Warning: Permanently added '[localhost]:9662' (ED25519) to the list of known hosts. 1970/01/01 00:11:13 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:11:19 parsed 1 programs [ 782.503059][ T3463] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 1970/01/01 00:13:01 executed programs: 0 [ 794.013521][ T3469] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 794.058248][ T3469] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 799.714711][ T3469] hsr_slave_0: entered promiscuous mode [ 799.730091][ T3469] hsr_slave_1: entered promiscuous mode [ 805.049787][ T3469] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 805.125738][ T3469] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 805.197995][ T3469] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 805.278413][ T3469] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 809.567708][ T3469] 8021q: adding VLAN 0 to HW filter on device bond0 [ 825.977764][ T3469] veth0_vlan: entered promiscuous mode [ 826.208061][ T3469] veth1_vlan: entered promiscuous mode [ 826.727813][ T3469] veth0_macvtap: entered promiscuous mode [ 826.797900][ T3469] veth1_macvtap: entered promiscuous mode [ 827.355046][ T3469] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.358463][ T3469] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.361334][ T3469] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.363255][ T3469] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 829.469547][ T3873] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 829.532606][ T3873] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 829.693094][ T3867] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 829.952380][ T3867] usb 1-1: Using ep0 maxpacket: 16 [ 830.115946][ T3867] usb 1-1: config 1 has too many interfaces: 163, using maximum allowed: 32 [ 830.118559][ T3867] usb 1-1: config 1 has an invalid descriptor of length 7, skipping remainder of the config [ 830.120363][ T3867] usb 1-1: config 1 has 3 interfaces, different from the descriptor's value: 163 [ 830.146872][ T3867] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 830.155691][ T3867] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 830.163321][ T3867] usb 1-1: too many endpoints for config 1 interface 2 altsetting 0: 128, using maximum allowed: 30 [ 830.173442][ T3867] usb 1-1: config 1 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 128 [ 830.178094][ T3867] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 62, changing to 7 [ 830.184624][ T3867] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 41992, setting to 1024 [ 830.359508][ T3867] usb 1-1: New USB device found, idVendor=15c2, idProduct=0039, bcdDevice=80.f3 [ 830.365078][ T3867] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 830.369956][ T3867] usb 1-1: Product: syz [ 830.380067][ T3867] usb 1-1: Manufacturer: syz [ 830.385411][ T3867] usb 1-1: SerialNumber: syz [ 830.633007][ T3867] imon:imon_find_endpoints: no valid input (IR) endpoint found [ 830.635568][ T3867] imon 1-1:1.0: unable to initialize intf0, err -19 [ 830.638111][ T3867] imon:imon_probe: failed to initialize context! [ 830.639386][ T3867] imon 1-1:1.0: unable to register, err -19 [ 830.907973][ T3867] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 831.186908][ T3867] ================================================================== [ 831.189519][ T3867] BUG: KASAN: slab-out-of-bounds in imon_probe+0x132/0x1ab2 [ 831.193070][ T3867] Read of size 1 at addr ff6000000f7c0bd1 by task kworker/0:4/3867 [ 831.195833][ T3867] [ 831.197434][ T3867] CPU: 0 PID: 3867 Comm: kworker/0:4 Not tainted 6.6.0-rc1-syzkaller-g8eb8fe67e2c8 #0 [ 831.199706][ T3867] Hardware name: riscv-virtio,qemu (DT) [ 831.201405][ T3867] Workqueue: usb_hub_wq hub_event [ 831.204825][ T3867] Call Trace: [ 831.206010][ T3867] [] dump_backtrace+0x2e/0x3c [ 831.207611][ T3867] [] show_stack+0x34/0x40 [ 831.209243][ T3867] [] dump_stack_lvl+0xe8/0x154 [ 831.210879][ T3867] [] print_report+0x1e4/0x4f4 [ 831.212427][ T3867] [] kasan_report+0xf0/0x1ba [ 831.213885][ T3867] [] __asan_load1+0x68/0x80 [ 831.215389][ T3867] [] imon_probe+0x132/0x1ab2 [ 831.216769][ T3867] [] usb_probe_interface+0x208/0x552 [ 831.218332][ T3867] [] really_probe+0x1c8/0x7c6 [ 831.219985][ T3867] [] __driver_probe_device+0x13e/0x2ae [ 831.221789][ T3867] [] driver_probe_device+0x60/0x1a6 [ 831.223469][ T3867] [] __device_attach_driver+0x168/0x218 [ 831.227067][ T3867] [] bus_for_each_drv+0x12c/0x1ae [ 831.230825][ T3867] [] __device_attach+0x184/0x390 [ 831.233522][ T3867] [] device_initial_probe+0x1c/0x26 [ 831.235244][ T3867] [] bus_probe_device+0x120/0x122 [ 831.236827][ T3867] [] device_add+0xcee/0x1064 [ 831.238492][ T3867] [] usb_set_configuration+0xb48/0xfb6 [ 831.240260][ T3867] [] usb_generic_driver_probe+0xb2/0x124 [ 831.242150][ T3867] [] usb_probe_device+0x9e/0x1fc [ 831.243842][ T3867] [] really_probe+0x1c8/0x7c6 [ 831.245328][ T3867] [] __driver_probe_device+0x13e/0x2ae [ 831.247058][ T3867] [] driver_probe_device+0x60/0x1a6 [ 831.248708][ T3867] [] __device_attach_driver+0x168/0x218 [ 831.250425][ T3867] [] bus_for_each_drv+0x12c/0x1ae [ 831.252055][ T3867] [] __device_attach+0x184/0x390 [ 831.254906][ T3867] [] device_initial_probe+0x1c/0x26 [ 831.258031][ T3867] [] bus_probe_device+0x120/0x122 [ 831.261107][ T3867] [] device_add+0xcee/0x1064 [ 831.262662][ T3867] [] usb_new_device+0x5c8/0xd38 [ 831.264109][ T3867] [] hub_event+0x2016/0x30aa [ 831.265367][ T3867] [] process_one_work+0x54c/0xd66 [ 831.267972][ T3867] [] worker_thread+0x506/0x980 [ 831.269581][ T3867] [] kthread+0x1bc/0x22c [ 831.272370][ T3867] [] ret_from_fork+0xa/0x1c [ 831.274193][ T3867] [ 831.275046][ T3867] Allocated by task 3867: [ 831.276250][ T3867] stack_trace_save+0xa0/0xd2 [ 831.278618][ T3867] kasan_save_stack+0x3e/0x6a [ 831.280467][ T3867] kasan_set_track+0x1a/0x26 [ 831.282729][ T3867] kasan_save_alloc_info+0x1a/0x24 [ 831.285678][ T3867] __kasan_kmalloc+0xa2/0xa8 [ 831.286916][ T3867] __kmalloc+0x42/0xe6 [ 831.288294][ T3867] snd_card_new+0x62/0xd2 [ 831.289583][ T3867] usb_audio_probe+0xf44/0x1d1c [ 831.291081][ T3867] usb_probe_interface+0x208/0x552 [ 831.292477][ T3867] really_probe+0x1c8/0x7c6 [ 831.294622][ T3867] __driver_probe_device+0x13e/0x2ae [ 831.297076][ T3867] driver_probe_device+0x60/0x1a6 [ 831.298565][ T3867] __device_attach_driver+0x168/0x218 [ 831.301723][ T3867] bus_for_each_drv+0x12c/0x1ae [ 831.304625][ T3867] __device_attach+0x184/0x390 [ 831.305931][ T3867] device_initial_probe+0x1c/0x26 [ 831.307267][ T3867] bus_probe_device+0x120/0x122 [ 831.308657][ T3867] device_add+0xcee/0x1064 [ 831.309930][ T3867] usb_set_configuration+0xb48/0xfb6 [ 831.311352][ T3867] usb_generic_driver_probe+0xb2/0x124 [ 