INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.146' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 74.373775][ T21] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 74.373785][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 74.389052][ T1741] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 74.394157][ T5] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 74.397296][ T17] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 74.404936][ T107] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 74.613771][ T12] usb 1-1: Using ep0 maxpacket: 32 [ 74.653776][ T1741] usb 3-1: Using ep0 maxpacket: 32 [ 74.653808][ T5] usb 5-1: Using ep0 maxpacket: 32 [ 74.659102][ T21] usb 6-1: Using ep0 maxpacket: 32 [ 74.664445][ T107] usb 2-1: Using ep0 maxpacket: 32 [ 74.669523][ T17] usb 4-1: Using ep0 maxpacket: 32 [ 74.753910][ T12] usb 1-1: config 0 has an invalid interface number: 84 but max is 0 [ 74.762085][ T12] usb 1-1: config 0 has no interface number 0 [ 74.768437][ T12] usb 1-1: config 0 interface 84 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0 [ 74.778273][ T12] usb 1-1: New USB device found, idVendor=0d64, idProduct=3108, bcdDevice=b2.59 [ 74.787389][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.796493][ T12] usb 1-1: config 0 descriptor?? [ 74.804025][ T5] usb 5-1: config 0 has an invalid interface number: 84 but max is 0 [ 74.804776][ T1741] usb 3-1: config 0 has an invalid interface number: 84 but max is 0 [ 74.812124][ T5] usb 5-1: config 0 has no interface number 0 [ 74.820210][ T1741] usb 3-1: config 0 has no interface number 0 [ 74.820621][ T17] usb 4-1: config 0 has an invalid interface number: 84 but max is 0 [ 74.826371][ T107] usb 2-1: config 0 has an invalid interface number: 84 but max is 0 [ 74.826380][ T107] usb 2-1: config 0 has no interface number 0 [ 74.826401][ T107] usb 2-1: config 0 interface 84 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0 [ 74.832459][ T17] usb 4-1: config 0 has no interface number 0 [ 74.840621][ T107] usb 2-1: New USB device found, idVendor=0d64, idProduct=3108, bcdDevice=b2.59 [ 74.849193][ T21] usb 6-1: config 0 has an invalid interface number: 84 but max is 0 [ 74.854733][ T107] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.858196][ T12] zr364xx 1-1:0.84: Zoran 364xx compatible webcam plugged [ 74.864628][ T21] usb 6-1: config 0 has no interface number 0 [ 74.864768][ T1741] usb 3-1: config 0 interface 84 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0 [ 74.870767][ T12] zr364xx 1-1:0.84: model 0d64:3108 detected [ 74.871833][ T12] usb 1-1: 320x240 mode selected [ 74.879836][ T1741] usb 3-1: New USB device found, idVendor=0d64, idProduct=3108, bcdDevice=b2.59 [ 74.879844][ T1741] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.879921][ T21] usb 6-1: config 0 interface 84 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0 [ 74.888218][ T5] usb 5-1: config 0 interface 84 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0 [ 74.896079][ T21] usb 6-1: New USB device found, idVendor=0d64, idProduct=3108, bcdDevice=b2.59 [ 74.896092][ T21] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.903192][ T5] usb 5-1: New USB device