Warning: Permanently added '10.128.1.9' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.650565][ T83] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 41.010730][ T83] usb 1-1: config index 0 descriptor too short (expected 232, got 224) [ 41.019246][ T83] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 41.029558][ T83] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 41.190643][ T83] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 41.199702][ T83] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 41.207717][ T83] usb 1-1: Product: syz [ 41.211897][ T83] usb 1-1: Manufacturer: syz [ 41.216469][ T83] usb 1-1: SerialNumber: syz executing program [ 41.560680][ T83] usb 1-1: 0:2 : does not exist [ 41.565923][ T83] ================================================================== [ 41.574042][ T83] BUG: KASAN: slab-out-of-bounds in build_audio_procunit+0xeab/0x13f0 [ 41.582188][ T83] Read of size 1 at addr ffff8881d4aaa735 by task kworker/1:2/83 [ 41.589878][ T83] [ 41.592201][ T83] CPU: 1 PID: 83 Comm: kworker/1:2 Not tainted 5.4.0-rc6+ #0 [ 41.599553][ T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.609608][ T83] Workqueue: usb_hub_wq hub_event [ 41.614606][ T83] Call Trace: [ 41.617874][ T83] dump_stack+0xca/0x13e [ 41.622092][ T83] ? build_audio_procunit+0xeab/0x13f0 [ 41.627611][ T83] ? build_audio_procunit+0xeab/0x13f0 [ 41.633047][ T83] print_address_description.constprop.0+0x36/0x50 [ 41.639522][ T83] ? build_audio_procunit+0xeab/0x13f0 [ 41.644977][ T83] ? build_audio_procunit+0xeab/0x13f0 [ 41.650671][ T83] __kasan_report.cold+0x1a/0x33 [ 41.655589][ T83] ? build_audio_procunit+0xeab/0x13f0 [ 41.661019][ T83] kasan_report+0xe/0x20 [ 41.665245][ T83] build_audio_procunit+0xeab/0x13f0 [ 41.670505][ T83] parse_audio_unit+0x1812/0x36f0 [ 41.675518][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 41.681311][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 41.686570][ T83] ? stack_depot_save+0x252/0x440 [ 41.691573][ T83] ? build_audio_procunit+0x13f0/0x13f0 [ 41.697106][ T83] ? save_stack+0x4c/0x80 [ 41.701414][ T83] ? save_stack+0x1b/0x80 [ 41.705729][ T83] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 41.711508][ T83] ? snd_usb_create_mixer+0x180/0x1890 [ 41.716941][ T83] ? usb_audio_probe+0xc76/0x2010 [ 41.721939][ T83] ? usb_probe_interface+0x305/0x7a0 [ 41.727210][ T83] ? really_probe+0x281/0x6d0 [ 41.731862][ T83] ? driver_probe_device+0x104/0x210 [ 41.737125][ T83] ? __device_attach_driver+0x1c2/0x220 [ 41.742646][ T83] ? bus_for_each_drv+0x162/0x1e0 [ 41.747645][ T83] ? __device_attach+0x217/0x360 [ 41.752556][ T83] ? bus_probe_device+0x1e4/0x290 [ 41.757553][ T83] ? device_add+0xae6/0x16f0 [ 41.762119][ T83] ? usb_set_configuration+0xdf6/0x1670 [ 41.767646][ T83] ? validate_desc.part.0+0x17f/0x240 [ 41.772995][ T83] snd_usb_mixer_controls+0x715/0xb90 [ 41.778343][ T83] ? parse_audio_unit+0x36f0/0x36f0 [ 41.783520][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 41.788779][ T83] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 41.794558][ T83] ? kasan_unpoison_shadow+0x30/0x40 [ 41.799830][ T83] ? usb_ifnum_to_if+0x12b/0x180 [ 41.804745][ T83] snd_usb_create_mixer+0x2b5/0x1890 [ 41.810096][ T83] ? wait_for_completion+0x3c0/0x3c0 [ 41.815366][ T83] ? lockdep_init_map+0x1b0/0x5e0 [ 41.820368][ T83] ? snd_usb_mixer_interrupt+0x800/0x800 [ 41.825987][ T83] ? lockdep_init_map+0x1b0/0x5e0 [ 41.830989][ T83] ? snd_usb_create_stream+0x16a/0x4c0 [ 41.836435][ T83] usb_audio_probe+0xc76/0x2010 [ 41.841272][ T83] ? usb_audio_resume+0x20/0x20 [ 41.846111][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 