831.312663][ T3867] usb_probe_device+0x9e/0x1fc [ 831.313981][ T3867] really_probe+0x1c8/0x7c6 [ 831.315209][ T3867] __driver_probe_device+0x13e/0x2ae [ 831.316714][ T3867] driver_probe_device+0x60/0x1a6 [ 831.318062][ T3867] __device_attach_driver+0x168/0x218 [ 831.319446][ T3867] bus_for_each_drv+0x12c/0x1ae [ 831.321144][ T3867] __device_attach+0x184/0x390 [ 831.323650][ T3867] device_initial_probe+0x1c/0x26 [ 831.325272][ T3867] bus_probe_device+0x120/0x122 [ 831.326601][ T3867] device_add+0xcee/0x1064 [ 831.327802][ T3867] usb_new_device+0x5c8/0xd38 [ 831.329109][ T3867] hub_event+0x2016/0x30aa [ 831.330290][ T3867] process_one_work+0x54c/0xd66 [ 831.331765][ T3867] worker_thread+0x506/0x980 [ 831.333797][ T3867] kthread+0x1bc/0x22c [ 831.335507][ T3867] ret_from_fork+0xa/0x1c [ 831.337379][ T3867] [ 831.338232][ T3867] The buggy address belongs to the object at ff6000000f7c0000 [ 831.338232][ T3867] which belongs to the cache kmalloc-4k of size 4096 [ 831.341207][ T3867] The buggy address is located 1 bytes to the right of [ 831.341207][ T3867] allocated 3024-byte region [ff6000000f7c0000, ff6000000f7c0bd0) [ 831.343127][ T3867] [ 831.344654][ T3867] The buggy address belongs to the physical page: [ 831.347836][ T3867] page:ff1c0000023df000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8f7c0 [ 831.350796][ T3867] head:ff1c0000023df000 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 831.353455][ T3867] anon flags: 0xffe000000000840(slab|head|node=0|zone=0|lastcpupid=0x7ff) [ 831.357262][ T3867] page_type: 0xffffffff() [ 831.359469][ T3867] raw: 0ffe000000000840 ff60000008402140 0000000000000000 0000000000000001 [ 831.361604][ T3867] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 831.363405][ T3867] page dumped because: kasan: bad access detected [ 831.365197][ T3867] page_owner tracks the page as allocated [ 831.366259][ T3867] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 3469, tgid 3469 (syz-executor.0), ts 787866716300, free_ts 786347445300 [ 831.371683][ T3867] __set_page_owner+0x32/0x18a [ 831.373064][ T3867] post_alloc_hook+0x8c/0xe2 [ 831.374398][ T3867] get_page_from_freelist+0x84a/0x121e [ 831.375974][ T3867] __alloc_pages+0x19c/0x142e [ 831.377330][ T3867] alloc_pages+0x126/0x252 [ 831.378534][ T3867] new_slab+0x272/0x382 [ 831.380379][ T3867] ___slab_alloc+0x5b6/0xa92 [ 831.381740][ T3867] __slab_alloc.constprop.0+0x58/0x94 [ 831.383039][ T3867] __kmem_cache_alloc_node+0xf0/0x2e0 [ 831.385419][ T3867] kmalloc_trace+0x24/0x56 [ 831.387445][ T3867] kobject_uevent_env+0x1c8/0xddc [ 831.389246][ T3867] kobject_uevent+0x22/0x2e [ 831.390875][ T3867] net_rx_queue_update_kobjects+0x12c/0x41e [ 831.392718][ T3867] netdev_register_kobject+0x168/0x208 [ 831.394207][ T3867] register_netdevice+0x7fa/0xbec [ 831.395574][ T3867] bond_newlink+0x52/0x9e [ 831.397548][ T3867] page last free stack trace: [ 831.398503][ T3867] __reset_page_owner+0x4c/0xf8 [ 831.400558][ T3867] free_unref_page_prepare+0x224/0x592 [ 831.401968][ T3867] free_unref_page+0x5a/0x234 [ 831.403322][ T3867] __free_pages+0x104/0x126 [ 831.404612][ T3867] __free_slab+0xbc/0x112 [ 831.405642][ T3867] free_slab+0x38/0x190 [ 831.406769][ T3867] __unfreeze_partials+0x1c0/0x1f8 [ 831.407949][ T3867] put_cpu_partial+0x158/0x220 [ 831.409130][ T3867] __slab_free+0x20c/0x2de [ 831.410518][ T3867] ___cache_free+0x136/0x154 [ 831.411822][ T3867] qlist_free_all+0x7a/0x16c [ 831.413158][ T3867] kasan_quarantine_reduce+0x158/0x1ba [ 831.414831][ T3867] __kasan_slab_alloc+0x5e/0x84 [ 831.416190][ T3867] kmem_cache_alloc+0x1a6/0x2be [ 831.417377][ T3867] vm_area_dup+0x66/0x214 [ 831.418854][ T3867] __split_vma+0x15a/0xa22 [ 831.421582][ T3867] [ 831.422425][ T3867] Memory state around the buggy address: [ 831.424536][ T3867] ff6000000f7c0a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 831.426145][ T3867] ff6000000f7c0b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 831.428962][ T3867] >ff6000000f7c0b80: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 831.430321][ T3867] ^ [ 831.431996][ T3867] ff6000000f7c0c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 831.433323][ T3867] ff6000000f7c0c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 831.434822][ T3867] ================================================================== [ 831.586009][ T3867] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 831.589277][ T3867] CPU: 0 PID: 3867 Comm: kworker/0:4 Not tainted 6.6.0-rc1-syzkaller-g8eb8fe67e2c8 #0 [ 831.591427][ T3867] Hardware name: riscv-virtio,qemu (DT) [ 831.592595][ T3867] Workqueue: usb_hub_wq hub_event [ 831.594348][ T3867] Call Trace: [ 831.595285][ T3867] [] dump_backtrace+0x2e/0x3c [ 831.596805][ T3867] [] show_stack+0x34/0x40 [ 831.598572][ T3867] [] dump_stack_lvl+0xe8/0x154 [ 831.600423][ T3867] [] dump_stack+0x1c/0x24 [ 831.603229][ T3867] [] panic+0x27c/0x646 [ 831.605781][ T3867] [] check_panic_on_warn+0xc0/0xe4 [ 831.608603][ T3867] [] end_report.part.0+0x4a/0xaa [ 831.610068][ T3867] [] kasan_report+0x13a/0x1ba [ 831.613457][ T3867] [] __asan_load1+0x68/0x80 [ 831.616127][ T3867] [] imon_probe+0x132/0x1ab2 [ 831.617845][ T3867] [] usb_probe_interface+0x208/0x552 [ 831.620446][ T3867] [] really_probe+0x1c8/0x7c6 [ 831.622185][ T3867] [] __driver_probe_device+0x13e/0x2ae [ 831.624312][ T3867] [] driver_probe_device+0x60/0x1a6 [ 831.627149][ T3867] [] __device_attach_driver+0x168/0x218 [ 831.630069][ T3867] [] bus_for_each_drv+0x12c/0x1ae [ 831.632145][ T3867] [] __device_attach+0x184/0x390 [ 831.634848][ T3867] [] device_initial_probe+0x1c/0x26 [ 831.637571][ T3867] [] bus_probe_device+0x120/0x122 [ 831.640034][ T3867] [] device_add+0xcee/0x1064 [ 831.641554][ T3867] [] usb_set_configuration+0xb48/0xfb6 [ 831.643225][ T3867] [] usb_generic_driver_probe+0xb2/0x124 [ 831.644805][ T3867] [] usb_probe_device+0x9e/0x1fc [ 831.646273][ T3867] [] really_probe+0x1c8/0x7c6 [ 831.647923][ T3867] [] __driver_probe_device+0x13e/0x2ae [ 831.649699][ T3867] [] driver_probe_device+0x60/0x1a6 [ 831.651404][ T3867] [] __device_attach_driver+0x168/0x218 [ 831.652966][ T3867] [] bus_for_each_drv+0x12c/0x1ae [ 831.654519][ T3867] [] __device_attach+0x184/0x390 [ 831.664923][ T3867] [] device_initial_probe+0x1c/0x26 [ 831.666661][ T3867] [] bus_probe_device+0x120/0x122 [ 831.668233][ T3867] [] device_add+0xcee/0x1064 [ 831.669787][ T3867] [] usb_new_device+0x5c8/0xd38 [ 831.671119][ T3867] [] hub_event+0x2016/0x30aa [ 831.673048][ T3867] [] process_one_work+0x54c/0xd66 [ 831.674709][ T3867] [] worker_thread+0x506/0x980 [ 831.676196][ T3867] [] kthread+0x1bc/0x22c [ 831.677593][ T3867] [] ret_from_fork+0xa/0x1c [ 831.680057][ T3867] SMP: stopping secondary CPUs [ 831.682317][ T3867] Rebooting in 86400 seconds..