 [ 163.416158][ T3079] usb_new_device+0x387/0x670 [ 163.416158][ T3079] hub_event+0x1eca/0x38f0 [ 163.416158][ T3079] process_one_work+0x965/0x16a0 [ 163.416158][ T3079] worker_thread+0x96/0xe20 [ 163.416158][ T3079] kthread+0x388/0x470 [ 163.416158][ T3079] ret_from_fork+0x24/0x30 [ 163.416158][ T3079] [ 163.416158][ T3079] Freed by task 8555: [ 163.416158][ T3079] save_stack+0x1b/0x40 [ 163.416158][ T3079] __kasan_slab_free+0xf7/0x140 [ 163.416158][ T3079] kfree+0x109/0x2b0 [ 163.416158][ T3079] security_cred_free+0xa5/0x100 [ 163.416158][ T3079] put_cred_rcu+0x122/0x4a0 [ 163.416158][ T3079] __put_cred+0x1de/0x250 [ 163.416158][ T3079] revert_creds+0x1a8/0x1f0 [ 163.416158][ T3079] do_faccessat+0x2cd/0x830 [ 163.416158][ T3079] do_syscall_64+0xf6/0x7d0 [ 163.416158][ T3079] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 163.416158][ T3079] [ 163.416158][ T3079] The buggy address belongs to the object at ffff88802825d840 [ 163.416158][ T3079] which belongs to the cache kmalloc-32 of size 32 [ 163.416158][ T3079] The buggy address is located 27 bytes inside of [ 163.416158][ T3079] 32-byte region [ffff88802825d840, ffff88802825d860) [ 163.416158][ T3079] The buggy address belongs to the page: [ 163.416158][ T3079] page:ffffea0000a09740 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802825dfc1 [ 163.416158][ T3079] flags: 0xfffe0000000200(slab) [ 163.416158][ T3079] raw: 00fffe0000000200 ffffea0000a0d888 ffffea0000a3a308 ffff88802c8001c0 [ 163.416158][ T3079] raw: ffff88802825dfc1 ffff88802825d000 000000010000003d 0000000000000000 [ 163.416158][ T3079] page dumped because: kasan: bad access detected [ 163.416158][ T3079] [ 163.416158][ T3079] Memory state around the buggy address: [ 163.416158][ T3079] ffff88802825d700: 00 02 fc fc fc fc fc fc 00 01 fc fc fc fc fc fc [ 163.416158][ T3079] ffff88802825d780: 00 fc fc fc fc fc fc fc 00 00 fc fc fc fc fc fc [ 163.416158][ T3079] >ffff88802825d800: 00 05 fc fc fc fc fc fc 00 00 00 03 fc fc fc fc [ 163.416158][ T3079] ^ [ 163.416158][ T3079] ffff88802825d880: 06 fc fc fc fc fc fc fc 00 00 fc fc fc fc fc fc [ 163.416158][ T3079] ffff88802825d900: 07 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 163.416158][ T3079] ================================================================== [ 163.416158][ T3079] Disabling lock debugging due to kernel taint [ 163.416158][ T3079] Kernel panic - not syncing: panic_on_warn set ... [ 163.416158][ T3079] CPU: 1 PID: 3079 Comm: kworker/1:2 Tainted: G B 5.7.0-syzkaller #0 [ 163.416158][ T3079] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 163.416158][ T3079] Workqueue: usb_hub_wq hub_event [ 163.416158][ T3079] Call Trace: [ 163.416158][ T3079] dump_stack+0x188/0x20d [ 163.416158][ T3079] ? hex_string+0x400/0x4c0 [ 163.416158][ T3079] panic+0x2e3/0x75c [ 163.416158][ T3079] ? add_taint.cold+0x16/0x16 [ 163.416158][ T3079] ? trace_hardirqs_off+0x50/0x220 [ 163.416158][ T3079] ? hex_string+0x439/0x4c0 [ 163.416158][ T3079] ? hex_string+0x439/0x4c0 [ 163.416158][ T3079] end_report+0x4d/0x53 [ 