Warning: Permanently added '10.128.10.42' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.282753][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 28.522766][ T12] usb 1-1: Using ep0 maxpacket: 32 [ 28.642791][ T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.653949][ T12] usb 1-1: New USB device found, idVendor=906d, idProduct=c3d9, bcdDevice= 0.40 [ 28.663135][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.672309][ T12] usb 1-1: config 0 descriptor?? [ 29.154771][ T12] hid-generic 0003:906D:C3D9.0001: unknown main item tag 0x0 [ 29.164657][ T12] hid-generic 0003:906D:C3D9.0001: hidraw0: USB HID v0.00 Device [HID 906d:c3d9] on usb-dummy_hcd.0-1/input0 [ 29.423888][ T12] usb 1-1: USB disconnect, device number 2 [ 29.623710][ T1721] ================================================================== [ 29.631855][ T1721] BUG: KASAN: use-after-free in strlen+0x79/0x90 [ 29.638164][ T1721] Read of size 1 at addr ffff8881d63e1f38 by task syz-executor119/1721 [ 29.646382][ T1721] [ 29.648699][ T1721] CPU: 0 PID: 1721 Comm: syz-executor119 Not tainted 5.3.0-rc2+ #25 [ 29.656649][ T1721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.666689][ T1721] Call Trace: [ 29.669973][ T1721] dump_stack+0xca/0x13e [ 29.674190][ T1721] ? strlen+0x79/0x90 [ 29.678161][ T1721] ? strlen+0x79/0x90 [ 29.682228][ T1721] print_address_description+0x6a/0x32c [ 29.687752][ T1721] ? strlen+0x79/0x90 [ 29.691713][ T1721] ? strlen+0x79/0x90 [ 29.695678][ T1721] __kasan_report.cold+0x1a/0x33 [ 29.700601][ T1721] ? strlen+0x79/0x90 [ 29.704608][ T1721] kasan_report+0xe/0x12 [ 29.708837][ T1721] strlen+0x79/0x90 [ 29.712632][ T1721] hidraw_ioctl+0x245/0xae0 [ 29.717115][ T1721] ? hidraw_disconnect+0x2c0/0x2c0 [ 29.722438][ T1721] ? lock_acquire+0x127/0x320 [ 29.727097][ T1721] ? debug_object_free+0x52/0x340 [ 29.732107][ T1721] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 29.737896][ T1721] ? hidraw_disconnect+0x2c0/0x2c0 [ 29.743052][ T1721] do_vfs_ioctl+0xd2d/0x1330 [ 29.747774][ T1721] ? ioctl_preallocate+0x200/0x200 [ 29.753036][ T1721] ? hrtimer_nanosleep+0x28a/0x510 [ 29.758182][ T1721] ? nanosleep_copyout+0x100/0x100 [ 29.763370][ T1721] ? _copy_from_user+0x123/0x190 [ 29.768408][ T1721] ? clock_was_set_work+0x20/0x20 [ 29.773421][ T1721] ? put_old_itimerspec32+0x1d0/0x1d0 [ 29.779263][ T1721] ? rwlock_bug.part.0+0x90/0x90 [ 29.784190][ T1721] ksys_ioctl+0x9b/0xc0 [ 29.788335][ T1721] __x64_sys_ioctl+0x6f/0xb0 [ 29.792908][ T1721] ? lockdep_hardirqs_on+0x379/0x580 [ 29.798264][ T1721] do_syscall_64+0xb7/0x580 [ 29.802790][ T1721] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.808671][ T1721] RIP: 0033:0x4448a9 [ 29.812564][ T1721] Code: e8 bc af 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 29.832374][ T1721] RSP: 002b:00007ffed6575438 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 29.840776][ T1721] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 00000000004448a9 [ 29.848733][ T1721] RDX: 0000000000000000 RSI: 0000000080404805 RDI: 0000000000000004 [ 29.856826][ T1721] RBP: 00000000006cf018 R08: 000000000000000b R09: 00000000004002e0 [ 29.864864][ T1721] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000402550 [ 29.872829][ T1721] R13: 00000000004025e0 R14: 0000000000000000 R15: 0000000000000000 [ 29.880787][ T1721] [ 29.883106][ T1721] The buggy address belongs to the page: [ 29.888718][ T1721] page:ffffea000758f840 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 29.897802][ T1721] flags: 0x200000000000000() [ 29.902379][ T1721] raw: 0200000000000000 0000000000000000 ffffffff00000201 0000000000000000 [ 29.911096][ T1721] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 29.919665][ T1721] page dumped because: kasan: bad access detected [ 29.926058][ T1721] [ 29.928405][ T1721] Memory state around the buggy address: [ 29.934084][ T1721] ffff8881d63e1e00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.942134][ T1721] ffff8881d63e1e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.950223][ T1721] >ffff8881d63e1f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.958363][ T1721] ^ [ 29.964242][ T1721] ffff8881d63e1f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.972283][ T1721] ffff8881d63e2000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 29.980323][ T1721] ================================================================== [ 29.988364][ T1721] Disabling lock debugging due to kernel taint [ 29.994732][ T1721] Kernel panic - not syncing: panic_on_warn set ... [ 30.001317][ T1721] CPU: 0 PID: 1721 Comm: syz-executor119 Tainted: G B 5.3.0-rc2+ #25 [ 30.010658][ T1721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.020691][ T1721] Call Trace: [ 30.024030][ T1721] dump_stack+0xca/0x13e [ 30.028284][ T1721] panic+0x2a3/0x6da [ 30.032159][ T1721] ? add_taint.cold+0x16/0x16 [ 30.036852][ T1721] ? retint_kernel+0x10/0x10 [ 30.041476][ T1721] ? trace_hardirqs_on+0x55/0x1e0 [ 30.046484][ T1721] ? strlen+0x79/0x90 [ 30.050448][ T1721] end_report+0x43/0x49 [ 30.054591][ T1721] ? strlen+0x79/0x90 [ 30.058557][ T1721] __kasan_report.cold+0xd/0x33 [ 30.063389][ T1721] ? strlen+0x79/0x90 [ 30.067453][ T1721] kasan_report+0xe/0x12 [ 30.071733][ T1721] strlen+0x79/0x90 [ 30.075575][ T1721] hidraw_ioctl+0x245/0xae0 [ 30.080187][ T1721] ? hidraw_disconnect+0x2c0/0x2c0 [ 30.085340][ T1721] ? lock_acquire+0x127/0x320 [ 30.090061][ T1721] ? debug_object_free+0x52/0x340 [ 30.095110][ T1721] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 30.100898][ T1721] ? hidraw_disconnect+0x2c0/0x2c0 [ 30.105990][ T1721] do_vfs_ioctl+0xd2d/0x1330 [ 30.110578][ T1721] ? ioctl_preallocate+0x200/0x200 [ 30.115747][ T1721] ? hrtimer_nanosleep+0x28a/0x510 [ 30.120840][ T1721] ? nanosleep_copyout+0x100/0x100 [ 30.126009][ T1721] ? _copy_from_user+0x123/0x190 [ 30.130949][ T1721] ? clock_was_set_work+0x20/0x20 [ 30.135965][ T1721] ? put_old_itimerspec32+0x1d0/0x1d0 [ 30.141318][ T1721] ? rwlock_bug.part.0+0x90/0x90 [ 30.146234][ T1721] ksys_ioctl+0x9b/0xc0 [ 30.150369][ T1721] __x64_sys_ioctl+0x6f/0xb0 [ 30.154936][ T1721] ? lockdep_hardirqs_on+0x379/0x580 [ 30.160202][ T1721] do_syscall_64+0xb7/0x580 [ 30.164686][ T1721] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.170731][ T1721] RIP: 0033:0x4448a9 [ 30.174609][ T1721] Code: e8 bc af 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 30.194255][ T1721] RSP: 002b:00007ffed6575438 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 30.202719][ T1721] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 00000000004448a9 [ 30.210691][ T1721] RDX: 0000000000000000 RSI: 0000000080404805 RDI: 0000000000000004 [ 30.218650][ T1721] RBP: 00000000006cf018 R08: 000000000000000b R09: 00000000004002e0 [ 30.226617][ T1721] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000402550 [ 30.234568][ T1721] R13: 00000000004025e0 R14: 0000000000000000 R15: 0000000000000000 [ 30.242827][ T1721] Kernel Offset: disabled [ 30.247154][ T1721] Rebooting in 86400 seconds..