INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.134' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 74.901359][ T17] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 75.271487][ T17] usb 1-1: config 0 has an invalid interface number: 107 but max is 0 [ 75.281141][ T17] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 75.292932][ T17] usb 1-1: config 0 has no interface number 0 [ 75.300315][ T17] usb 1-1: config 0 interface 107 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0 [ 75.312078][ T17] usb 1-1: New USB device found, idVendor=052b, idProduct=1a18, bcdDevice=c0.91 [ 75.322209][ T17] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.332968][ T17] usb 1-1: config 0 descriptor?? [ 75.375394][ T17] zr364xx 1-1:0.107: Zoran 364xx compatible webcam plugged [ 75.383180][ T17] zr364xx 1-1:0.107: model 052b:1a18 detected [ 75.391024][ T17] usb 1-1: 320x240 mode selected [ 75.396698][ T17] zr364xx: start read pipe failed executing program [ 75.582941][ T17] usb 1-1: Zoran 364xx controlling device video0 [ 75.591581][ T17] usb 1-1: USB disconnect, device number 2 [ 75.599332][ T17] zr364xx 1-1:0.107: Zoran 364xx webcam unplugged [ 75.961317][ T17] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 76.321376][ T17] usb 1-1: config 0 has an invalid interface number: 107 but max is 0 [ 76.330695][ T17] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 76.341985][ T17] usb 1-1: config 0 has no interface number 0 [ 76.350322][ T17] usb 1-1: config 0 interface 107 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0 [ 76.364838][ T17] usb 1-1: New USB device found, idVendor=052b, idProduct=1a18, bcdDevice=c0.91 [ 76.376714][ T17] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 76.387091][ T17] usb 1-1: config 0 descriptor?? [ 76.432862][ T17] zr364xx 1-1:0.107: Zoran 364xx compatible webcam plugged [ 76.441484][ T17] zr364xx 1-1:0.107: model 052b:1a18 detected [ 76.449307][ T17] usb 1-1: 320x240 mode selected [ 76.455466][ T17] zr364xx: start read pipe failed executing program [ 76.642224][ T17] usb 1-1: Zoran 364xx controlling device video0 [ 76.649878][ T17] usb 1-1: USB disconnect, device number 3 [ 76.748663][ T17] zr364xx 1-1:0.107: Zoran 364xx webcam unplugged [ 77.101430][ T17] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 77.461419][ T17] usb 1-1: config 0 has an invalid interface number: 107 but max is 0 [ 77.469603][ T17] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 77.479787][ T17] usb 1-1: config 0 has no interface number 0 [ 77.486063][ T17] usb 1-1: config 0 interface 107 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0 [ 77.496196][ T17] usb 1-1: New USB device found, idVendor=052b, idProduct=1a18, bcdDevice=c0.91 [ 77.505281][ T17] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.514971][ T17] usb 1-1: config 0 descriptor?? [ 77.552489][ T17] zr364xx 1-1:0.107: Zoran 364xx compatible webcam plugged [ 77.559748][ T17] zr364xx 1-1:0.107: model 052b:1a18 detected [ 77.566255][ T17] usb 1-1: 320x240 mode selected [ 77.571554][ T17] zr364xx: start read pipe failed executing program [ 77.772156][ T17] usb 1-1: Zoran 364xx controlling device video0 [ 77.779729][ T17] usb 1-1: USB disconnect, device number 4 [ 77.877491][ T17] zr364xx 1-1:0.107: Zoran 364xx webcam unplugged [ 78.231755][ T17] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 78.591363][ T17] usb 1-1: config 0 has an invalid interface number: 107 but max is 0 [ 78.599925][ T17] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 78.610174][ T17] usb 1-1: config 0 has no interface number 0 [ 78.616298][ T17] usb 1-1: config 0 interface 107 