[info] Using makefile-style concurrent boot in runlevel 2. [ 14.751193][ C1] random: crng init done [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.107' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.360723][ T83] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 26.600638][ T83] usb 1-1: Using ep0 maxpacket: 8 [ 26.720831][ T83] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.734562][ T83] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 26.748003][ T83] usb 1-1: New USB device found, idVendor=054c, idProduct=0374, bcdDevice= 0.00 [ 26.757302][ T83] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.767324][ T83] usb 1-1: config 0 descriptor?? [ 27.252794][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.259797][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x2 [ 27.266988][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.273881][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.281194][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.288000][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.294935][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.302413][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.309515][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.316621][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.324089][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.331233][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.338520][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.345359][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.352184][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.359559][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.366615][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.373659][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.380473][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.387556][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.394728][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.401543][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.408336][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.415317][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.422608][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.429524][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.436461][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.443357][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 executing program [ 27.451084][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.458343][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.465326][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.472284][ T83] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 27.484267][ T83] sony 0003:054C:0374.0001: hiddev0,hidraw0: USB HID v0.00 Device [HID 054c:0374] on usb-dummy_hcd.0-1/input0 [ 27.496230][ T83] sony 0003:054C:0374.0001: failed to claim input [ 27.504801][ T83] usb 1-1: USB disconnect, device number 2 [ 27.860663][ T83] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 28.100634][ T83] usb 1-1: Using ep0 maxpacket: 8 [ 28.220744][ T83] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.231695][ T83] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 28.244581][ T83] usb 1-1: New USB device found, idVendor=054c, idProduct=0374, bcdDevice= 0.00 [ 28.253700][ T83] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.262997][ T83] usb 1-1: config 0 descriptor?? [ 28.741856][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.748717][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x2 [ 28.755581][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.762526][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.769295][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.776155][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.782966][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.790062][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.796891][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.803702][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.810476][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.817300][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.824127][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.830931][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.837720][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.844553][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.851376][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.858191][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.865005][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.871865][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.878628][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.885466][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.892274][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.899027][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.905837][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.912650][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.919434][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.926268][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.933104][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.939862][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.946681][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.947301][ T1729] ================================================================== [ 28.953498][ T83] sony 0003:054C:0374.0002: unknown main item tag 0x0 [ 28.961926][ T1729] BUG: KASAN: use-after-free in usbhid_power+0xca/0xe0 [ 28.961937][ T1729] Read of size 8 at addr ffff8881d34cc008 by task syz-executor083/1729 [ 28.961940][ T1729] [ 28.961954][ T1729] CPU: 0 PID: 1729 Comm: syz-executor083 Not tainted 5.3.0-rc5+ #28 [ 28.961961][ T1729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.961965][ T1729] Call Trace: [ 28.961987][ T1729] dump_stack+0xca/0x13e [ 29.011715][ T1729] ? usbhid_power+0xca/0xe0 [ 29.016201][ T1729] ? usbhid_power+0xca/0xe0 [ 29.020690][ T1729] print_address_description+0x6a/0x32c [ 29.026225][ T1729] ? usbhid_power+0xca/0xe0 [ 29.030797][ T1729] ? usbhid_power+0xca/0xe0 [ 29.035292][ T1729] __kasan_report.cold+0x1a/0x33 [ 29.040209][ T1729] ? usbhid_power+0xca/0xe0 [ 29.045042][ T1729] kasan_report+0xe/0x12 [ 29.049265][ T1729] usbhid_power+0xca/0xe0 [ 29.053585][ T1729] hidraw_open+0x20d/0x740 [ 29.057980][ T1729] ? usbhid_output_report+0x290/0x290 [ 29.063332][ T1729] ? hidraw_ioctl+0xae0/0xae0 [ 29.068195][ T1729] chrdev_open+0x219/0x5c0 [ 29.072603][ T1729] ? cdev_put.part.0+0x50/0x50 [ 29.077370][ T1729] do_dentry_open+0x494/0x1120 [ 29.082209][ T1729] ? cdev_put.part.0+0x50/0x50 [ 29.086966][ T1729] ? chmod_common+0x3c0/0x3c0 [ 29.091626][ T1729] ? inode_permission+0xbe/0x3a0 [ 29.096546][ T1729] path_openat+0x1430/0x3f50 [ 29.101118][ T1729] ? save_stack+0x1b/0x80 [ 29.105465][ T1729] ? do_sys_open+0x294/0x580 [ 29.110138][ T1729] ? do_syscall_64+0xb7/0x580 [ 29.114808][ T1729] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 29.120160][ T1729] ? mod_node_page_state+0xb6/0xf0 [ 29.125252][ T1729] ? __lock_acquire+0x145e/0x3b50 [ 29.130271][ T1729] do_filp_open+0x1a1/0x280 [ 29.134865][ T1729] ? may_open_dev+0xf0/0xf0 [ 29.139360][ T1729] ? __alloc_fd+0x46d/0x600 [ 29.143845][ T1729] ? do_raw_spin_lock+0x11a/0x280 [ 29.148886][ T1729] ? do_raw_spin_unlock+0x50/0x220 [ 29.153981][ T1729] ? _raw_spin_unlock+0x1f/0x30 [ 29.158813][ T1729] ? __alloc_fd+0x46d/0x600 [ 29.163389][ T1729] do_sys_open+0x3c0/0x580 [ 29.167979][ T1729] ? filp_open+0x70/0x70 [ 29.172291][ T1729] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 29.177991][ T1729] do_syscall_64+0xb7/0x580 [ 29.182480][ T1729] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.188697][ T1729] RIP: 0033:0x4019f0 [ 29.192578][ T1729] Code: 01 f0 ff ff 0f 83 c0 0b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d dd 5c 2d 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 94 0b 00 00 c3 48 83 ec 08 e8 fa 00 00 00 [ 29.212334][ T1729] RSP: 002b:00007ffdc171f568 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 29.220725][ T1729] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004019f0 [ 29.228689][ T1729] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffdc171f570 [ 29.236642][ T1729] RBP: 6666666666666667 R08: 000000000000000f R09: 0000000000000000 [ 29.244591][ T1729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402a10 [ 29.252641][ T1729] R13: 0000000000402aa0 R14: 0000000000000000 R15: 0000000000000000 [ 29.260680][ T1729] [ 29.262991][ T1729] Allocated by task 1705: [ 29.267306][ T1729] save_stack+0x1b/0x80 [ 29.271466][ T1729] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 29.277093][ T1729] __kmalloc_node_track_caller+0xfc/0x380 [ 29.282799][ T1729] __kmalloc_reserve.isra.0+0x39/0xe0 [ 29.288254][ T1729] __alloc_skb+0xef/0x5a0 [ 29.292573][ T1729] netlink_sendmsg+0x8cd/0xcc0 [ 29.297338][ T1729] sock_sendmsg+0xcf/0x120 [ 29.301830][ T1729] ___sys_sendmsg+0x803/0x920 [ 29.306490][ T1729] __sys_sendmsg+0xec/0x1b0 [ 29.310978][ T1729] do_syscall_64+0xb7/0x580 [ 29.315466][ T1729] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.321334][ T1729] [ 29.323647][ T1729] Freed by task 1705: [ 29.327610][ T1729] save_stack+0x1b/0x80 [ 29.331746][ T1729] __kasan_slab_free+0x130/0x180 [ 29.336674][ T1729] kfree+0xe4/0x2f0 [ 29.340463][ T1729] skb_free_head+0x8b/0xa0 [ 29.344875][ T1729] skb_release_data+0x41f/0x7c0 [ 29.349825][ T1729] skb_release_all+0x46/0x60 [ 29.354399][ T1729] consume_skb+0xd9/0x320 [ 29.358713][ T1729] netlink_unicast+0x4d7/0x690 [ 29.363456][ T1729] netlink_sendmsg+0x802/0xcc0 [ 29.368201][ T1729] sock_sendmsg+0xcf/0x120 [ 29.372599][ T1729] ___sys_sendmsg+0x803/0x920 [ 29.377343][ T1729] __sys_sendmsg+0xec/0x1b0 [ 29.381830][ T1729] do_syscall_64+0xb7/0x580 [ 29.386314][ T1729] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.392184][ T1729] [ 29.394497][ T1729] The buggy address belongs to the object at ffff8881d34cc000 [ 29.394497][ T1729] which belongs to the cache kmalloc-1k of size 1024 [ 29.408796][ T1729] The buggy address is located 8 bytes inside of [ 29.408796][ T1729] 1024-byte region [ffff8881d34cc000, ffff8881d34cc400) [ 29.421975][ T1729] The buggy address belongs to the page: [ 29.427593][ T1729] page:ffffea00074d3300 refcount:1 mapcount:0 mapping:ffff8881da002280 index:0x0 compound_mapcount: 0 [ 29.438512][ T1729] flags: 0x200000000010200(slab|head) [ 29.443868][ T1729] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da002280 [ 29.452525][ T1729] raw: 0000000000000000 00000000000e000e 00000001ffffffff 0000000000000000 [ 29.461292][ T1729] page dumped because: kasan: bad access detected [ 29.478881][ T1729] [ 29.481291][ T1729] Memory state around the buggy address: [ 29.486906][ T1729] ffff8881d34cbf00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.494966][ T1729] ffff8881d34cbf80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.503013][ T1729] >ffff8881d34cc000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.511054][ T1729] ^ [ 29.518989][ T1729] ffff8881d34cc080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.527389][ T1729] ffff8881d34cc100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.535429][ T1729] ================================================================== [ 29.543474][ T1729] Disabling lock debugging due to kernel taint [ 29.549705][ T1729] Kernel panic - not syncing: panic_on_warn set ... [ 29.556298][ T1729] CPU: 0 PID: 1729 Comm: syz-executor083 Tainted: G B 5.3.0-rc5+ #28 [ 29.565760][ T1729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.575917][ T1729] Call Trace: [ 29.579201][ T1729] dump_stack+0xca/0x13e [ 29.583423][ T1729] panic+0x2a3/0x6da [ 29.587293][ T1729] ? add_taint.cold+0x16/0x16 [ 29.591951][ T1729] ? retint_kernel+0x10/0x10 [ 29.596517][ T1729] ? trace_hardirqs_on+0x55/0x1e0 [ 29.601521][ T1729] ? usbhid_power+0xca/0xe0 [ 29.606010][ T1729] end_report+0x43/0x49 [ 29.610137][ T1729] ? usbhid_power+0xca/0xe0 [ 29.614613][ T1729] __kasan_report.cold+0xd/0x33 [ 29.619443][ T1729] ? usbhid_power+0xca/0xe0 [ 29.623923][ T1729] kasan_report+0xe/0x12 [ 29.628143][ T1729] usbhid_power+0xca/0xe0 [ 29.632451][ T1729] hidraw_open+0x20d/0x740 [ 29.636844][ T1729] ? usbhid_output_report+0x290/0x290 [ 29.642206][ T1729] ? hidraw_ioctl+0xae0/0xae0 [ 29.646866][ T1729] chrdev_open+0x219/0x5c0 [ 29.651260][ T1729] ? cdev_put.part.0+0x50/0x50 [ 29.655999][ T1729] do_dentry_open+0x494/0x1120 [ 29.660738][ T1729] ? cdev_put.part.0+0x50/0x50 [ 29.665473][ T1729] ? chmod_common+0x3c0/0x3c0 [ 29.670125][ T1729] ? inode_permission+0xbe/0x3a0 [ 29.675186][ T1729] path_openat+0x1430/0x3f50 [ 29.679774][ T1729] ? save_stack+0x1b/0x80 [ 29.684079][ T1729] ? do_sys_open+0x294/0x580 [ 29.688641][ T1729] ? do_syscall_64+0xb7/0x580 [ 29.693291][ T1729] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 29.698637][ T1729] ? mod_node_page_state+0xb6/0xf0 [ 29.704018][ T1729] ? __lock_acquire+0x145e/0x3b50 [ 29.709022][ T1729] do_filp_open+0x1a1/0x280 [ 29.713502][ T1729] ? may_open_dev+0xf0/0xf0 [ 29.717995][ T1729] ? __alloc_fd+0x46d/0x600 [ 29.722475][ T1729] ? do_raw_spin_lock+0x11a/0x280 [ 29.727475][ T1729] ? do_raw_spin_unlock+0x50/0x220 [ 29.732567][ T1729] ? _raw_spin_unlock+0x1f/0x30 [ 29.737393][ T1729] ? __alloc_fd+0x46d/0x600 [ 29.741876][ T1729] do_sys_open+0x3c0/0x580 [ 29.746267][ T1729] ? filp_open+0x70/0x70 [ 29.750490][ T1729] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 29.756191][ T1729] do_syscall_64+0xb7/0x580 [ 29.760675][ T1729] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 29.766627][ T1729] RIP: 0033:0x4019f0 [ 29.770504][ T1729] Code: 01 f0 ff ff 0f 83 c0 0b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d dd 5c 2d 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 94 0b 00 00 c3 48 83 ec 08 e8 fa 00 00 00 [ 29.790186][ T1729] RSP: 002b:00007ffdc171f568 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 29.798596][ T1729] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004019f0 [ 29.806553][ T1729] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffdc171f570 [ 29.814500][ T1729] RBP: 6666666666666667 R08: 000000000000000f R09: 0000000000000000 [ 29.822448][ T1729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402a10 [ 29.830509][ T1729] R13: 0000000000402aa0 R14: 0000000000000000 R15: 0000000000000000 [ 29.839146][ T1729] Kernel Offset: disabled [ 29.843458][ T1729] Rebooting in 86400 seconds..