[ OK ] Started Network Time Synchronization. [ OK ] Started Raise network interfaces. [ OK ] Reached target Network. Starting Permit User Sessions... Starting OpenBSD Secure Shell server... [ OK ] Started Permit User Sessions. [ OK ] Started OpenBSD Secure Shell server. [ 14.257233][ C1] random: crng init done [ 14.258217][ C1] random: 7 urandom warning(s) missed due to ratelimiting Warning: Permanently added '10.128.0.236' (ECDSA) to the list of known hosts. executing program [* ] A start job is running for dev-ttyS0.device (8s / 1min 30s) [** ] A start job is running for dev-ttyS0.device (9s / 1min 30s) [*** ] A start job is running for dev-ttyS0.device (10s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (10s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (11s / 1min 30s) [ ***] A start job is running for dev-ttyS0.device (11s / 1min 30s) [ **] A start job is running for dev-ttyS0.device (12s / 1min 30s) [ *] A start job is running for dev-ttyS0.device (13s / 1min 30s) [ **] A start job is running for dev-ttyS0.device (13s / 1min 30s) [ ***] A start job is running for dev-ttyS0.device (14s / 1min 30s)[ 20.559018][ T22] audit: type=1400 audit(1592596693.016:8): avc: denied { execmem } for pid=343 comm="syz-executor427" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 20.827155][ T90] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ *** ] A start job is running for dev-ttyS0.device (14s / 1min 30s)[ 21.066891][ T90] usb 1-1: Using ep0 maxpacket: 8 [ 21.186849][ T90] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 21.197756][ T90] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 21.208206][ T90] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 21.218242][ T90] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 21.228149][ T90] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 21.396585][ T90] usb 1-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice= 0.40 [ 21.405596][ T90] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 21.414249][ T90] usb 1-1: Product: syz [ 21.418708][ T90] usb 1-1: Manufacturer: syz [ 21.423273][ T90] usb 1-1: SerialNumber: syz [ 21.467040][ T90] cdc_ether: probe of 1-1:1.0 failed with error -22 [ *** ] A start job is running for dev-ttyS0.device (15s / 1min 30s)[ 21.686257][ C0] ================================================================== [ 21.694351][ C0] BUG: KASAN: slab-out-of-bounds in snd_usb_mixer_interrupt+0xaa7/0xc30 [ 21.702644][ C0] Write of size 4 at addr ffff8881cf307060 by task swapper/0/0 [ 21.710143][ C0] [ 21.712440][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.4.47-syzkaller-00290-g5eb96e454e88 #0 [ 21.721763][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.731795][ C0] Call Trace: [ 21.735042][ C0] [ 21.737859][ C0] dump_stack+0x14a/0x1ce [ 21.742151][ C0] ? show_regs_print_info+0x12/0x12 [ 21.747309][ C0] ? printk+0xd2/0x114 [ 21.751342][ C0] print_address_description+0x93/0x620 [ 21.756869][ C0] __kasan_report+0x16d/0x1e0 [ 21.761522][ C0] ? snd_usb_mixer_interrupt+0xaa7/0xc30 [ 21.767221][ C0] kasan_report+0x34/0x60 [ 21.771516][ C0] snd_usb_mixer_interrupt+0xaa7/0xc30 [ 21.776952][ C0] ? usb_unanchor_urb+0x128/0x2f0 [ 21.781950][ C0] __usb_hcd_giveback_urb+0x265/0x3b0 [ 21.787287][ C0] ? usb_hcd_giveback_urb+0x107/0x3d0 [ 21.792626][ C0] dummy_timer+0x778/0x4260 [ 21.797095][ C0] ? dummy_free_streams+0x310/0x310 [ 21.802315][ C0] ? trigger_load_balance+0x115/0x760 [ 21.807661][ C0] ? perf_event_task_tick+0x974/0x990 [ 21.812997][ C0] ? load_balance+0x4330/0x4330 [ 21.817828][ C0] ? dummy_free_streams+0x310/0x310 [ 21.822990][ C0] call_timer_fn+0x154/0x340 [ 21.827545][ C0] ? dummy_free_streams+0x310/0x310 [ 21.832708][ C0] ? dummy_free_streams+0x310/0x310 [ 21.837872][ C0] expire_timers+0x35c/0x470 [ 21.842438][ C0] __run_timers+0x662/0x7b0 [ 21.846905][ C0] ? detach_timer+0x260/0x260 [ 21.851547][ C0] ? __run_hrtimer+0x601/0x7a0 [ 21.856283][ C0] ? clockevents_program_event+0x214/0x2d0 [ 21.862051][ C0] ? hrtimer_interrupt+0xe75/0x10a0 [ 21.867229][ C0] run_timer_softirq+0x19/0x30 [ 21.871958][ C0] __do_softirq+0x2d5/0x725 [ 21.876426][ C0] ? __irqentry_text_end+0x1fc47b/0x1fc47b [ 21.882194][ C0] ? hrtimer_init+0x340/0x340 [ 21.886835][ C0] ? kvm_sched_clock_read+0x15/0x40 [ 21.891995][ C0] ? sched_clock_cpu+0x18/0x380 [ 21.896807][ C0] irq_exit+0x16d/0x180 [ 21.900927][ C0] smp_apic_timer_interrupt+0x281/0x3f0 [ 21.906435][ C0] apic_timer_interrupt+0xf/0x20 [ 21.911334][ C0] [ 21.914236][ C0] RIP: 0010:default_idle+0x1f/0x30 [ 21.919318][ C0] Code: ff e8 b5 76 42 fd 90 90 90 90 90 65 8b 35 31 a6 2a 7c bf 01 00 00 00 e8 af 02 31 fd e9 07 00 00 00 0f 00 2d 0b 93 49 00 fb f4 <65> 8b 35 12 a6 2a 7c bf ff ff ff ff e9 90 02 31 fd 41 57 41 56 53 [ 21.938887][ C0] RSP: 0018:ffffffff84c07d18 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 21.947368][ C0] RAX: 790958194ac5f601 RBX: ffffffff84c14980 RCX: ffffffff8124c640 [ 21.955303][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 21.963240][ C0] RBP: ffffffff84c07e20 R08: dffffc0000000000 R09: fffffbfff0982931 [ 21.971176][ C0] R10: fffffbfff0982931 R11: 0000000000000000 R12: ffffffff84d8fde0 [ 21.979124][ C0] R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffffffff0982930 [ 21.987064][ C0] ? do_idle+0x1f0/0x5e0 [ 21.991271][ C0] ? default_idle+0x11/0x30 [ 21.995747][ C0] do_idle+0x209/0x5e0 [ 21.999784][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 22.004946][ C0] ? __rcu_read_lock+0x50/0x50 [ 22.009687][ C0] ? find_next_bit+0xd8/0x120 [ 22.014327][ C0] ? cpumask_next+0xc/0x20 [ 22.018706][ C0] ? schedule+0x13b/0x1d0 [ 22.022997][ C0] cpu_startup_entry+0x15/0x20 [ 22.027735][ C0] start_kernel+0x7a3/0x873 [ 22.032208][ C0] ? __early_make_pgtable+0x157/0x1a2 [ 22.037543][ C0] ? arch_call_rest_init+0xa/0xa [ 22.042442][ C0] ? kasan_early_init+0x2c5/0x31f [ 22.047443][ C0] ? check_loader_disabled_bsp+0x92/0x131 [ 22.053122][ C0] ? load_ucode_bsp+0xef/0x105 [ 22.057850][ C0] secondary_startup_64+0xa4/0xb0 [ 22.062834][ C0] [ 22.065129][ C0] Allocated by task 90: [ 22.069250][ C0] __kasan_kmalloc+0x12c/0x1c0 [ 22.073979][ C0] kmem_cache_alloc_trace+0xc3/0x280 [ 22.079224][ C0] snd_usb_mixer_apply_create_quirk+0xad1/0x30c0 [ 22.085510][ C0] snd_usb_create_mixer+0x22c3/0x31a0 [ 22.090930][ C0] create_composite_quirk+0x221/0x510 [ 22.096274][ C0] usb_audio_probe+0xd69/0x2470 [ 22.101086][ C0] usb_probe_interface+0x631/0xad0 [ 22.106161][ C0] really_probe+0x764/0xf70 [ 22.110638][ C0] driver_probe_device+0xe6/0x230 [ 22.115624][ C0] bus_for_each_drv+0x17a/0x200 [ 22.120436][ C0] __device_attach+0x27b/0x420 [ 22.125158][ C0] bus_probe_device+0xbb/0x200 [ 22.129885][ C0] device_add+0x13db/0x17c0 [ 22.134359][ C0] usb_set_configuration+0x197f/0x1f00 [ 22.139780][ C0] generic_probe+0x82/0x140 [ 22.144243][ C0] really_probe+0x764/0xf70 [ 22.148709][ C0] driver_probe_device+0xe6/0x230 [ 22.153696][ C0] bus_for_each_drv+0x17a/0x200 [ 22.158538][ C0] __device_attach+0x27b/0x420 [ 22.163272][ C0] bus_probe_device+0xbb/0x200 [ 22.168008][ C0] device_add+0x13db/0x17c0 [ 22.172483][ C0] usb_new_device+0xda7/0x1710 [ 22.177222][ C0] hub_event+0x2963/0x4fa0 [ 22.181627][ C0] process_one_work+0x777/0xf90 [ 22.181632][ C0] worker_thread+0xa8f/0x1430 [ 22.181637][ C0] kthread+0x2df/0x300 [ 22.181643][ C0] ret_from_fork+0x1f/0x30 [ 22.181654][ C0] [ 22.201822][ C0] Freed by task 0: [ 22.205509][ C0] (stack is not available) [ 22.209887][ C0] [ 22.212207][ C0] The buggy address belongs to the object at ffff8881cf307000 [ 22.212207][ C0] which belongs to the cache kmalloc-64 of size 64 [ 22.226058][ C0] The buggy address is located 32 bytes to the right of [ 22.226058][ C0] 64-byte region [ffff8881cf307000, ffff8881cf307040) [ 22.239652][ C0] The buggy address belongs to the page: [ 22.245256][ C0] page:ffffea00073cc1c0 refcount:1 mapcount:0 mapping:ffff8881da803180 index:0x0 [ 22.254343][ C0] flags: 0x8000000000000200(slab) [ 22.259341][ C0] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881da803180 [ 22.267898][ C0] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 22.276449][ C0] page dumped because: kasan: bad access detected [ 22.282827][ C0] [ 22.285140][ C0] Memory state around the buggy address: [ 22.290741][ C0] ffff8881cf306f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.298774][ C0] ffff8881cf306f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.306805][ C0] >ffff8881cf307000: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.314844][ C0] ^ [ 22.322006][ C0] ffff8881cf307080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.330039][ C0] ffff8881cf307100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.338078][ C0] ================================================================== [ 22.346122][ C0] Disabling lock debugging due to kernel taint [*** ] A start job is running for dev-ttyS0.device (16s / 1min 30s)