[�[0;32m OK �[0m] Started Getty on tty2.
[�[0;32m OK �[0m] Started Getty on tty1.
[�[0;32m OK �[0m] Started Serial Getty on ttyS0.
[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.10.55' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 55.696571][ T17] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 55.936459][ T17] usb 1-1: Using ep0 maxpacket: 8
[ 56.056570][ T17] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 56.067667][ T17] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 56.078705][ T17] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 56.089401][ T17] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 56.099917][ T17] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[ 56.267042][ T17] usb 1-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice= 0.40
[ 56.276266][ T17] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 56.284630][ T17] usb 1-1: Product: syz
[ 56.290132][ T17] usb 1-1: Manufacturer: syz
[ 56.295046][ T17] usb 1-1: SerialNumber: syz
[ 56.397036][ T17] cdc_ether: probe of 1-1:1.0 failed with error -22
[ 56.556363][ C1] ==================================================================
[ 56.564543][ C1] BUG: KASAN: slab-out-of-bounds in snd_usb_mixer_notify_id+0x219/0x2a0
[ 56.572855][ C1] Write of size 4 at addr ffff8880a3ffb6e0 by task swapper/1/0
[ 56.580376][ C1]
[ 56.582711][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.7.0-syzkaller #0
[ 56.590435][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 56.600687][ C1] Call Trace:
[ 56.604155][ C1]
[ 56.607004][ C1] dump_stack+0x188/0x20d
[ 56.611419][ C1] ? snd_usb_mixer_notify_id+0x219/0x2a0
[ 56.617038][ C1] ? snd_usb_mixer_notify_id+0x219/0x2a0
[ 56.622838][ C1] print_address_description.constprop.0.cold+0xd3/0x413
[ 56.629854][ C1] ? vprintk_func+0x97/0x1a6
[ 56.634430][ C1] ? snd_usb_mixer_notify_id+0x219/0x2a0
[ 56.640053][ C1] kasan_report.cold+0x1f/0x37
[ 56.644807][ C1] ? snd_usb_mixer_notify_id+0x219/0x2a0
[ 56.650760][ C1] snd_usb_mixer_notify_id+0x219/0x2a0
[ 56.656209][ C1] snd_usb_mixer_interrupt+0x416/0x980
[ 56.661833][ C1] ? trace_hardirqs_off+0x50/0x220
[ 56.666935][ C1] __usb_hcd_giveback_urb+0x2af/0x4b0
[ 56.672463][ C1] usb_hcd_giveback_urb+0x368/0x420
[ 56.677751][ C1] dummy_timer+0x1243/0x2fe1
[ 56.682335][ C1] ? __lock_acquire+0x2224/0x48a0
[ 56.687524][ C1] ? debug_smp_processor_id+0x2f/0x185
[ 56.693152][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 56.698004][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 56.703537][ C1] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 56.709631][ C1] call_timer_fn+0x1ac/0x780
[ 56.714298][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 56.719048][ C1] ? timer_fixup_init+0x60/0x60
[ 56.723885][ C1] ? lock_downgrade+0x840/0x840
[ 56.728729][ C1] ? _raw_spin_unlock_irq+0x1f/0x80
[ 56.734002][ C1] ? lockdep_hardirqs_on_prepare+0x1bc/0x590
[ 56.740044][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 56.744798][ C1] run_timer_softirq+0x623/0x1600
[ 56.749813][ C1] ? add_timer+0x830/0x830
[ 56.754212][ C1] ? debug_smp_processor_id+0x2f/0x185
[ 56.759785][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 56.765362][ C1] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 56.771336][ C1] ? lockdep_hardirqs_on_prepare+0x1bc/0x590
