[info] Using makefile-style concurrent boot in runlevel 2. [ 15.308142][ C1] random: crng init done [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.32' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 38.328984][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 38.568956][ T12] usb 1-1: Using ep0 maxpacket: 32 [ 38.689104][ T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 38.700138][ T12] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 38.713096][ T12] usb 1-1: New USB device found, idVendor=046d, idProduct=c71c, bcdDevice= 0.40 [ 38.722331][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.731730][ T12] usb 1-1: config 0 descriptor?? [ 39.210804][ T12] logitech-djreceiver 0003:046D:C71C.0001: unknown main item tag 0x0 [ 39.219178][ T12] logitech-djreceiver 0003:046D:C71C.0001: unknown main item tag 0x0 [ 39.227408][ T12] logitech-djreceiver 0003:046D:C71C.0001: unknown main item tag 0x0 [ 39.235966][ T12] logitech-djreceiver 0003:046D:C71C.0001: unknown main item tag 0x0 [ 39.244118][ T12] logitech-djreceiver 0003:046D:C71C.0001: unknown main item tag 0x0 [ 39.252344][ T12] logitech-djreceiver 0003:046D:C71C.0001: unknown main item tag 0x0 [ 39.260699][ T12] logitech-djreceiver 0003:046D:C71C.0001: unknown main item tag 0x0 [ 39.268808][ T12] logitech-djreceiver 0003:046D:C71C.0001: unknown main item tag 0x0 [ 39.277011][ T12] logitech-djreceiver 0003:046D:C71C.0001: unknown main item tag 0x0 [ 39.285285][ T12] logitech-djreceiver 0003:046D:C71C.0001: unknown main item tag 0x0 [ 39.295430][ T12] logitech-djreceiver 0003:046D:C71C.0001: hidraw0: USB HID v0.00 Device [HID 046d:c71c] on usb-dummy_hcd.0-1/input0 [ 39.410491][ T17] usb 1-1: USB disconnect, device number 2 [ 39.610099][ T1726] ================================================================== [ 39.618452][ T1726] BUG: KASAN: slab-out-of-bounds in strlen+0x79/0x90 [ 39.625258][ T1726] Read of size 1 at addr ffff8881d29bdf38 by task syz-executor201/1726 [ 39.633597][ T1726] [ 39.635932][ T1726] CPU: 1 PID: 1726 Comm: syz-executor201 Not tainted 5.3.0-rc2+ #25 [ 39.643943][ T1726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.653997][ T1726] Call Trace: [ 39.657361][ T1726] dump_stack+0xca/0x13e [ 39.661742][ T1726] ? strlen+0x79/0x90 [ 39.665740][ T1726] ? strlen+0x79/0x90 [ 39.669878][ T1726] print_address_description+0x6a/0x32c [ 39.675564][ T1726] ? strlen+0x79/0x90 [ 39.679654][ T1726] ? strlen+0x79/0x90 [ 39.683812][ T1726] __kasan_report.cold+0x1a/0x33 [ 39.688879][ T1726] ? strlen+0x79/0x90 [ 39.693208][ T1726] kasan_report+0xe/0x12 [ 39.697464][ T1726] strlen+0x79/0x90 [ 39.701385][ T1726] hidraw_ioctl+0x245/0xae0 [ 39.705918][ T1726] ? hidraw_disconnect+0x2c0/0x2c0 [ 39.711045][ T1726] ? lock_acquire+0x127/0x320 [ 39.715852][ T1726] ? debug_object_free+0x52/0x340 [ 39.720914][ T1726] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 39.726938][ T1726] ? hidraw_disconnect+0x2c0/0x2c0 [ 39.732255][ T1726] do_vfs_ioctl+0xd2d/0x1330 [ 39.736973][ T1726] ? ioctl_preallocate+0x200/0x200 [ 39.742196][ T1726] ? hrtimer_nanosleep+0x28a/0x510 [ 39.749122][ T1726] ? nanosleep_copyout+0x100/0x100 [ 39.754454][ T1726] ? _copy_from_user+0x123/0x190 [ 39.759518][ T1726] ? clock_was_set_work+0x20/0x20 [ 39.764946][ T1726] ? put_old_itimerspec32+0x1d0/0x1d0 [ 39.770524][ T1726] ? rwlock_bug.part.0+0x90/0x90 [ 39.775693][ T1726] ksys_ioctl+0x9b/0xc0 [ 39.780004][ T1726] __x64_sys_ioctl+0x6f/0xb0 [ 39.784616][ T1726] ? lockdep_hardirqs_on+0x379/0x580 [ 39.789909][ T1726] do_syscall_64+0xb7/0x580 [ 39.794601][ T1726] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.800641][ T1726] RIP: 0033:0x445679 [ 39.804544][ T1726] Code: e8 5c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b cd fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 39.825173][ T1726] RSP: 002b:00007ffc8514f3a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 39.833670][ T1726] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000445679 [ 39.841763][ T1726] RDX: 0000000000000000 RSI: 0000000080404805 RDI: 0000000000000004 [ 39.849753][ T1726] RBP: 00000000006d0018 R08: 000000000000000b R09: 00000000004002e0 [ 39.857986][ T1726] R10: 000000000000000f R11: 0000000000000246 R12: 00000000004028a0 [ 39.865955][ T1726] R13: 0000000000402930 R14: 0000000000000000 