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0 [ 78.626279][ T17] usb 1-1: New USB device found, idVendor=052b, idProduct=1a18, bcdDevice=c0.91 [ 78.635411][ T17] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.644509][ T17] usb 1-1: config 0 descriptor?? [ 78.682459][ T17] zr364xx 1-1:0.107: Zoran 364xx compatible webcam plugged [ 78.689697][ T17] zr364xx 1-1:0.107: model 052b:1a18 detected [ 78.695972][ T17] usb 1-1: 320x240 mode selected [ 78.701085][ T17] zr364xx: start read pipe failed executing program [ 78.902048][ T17] usb 1-1: Zoran 364xx controlling device video0 [ 78.909290][ T17] usb 1-1: USB disconnect, device number 5 [ 79.007417][ T1769] ================================================================== [ 79.016122][ T1769] BUG: KASAN: null-ptr-deref in read_word_at_a_time+0xe/0x20 [ 79.023649][ T1769] Read of size 1 at addr 0000000000000000 by task v4l_id/1769 [ 79.031620][ T1769] [ 79.033938][ T1769] CPU: 0 PID: 1769 Comm: v4l_id Not tainted 5.2.0-rc1+ #10 [ 79.041119][ T1769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.051438][ T1769] Call Trace: [ 79.054916][ T1769] dump_stack+0xca/0x13e [ 79.059159][ T1769] ? read_word_at_a_time+0xe/0x20 [ 79.064169][ T1769] ? read_word_at_a_time+0xe/0x20 [ 79.069224][ T1769] __kasan_report.cold+0x5/0x32 [ 79.074199][ T1769] ? mutex_trylock+0xd0/0x1a0 [ 79.078865][ T1769] ? read_word_at_a_time+0xe/0x20 [ 79.084001][ T1769] kasan_report+0xe/0x20 [ 79.088237][ T1769] read_word_at_a_time+0xe/0x20 [ 79.093071][ T1769] strscpy+0x8a/0x280 [ 79.097320][ T1769] zr364xx_vidioc_querycap+0xb0/0x210 [ 79.102797][ T1769] ? is_module_text_address+0xc/0x1a [ 79.108107][ T1769] v4l_querycap+0x121/0x340 [ 79.112614][ T1769] __video_do_ioctl+0x5b0/0xb30 [ 79.117444][ T1769] ? copy_overflow+0x30/0x30 [ 79.122045][ T1769] ? stack_trace_save+0x9f/0xe0 [ 79.126891][ T1769] ? stack_trace_consume_entry+0x180/0x180 [ 79.132821][ T1769] video_usercopy+0x446/0xee0 [ 79.137498][ T1769] ? copy_overflow+0x30/0x30 [ 79.142084][ T1769] ? __kprobes_text_end+0x116e58/0x116e58 [ 79.147933][ T1769] ? v4l_enumstd+0x60/0x60 [ 79.152461][ T1769] ? debug_check_no_obj_freed+0x20a/0x42e [ 79.158211][ T1769] ? do_raw_spin_lock+0x11a/0x280 [ 79.163236][ T1769] ? video_usercopy+0xee0/0xee0 [ 79.168185][ T1769] v4l2_ioctl+0x147/0x1a0 [ 79.172505][ T1769] ? video_devdata+0xa0/0xa0 [ 79.177109][ T1769] do_vfs_ioctl+0xcda/0x12e0 [ 79.181996][ T1769] ? quarantine_put+0xb2/0x150 [ 79.186826][ T1769] ? ioctl_preallocate+0x200/0x200 [ 79.192214][ T1769] ? putname+0xe1/0x120 [ 79.196362][ T1769] ? putname+0xe1/0x120 [ 79.200509][ T1769] ? rcu_read_lock_sched_held+0x113/0x130 [ 79.206233][ T1769] ? kmem_cache_free+0x258/0x2a0 [ 79.211167][ T1769] ? putname+0xe1/0x120 [ 79.215304][ T1769] ? do_sys_open+0x2e7/0x580 [ 79.219919][ T1769] ? filp_open+0x70/0x70 [ 79.224245][ T1769] ksys_ioctl+0x9b/0xc0 [ 79.228388][ T1769] __x64_sys_ioctl+0x6f/0xb0 [ 79.233176][ T1769] ? lockdep_hardirqs_on+0x379/0x580 [ 79.238469][ T1769] do_syscall_64+0xb7/0x560 [ 79.243056][ T1769] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.248949][ T1769] RIP: 0033:0x7fc49a23a347 [ 79.253400][ T1769] Code: 90 90 90 48 8b 05 f1 fa 2a 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 90 90 90 90 90 90 90 90 90 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c1 fa 2a 00 31 d2 48 29 c2 64 [ 79.273456][ T1769] RSP: 002b:00007ffce95c4b28 EFLAGS: 00000206 ORIG_RAX: 0000000000000010 [ 79.282194][ T1769] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc49a23a347 [ 79.290163][ T1769] RDX: 00007ffce95c4b30 RSI: 0000000080685600 RDI: 0000000000000003 [ 79.298391][ T1769] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 