[ 56.777426][ C1] __do_softirq+0x26c/0x9f7
[ 56.781919][ C1] irq_exit+0x192/0x1d0
[ 56.786071][ C1] smp_apic_timer_interrupt+0x19e/0x600
[ 56.791615][ C1] apic_timer_interrupt+0xf/0x20
[ 56.796617][ C1]
[ 56.799543][ C1] RIP: 0010:native_safe_halt+0xe/0x10
[ 56.804901][ C1] Code: cc cc cc cc cc cc cc cc cc cc cc cc e9 07 00 00 00 0f 00 2d 84 9c 4a 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 9c 4a 00 fb f4 cc 41 56 41 55 41 54 55 53 e8 33 9c 83 f9 e8 be c8 bf fb 0f 1f
[ 56.824496][ C1] RSP: 0018:ffffc90000d3fc70 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 56.832888][ C1] RAX: ffff8880a9632340 RBX: 0000000000000000 RCX: 1ffffffff15173ba
[ 56.840852][ C1] RDX: 0000000000000000 RSI: ffffffff87de1248 RDI: ffff8880a9632bc0
[ 56.848900][ C1] RBP: ffff88821af3e864 R08: 0000000000000000 R09: 0000000000000001
[ 56.856860][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88821af3e864
[ 56.864902][ C1] R13: 1ffff920001a7f99 R14: ffff88821af3e865 R15: 0000000000000001
[ 56.872938][ C1] ? acpi_safe_halt+0x88/0x110
[ 56.877701][ C1] acpi_safe_halt+0x8d/0x110
[ 56.882312][ C1] acpi_idle_do_entry+0xa9/0xe0
[ 56.887149][ C1] acpi_idle_enter+0x437/0xb20
[ 56.891899][ C1] ? acpi_idle_enter_bm+0x2d0/0x2d0
[ 56.897130][ C1] ? kvm_clock_read+0x14/0x30
[ 56.901839][ C1] ? kvm_sched_clock_read+0x5/0x10
[ 56.906938][ C1] ? sched_clock+0x2a/0x40
[ 56.911339][ C1] ? sched_clock_cpu+0x18/0x1b0
[ 56.916349][ C1] cpuidle_enter_state+0xdd/0xd60
[ 56.921399][ C1] ? assoc_array_gc+0x1200/0x1250
[ 56.926412][ C1] cpuidle_enter+0x4a/0xa0
[ 56.930939][ C1] do_idle+0x42f/0x690
[ 56.935091][ C1] ? arch_cpu_idle_exit+0x70/0x70
[ 56.940109][ C1] cpu_startup_entry+0x14/0x20
[ 56.944859][ C1] start_secondary+0x2f8/0x410
[ 56.949609][ C1] ? set_cpu_sibling_map+0x1ed0/0x1ed0
[ 56.955084][ C1] secondary_startup_64+0xa4/0xb0
[ 56.960097][ C1]
[ 56.962412][ C1] Allocated by task 17:
[ 56.966602][ C1] save_stack+0x1b/0x40
[ 56.970821][ C1] __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 56.976437][ C1] kmem_cache_alloc_trace+0x153/0x7d0
[ 56.981791][ C1] add_single_ctl_with_resume+0x53/0x1d0
[ 56.987413][ C1] snd_usb_mixer_apply_create_quirk+0x17ac/0x2000
[ 56.993868][ C1] snd_usb_create_mixer+0x7de/0x18c0
[ 56.999138][ C1] create_standard_mixer_quirk+0x57/0x70
[ 57.004751][ C1] snd_usb_create_quirk+0x9f/0xd0
[ 57.009757][ C1] create_composite_quirk+0x1d5/0x420
[ 57.015252][ C1] snd_usb_create_quirk+0x9f/0xd0
[ 57.020294][ C1] usb_audio_probe+0x57a/0x2240
[ 57.025130][ C1] usb_probe_interface+0x305/0x7a0
[ 57.030520][ C1] really_probe+0x281/0x6d0
[ 57.035004][ C1] driver_probe_device+0x104/0x210
[ 57.040097][ C1] __device_attach_driver+0x1c2/0x220
[ 57.045451][ C1] bus_for_each_drv+0x162/0x1e0
[ 57.050286][ C1] __device_attach+0x21a/0x360
[ 57.055157][ C1] bus_probe_device+0x1e4/0x290
[ 57.059992][ C1] device_add+0x132d/0x1c10
[ 57.064480][ C1] usb_set_configuration+0xec5/0x1740
[ 57.069837][ C1] usb_generic_driver_probe+0x9d/0xe0
[ 57.075376][ C1] usb_probe_device+0xc6/0x1f0
[ 57.080133][ C1] really_probe+0x281/0x6d0
[ 57.084785][ C1] driver_probe_device+0x104/0x210
[ 57.089884][ C1] __device_attach_driver+0x1c2/0x220
[ 57.095242][ C1] bus_for_each_drv+0x162/0x1e0
