
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   14.751150][ T1659] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   17.633175][    C1] random: crng init done
Warning: Permanently added '10.128.0.122' (ECDSA) to the list of known hosts.
2019/09/03 13:32:46 fuzzer started
2019/09/03 13:32:47 dialing manager at 10.128.0.105:43075
2019/09/03 13:32:47 syscalls: 84
2019/09/03 13:32:47 code coverage: enabled
2019/09/03 13:32:47 comparison tracing: enabled
2019/09/03 13:32:47 extra coverage: enabled
2019/09/03 13:32:47 setuid sandbox: enabled
2019/09/03 13:32:47 namespace sandbox: enabled
2019/09/03 13:32:47 Android sandbox: /sys/fs/selinux/policy does not exist
2019/09/03 13:32:47 fault injection: enabled
2019/09/03 13:32:47 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/09/03 13:32:47 net packet injection: /dev/net/tun can't be opened (open /dev/net/tun: no such device)
2019/09/03 13:32:47 net device setup: enabled
13:32:48 executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1e7d, 0x2d5a, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x22}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000640)={0x34, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x0, 0x22, 0x22}}, &(0x7f0000000d80)={0xfffffffffffffc31, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_disconnect(0xffffffffffffffff)

13:32:48 executing program 2:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x8b, 0x33, 0xea, 0x8, 0x3eb, 0x2, 0x4a2d, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xba, 0x0, 0x1, 0x72, 0x77, 0x55, 0x0, [], [{{0x7, 0x5, 0x81}}]}}]}}]}}, 0x0)
r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x4, 0x0)
ioctl$EVIOCSKEYCODE(r0, 0x80084504, &(0x7f0000000080)=[0x9e])

13:32:48 executing program 5:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000000000206d041cc740000000000109022400010000a000090400000903010100092100000001221500090581030000000000eeb4888ffffc1fe02da365a9c4cefe8b9061701c3ccd352d15832be259859020085b4a5525daaafdc49f5966f900634c11c56210235dca74b05abedf3b46e5d9292b0500e18c4a000000009cc704cc7915559794805a7ab13d448490dbacf268ac24723acf3ca4840af039b7f9b836bde466be4d323599801b61a4a4fd4844f9ebc1d2c099d1747d8a91b762f82102491b723620a3b8270a845ff9f1c3b2592b1c7bf23264e073619b7605c46fe40fa7c3f504d8c8ea34f3b22e920055f24e2eb678b727fb1ac5fd578144e937fd37a0d3c6046abde8526b5fcaf140e7f4812a0824fa5f4d83948ba668f56ae3e8620d99b9c1f78582652878508494e0c414f98f0011e48059b875829a888fe17b21dfa22006ebc772174d015490a64473e4c935704501301cf52ed27404ac30d18cbbeee24d2b8f6e059c288d50cc67f3867ce54031e1905dc7c5eaa26be3f442f03b58a286a0fdf0f9f556b72ce89f13bcd8e893da400ad1318d76a862a76fb7a149af39379d9f4edf33e083b8269da24cc9f090ffe7eb078a60501f474395465e687f67cfef7bc90442c42d43d108413a24dc9425f0b326c2f3759cb796fa6a867557550849b6c9c5a34b7a6498ebd50e4e0ce1da1d058deb3d42447332cbbde6ecc123cc2e4d4d3e502bdda0dbc95478a02cefc6df242cca038fc4383694de698becdeebdce59a82ff594483319b51eaedd151c3f89f28212245f0c8a41d0d957b4c11b904ab8a114643883163b168275dc38b0d9d64fcc9d1623fcbf07e5a336a0f0000000000000a37253311276ff70439c76defb6229bb959b007f341ce766c429120985770759f34da7c1c5f0bbc9cacbf7fe709000000c55a93dcf842864e000000"], 0x0)
syz_open_dev$evdev(0x0, 0x7, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x34, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0022150000008e03dd034f4e378515e081"]}, &(0x7f0000001bc0)={0xcc, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$hidraw(&(0x7f00000002c0)='/dev/hidraw#\x00', 0x0, 0x1)
ioctl$HIDIOCGFEATURE(r1, 0xc0404807, &(0x7f00000000c0)={0x0, "10c710cf46f2cf1eee3f600bb6c9a98acd5ad6a3d4f88fad6fd29c06e0458d48ee8c8e60fbdb5e7cb63db405c77886e09da739ae302cd3d904099475d12a3a4c"})
write$hidraw(r1, 0x0, 0x0)
syz_usb_connect(0x1, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x15, &(0x7f0000000040)={0x5, 0xf, 0x15, 0x3, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x0, 0x0, 0x180000000000000}, @ptm_cap={0x3}, @generic={0x3, 0x10, 0xb}]}, 0x3, [{0x4, &(0x7f0000000900)}, {0x0, 0x0}, {0x0, 0x0}]})