79.307180][ T1769] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000400884 [ 79.315148][ T1769] R13: 00007ffce95c4c80 R14: 0000000000000000 R15: 0000000000000000 [ 79.323159][ T1769] ================================================================== [ 79.331425][ T1769] Disabling lock debugging due to kernel taint [ 79.340948][ T1769] Kernel panic - not syncing: panic_on_warn set ... [ 79.347986][ T1769] CPU: 0 PID: 1769 Comm: v4l_id Tainted: G B 5.2.0-rc1+ #10 [ 79.357003][ T1769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.369061][ T1769] Call Trace: [ 79.372402][ T1769] dump_stack+0xca/0x13e [ 79.376641][ T1769] panic+0x292/0x6c9 [ 79.380647][ T1769] ? __warn_printk+0xf3/0xf3 [ 79.385424][ T1769] ? retint_kernel+0x10/0x10 [ 79.390032][ T1769] ? trace_hardirqs_on+0x55/0x1c0 [ 79.395151][ T1769] ? read_word_at_a_time+0xe/0x20 [ 79.400164][ T1769] end_report+0x43/0x49 [ 79.404358][ T1769] ? read_word_at_a_time+0xe/0x20 [ 79.409478][ T1769] __kasan_report.cold+0xd/0x32 [ 79.414332][ T1769] ? mutex_trylock+0xd0/0x1a0 [ 79.419149][ T1769] ? read_word_at_a_time+0xe/0x20 [ 79.424514][ T1769] kasan_report+0xe/0x20 [ 79.428753][ T1769] read_word_at_a_time+0xe/0x20 [ 79.433701][ T1769] strscpy+0x8a/0x280 [ 79.437682][ T1769] zr364xx_vidioc_querycap+0xb0/0x210 [ 79.443064][ T1769] ? is_module_text_address+0xc/0x1a [ 79.448570][ T1769] v4l_querycap+0x121/0x340 [ 79.453087][ T1769] __video_do_ioctl+0x5b0/0xb30 [ 79.457949][ T1769] ? copy_overflow+0x30/0x30 [ 79.462543][ T1769] ? stack_trace_save+0x9f/0xe0 [ 79.467393][ T1769] ? stack_trace_consume_entry+0x180/0x180 [ 79.473201][ T1769] video_usercopy+0x446/0xee0 [ 79.477874][ T1769] ? copy_overflow+0x30/0x30 [ 79.482461][ T1769] ? __kprobes_text_end+0x116e58/0x116e58 [ 79.488184][ T1769] ? v4l_enumstd+0x60/0x60 [ 79.492693][ T1769] ? debug_check_no_obj_freed+0x20a/0x42e [ 79.498413][ T1769] ? do_raw_spin_lock+0x11a/0x280 [ 79.503447][ T1769] ? video_usercopy+0xee0/0xee0 [ 79.508382][ T1769] v4l2_ioctl+0x147/0x1a0 [ 79.512711][ T1769] ? video_devdata+0xa0/0xa0 [ 79.517301][ T1769] do_vfs_ioctl+0xcda/0x12e0 [ 79.521892][ T1769] ? quarantine_put+0xb2/0x150 [ 79.526658][ T1769] ? ioctl_preallocate+0x200/0x200 [ 79.531767][ T1769] ? putname+0xe1/0x120 [ 79.535913][ T1769] ? putname+0xe1/0x120 [ 79.540072][ T1769] ? rcu_read_lock_sched_held+0x113/0x130 [ 79.545960][ T1769] ? kmem_cache_free+0x258/0x2a0 [ 79.550901][ T1769] ? putname+0xe1/0x120 [ 79.555056][ T1769] ? do_sys_open+0x2e7/0x580 [ 79.559652][ T1769] ? filp_open+0x70/0x70 [ 79.563893][ T1769] ksys_ioctl+0x9b/0xc0 [ 79.568060][ T1769] __x64_sys_ioctl+0x6f/0xb0 [ 79.572646][ T1769] ? lockdep_hardirqs_on+0x379/0x580 [ 79.577925][ T1769] do_syscall_64+0xb7/0x560 [ 79.582605][ T1769] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.588491][ T1769] RIP: 0033:0x7fc49a23a347 [ 79.592899][ T1769] Code: 90 90 90 48 8b 05 f1 fa 2a 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 90 90 90 90 90 90 90 90 90 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c1 fa 2a 00 31 d2 48 29 c2 64 [ 79.612674][ T1769] RSP: 002b:00007ffce95c4b28 EFLAGS: 00000206 ORIG_RAX: 0000000000000010 [ 79.621098][ T1769] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc49a23a347 [ 79.629174][ T1769] RDX: 00007ffce95c4b30 RSI: 0000000080685600 RDI: 0000000000000003 [ 79.637149][ T1769] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 79.645125][ T1769] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000400884 [ 79.653094][ T1769] R13: 00007ffce95c4c80 R14: 0000000000000000 R15: 0000000000000000 [ 79.661601][ T1769] Kernel Offset: disabled [ 79.666031][ T1769] Rebooting in 86400 seconds..