[ 57.100079][ C1] __device_attach+0x21a/0x360
[ 57.104827][ C1] bus_probe_device+0x1e4/0x290
[ 57.109726][ C1] device_add+0x132d/0x1c10
[ 57.114284][ C1] usb_new_device.cold+0x753/0x103d
[ 57.119472][ C1] hub_event+0x1eca/0x38f0
[ 57.123882][ C1] process_one_work+0x965/0x16a0
[ 57.128926][ C1] worker_thread+0x96/0xe20
[ 57.133415][ C1] kthread+0x388/0x470
[ 57.137471][ C1] ret_from_fork+0x24/0x30
[ 57.141868][ C1]
[ 57.144453][ C1] Freed by task 4851:
[ 57.148592][ C1] save_stack+0x1b/0x40
[ 57.152763][ C1] __kasan_slab_free+0xf7/0x140
[ 57.157602][ C1] kfree+0x109/0x2b0
[ 57.161614][ C1] tomoyo_check_open_permission+0x169/0x370
[ 57.167665][ C1] tomoyo_file_open+0xa3/0xd0
[ 57.172325][ C1] security_file_open+0x6e/0x410
[ 57.177249][ C1] do_dentry_open+0x3e9/0x1340
[ 57.182063][ C1] path_openat+0x1e59/0x27d0
[ 57.186774][ C1] do_filp_open+0x192/0x260
[ 57.191318][ C1] do_sys_openat2+0x585/0x7d0
[ 57.195989][ C1] do_sys_open+0xc3/0x140
[ 57.200311][ C1] do_syscall_64+0xf6/0x7d0
[ 57.204801][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xb3
[ 57.210874][ C1]
[ 57.213193][ C1] The buggy address belongs to the object at ffff8880a3ffb680
[ 57.213193][ C1] which belongs to the cache kmalloc-64 of size 64
[ 57.227061][ C1] The buggy address is located 32 bytes to the right of
[ 57.227061][ C1] 64-byte region [ffff8880a3ffb680, ffff8880a3ffb6c0)
[ 57.240663][ C1] The buggy address belongs to the page:
[ 57.246284][ C1] page:ffffea00028ffec0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
[ 57.255505][ C1] flags: 0xfffe0000000200(slab)
[ 57.260491][ C1] raw: 00fffe0000000200 ffffea00024f1cc8 ffffea0002882fc8 ffff8880aa000380
[ 57.269160][ C1] raw: 0000000000000000 ffff8880a3ffb000 0000000100000020 0000000000000000
[ 57.277992][ C1] page dumped because: kasan: bad access detected
[ 57.284510][ C1]
[ 57.286830][ C1] Memory state around the buggy address:
[ 57.292447][ C1] ffff8880a3ffb580: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[ 57.300588][ C1] ffff8880a3ffb600: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[ 57.308798][ C1] >ffff8880a3ffb680: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[ 57.317028][ C1] ^
[ 57.324348][ C1] ffff8880a3ffb700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 57.332477][ C1] ffff8880a3ffb780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 57.340913][ C1] ==================================================================
[ 57.348957][ C1] Disabling lock debugging due to kernel taint
[ 57.355121][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 57.361916][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 5.7.0-syzkaller #0
[ 57.370878][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 57.381270][ C1] Call Trace:
[ 57.384539][ C1]
[ 57.387381][ C1] dump_stack+0x188/0x20d
[ 57.391693][ C1] ? snd_usb_mixer_notify_id+0x1a0/0x2a0
[ 57.397364][ C1] panic+0x2e3/0x75c
[ 57.401327][ C1] ? add_taint.cold+0x16/0x16
[ 57.406022][ C1] ? trace_hardirqs_off+0x50/0x220
[ 57.411347][ C1] ? snd_usb_mixer_notify_id+0x219/0x2a0
[ 57.416967][ C1] ? snd_usb_mixer_notify_id+0x219/0x2a0
[ 57.422814][ C1] end_report+0x4d/0x53
[ 57.426960][ C1] kasan_report.cold+0xd/0x37
[ 57.431623][ C1] ? snd_usb_mixer_notify_id+0x219/0x2a0