41.851900][ T83] usb_probe_interface+0x305/0x7a0 [ 41.856988][ T83] ? usb_probe_device+0x100/0x100 [ 41.862519][ T83] really_probe+0x281/0x6d0 [ 41.867004][ T83] driver_probe_device+0x104/0x210 [ 41.872102][ T83] __device_attach_driver+0x1c2/0x220 [ 41.877463][ T83] ? driver_allows_async_probing+0x160/0x160 [ 41.883426][ T83] bus_for_each_drv+0x162/0x1e0 [ 41.888265][ T83] ? bus_rescan_devices+0x20/0x20 [ 41.893270][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 41.899059][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 41.904453][ T83] __device_attach+0x217/0x360 [ 41.909208][ T83] ? device_bind_driver+0xd0/0xd0 [ 41.914217][ T83] ? kobject_uevent_env+0x29e/0x1160 [ 41.919518][ T83] ? kobject_uevent_env+0x2a8/0x1160 [ 41.924789][ T83] bus_probe_device+0x1e4/0x290 [ 41.929658][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 41.935531][ T83] device_add+0xae6/0x16f0 [ 41.939963][ T83] ? uevent_store+0x50/0x50 [ 41.944447][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 41.950234][ T83] usb_set_configuration+0xdf6/0x1670 [ 41.955602][ T83] generic_probe+0x9d/0xd5 [ 41.960005][ T83] usb_probe_device+0x99/0x100 [ 41.964757][ T83] ? usb_suspend+0x620/0x620 [ 41.969333][ T83] really_probe+0x281/0x6d0 [ 41.973834][ T83] driver_probe_device+0x104/0x210 [ 41.978943][ T83] __device_attach_driver+0x1c2/0x220 [ 41.984400][ T83] ? driver_allows_async_probing+0x160/0x160 [ 41.990369][ T83] bus_for_each_drv+0x162/0x1e0 [ 41.995231][ T83] ? bus_rescan_devices+0x20/0x20 [ 42.000255][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 42.006043][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 42.011318][ T83] __device_attach+0x217/0x360 [ 42.016091][ T83] ? device_bind_driver+0xd0/0xd0 [ 42.021371][ T83] ? kobject_uevent_env+0x29e/0x1160 [ 42.026634][ T83] ? kobject_uevent_env+0x2a8/0x1160 [ 42.031907][ T83] bus_probe_device+0x1e4/0x290 [ 42.036743][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 42.042629][ T83] device_add+0xae6/0x16f0 [ 42.047035][ T83] ? uevent_store+0x50/0x50 [ 42.051533][ T83] usb_new_device.cold+0x6a4/0xe79 [ 42.056645][ T83] hub_event+0x1df8/0x3800 [ 42.061059][ T83] ? hub_port_debounce+0x260/0x260 [ 42.066185][ T83] ? find_held_lock+0x2d/0x110 [ 42.070947][ T83] ? mark_held_locks+0xe0/0xe0 [ 42.075703][ T83] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 42.081247][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 42.086514][ T83] process_one_work+0x92b/0x1530 [ 42.091441][ T83] ? pwq_dec_nr_in_flight+0x310/0x310 [ 42.096794][ T83] ? do_raw_spin_lock+0x11a/0x280 [ 42.101797][ T83] worker_thread+0x96/0xe20 [ 42.106293][ T83] ? process_one_work+0x1530/0x1530 [ 42.111742][ T83] kthread+0x318/0x420 [ 42.115798][ T83] ? kthread_create_on_node+0xf0/0xf0 [ 42.121147][ T83] ret_from_fork+0x24/0x30 [ 42.125535][ T83] [ 42.127845][ T83] Allocated by task 83: [ 42.131984][ T83] save_stack+0x1b/0x80 [ 42.136119][ T83] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 42.141737][ T83] usb_get_configuration+0x311/0x3100 [ 42.147170][ T83] usb_new_device+0xd3/0x160 [ 42.151742][ T83] hub_event+0x1df8/0x3800 [ 42.156156][ T83] process_one_work+0x92b/0x1530 [ 42.161102][ T83] worker_thread+0x96/0xe20 [ 42.165595][ T83] kthread+0x318/0x420 [ 42.169661][ T83] ret_from_fork+0x24/0x30 [ 42.174049][ T83] [ 42.176364][ T83] Freed by task 211: [ 42.180251][ T83] save_stack+0x1b/0x80 [ 42.184394][ T83] __kasan_slab_free+0x130/0x180 [ 42.189391][ T83] kfree+0xe4/0x320 [ 42.193175][ T83] do_mount+0x68a/0x1bf0 [ 42.197389][ T83] ksys_mount+0xd7/0x150 [ 42.201609][ T83] __x64_sys_mount+0xba/0x150 [ 42.206297][ T83] do_syscall_64+0xb7/0x580 [ 42.210802][ T83] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.216769][ T83] [ 42.219092][ T83] The buggy address belongs to the object at ffff8881d4aaa600 [ 42.219092][ T83] which belongs to the cache kmalloc-256 of size 256 [ 42.233192][ T83] The buggy address is located 53 bytes to the right of [ 42.233192][ T83] 256-byte region [ffff8881d4aaa600, ffff8881d4aaa700) [ 42.246899][ T83] The buggy address belongs to the page: [ 42.252516][ T83] page:ffffea000752aa80 refcount:1 mapcount:0 mapping:ffff8881da002780 index:0x0 compound_mapcount: 0 [ 42.263436][ T83] flags: 0x200000000010200(slab|head) [ 42.268784][ T83] raw: 0200000000010200 ffffea000752c900 0000000a0000000a ffff8881da002780 [ 42.277449][ T83] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 42.286019][ T83] page dumped because: kasan: bad access detected [ 42.292480][ T83] [ 42.294790][ T83] Memory state around the buggy address: [ 42.300404][ T83] ffff8881d4aaa600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.308454][ T83] ffff8881d4aaa680: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 42.316596][ T83] >ffff8881d4aaa700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.324751][ T83] ^ [ 42.330376][ T83] ffff8881d4aaa780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.338449][ T83] ffff8881d4aaa800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.346490][ T83] ================================================================== [ 42.354525][ T83] Disabling lock debugging due to kernel taint [ 42.360740][ T83] Kernel panic - not syncing: panic_on_warn set ... [ 42.367329][ T83] CPU: 1 PID: 83 Comm: kworker/1:2 Tainted: G B 5.4.0-rc6+ #0 [ 42.376077][ T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.386214][ T83] Workqueue: usb_hub_wq hub_event [ 42.391225][ T83] Call Trace: [ 42.394518][ T83] dump_stack+0xca/0x13e [ 42.398827][ T83] panic+0x2aa/0x6e1 [ 42.402711][ T83] ? add_taint.cold+0x16/0x16 [ 42.407363][ T83] ? build_audio_procunit+0xeab/0x13f0 [ 42.412821][ T83] ? trace_hardirqs_on+0x55/0x1e0 [ 42.417824][ T83] ? build_audio_procunit+0xeab/0x13f0 [ 42.423263][ T83] end_report+0x43/0x49 [ 42.427403][ T83] ? build_audio_procunit+0xeab/0x13f0 [ 42.432847][ T83] __kasan_report.cold+0xd/0x33 [ 42.437761][ T83] ? build_audio_procunit+0xeab/0x13f0 [ 42.443196][ T83] kasan_report+0xe/0x20 [ 42.447412][ T83] build_audio_procunit+0xeab/0x13f0 [ 42.452680][ T83] parse_audio_unit+0x1812/0x36f0 [ 42.457680][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 42.463461][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 42.468723][ T83] ? stack_depot_save+0x252/0x440 [ 42.473979][ T83] ? build_audio_procunit+0x13f0/0x13f0 [ 42.479497][ T83] ? save_stack+0x4c/0x80 [ 42.483799][ T83] ? save_stack+0x1b/0x80 [ 42.488100][ T83] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 42.493879][ T83] ? snd_usb_create_mixer+0x180/0x1890 [ 42.499310][ T83] ? usb_audio_probe+0xc76/0x2010 [ 42.504313][ T83] ? usb_probe_interface+0x305/0x7a0 [ 42.509571][ T83] ? really_probe+0x281/0x6d0 [ 42.514220][ T83] ? driver_probe_device+0x104/0x210 [ 42.519476][ T83] ? __device_attach_driver+0x1c2/0x220 [ 42.525006][ T83] ? bus_for_each_drv+0x162/0x1e0 [ 42.530265][ T83] ? __device_attach+0x217/0x360 [ 42.535179][ T83] ? bus_probe_device+0x1e4/0x290 [ 42.540182][ T83] ? device_add+0xae6/0x16f0 [ 42.544775][ T83] ? usb_set_configuration+0xdf6/0x1670 [ 42.550304][ T83] ? validate_desc.part.0+0x17f/0x240 [ 42.555656][ T83] snd_usb_mixer_controls+0x715/0xb90 [ 42.561000][ T83] ? parse_audio_unit+0x36f0/0x36f0 [ 42.566170][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 42.571442][ T83] ? __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 42.577232][ T83] ? kasan_unpoison_shadow+0x30/0x40 [ 42.582502][ T83] ? usb_ifnum_to_if+0x12b/0x180 [ 42.587412][ T83] snd_usb_create_mixer+0x2b5/0x1890 [ 42.592757][ T83] ? wait_for_completion+0x3c0/0x3c0 [ 42.598021][ T83] ? lockdep_init_map+0x1b0/0x5e0 [ 42.603018][ T83] ? snd_usb_mixer_interrupt+0x800/0x800 [ 42.608635][ T83] ? lockdep_init_map+0x1b0/0x5e0 [ 42.613637][ T83] ? snd_usb_create_stream+0x16a/0x4c0 [ 42.619071][ T83] usb_audio_probe+0xc76/0x2010 [ 42.623895][ T83] ? usb_audio_resume+0x20/0x20 [ 42.628720][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 42.635367][ T83] usb_probe_interface+0x305/0x7a0 [ 42.640473][ T83] ? usb_probe_device+0x100/0x100 [ 42.645471][ T83] really_probe+0x281/0x6d0 [ 42.649946][ T83] driver_probe_device+0x104/0x210 [ 42.655042][ T83] __device_attach_driver+0x1c2/0x220 [ 42.660387][ T83] ? driver_allows_async_probing+0x160/0x160 [ 42.666356][ T83] bus_for_each_drv+0x162/0x1e0 [ 42.671196][ T83] ? bus_rescan_devices+0x20/0x20 [ 42.676194][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 42.681985][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 42.687522][ T83] __device_attach+0x217/0x360 [ 42.692269][ T83] ? device_bind_driver+0xd0/0xd0 [ 42.697354][ T83] ? kobject_uevent_env+0x29e/0x1160 [ 42.702629][ T83] ? kobject_uevent_env+0x2a8/0x1160 [ 42.707887][ T83] bus_probe_device+0x1e4/0x290 [ 42.712770][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 42.718654][ T83] device_add+0xae6/0x16f0 [ 42.723042][ T83] ? uevent_store+0x50/0x50 [ 42.727520][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 42.733301][ T83] usb_set_configuration+0xdf6/0x1670 [ 42.738652][ T83] generic_probe+0x9d/0xd5 [ 42.743055][ T83] usb_probe_device+0x99/0x100 [ 42.747790][ T83] ? usb_suspend+0x620/0x620 [ 42.752352][ T83] really_probe+0x281/0x6d0 [ 42.756830][ T83] driver_probe_device+0x104/0x210 [ 42.761922][ T83] __device_attach_driver+0x1c2/0x220 [ 42.767295][ T83] ? driver_allows_async_probing+0x160/0x160 [ 42.773262][ T83] bus_for_each_drv+0x162/0x1e0 [ 42.778095][ T83] ? bus_rescan_devices+0x20/0x20 [ 42.783103][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 42.788884][ T83] ? lockdep_hardirqs_on+0x382/0x580 [ 42.794155][ T83] __device_attach+0x217/0x360 [ 42.798894][ T83] ? device_bind_driver+0xd0/0xd0 [ 42.803901][ T83] ? kobject_uevent_env+0x29e/0x1160 [ 42.809159][ T83] ? kobject_uevent_env+0x2a8/0x1160 [ 42.814420][ T83] bus_probe_device+0x1e4/0x290 [ 42.819266][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 42.825139][ T83] device_add+0xae6/0x16f0 [ 42.829540][ T83] ? uevent_store+0x50/0x50 [ 42.834017][ T83] usb_new_device.cold+0x6a4/0xe79 [ 42.839114][ T83] hub_event+0x1df8/0x3800 [ 42.843505][ T83] ? hub_port_debounce+0x260/0x260 [ 42.848588][ T83] ? find_held_lock+0x2d/0x110 [ 42.853323][ T83] ? mark_held_locks+0xe0/0xe0 [ 42.858061][ T83] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 42.863586][ T83] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 42.868843][ T83] process_one_work+0x92b/0x1530 [ 42.873763][ T83] ? pwq_dec_nr_in_flight+0x310/0x310 [ 42.879108][ T83] ? do_raw_spin_lock+0x11a/0x280 [ 42.884147][ T83] worker_thread+0x96/0xe20 [ 42.888663][ T83] ? process_one_work+0x1530/0x1530 [ 42.893844][ T83] kthread+0x318/0x420 [ 42.897987][ T83] ? kthread_create_on_node+0xf0/0xf0 [ 42.903337][ T83] ret_from_fork+0x24/0x30 [ 42.908351][ T83] Kernel Offset: disabled [ 42.912668][ T83] Rebooting in 86400 seconds..