Starting Network Time Synchronization... [ OK ] Started Network Time Synchronization. [ OK ] Started Raise network interfaces. [ OK ] Reached target Network. Starting OpenBSD Secure Shell server... Starting Permit User Sessions... [ OK ] Started Permit User Sessions. [ OK ] Started OpenBSD Secure Shell server. [ 12.700369][ C0] random: crng init done [ 12.701514][ C0] random: 7 urandom warning(s) missed due to ratelimiting Warning: Permanently added '10.128.10.17' (ECDSA) to the list of known hosts. executing program [* ] A start job is running for dev-ttyS0.device (8s / 1min 30s) [** ] A start job is running for dev-ttyS0.device (9s / 1min 30s) [*** ] A start job is running for dev-ttyS0.device (9s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (10s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (11s / 1min 30s) [ ***] A start job is running for dev-ttyS0.device (11s / 1min 30s) [ **] A start job is running for dev-ttyS0.device (12s / 1min 30s) [ *] A start job is running for dev-ttyS0.device (13s / 1min 30s)[ 19.012945][ T22] audit: type=1400 audit(1587795039.867:8): avc: denied { execmem } for pid=405 comm="syz-executor224" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 19.281668][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ **] A start job is running for dev-ttyS0.device (13s / 1min 30s)[ 19.491695][ T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 19.502725][ T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 19.513054][ T12] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 19.526206][ T12] usb 1-1: New USB device found, idVendor=20bc, idProduct=5500, bcdDevice= 0.00 [ 19.535529][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 19.544381][ T12] usb 1-1: config 0 descriptor?? [ ***] A start job is running for dev-ttyS0.device (14s / 1min 30s)[ 20.022356][ T12] betop 0003:20BC:5500.0001: unknown main item tag 0x0 [ 20.029900][ T12] betop 0003:20BC:5500.0001: hidraw0: USB HID v0.00 Device [HID 20bc:5500] on usb-dummy_hcd.0-1/input0 [ 20.042269][ T12] ================================================================== [ 20.050502][ T12] BUG: KASAN: slab-out-of-bounds in betop_probe+0x3d4/0x5c0 [ 20.057867][ T12] Write of size 8 at addr ffff8881cdc223c0 by task kworker/0:1/12 [ 20.065823][ T12] [ 20.068134][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.4.35-syzkaller-00682-ge70de07acfd5 #0 [ 20.077730][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.087811][ T12] Workqueue: usb_hub_wq hub_event [ 20.092806][ T12] Call Trace: [ 20.096067][ T12] dump_stack+0x14a/0x1ce [ 20.100365][ T12] ? __device_attach+0x275/0x410 [ 20.105272][ T12] ? bus_probe_device+0xb8/0x1e0 [ 20.110176][ T12] ? show_regs_print_info+0x12/0x12 [ 20.115342][ T12] ? printk+0xd2/0x114 [ 20.119380][ T12] print_address_description+0x93/0x620 [ 20.124892][ T12] ? devkmsg_release+0x11c/0x11c [ 20.129797][ T12] __kasan_report+0x16d/0x1e0 [ 20.134455][ T12] ? betop_probe+0x3d4/0x5c0 [ 20.139041][ T12] kasan_report+0x34/0x60 [ 20.143355][ T12] check_memory_region+0x2b5/0x2f0 [ 20.148444][ T12] betop_probe+0x3d4/0x5c0 [ 20.152836][ T12] hid_device_probe+0x274/0x410 [ 20.157659][ T12] really_probe+0x6fe/0xf50 [ 20.162146][ T12] driver_probe_device+0xe6/0x230 [ 20.167140][ T12] ? coredump_store+0x80/0x80 [ 20.171784][ T12] bus_for_each_drv+0x17a/0x200 [ 20.176602][ T12] ? subsys_find_device_by_id+0x340/0x340 [ 20.182288][ T12] __device_attach+0x275/0x410 [ 20.187022][ T12] ? skb_release_head_state+0x1d0/0x210 [ 20.192534][ T12] ? device_attach+0x20/0x20 [ 20.197108][ T12] bus_probe_device+0xb8/0x1e0 [ 20.201839][ T12] device_add+0x1054/0x1740 [ 20.206311][ T12] ? __d_instantiate+0x3c6/0x700 [ 20.211218][ T12] ? dev_set_name+0x120/0x120 [ 20.215863][ T12] ? hid_debug_register+0xcd/0x140 [ 20.220939][ T12] hid_add_device+0xd7e/0xfd0 [ 20.225595][ T12] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 20.231228][ T12] ? snprintf+0xd9/0x120 [ 20.235480][ T12] ? usbhid_probe+0x6c2/0xcc0 [ 20.240148][ T12] ? hid_device_remove+0x390/0x390 [ 20.245250][ T12] ? kasan_kmalloc_large+0xff/0x110 [ 20.250415][ T12] ? init_timer_key+0x2c/0x1d0 [ 20.255165][ T12] usbhid_probe+0x94e/0xcc0 [ 20.259638][ T12] usb_probe_interface+0x621/0xac0 [ 20.264732][ T12] really_probe+0x75b/0xf50 [ 20.269208][ T12] driver_probe_device+0xe6/0x230 [ 20.274202][ T12] ? coredump_store+0x80/0x80 [ 20.278849][ T12] bus_for_each_drv+0x17a/0x200 [ 20.283670][ T12] ? subsys_find_device_by_id+0x340/0x340 [ 20.289358][ T12] __device_attach+0x275/0x410 [ 20.294092][ T12] ? skb_release_head_state+0x1d0/0x210 [ 20.299605][ T12] ? device_attach+0x20/0x20 [ 20.304179][ T12] bus_probe_device+0xb8/0x1e0 [ 20.308910][ T12] device_add+0x1054/0x1740 [ 20.313398][ T12] ? dev_set_name+0x120/0x120 [ 20.318046][ T12] ? kfree+0x12b/0x600 [ 20.322116][ T12] usb_set_configuration+0x184c/0x1dc0 [ 20.327550][ T12] generic_probe+0x82/0x140 [ 20.332023][ T12] really_probe+0x75b/0xf50 [ 20.336513][ T12] driver_probe_device+0xe6/0x230 [ 20.336520][ T12] ? coredump_store+0x80/0x80 [ 20.336531][ T12] bus_for_each_drv+0x17a/0x200 [ 20.351000][ T12] ? subsys_find_device_by_id+0x340/0x340 [ 20.356698][ T12] __device_attach+0x275/0x410 [ 20.361442][ T12] ? skb_release_head_state+0x1d0/0x210 [ 20.366988][ T12] ? device_attach+0x20/0x20 [ 20.371562][ T12] bus_probe_device+0xb8/0x1e0 [ 20.376307][ T12] device_add+0x1054/0x1740 [ 20.380790][ T12] ? dev_set_name+0x120/0x120 [ 20.385449][ T12] usb_new_device+0xda7/0x1710 [ 20.390192][ T12] ? hub_port_init+0x1efa/0x3170 [ 20.395113][ T12] ? usb_disconnect+0x880/0x880 [ 20.399961][ T12] hub_event+0x2963/0x4fa0 [ 20.404365][ T12] ? led_work+0x530/0x530 [ 20.408674][ T12] ? pm_schedule_suspend+0x1d0/0x1d0 [ 20.413954][ T12] ? _raw_spin_lock+0x170/0x170 [ 20.418799][ T12] ? mutex_lock+0xa6/0x110 [ 20.423184][ T12] ? _raw_spin_lock_irq+0xa2/0x180 [ 20.428286][ T12] ? read_word_at_a_time+0xe/0x20 [ 20.433294][ T12] ? strscpy+0xa6/0x260 [ 20.437422][ T12] process_one_work+0x777/0xf90 [ 20.442257][ T12] worker_thread+0xa8f/0x1430 [ 20.446920][ T12] kthread+0x2df/0x300 [ 20.451151][ T12] ? process_one_work+0xf90/0xf90 [ 20.456145][ T12] ? kthread_destroy_worker+0x280/0x280 [ 20.461662][ T12] ret_from_fork+0x1f/0x30 [ 20.466045][ T12] [ 20.468344][ T12] Allocated by task 228: [ 20.472557][ T12] __kasan_kmalloc+0x12c/0x1c0 [ 20.477305][ T12] __kmalloc+0xf7/0x2d0 [ 20.481433][ T12] simple_xattr_alloc+0x40/0xb0 [ 20.486268][ T12] shmem_initxattrs+0x91/0x200 [ 20.491000][ T12] security_inode_init_security+0x27c/0x3c0 [ 20.496875][ T12] shmem_mknod+0xb0/0x1a0 [ 20.501259][ T12] path_openat+0x20c3/0x3d10 [ 20.505841][ T12] do_filp_open+0x20d/0x440 [ 20.510312][ T12] do_sys_open+0x387/0x7d0 [ 20.514714][ T12] do_syscall_64+0xcb/0x150 [ 20.519186][ T12] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 20.525061][ T12] [ 20.527359][ T12] Freed by task 0: [ 20.531060][ T12] (stack is not available) [ 20.535441][ T12] [ 20.537756][ T12] The buggy address belongs to the object at ffff8881cdc22380 [ 20.537756][ T12] which belongs to the cache kmalloc-96 of size 96 [ 20.551610][ T12] The buggy address is located 64 bytes inside of [ 20.551610][ T12] 96-byte region [ffff8881cdc22380, ffff8881cdc223e0) [ 20.564674][ T12] The buggy address belongs to the page: [ 20.570277][ T12] page:ffffea0007370880 refcount:1 mapcount:0 mapping:ffff8881da803400 index:0x0 [ 20.579364][ T12] flags: 0x8000000000000200(slab) [ 20.584377][ T12] raw: 8000000000000200 ffffea0007393840 0000001500000015 ffff8881da803400 [ 20.592946][ T12] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 20.601495][ T12] page dumped because: kasan: bad access detected [ 20.607878][ T12] [ 20.610177][ T12] Memory state around the buggy address: [ 20.615776][ T12] ffff8881cdc22280: 00 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc [ 20.623822][ T12] ffff8881cdc22300: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 20.631854][ T12] >ffff8881cdc22380: 00 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc [ 20.639884][ T12] ^ [ 20.646004][ T12] ffff8881cdc22400: 00 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc [ 20.654034][ T12] ffff8881cdc22480: 00 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc [ 20.662064][ T12] ================================================================== [ 20.670111][ T12] Disabling lock debugging due to kern