163.416158][ T3079] kasan_report.cold+0xd/0x37 [ 163.416158][ T3079] ? hex_string+0x439/0x4c0 [ 163.416158][ T3079] hex_string+0x439/0x4c0 [ 163.416158][ T3079] ? check_pointer+0x210/0x210 [ 163.416158][ T3079] ? number+0x82a/0xb00 [ 163.416158][ T3079] ? check_irq_usage+0x165/0xbe0 [ 163.416158][ T3079] pointer+0x346/0x7c0 [ 163.416158][ T3079] ? file_dentry_name+0x120/0x120 [ 163.416158][ T3079] ? check_usage_forwards+0x4e0/0x4e0 [ 163.416158][ T3079] ? __bfs+0x76/0x520 [ 163.416158][ T3079] vsnprintf+0x5ac/0x14f0 [ 163.416158][ T3079] ? pointer+0x7c0/0x7c0 [ 163.416158][ T3079] ? set_precision+0x170/0x170 [ 163.416158][ T3079] va_format.isra.0+0x129/0x1b0 [ 163.416158][ T3079] ? vsnprintf+0x14f0/0x14f0 [ 163.416158][ T3079] ? string_nocheck+0x1a9/0x220 [ 163.416158][ T3079] ? widen_string+0x2a0/0x2a0 [ 163.416158][ T3079] pointer+0x534/0x7c0 [ 163.416158][ T3079] ? file_dentry_name+0x120/0x120 [ 163.416158][ T3079] ? hex_string+0x4c0/0x4c0 [ 163.416158][ T3079] vsnprintf+0x5ac/0x14f0 [ 163.416158][ T3079] ? pointer+0x7c0/0x7c0 [ 163.416158][ T3079] ? lock_release+0x800/0x800 [ 163.416158][ T3079] vscnprintf+0x29/0x80 [ 163.416158][ T3079] vprintk_store+0x40/0x4b0 [ 163.416158][ T3079] vprintk_emit+0x139/0x730 [ 163.416158][ T3079] dev_vprintk_emit+0x4fc/0x541 [ 163.416158][ T3079] ? dev_attr_show.cold+0x3a/0x3a [ 163.416158][ T3079] ? device_add+0x132d/0x1c10 [ 163.416158][ T3079] ? bus_sort_breadthfirst+0x1f0/0x7e0 [ 163.416158][ T3079] ? __device_attach_driver+0x1c2/0x220 [ 163.416158][ T3079] ? bus_for_each_drv+0x162/0x1e0 [ 163.416158][ T3079] ? __device_attach+0x21a/0x360 [ 163.416158][ T3079] ? bus_probe_device+0x1e4/0x290 [ 163.416158][ T3079] ? device_add+0x132d/0x1c10 [ 163.416158][ T3079] ? usb_new_device.cold+0x753/0x103d [ 163.416158][ T3079] ? hub_event+0x1eca/0x38f0 [ 163.416158][ T3079] ? process_one_work+0x965/0x16a0 [ 163.416158][ T3079] ? worker_thread+0x96/0xe20 [ 163.416158][ T3079] ? mark_lock+0x11f/0xdd0 [ 163.416158][ T3079] dev_printk_emit+0xba/0xf1 [ 163.416158][ T3079] ? dev_vprintk_emit+0x541/0x541 [ 163.416158][ T3079] ? mark_held_locks+0x9f/0xe0 [ 163.416158][ T3079] ? kfree+0x1eb/0x2b0 [ 163.416158][ T3079] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 163.416158][ T3079] __dev_printk+0x1db/0x203 [ 163.416158][ T3079] _dev_info+0xd7/0x109 [ 163.416158][ T3079] ? _dev_notice+0x109/0x109 [ 163.416158][ T3079] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 163.416158][ T3079] ? usb_get_descriptor+0xcd/0x1b0 [ 163.416158][ T3079] ? usb_get_descriptor+0x13d/0x1b0 [ 163.416158][ T3079] ? __usb_get_extra_descriptor+0x15d/0x1a0 [ 163.416158][ T3079] dlfb_usb_probe.cold+0x103c/0x1ca3 [ 163.416158][ T3079] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 163.416158][ T3079] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 163.416158][ T3079] ? _raw_spin_unlock_irqrestore+0x9b/0xe0 [ 163.416158][ T3079] ? __pm_runtime_set_status+0x5d5/0xa10 [ 163.416158][ T3079] ? dlfb_ops_open+0x280/0x280 [ 163.416158][ T3079] ? _ra [ 163.416158][ T3079] Lost 55 message(s)!