found, idVendor=0d64, idProduct=3108, bcdDevice=b2.59 [ 74.915385][ T17] usb 4-1: config 0 interface 84 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0 [ 74.919233][ T5] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.925255][ T17] usb 4-1: New USB device found, idVendor=0d64, idProduct=3108, bcdDevice=b2.59 [ 74.931099][ T12] zr364xx: start read pipe failed [ 74.939227][ T17] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.942047][ T1741] usb 3-1: config 0 descriptor?? [ 74.947719][ T107] usb 2-1: config 0 descriptor?? [ 74.962365][ T21] usb 6-1: config 0 descriptor?? [ 74.979253][ T5] usb 5-1: config 0 descriptor?? [ 74.985350][ T17] usb 4-1: config 0 descriptor?? [ 75.004815][ T107] zr364xx 2-1:0.84: Zoran 364xx compatible webcam plugged [ 75.013205][ T1741] zr364xx 3-1:0.84: Zoran 364xx compatible webcam plugged [ 75.020972][ T107] zr364xx 2-1:0.84: model 0d64:3108 detected [ 75.026016][ T1741] zr364xx 3-1:0.84: model 0d64:3108 detected [ 75.038052][ T107] usb 2-1: 320x240 mode selected [ 75.045011][ T1741] usb 3-1: 320x240 mode selected [ 75.054970][ T5] zr364xx 5-1:0.84: Zoran 364xx compatible webcam plugged executing program [ 75.066412][ T5] zr364xx 5-1:0.84: model 0d64:3108 detected [ 75.067807][ T107] zr364xx: start read pipe failed [ 75.076419][ T1741] zr364xx: start read pipe failed [ 75.079953][ T5] usb 5-1: 320x240 mode selected [ 75.095811][ T5] zr364xx: start read pipe failed [ 75.105198][ T21] zr364xx 6-1:0.84: Zoran 364xx compatible webcam plugged [ 75.114022][ T21] zr364xx 6-1:0.84: model 0d64:3108 detected [ 75.130127][ T17] zr364xx 4-1:0.84: Zoran 364xx compatible webcam plugged [ 75.142271][ T17] zr364xx 4-1:0.84: model 0d64:3108 detected [ 75.152777][ T12] usb 1-1: Zoran 364xx controlling device video0 [ 75.161368][ T21] usb 6-1: 320x240 mode selected [ 75.167458][ T12] usb 1-1: USB disconnect, device number 2 [ 75.170687][ T21] zr364xx: start read pipe failed [ 75.178850][ T17] usb 4-1: 320x240 mode selected [ 75.183998][ T12] zr364xx 1-1:0.84: Zoran 364xx webcam unplugged [ 75.184174][ T17] zr364xx: start read pipe failed executing program executing program executing program [ 75.274801][ T1741] usb 3-1: Zoran 364xx controlling device video0 [ 75.274846][ T107] usb 2-1: Zoran 364xx controlling device video1 [ 75.287967][ T1741] usb 3-1: USB disconnect, device number 2 [ 75.295055][ T5] usb 5-1: Zoran 364xx controlling device video2 [ 75.298218][ T1741] zr364xx 3-1:0.84: Zoran 364xx webcam unplugged [ 75.312487][ T107] usb 2-1: USB disconnect, device number 2 [ 75.323133][ T5] usb 5-1: USB disconnect, device number 2 [ 75.421302][ T1757] ================================================================== [ 75.429796][ T1757] BUG: KASAN: null-ptr-deref in read_word_at_a_time+0xe/0x20 [ 75.437155][ T1757] Read of size 1 at addr 0000000000000000 by task v4l_id/1757 [ 75.444587][ T1757] [ 75.444607][ T1757] CPU: 1 PID: 1757 Comm: v4l_id Not tainted 5.2.0-rc6+ #14 [ 75.444614][ T1757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.444618][ T1757] Call Trace: [ 75.444633][ T1757] dump_stack+0xca/0x13e [ 75.444647][ T1757] ? read_word_at_a_time+0xe/0x20 [ 75.444657][ T1757] ? read_word_at_a_time+0xe/0x20 [ 75.444674][ T1757] __kasan_report.cold+0x5/0x32 [ 75.449815][ T5] zr364xx 5-1:0.84: Zoran 364xx webcam unplugged [ 75.454182][ T1757] ? mutex_trylock+0x1a0/0x1a0 [ 75.454194][ T1757] ? read_word_at_a_time+0xe/0x20 [ 75.454208][ T1757] kasan_report+0xe/0x20 [ 75.454219][ T1757] read_word_at_a_time+0xe/0x20 [ 75.454230][ T1757] strscpy+0x8a/0x280 [ 75.454243][ T1757] zr364xx_vidioc_querycap+0xb0/0x210 [ 75.454255][ T1757] ? is_module_text_address+0xc/0x1a [ 75.454267][ T1757] v4l_querycap+0x121/0x340 [ 75.454282][ T1757] __video_do_ioctl+0x5b0/0xb30 [ 75.471812][ T1757] ? copy_overflow+0x30/0x30 [ 75.540103][ T1757] ? stack_trace_save+0x9f/0xe0 [ 75.544943][ T1757] ? stack_trace_consume_entry+0x180/0x180 [ 75.550920][ T1757] video_usercopy+0x446/0xee0 [ 75.555574][ T1757] ? copy_overflow+0x30/0x30 [ 75.560141][ T1757] ? __kprobes_text_end+0x10cc28/0x10cc28 [ 75.565837][ T1757] ? v4l_enumstd+0x60/0x60 [ 75.570244][ T1757] ? debug_check_no_obj_freed+0x20a/0x42e [ 75.575950][ T1757] ? do_raw_spin_lock+0x11a/0x280 [ 75.580955][ T1757] ? video_usercopy+0xee0/0xee0 [ 75.585793][ T1757] v4l2_ioctl+0x147/0x1a0 [ 75.590104][ T1757] ? video_devdata+0xa0/0xa0 [ 75.594670][ T1757] do_vfs_ioctl+0xcda/0x12e0 [ 75.599235][ T1757] ? quarantine_put+0xb2/0x150 [ 75.603972][ T1757] ? ioctl_preallocate+0x200/0x200 [ 75.609058][ T1757] ? putname+0xe1/0x120 [ 75.613190][ T1757] ? putname+0xe1/0x120 [ 75.617323][ T1757] ? rcu_read_lock_sched_held+0x113/0x130 [ 75.623016][ T1757] ? kmem_cache_free+0x258/0x2a0 [ 75.627927][ T1757] ? rcu_read_lock_sched_held+0x113/0x130 [ 75.633619][ T1757] ksys_ioctl+0x9b/0xc0 [ 75.637750][ T1757] __x64_sys_ioctl+0x6f/0xb0 [ 75.642314][ T1757] ? lockdep_hardirqs_on+0x379/0x580 [ 75.647572][ T1757] do_syscall_64+0xb7/0x560 [ 75.652055][ T1757] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 75.657933][ T1757] RIP: 0033:0x7fc3b802e347 [ 75.662329][ T1757] Code: 90 90 90 48 8b 05 f1 fa 2a 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 90 90 90 90 90 90 90 90 90 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c1 fa 2a 00 31 d2 48 29 c2 64 [ 75.681908][ T1757] RSP: 002b:00007ffc04c6eb48 EFLAGS: 00000206 ORIG_RAX: 0000000000000010 [ 75.688363][ T12] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 75.690296][ T1757] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc3b802e347 [ 75.690304][ T1757] RDX: 00007ffc04c6eb50 RSI: 0000000080685600 RDI: 0000000000000003 [ 75.690310][ T1757] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 executing program executing program [ 75.690316][ T1757] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000400884 [ 75.690323][ T1757] R13: 00007ffc04c6eca0 R14: 0000000000000000 R15: 0000000000000000 [ 75.690330][ T1757] ================================================================== [ 75.690333][ T1757] Disabling lock debugging due to kernel taint [ 75.751766][ T1757] Kernel panic - not syncing: panic_on_warn set ... [ 75.758379][ T1757] CPU: 1 PID: 1757 Comm: v4l_id Tainted: G B 5.2.0-rc6+ #14 [ 75.766942][ T1757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.776978][ T1757] Call Trace: [ 75.780250][ T1757] dump_stack+0xca/0x13e [ 75.784470][ T1757] panic+0x292/0x6c9 [ 75.788340][ T1757] ? __warn_printk+0xf3/0xf3 [ 75.792904][ T1757] ? retint_kernel+0x10/0x10 [ 75.797474][ T1757] ? trace_hardirqs_on+0x55/0x1c0 [ 75.802476][ T1757] ? read_word_at_a_time+0xe/0x20 [ 75.807475][ T1757] end_report+0x43/0x49 [ 75.811606][ T1757] ? read_word_at_a_time+0xe/0x20 [ 75.816608][ T1757] __kasan_report.cold+0xd/0x32 [ 75.821437][ T1757] ? mutex_trylock+0x1a0/0x1a0 [ 75.826180][ T1757] ? read_word_at_a_time+0xe/0x20 [ 75.831178][ T1757] kasan_report+0xe/0x20 [ 75.833774][ T12] dummy_hcd dummy_hcd.0: port status 0x00100503 has changes [ 75.835404][ T1757] read_word_at_a_time+0xe/0x20 [ 75.847486][ T1757] strscpy+0x8a/0x280 [ 75.851535][ T1757] zr364xx_vidioc_querycap+0xb0/0x210 [ 75.856889][ T1757] ? is_module_text_address+0xc/0x1a [ 75.862155][ T1757] v4l_querycap+0x121/0x340 [ 75.866635][ T1757] __video_do_ioctl+0x5b0/0xb30 [ 75.871460][ T1757] ? copy_overflow+0x30/0x30 [ 75.873775][ T5] dummy_hcd dummy_hcd.4: port status 0x00100503 has changes [ 75.876033][ T1757] ? stack_trace_save+0x9f/0xe0 [ 75.888118][ T1757] ? stack_trace_consume_entry+0x180/0x180 [ 75.893914][ T1757] video_usercopy+0x446/0xee0 [ 75.898570][ T1757] ? copy_overflow+0x30/0x30 [ 75.903144][ T1757] ? __kprobes_text_end+0x10cc28/0x10cc28 [ 75.908839][ T1757] ? v4l_enumstd+0x60/0x60 [ 75.913231][ T1757] ? debug_check_no_obj_freed+0x20a/0x42e [ 75.918926][ T1757] ? do_raw_spin_lock+0x11a/0x280 [ 75.924098][ T1757] ? video_usercopy+0xee0/0xee0 [ 75.928931][ T1757] v4l2_ioctl+0x147/0x1a0 [ 75.933235][ T1757] ? video_devdata+0xa0/0xa0 [ 75.933717][ C0] dummy_udc dummy_udc.0: set_address = 3 [ 75.937808][ T1757] do_vfs_ioctl+0xcda/0x12e0 [ 75.947978][ T1757] ? quarantine_put+0xb2/0x150 [ 75.952720][ T1757] ? ioctl_preallocate+0x200/0x200 [ 75.957806][ T1757] ? putname+0xe1/0x120 [ 75.961972][ T1757] ? putname+0xe1/0x120 [ 75.963743][ T12] usb 1-1: Using ep0 maxpacket: 32 [ 75.966121][ T1757] ? rcu_read_lock_sched_held+0x113/0x130 [ 75.966132][ T1757] ? kmem_cache_free+0x258/0x2a0 [ 75.966146][ T1757] ? rcu_read_lock_sched_held+0x113/0x130 [ 75.971265][ T5] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 75.976921][ T1757] ksys_ioctl+0x9b/0xc0 [ 75.976931][ T1757] __x64_sys_ioctl+0x6f/0xb0 [ 75.976942][ T1757] ? lockdep_hardirqs_on+0x379/0x580 [ 75.976956][ T1757] do_syscall_64+0xb7/0x560 [ 76.013383][ T1757] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.019254][ T1757] RIP: 0033:0x7fc3b802e347 [ 76.023653][ T1757] Code: 90 90 90 48 8b 05 f1 fa 2a 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 90 90 90 90 90 90 90 90 90 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c1 fa 2a 00 31 d2 48 29 c2 64 [ 76.043230][ T1757] RSP: 002b:00007ffc04c6eb48 EFLAGS: 00000206 ORIG_RAX: 0000000000000010 [ 76.051614][ T1757] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc3b802e347 [ 76.059562][ T1757] RDX: 00007ffc04c6eb50 RSI: 0000000080685600 RDI: 0000000000000003 [ 76.067518][ T1757] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 76.075473][ T1757] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000400884 [ 76.083419][ T1757] R13: 00007ffc04c6eca0 R14: 0000000000000000 R15: 0000000000000000 [ 76.091998][ T1757] Kernel Offset: disabled [ 76.096307][ T1757] Rebooting in 86400 seconds..