[ 57.437334][ C1] snd_usb_mixer_notify_id+0x219/0x2a0
[ 57.443158][ C1] snd_usb_mixer_interrupt+0x416/0x980
[ 57.448639][ C1] ? trace_hardirqs_off+0x50/0x220
[ 57.453865][ C1] __usb_hcd_giveback_urb+0x2af/0x4b0
[ 57.459289][ C1] usb_hcd_giveback_urb+0x368/0x420
[ 57.464537][ C1] dummy_timer+0x1243/0x2fe1
[ 57.469290][ C1] ? __lock_acquire+0x2224/0x48a0
[ 57.474304][ C1] ? debug_smp_processor_id+0x2f/0x185
[ 57.479742][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 57.484491][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 57.490078][ C1] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 57.496042][ C1] call_timer_fn+0x1ac/0x780
[ 57.500616][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 57.505407][ C1] ? timer_fixup_init+0x60/0x60
[ 57.510416][ C1] ? lock_downgrade+0x840/0x840
[ 57.515249][ C1] ? _raw_spin_unlock_irq+0x1f/0x80
[ 57.520494][ C1] ? lockdep_hardirqs_on_prepare+0x1bc/0x590
[ 57.526509][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 57.531253][ C1] run_timer_softirq+0x623/0x1600
[ 57.536261][ C1] ? add_timer+0x830/0x830
[ 57.540655][ C1] ? debug_smp_processor_id+0x2f/0x185
[ 57.546145][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 57.551683][ C1] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 57.557647][ C1] ? lockdep_hardirqs_on_prepare+0x1bc/0x590
[ 57.563615][ C1] __do_softirq+0x26c/0x9f7
[ 57.568143][ C1] irq_exit+0x192/0x1d0
[ 57.572280][ C1] smp_apic_timer_interrupt+0x19e/0x600
[ 57.577894][ C1] apic_timer_interrupt+0xf/0x20
[ 57.582840][ C1]
[ 57.585769][ C1] RIP: 0010:native_safe_halt+0xe/0x10
[ 57.591127][ C1] Code: cc cc cc cc cc cc cc cc cc cc cc cc e9 07 00 00 00 0f 00 2d 84 9c 4a 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 9c 4a 00 fb f4 cc 41 56 41 55 41 54 55 53 e8 33 9c 83 f9 e8 be c8 bf fb 0f 1f
[ 57.611014][ C1] RSP: 0018:ffffc90000d3fc70 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 57.619468][ C1] RAX: ffff8880a9632340 RBX: 0000000000000000 RCX: 1ffffffff15173ba
[ 57.627422][ C1] RDX: 0000000000000000 RSI: ffffffff87de1248 RDI: ffff8880a9632bc0
[ 57.635377][ C1] RBP: ffff88821af3e864 R08: 0000000000000000 R09: 0000000000000001
[ 57.643327][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88821af3e864
[ 57.651321][ C1] R13: 1ffff920001a7f99 R14: ffff88821af3e865 R15: 0000000000000001
[ 57.659337][ C1] ? acpi_safe_halt+0x88/0x110
[ 57.664086][ C1] acpi_safe_halt+0x8d/0x110
[ 57.668810][ C1] acpi_idle_do_entry+0xa9/0xe0
[ 57.673736][ C1] acpi_idle_enter+0x437/0xb20
[ 57.678484][ C1] ? acpi_idle_enter_bm+0x2d0/0x2d0
[ 57.683665][ C1] ? kvm_clock_read+0x14/0x30
[ 57.688379][ C1] ? kvm_sched_clock_read+0x5/0x10
[ 57.693512][ C1] ? sched_clock+0x2a/0x40
[ 57.697963][ C1] ? sched_clock_cpu+0x18/0x1b0
[ 57.702795][ C1] cpuidle_enter_state+0xdd/0xd60
[ 57.707811][ C1] ? assoc_array_gc+0x1200/0x1250
[ 57.712817][ C1] cpuidle_enter+0x4a/0xa0
[ 57.717218][ C1] do_idle+0x42f/0x690
[ 57.721414][ C1] ? arch_cpu_idle_exit+0x70/0x70
[ 57.726423][ C1] cpu_startup_entry+0x14/0x20
[ 57.731172][ C1] start_secondary+0x2f8/0x410
[ 57.735920][ C1] ? set_cpu_sibling_map+0x1ed0/0x1ed0
[ 57.741393][ C1] secondary_startup_64+0xa4/0xb0
[ 57.747680][ C1] Kernel Offset: disabled
[ 57.752067][ C1] Rebooting in 86400 seconds..