Warning: Permanently added '10.128.0.184' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 24.676134][ T94] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 24.772014][ T94] usb 1-1: Using ep0 maxpacket: 32 [ 24.891812][ T94] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 25.061836][ T94] usb 1-1: New USB device found, idVendor=17e9, idProduct=3f57, bcdDevice= 6.02 [ 25.071269][ T94] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 25.079354][ T94] usb 1-1: Product: syz [ 25.083682][ T94] usb 1-1: Manufacturer: syz [ 25.088308][ T94] usb 1-1: SerialNumber: syz [ 25.095028][ T94] usb 1-1: config 0 descriptor?? executing program [ 25.404449][ T94] ================================================================== [ 25.404453][ T94] BUG: KASAN: slab-out-of-bounds in hex_string+0x439/0x4c0 [ 25.404456][ T94] Read of size 1 at addr ffff8881ce6cb71b by task kworker/0:2/94 [ 25.404457][ T94] [ 25.404460][ T94] CPU: 0 PID: 94 Comm: kworker/0:2 Not tainted 5.6.0-rc3-syzkaller #0 [ 25.404464][ T94] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.404466][ T94] Workqueue: usb_hub_wq hub_event [ 25.404469][ T94] Call Trace: [ 25.404471][ T94] dump_stack+0xef/0x16e [ 25.404473][ T94] ? hex_string+0x439/0x4c0 [ 25.404475][ T94] ? hex_string+0x439/0x4c0 [ 25.404477][ T94] print_address_description.constprop.0.cold+0xd3/0x314 [ 25.404479][ T94] ? hex_string+0x439/0x4c0 [ 25.404481][ T94] ? hex_string+0x439/0x4c0 [ 25.404483][ T94] __kasan_report.cold+0x37/0x77 [ 25.404484][ T94] ? hex_string+0x439/0x4c0 [ 25.404486][ T94] kasan_report+0xe/0x20 [ 25.404488][ T94] hex_string+0x439/0x4c0 [ 25.404490][ T94] ? check_pointer+0x210/0x210 [ 25.404492][ T94] ? number+0x82a/0xb00 [ 25.404493][ T94] ? mark_lock+0xbc/0x1160 [ 25.404495][ T94] pointer+0x45b/0x680 [ 25.404497][ T94] ? file_dentry_name+0x120/0x120 [ 25.404499][ T94] vsnprintf+0x5ac/0x14f0 [ 25.404500][ T94] ? pointer+0x680/0x680 [ 25.404502][ T94] ? lockdep_on+0x50/0x50 [ 25.404504][ T94] ? set_precision+0x170/0x170 [ 25.404506][ T94] va_format.isra.0+0x129/0x1b0 [ 25.404508][ T94] ? vsnprintf+0x14f0/0x14f0 [ 25.404510][ T94] ? string_nocheck+0x1a9/0x220 [ 25.404511][ T94] ? widen_string+0x2a0/0x2a0 [ 25.404513][ T94] pointer+0x4bf/0x680 [ 25.404515][ T94] ? file_dentry_name+0x120/0x120 [ 25.404517][ T94] ? hex_string+0x4c0/0x4c0 [ 25.404519][ T94] ? __lock_acquire+0x2324/0x3b60 [ 25.404520][ T94] vsnprintf+0x5ac/0x14f0 [ 25.404522][ T94] ? pointer+0x680/0x680 [ 25.404524][ T94] vscnprintf+0x29/0x80 [ 25.404526][ T94] vprintk_store+0x40/0x4b0 [ 25.404527][ T94] vprintk_emit+0xc8/0x3d0 [ 25.404529][ T94] dev_vprintk_emit+0x4fc/0x541 [ 25.404531][ T94] ? dev_attr_show.cold+0x3a/0x3a [ 25.404533][ T94] ? usb_set_configuration+0xe47/0x17d0 [ 25.404535][ T94] ? driver_bound+0x140/0x2f0 [ 25.404537][ T94] ? bus_for_each_drv+0x162/0x1e0 [ 25.404539][ T94] ? __device_attach+0x217/0x390 [ 25.404541][ T94] ? bus_probe_device+0x1e4/0x290 [ 25.404543][ T94] ? device_add+0x1459/0x1bf0 [ 25.404545][ T94] ? usb_new_device.cold+0x540/0xcd0 [ 25.404547][ T94] ? hub_event+0x21cb/0x4300 [ 25.404548][ T94] ? process_one_work+0x94b/0x1620 [ 25.404550][ T94] ? worker_thread+0x96/0xe20 [ 25.404552][ T94] ? kthread+0x318/0x420 [ 25.404554][ T94] ? ret_from_fork+0x24/0x30 [ 25.404556][ T94] ? mark_lock+0xbc/0x1160 [ 25.404557][ T94] ? mark_lock+0xbc/0x1160 [ 25.404559][ T94] dev_printk_emit+0xba/0xf1 [ 25.404561][ T94] ? dev_vprintk_emit+0x541/0x541 [ 25.404563][ T94] ? lockdep_hardirqs_on+0x382/0x580 [ 25.404565][ T94] __dev_printk+0x1db/0x203 [ 25.404567][ T94] _dev_info+0xd7/0x109 [ 25.404568][ T94] ? _dev_notice+0x109/0x109 [ 25.404570][ T94] ? dlfb_usb_probe+0x21a/0x450 [ 25.404572][ T94] ? usb_get_descriptor+0xcd/0x1b0 [ 25.404574][ T94] ? usb_get_descriptor+0x13d/0x1b0 [ 25.404576][ T94] ? __usb_get_extra_descriptor+0x15d/0x1a0 [ 25.404578][ T94] dlfb_usb_probe.cold+0xfd9/0x1ba3 [ 25.404580][ T94] ? mark_held_locks+0x9f/0xe0 [ 25.404583][ T94] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 25.404585][ T94] ? lockdep_hardirqs_on+0x382/0x580 [ 25.404587][ T94] ? __pm_runtime_set_status+0x5d5/0xa10 [ 25.404589][ T94] ? edid_store+0x180/0x180 [ 25.404591][ T94] ? __pm_runtime_resume+0x111/0x180 [ 25.404593][ T94] usb_probe_interface+0x310/0x800 [ 25.404595][ T94] ? usb_probe_device+0x230/0x230 [ 25.404597][ T94] really_probe+0x290/0xac0 [ 25.404599][ T94] driver_probe_device+0x223/0x350 [ 25.404601][ T94] __device_attach_driver+0x1d1/0x290 [ 25.404603][ T94] ? driver_allows_async_probing+0x160/0x160 [ 25.404609][ T94] bus_for_each_drv+0x162/0x1e0 [ 25.404611][ T94] ? bus_rescan_devices+0x20/0x20 [ 25.404614][ T94] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 25.404616][ T94] ? lockdep_hardirqs_on+0x382/0x580 [ 25.404618][ T94] __device_attach+0x217/0x390 [ 25.404620][ T94] ? device_bind_driver+0xd0/0xd0 [ 25.404621][ T94] bus_probe_device+0x1e4/0x290 [ 25.404623][ T94] device_add+0x1459/0x1bf0 [ 25.404625][ T94] ? wait_for_completion+0x3c0/0x3c0 [ 25.404627][ T94] ? device_link_remove+0x110/0x110 [ 25.404629][ T94] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 25.404632][ T94] usb_set_configuration+0xe47/0x17d0 [ 25.404634][ T94] usb_generic_driver_probe+0x9d/0xe0 [ 25.404636][ T94] usb_probe_device+0xd9/0x230 [ 25.404637][ T94] ? usb_suspend+0x5f0/0x5f0 [ 25.404639][ T94] really_probe+0x290/0xac0 [ 25.404641][ T94] driver_probe_device+0x223/0x350 [ 25.404643][ T94] __device_attach_driver+0x1d1/0x290 [ 25.404645][ T94] ? driver_allows_async_probing+0x160/0x160 [ 25.404647][ T94] bus_for_each_drv+0x162/0x1e0 [ 25.404649][ T94] ? bus_rescan_devices+0x20/0x20 [ 25.404651][ T94] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 25.404654][ T94] ? lockdep_hardirqs_on+0x382/0x580 [ 25.404656][ T94] __device_attach+0x217/0x390 [ 25.404658][ T94] ? device_bind_driver+0xd0/0xd0 [ 25.404659][ T94] bus_probe_device+0x1e4/0x290 [ 25.404661][ T94] device_add+0x1459/0x1bf0 [ 25.404663][ T94] ? device_link_remove+0x110/0x110 [ 25.404665][ T94] usb_new_device.cold+0x540/0xcd0 [ 25.404667][ T94] hub_event+0x21cb/0x4300 [ 25.404669][ T94] ? hub_port_debounce+0x350/0x350 [ 25.404671][ T94] ? find_held_lock+0x2d/0x110 [ 25.404673][ T94] ? mark_held_locks+0xe0/0xe0 [ 25.404675][ T94] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 25.404677][ T94] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 25.404679][ T94] process_one_work+0x94b/0x1620 [ 25.404681][ T94] ? pwq_dec_nr_in_flight+0x310/0x310 [ 25.404683][ T94] ? do_raw_spin_lock+0x129/0x290 [ 25.404684][ T94] worker_thread+0x96/0xe20 [ 25.404686][ T94] ? process_one_work+0x1620/0x1620 [ 25.404688][ T94] kthread+0x318/0x420 [ 25.404690][ T94] ? kthread_create_on_node+0xf0/0xf0 [ 25.404692][ T94] ret_from_fork+0x24/0x30 [ 25.404693][ T94] [ 25.404695][ T94] Allocated by task 94: [ 25.404697][ T94] save_stack+0x1b/0x80 [ 25.404699][ T94] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 25.404701][ T94] usb_get_configuration+0x311/0x3a20 [ 25.404703][ T94] usb_new_device+0x2f9/0x450 [ 25.404705][ T94] hub_event+0x21cb/0x4300 [ 25.404707][ T94] process_one_work+0x94b/0x1620 [ 25.404708][ T94] worker_thread+0x96/0xe20 [ 25.404710][ T94] kthread+0x318/0x420 [ 25.404712][ T94] ret_from_fork+0x24/0x30 [ 25.404713][ T94] [ 25.404715][ T94] Freed by task 369: [ 25.404716][ T94] save_stack+0x1b/0x80 [ 25.404718][ T94] __kasan_slab_free+0x117/0x160 [ 25.404720][ T94] kfree+0xd5/0x300 [ 25.404721][ T94] single_release+0x8c/0xb0 [ 25.404723][ T94] __fput+0x2d7/0x840 [ 25.404725][ T94] task_work_run+0x13f/0x1c0 [ 25.404727][ T94] exit_to_usermode_loop+0x1d2/0x200 [ 25.404729][ T94] do_syscall_64+0x4e0/0x5a0 [ 25.404731][ T94] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 25.404732][ T94] [ 25.404735][ T94] The buggy address belongs to the object at ffff8881ce6cb700 [ 25.404737][ T94] which belongs to the cache kmalloc-32 of size 32 [ 25.404740][ T94] The buggy address is located 27 bytes inside of [ 25.404743][ T94] 32-byte region [ffff8881ce6cb700, ffff8881ce6cb720) [ 25.404745][ T94] The buggy address belongs to the page: [ 25.404749][ T94] page:ffffea000739b2c0 refcount:1 mapcount:0 mapping:ffff8881da003400 index:0xffff8881ce6cbec0 [ 25.404751][ T94] flags: 0x200000000000200(slab) [ 25.404754][ T94] raw: 0200000000000200 ffffea00073bfac0 0000000d0000000d ffff8881da003400 [ 25.404757][ T94] raw: ffff8881ce6cbec0 000000008040002b 00000001ffffffff 0000000000000000 [ 25.404760][ T94] page dumped because: kasan: bad access detected [ 25.404761][ T94] [ 25.404763][ T94] Memory state around the buggy address: [ 25.404767][ T94] ffff8881ce6cb600: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 25.404770][ T94] ffff8881ce6cb680: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 25.404773][ T94] >ffff8881ce6cb700: 00 00 00 03 fc fc fc fc fb fb fb fb fc fc fc fc [ 25.404775][ T94] ^ [ 25.404778][ T94] ffff8881ce6cb780: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 25.404781][ T94] ffff8881ce6cb800: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 25.404784][ T94] ================================================================== [ 25.404786][ T94] Disabling lock debugging due to kernel taint [ 25.404789][ T94] Kernel panic - not syncing: panic_on_warn set ... [ 25.404793][ T94] CPU: 0 PID: 94 Comm: kworker/0:2 Tainted: G B 5.6.0-rc3-syzkaller #0 [ 25.404796][ T94] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.404798][ T94] Workqueue: usb_hub_wq hub_event [ 25.404801][ T94] Call Trace: [ 25.404803][ T94] dump_stack+0xef/0x16e [ 25.404804][ T94] panic+0x2aa/0x6e1 [ 25.404806][ T94] ? add_taint.cold+0x16/0x16 [ 25.404808][ T94] ? print_shadow_for_address+0xb8/0x114 [ 25.404810][ T94] ? trace_hardirqs_off+0x50/0x200 [ 25.404812][ T94] ? hex_string+0x439/0x4c0 [ 25.404814][ T94] end_report+0x43/0x49 [ 25.404815][ T94] ? hex_string+0x439/0x4c0 [ 25.404817][ T94] __kasan_report.cold+0x55/0x77 [ 25.404819][ T94] ? hex_string+0x439/0x4c0 [ 25.404821][ T94] kasan_report+0xe/0x20 [ 25.404822][ T94] hex_string+0x439/0x4c0 [ 25.404824][ T94] ? check_pointer+0x210/0x210 [ 25.404826][ T94] ? number+0x82a/0xb00 [ 25.404828][ T94] ? mark_lock+0xbc/0x1160 [ 25.404829][ T94] pointer+0x45b/0x680 [ 25.404831][ T94] ? file_dentry_name+0x120/0x120 [ 25.404833][ T94] vsnprintf+0x5ac/0x14f0 [ 25.404835][ T94] ? pointer+0x680/0x680 [ 25.404836][ T94] ? lockdep_on+0x50/0x50 [ 25.404838][ T94] ? set_precision+0x170/0x170 [ 25.404840][ T94] va_format.isra.0+0x129/0x1b0 [ 25.404842][ T94] ? vsnprintf+0x14f0/0x14f0 [ 25.404844][ T94] ? string_nocheck+0x1a9/0x220 [ 25.404845][ T94] ? widen_string+0x2a0/0x2a0 [ 25.404847][ T94] pointer+0x4bf/0x680 [ 25.404849][ T94] ? file_dentry_name+0x120/0x120 [ 25.404851][ T94] ? hex_string+0x4c0/0x4c0 [ 25.404853][ T94] ? __lock_acquire+0x2324/0x3b60 [ 25.404854][ T94] vsnprintf+0x5ac/0x14f0 [ 25.404856][ T94] ? pointer+0x680/0x680 [ 25.404858][ T94] vscnprintf+0x29/0x80 [ 25.404859][ T94] vprintk_store+0x40/0x4b0 [ 25.404861][ T94] vprintk_emit+0xc8/0x3d0 [ 25.404863][ T94] dev_vprintk_emit+0x4fc/0x541 [ 25.404865][ T94] ? dev_attr_show.cold+0x3a/0x3a [ 25.404867][ T94] ? usb_set_configuration+0xe47/0x17d0 [ 25.404869][ T94] ? driver_bound+0x140/0x2f0 [ 25.404871][ T94] ? bus_for_each_drv+0x162/0x1e0 [ 25.404873][ T94] ? __device_attach+0x217/0x390 [ 25.404875][ T94] ? bus_probe_device+0x1e4/0x290 [ 25.404877][ T94] ? device_add+0x1459/0x1bf0 [ 25.404879][ T94] ? usb_new_device.cold+0x540/0xcd0 [ 25.404880][ T94] ? hub_event+0x21cb/0x4300 [ 25.404882][ T94] ? process_one_work+0x94b/0x1620 [ 25.404884][ T94] ? worker_thread+0x96/0xe20 [ 25.404886][ T94] ? kthread+0x318/0x420 [ 25.404888][ T94] ? ret_from_fork+0x24/0x30 [ 25.404889][ T94] ? mark_lock+0xbc/0x1160 [ 25.404891][ T94] ? mark_lock+0xbc/0x1160 [ 25.404893][ T94] dev_printk_emit+0xba/0xf1 [ 25.404895][ T94] ? dev_vprintk_emit+0x541/0x541 [ 25.404897][ T94] ? lockdep_hardirqs_on+0x382/0x580 [ 25.404899][ T94] __dev_printk+0x1db/0x203 [ 25.404900][ T94] _dev_info+0xd7/0x109 [ 25.404902][ T94] ? _dev_notice+0x109/0x109 [ 25.404904][ T94] ? dlfb_usb_probe+0x21a/0x450 [ 25.404906][ T94] ? usb_get_descriptor+0xcd/0x1b0 [ 25.404908][ T94] ? usb_get_descriptor+0x13d/0x1b0 [ 25.404910][ T94] ? __usb_get_extra_descriptor+0x15d/0x1a0 [ 25.404912][ T94] dlfb_usb_probe.cold+0xfd9/0x1ba3 [ 25.404914][ T94] ? mark_held_locks+0x9f/0xe0 [ 25.404916][ T94] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 25.404918][ T94] ? lockdep_hardirqs_on+0x382/0x580 [ 25.404921][ T94] ? __pm_runtime_set_status+0x5d5/0xa10 [ 25.404922][ T94] ? edid_store+0x180/0x180 [ 25.404924][ T94] ? __pm_runtime_resume+0x111/0x180 [ 25.404926][ T94] usb_probe_interface+0x310/0x800 [ 25.404928][ T94] ? usb_probe_device+0x230/0x230 [ 25.404930][ T94] really_probe+0x290/0xac0 [ 25.404932][ T94] driver_probe_device+0x223/0x350 [ 25.404934][ T94] __device_attach_driver+0x1d1/0x290 [ 25.404936][ T94] ? driver_allows_async_probing+0x160/0x160 [ 25.404938][ T94] bus_for_each_drv+0x162/0x1e0 [ 25.404940][ T94] ? bus_rescan_devices+0x20/0x20 [ 25.404942][ T94] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 25.404944][ T94] ? lockdep_hardirqs_on+0x382/0x580 [ 25.404946][ T94] __device_attach+0x217/0x390 [ 25.404948][ T94] ? device_bind_driver+0xd0/0xd0 [ 25.404950][ T94] bus_probe_device+0x1e4/ [ 25.404954][ T94] Lost 37 message(s)!