R15: 0000000000000000 [ 39.873940][ T1726] [ 39.876261][ T1726] Allocated by task 0: [ 39.880330][ T1726] (stack is not available) [ 39.884796][ T1726] [ 39.887138][ T1726] Freed by task 0: [ 39.890849][ T1726] (stack is not available) [ 39.895300][ T1726] [ 39.897630][ T1726] The buggy address belongs to the object at ffff8881d29bde60 [ 39.897630][ T1726] which belongs to the cache shmem_inode_cache of size 1168 [ 39.912399][ T1726] The buggy address is located 216 bytes inside of [ 39.912399][ T1726] 1168-byte region [ffff8881d29bde60, ffff8881d29be2f0) [ 39.925854][ T1726] The buggy address belongs to the page: [ 39.931490][ T1726] page:ffffea00074a6f00 refcount:1 mapcount:0 mapping:ffff8881da115180 index:0x0 compound_mapcount: 0 [ 39.942488][ T1726] flags: 0x200000000010200(slab|head) [ 39.948049][ T1726] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da115180 [ 39.956649][ T1726] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000 [ 39.965273][ T1726] page dumped because: kasan: bad access detected [ 39.971806][ T1726] [ 39.974131][ T1726] Memory state around the buggy address: [ 39.979859][ T1726] ffff8881d29bde00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.987916][ T1726] ffff8881d29bde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 39.995980][ T1726] >ffff8881d29bdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.004150][ T1726] ^ [ 40.010071][ T1726] ffff8881d29bdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.018198][ T1726] ffff8881d29be000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.026478][ T1726] ================================================================== [ 40.034542][ T1726] Disabling lock debugging due to kernel taint [ 40.041115][ T1726] Kernel panic - not syncing: panic_on_warn set ... [ 40.047760][ T1726] CPU: 1 PID: 1726 Comm: syz-executor201 Tainted: G B 5.3.0-rc2+ #25 [ 40.057120][ T1726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.067282][ T1726] Call Trace: [ 40.070653][ T1726] dump_stack+0xca/0x13e [ 40.074891][ T1726] panic+0x2a3/0x6da [ 40.078771][ T1726] ? add_taint.cold+0x16/0x16 [ 40.083438][ T1726] ? retint_kernel+0x10/0x10 [ 40.088097][ T1726] ? trace_hardirqs_on+0x55/0x1e0 [ 40.093458][ T1726] ? strlen+0x79/0x90 [ 40.097568][ T1726] end_report+0x43/0x49 [ 40.101731][ T1726] ? strlen+0x79/0x90 [ 40.106425][ T1726] __kasan_report.cold+0xd/0x33 [ 40.111397][ T1726] ? strlen+0x79/0x90 [ 40.115524][ T1726] kasan_report+0xe/0x12 [ 40.119750][ T1726] strlen+0x79/0x90 [ 40.123723][ T1726] hidraw_ioctl+0x245/0xae0 [ 40.128244][ T1726] ? hidraw_disconnect+0x2c0/0x2c0 [ 40.133410][ T1726] ? lock_acquire+0x127/0x320 [ 40.138211][ T1726] ? debug_object_free+0x52/0x340 [ 40.143235][ T1726] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 40.149075][ T1726] ? hidraw_disconnect+0x2c0/0x2c0 [ 40.154265][ T1726] do_vfs_ioctl+0xd2d/0x1330 [ 40.158930][ T1726] ? ioctl_preallocate+0x200/0x200 [ 40.164031][ T1726] ? hrtimer_nanosleep+0x28a/0x510 [ 40.169143][ T1726] ? nanosleep_copyout+0x100/0x100 [ 40.174250][ T1726] ? _copy_from_user+0x123/0x190 [ 40.179329][ T1726] ? clock_was_set_work+0x20/0x20 [ 40.184341][ T1726] ? put_old_itimerspec32+0x1d0/0x1d0 [ 40.189788][ T1726] ? rwlock_bug.part.0+0x90/0x90 [ 40.194814][ T1726] ksys_ioctl+0x9b/0xc0 [ 40.199065][ T1726] __x64_sys_ioctl+0x6f/0xb0 [ 40.203678][ T1726] ? lockdep_hardirqs_on+0x379/0x580 [ 40.208994][ T1726] do_syscall_64+0xb7/0x580 [ 40.213696][ T1726] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.219662][ T1726] RIP: 0033:0x445679 [ 40.223540][ T1726] Code: e8 5c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b cd fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 40.243335][ T1726] RSP: 002b:00007ffc8514f3a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 40.251730][ T1726] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000445679 [ 40.259686][ T1726] RDX: 0000000000000000 RSI: 0000000080404805 RDI: 0000000000000004 [ 40.267803][ T1726] RBP: 00000000006d0018 R08: 000000000000000b R09: 00000000004002e0 [ 40.275857][ T1726] R10: 000000000000000f R11: 0000000000000246 R12: 00000000004028a0 [ 40.283809][ T1726] R13: 0000000000402930 R14: 0000000000000000 R15: 0000000000000000 [ 40.292459][ T1726] Kernel Offset: disabled [ 40.296882][ T1726] Rebooting in 86400 seconds..