13:32:48 executing program 3:
syz_open_dev$hidraw(&(0x7f0000000080)='/dev/../raw#\x00', 0x0, 0x0)
syz_open_dev$hidraw(0x0, 0x0, 0x4000)
r0 = syz_open_dev$hidraw(&(0x7f0000000180)='/dev/hidraw#\x00', 0x6, 0x2)
r1 = syz_open_dev$hidraw(0x0, 0x2000000000000, 0x201)
syz_open_dev$hidraw(0x0, 0x0, 0x0)
write$hidraw(r1, &(0x7f0000001200)='\x00', 0xffffff45)
write$hidraw(r0, &(0x7f0000000000)="0b002fed6bc7ac", 0x7)

13:32:48 executing program 4:
syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
r0 = syz_open_dev$evdev(0x0, 0x0, 0x0)
ioctl$EVIOCSREP(r0, 0x4020940d, 0x0)

13:32:48 executing program 1:
syz_usb_connect(0x1, 0x5d, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100002f3dea08ac050e0297b40000000109021b00010000000009043d000103490200070581ba16c7a35805c5b1dbcff777ca3473cf2897bac6b7ce947d528d00d241da74ad0ca9cfa8acca4ab796710eedecebc25e3731f585f352aa92f8ea4317f6ef49893896ec21ef92e0f86e72f88c80d3"], 0x0)
syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x8f9c, 0x0)

[   26.355993][ T1728] cgroup1: Unknown subsys name 'perf_event'
[   26.363978][ T1729] cgroup1: Unknown subsys name 'perf_event'
[   26.370664][ T1729] cgroup1: Unknown subsys name 'net_cls'
[   26.383376][ T1728] cgroup1: Unknown subsys name 'net_cls'
[   26.433823][ T1732] cgroup1: Unknown subsys name 'perf_event'
[   26.442062][ T1732] cgroup1: Unknown subsys name 'net_cls'
[   26.450023][ T1736] cgroup1: Unknown subsys name 'perf_event'
[   26.459069][ T1738] cgroup1: Unknown subsys name 'perf_event'
[   26.459125][ T1735] cgroup1: Unknown subsys name 'perf_event'
[   26.466596][ T1736] cgroup1: Unknown subsys name 'net_cls'
[   26.479005][ T1738] cgroup1: Unknown subsys name 'net_cls'
[   26.485292][ T1735] cgroup1: Unknown subsys name 'net_cls'
13:32:51 executing program 3:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x3c, 0x81, 0x57, 0x40, 0x1b80, 0xe755, 0x1e97, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x61, 0x0, 0x1, 0x1b, 0xd5, 0xc6, 0x0, [], [{{0x7, 0x5, 0x83, 0xe0d5d1e99ce80e0d}}]}}]}}]}}, 0x0)
syz_usb_connect(0x0, 0x0, &(0x7f0000000540)=ANY=[], 0x0)

