[info] Using makefile-style concurrent boot in runlevel 2. [ 15.118543][ C1] random: crng init done [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.233' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 24.161216][ T101] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 24.401198][ T101] usb 1-1: Using ep0 maxpacket: 8 [ 24.521320][ T101] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 24.532301][ T101] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 24.545115][ T101] usb 1-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00 [ 24.554172][ T101] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.563542][ T101] usb 1-1: config 0 descriptor?? [ 25.043139][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.050360][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x2 [ 25.057544][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.064687][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.071840][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.078959][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.086100][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.093259][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.100354][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.107498][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.114666][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.121808][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.128933][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.136101][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.143264][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.150362][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.157516][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.164666][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.171823][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.178941][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.186099][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.193239][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.200335][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.207481][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.214642][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.221793][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.228914][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.236059][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 executing program [ 25.243276][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.250426][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.257607][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.264776][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.271933][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.279478][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.286869][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.294683][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.302189][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.309459][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.316740][ T101] logitech 0003:046D:C293.0001: unknown main item tag 0x0 [ 25.329287][ T101] logitech 0003:046D:C293.0001: hidraw0: USB HID v0.00 Device [HID 046d:c293] on usb-dummy_hcd.0-1/input0 [ 25.341275][ T101] logitech 0003:046D:C293.0001: not enough fields in HID_OUTPUT_REPORT 0 [ 25.352197][ T101] logitech: probe of 0003:046D:C293.0001 failed with error -1 [ 25.363198][ T101] usb 1-1: USB disconnect, device number 2 [ 25.721237][ T101] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 25.961185][ T101] usb 1-1: Using ep0 maxpacket: 8 [ 26.081309][ T101] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.092209][ T101] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 26.105026][ T101] usb 1-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00 [ 26.114071][ T101] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.123240][ T101] usb 1-1: config 0 descriptor?? [ 26.592470][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.599637][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x2 [ 26.606827][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.613971][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.621069][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.628228][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.635394][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.642648][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.649766][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.656922][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.664083][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.671238][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.678398][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.685549][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.692826][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.699927][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.707071][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.714210][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.721394][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.728509][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.735664][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.742845][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.749941][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.757083][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.764247][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.771389][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.778512][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.785668][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.792841][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.793103][ T1727] ================================================================== [ 26.799973][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.808088][ T1727] BUG: KASAN: use-after-free in usbhid_power+0xca/0xe0 [ 26.808099][ T1727] Read of size 8 at addr ffff8881d292c008 by task syz-executor351/1727 [ 26.808102][ T1727] [ 26.808115][ T1727] CPU: 0 PID: 1727 Comm: syz-executor351 Not tainted 5.3.0-rc4+ #26 [ 26.808130][ T1727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.808135][ T1727] Call Trace: [ 26.808151][ T1727] dump_stack+0xca/0x13e [ 26.808168][ T1727] ? usbhid_power+0xca/0xe0 [ 26.815308][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.822089][ T1727] ? usbhid_power+0xca/0xe0 [ 26.822104][ T1727] print_address_description+0x6a/0x32c [ 26.822115][ T1727] ? usbhid_power+0xca/0xe0 [ 26.822134][ T1727] ? usbhid_power+0xca/0xe0 [ 26.830373][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.832684][ T1727] __kasan_report.cold+0x1a/0x33 [ 26.832697][ T1727] ? usbhid_power+0xca/0xe0 [ 26.832708][ T1727] kasan_report+0xe/0x12 [ 26.832727][ T1727] usbhid_power+0xca/0xe0 [ 26.840695][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.850733][ T1727] hidraw_open+0x20d/0x740 [ 26.850746][ T1727] ? usbhid_output_report+0x290/0x290 [ 26.850767][ T1727] ? hidraw_ioctl+0xae0/0xae0 [ 26.850779][ T1727] chrdev_open+0x219/0x5c0 [ 26.850795][ T1727] ? cdev_put.part.0+0x50/0x50 [ 26.854126][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.858302][ T1727] do_dentry_open+0x494/0x1120 [ 26.862820][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.869878][ T1727] ? cdev_put.part.0+0x50/0x50 [ 26.874402][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.879892][ T1727] ? chmod_common+0x3c0/0x3c0 [ 26.884412][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.888858][ T1727] ? inode_permission+0xbe/0x3a0 [ 26.895965][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 26.895977][ T101] logitech 0003:046D:C293.0002: unknown main item tag 0x0 [ 27.007538][ T1727] path_openat+0x1430/0x3f50 [ 27.012109][ T1727] ? save_stack+0x1b/0x80 [ 27.016423][ T1727] ? do_sys_open+0x294/0x580 [ 27.021007][ T1727] ? do_syscall_64+0xb7/0x580 [ 27.025684][ T1727] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 27.031040][ T1727] ? __lock_acquire+0x145e/0x3b50 [ 27.036041][ T1727] do_filp_open+0x1a1/0x280 [ 27.040519][ T1727] ? may_open_dev+0xf0/0xf0 [ 27.044996][ T1727] ? __alloc_fd+0x46d/0x600 [ 27.049477][ T1727] ? do_raw_spin_lock+0x11a/0x280 [ 27.054483][ T1727] ? do_raw_spin_unlock+0x50/0x220 [ 27.059572][ T1727] ? _raw_spin_unlock+0x1f/0x30 [ 27.064400][ T1727] ? __alloc_fd+0x46d/0x600 [ 27.068881][ T1727] do_sys_open+0x3c0/0x580 [ 27.073334][ T1727] ? filp_open+0x70/0x70 [ 27.077749][ T1727] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 27.083446][ T1727] do_syscall_64+0xb7/0x580 [ 27.087929][ T1727] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.093800][ T1727] RIP: 0033:0x4019f0 [ 27.097674][ T1727] Code: 01 f0 ff ff 0f 83 c0 0b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d dd 5c 2d 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 94 0b 00 00 c3 48 83 ec 08 e8 fa 00 00 00 [ 27.117257][ T1727] RSP: 002b:00007fffaca34228 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 27.125661][ T1727] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004019f0 [ 27.133620][ T1727] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fffaca34230 [ 27.141581][ T1727] RBP: 6666666666666667 R08: 000000000000000f R09: 0000000000000000 [ 27.149527][ T1727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402a10 [ 27.157474][ T1727] R13: 0000000000402aa0 R14: 0000000000000000 R15: 0000000000000000 [ 27.165423][ T1727] [ 27.167730][ T1727] Allocated by task 239: [ 27.171954][ T1727] save_stack+0x1b/0x80 [ 27.176083][ T1727] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 27.181694][ T1727] kmem_cache_alloc+0xd6/0x2d0 [ 27.186438][ T1727] shmem_alloc_inode+0x18/0x40 [ 27.191180][ T1727] alloc_inode+0x61/0x1e0 [ 27.195486][ T1727] new_inode_pseudo+0x14/0xe0 [ 27.200181][ T1727] new_inode+0x1b/0x40 [ 27.204238][ T1727] shmem_get_inode+0x84/0x7e0 [ 27.208894][ T1727] shmem_mknod+0x5a/0x1f0 [ 27.213200][ T1727] lookup_open+0x119a/0x18d0 [ 27.217765][ T1727] path_openat+0x1045/0x3f50 [ 27.222332][ T1727] do_filp_open+0x1a1/0x280 [ 27.226812][ T1727] do_sys_open+0x3c0/0x580 [ 27.231204][ T1727] do_syscall_64+0xb7/0x580 [ 27.235688][ T1727] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.241578][ T1727] [ 27.243892][ T1727] Freed by task 0: [ 27.247589][ T1727] save_stack+0x1b/0x80 [ 27.251720][ T1727] __kasan_slab_free+0x130/0x180 [ 27.256635][ T1727] kmem_cache_free+0xb9/0x380 [ 27.261291][ T1727] i_callback+0x3f/0x70 [ 27.265423][ T1727] rcu_core+0x699/0x1bc0 [ 27.269644][ T1727] __do_softirq+0x221/0x912 [ 27.274147][ T1727] [ 27.276472][ T1727] The buggy address belongs to the object at ffff8881d292c000 [ 27.276472][ T1727] which belongs to the cache shmem_inode_cache of size 1168 [ 27.291107][ T1727] The buggy address is located 8 bytes inside of [ 27.291107][ T1727] 1168-byte region [ffff8881d292c000, ffff8881d292c490) [ 27.304265][ T1727] The buggy address belongs to the page: [ 27.309876][ T1727] page:ffffea00074a4b00 refcount:1 mapcount:0 mapping:ffff8881da115180 index:0x0 compound_mapcount: 0 [ 27.320781][ T1727] flags: 0x200000000010200(slab|head) [ 27.326151][ T1727] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da115180 [ 27.334717][ T1727] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000 [ 27.343276][ T1727] page dumped because: kasan: bad access detected [ 27.349660][ T1727] [ 27.351964][ T1727] Memory state around the buggy address: [ 27.357571][ T1727] ffff8881d292bf00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.365611][ T1727] ffff8881d292bf80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.373661][ T1727] >ffff8881d292c000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.381703][ T1727] ^ [ 27.386028][ T1727] ffff8881d292c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.394069][ T1727] ffff8881d292c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.402104][ T1727] ================================================================== [ 27.410146][ T1727] Disabling lock debugging due to kernel taint [ 27.416414][ T1727] Kernel panic - not syncing: panic_on_warn set ... [ 27.423003][ T1727] CPU: 0 PID: 1727 Comm: syz-executor351 Tainted: G B 5.3.0-rc4+ #26 [ 27.432341][ T1727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.442369][ T1727] Call Trace: [ 27.445641][ T1727] dump_stack+0xca/0x13e [ 27.449878][ T1727] panic+0x2a3/0x6da [ 27.453750][ T1727] ? add_taint.cold+0x16/0x16 [ 27.458406][ T1727] ? retint_kernel+0x10/0x10 [ 27.462973][ T1727] ? trace_hardirqs_on+0x55/0x1e0 [ 27.467972][ T1727] ? usbhid_power+0xca/0xe0 [ 27.472456][ T1727] end_report+0x43/0x49 [ 27.476606][ T1727] ? usbhid_power+0xca/0xe0 [ 27.481091][ T1727] __kasan_report.cold+0xd/0x33 [ 27.485925][ T1727] ? usbhid_power+0xca/0xe0 [ 27.490405][ T1727] kasan_report+0xe/0x12 [ 27.494644][ T1727] usbhid_power+0xca/0xe0 [ 27.498959][ T1727] hidraw_open+0x20d/0x740 [ 27.503351][ T1727] ? usbhid_output_report+0x290/0x290 [ 27.508697][ T1727] ? hidraw_ioctl+0xae0/0xae0 [ 27.513365][ T1727] chrdev_open+0x219/0x5c0 [ 27.517757][ T1727] ? cdev_put.part.0+0x50/0x50 [ 27.522584][ T1727] do_dentry_open+0x494/0x1120 [ 27.527324][ T1727] ? cdev_put.part.0+0x50/0x50 [ 27.532149][ T1727] ? chmod_common+0x3c0/0x3c0 [ 27.536815][ T1727] ? inode_permission+0xbe/0x3a0 [ 27.541728][ T1727] path_openat+0x1430/0x3f50 [ 27.546311][ T1727] ? save_stack+0x1b/0x80 [ 27.550617][ T1727] ? do_sys_open+0x294/0x580 [ 27.555183][ T1727] ? do_syscall_64+0xb7/0x580 [ 27.559834][ T1727] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 27.565179][ T1727] ? __lock_acquire+0x145e/0x3b50 [ 27.570177][ T1727] do_filp_open+0x1a1/0x280 [ 27.574657][ T1727] ? may_open_dev+0xf0/0xf0 [ 27.579135][ T1727] ? __alloc_fd+0x46d/0x600 [ 27.583613][ T1727] ? do_raw_spin_lock+0x11a/0x280 [ 27.588612][ T1727] ? do_raw_spin_unlock+0x50/0x220 [ 27.593699][ T1727] ? _raw_spin_unlock+0x1f/0x30 [ 27.598528][ T1727] ? __alloc_fd+0x46d/0x600 [ 27.603023][ T1727] do_sys_open+0x3c0/0x580 [ 27.607422][ T1727] ? filp_open+0x70/0x70 [ 27.611641][ T1727] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 27.617336][ T1727] do_syscall_64+0xb7/0x580 [ 27.621816][ T1727] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.627685][ T1727] RIP: 0033:0x4019f0 [ 27.631557][ T1727] Code: 01 f0 ff ff 0f 83 c0 0b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d dd 5c 2d 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 94 0b 00 00 c3 48 83 ec 08 e8 fa 00 00 00 [ 27.651160][ T1727] RSP: 002b:00007fffaca34228 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 27.659560][ T1727] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004019f0 [ 27.667516][ T1727] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fffaca34230 [ 27.675463][ T1727] RBP: 6666666666666667 R08: 000000000000000f R09: 0000000000000000 [ 27.683410][ T1727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402a10 [ 27.691372][ T1727] R13: 0000000000402aa0 R14: 0000000000000000 R15: 0000000000000000 [ 27.699702][ T1727] Kernel Offset: disabled [ 27.704018][ T1727] Rebooting in 86400 seconds..