[   29.572822][   T22] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   29.592836][   T12] usb 2-1: new low-speed USB device number 2 using dummy_hcd
[   29.613025][    C1] ------------[ cut here ]------------
[   29.620777][    C1] WARNING: CPU: 1 PID: 1729 at kernel/kcov.c:684 kcov_remote_start.cold+0xc/0x26
[   29.630614][    C1] Kernel panic - not syncing: panic_on_warn set ...
[   29.637496][    C1] CPU: 1 PID: 1729 Comm: syz-executor.2 Not tainted 5.3.0-rc7+ #0
[   29.645321][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.655709][    C1] Call Trace:
[   29.659036][    C1]  <IRQ>
[   29.662204][    C1]  dump_stack+0xca/0x13e
[   29.666485][    C1]  ? kcov_remote_stop+0x110/0x1bc
[   29.671533][    C1]  panic+0x2a3/0x6da
[   29.675617][    C1]  ? add_taint.cold+0x16/0x16
[   29.680316][    C1]  ? __probe_kernel_read+0x188/0x1d0
[   29.685641][    C1]  ? __warn.cold+0x5/0x4a
[   29.690163][    C1]  ? __warn+0xe3/0x1e0
[   29.697447][    C1]  ? kcov_remote_start.cold+0xc/0x26
[   29.702926][    C1]  __warn.cold+0x20/0x4a
[   29.707804][    C1]  ? __irq_work_queue_local+0xa3/0xe0
[   29.715116][    C1]  ? kcov_remote_start.cold+0xc/0x26
[   29.720558][    C1]  report_bug+0x262/0x2a0
[   29.724994][    C1]  do_error_trap+0x12b/0x1e0
[   29.729636][    C1]  ? kcov_remote_start.cold+0xc/0x26
[   29.735080][    C1]  do_invalid_op+0x32/0x40
[   29.741171][    C1]  ? kcov_remote_start.cold+0xc/0x26
[   29.746813][    C1]  invalid_op+0x23/0x30
[   29.751183][    C1] RIP: 0010:kcov_remote_start.cold+0xc/0x26
[   29.757304][    C1] Code: b0 f8 ff ff 48 c7 c7 d8 dd a4 86 e8 54 93 ea ff 0f 0b 5b 4c 89 e7 5d 41 5c e9 9d e7 2f 04 48 c7 c7 d8 dd a4 86 e8 3a 93 ea ff <0f> 0b e9 93 fd ff ff 48 c7 c7 d8 dd a4 86 e8 27 93 ea ff 0f 0b e9
[   29.778615][    C1] RSP: 0018:ffff8881db309ae8 EFLAGS: 00010082
[   29.785093][    C1] RAX: 0000000000000024 RBX: ffff8881d563f700 RCX: 0000000000000000
[   29.793078][    C1] RDX: 0000000000000000 RSI: ffffffff81288ddd RDI: ffffed103b66134f
[   29.801136][    C1] RBP: ffff8881d563f700 R08: 0000000000000024 R09: ffffed103b665d58
[   29.809089][    C1] R10: ffffed103b665d57 R11: ffff8881db32eabf R12: ffff8881c98d6788
[   29.817042][    C1] R13: ffff8881d55fc238 R14: dffffc0000000000 R15: ffff8881cb723e00
[   29.825085][    C1]  ? vprintk_func+0x7d/0x113
[   29.829663][    C1]  ? kcov_remote_start.cold+0xc/0x26
[   29.834936][    C1]  dummy_timer+0x125f/0x301a
[   29.839517][    C1]  ? lock_acquire+0x127/0x320
[   29.844271][    C1]  ? dummy_udc_probe+0x930/0x930
[   29.849192][    C1]  call_timer_fn+0x179/0x650
[   29.853764][    C1]  ? dummy_udc_probe+0x930/0x930
[   29.858678][    C1]  ? msleep_interruptible+0x130/0x130
[   29.864025][    C1]  ? do_raw_spin_lock+0x11a/0x280
[   29.869060][    C1]  ? _raw_spin_unlock_irq+0x24/0x30
[   29.874242][    C1]  ? dummy_udc_probe+0x930/0x930
[   29.879154][    C1]  run_timer_softirq+0x5cc/0x14b0
[   29.884151][    C1]  ? add_timer+0x7a0/0x7a0
[   29.888539][    C1]  ? ktime_get+0x162/0x1c0
[   29.892923][    C1]  ? lapic_next_event+0x4d/0x80
[   29.897744][    C1]  __do_softirq+0x221/0x912
[   29.902217][    C1]  irq_exit+0x178/0x1a0
[   29.906343][    C1]  smp_apic_timer_interrupt+0x12f/0x500
[   29.911856][    C1]  apic_timer_interrupt+0xf/0x20
[   29.916892][    C1]  </IRQ>
[   29.919802][    C1] RIP: 0010:_raw_spin_unlock_irq+0x2c/0x30
[   29.927941][    C1] Code: 8b 54 24 08 be 01 00 00 00 48 89 fd 48 8d 7f 18 e8 c9 a1 b7 fb 48 89 ef e8 71 82 b8 fb e8 4c 33 d5 fb fb 65 ff 0d bc 1d 94 7a <5d> c3 66 90 55 48 89 fd 48 83 c7 18 53 48 8b 54 24 10 48 89 f3 be
[   29.947516][    C1] RSP: 0018:ffff8881b6e3fb48 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13
[   29.955900][    C1] RAX: 0000000000000007 RBX: ffff8881d405c800 RCX: 0000000000000000
[   29.964828][    C1] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffff8881d405d044
[   29.972775][    C1] RBP: ffff8881db332dc0 R08: ffff8881d405c800 R09: 0000000000000000
[   29.980717][    C1] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881db332dc0
[   29.988687][    C1] R13: ffff8881d4041800 R14: 0000000000000000 R15: 0000000000000001
[   29.996642][    C1]  ? _raw_spin_unlock_irq+0x24/0x30
[   30.001905][    C1]  finish_task_switch+0x11d/0x5a0
[   30.006920][    C1]  ? finish_task_switch+0xef/0x5a0
[   30.012009][    C1]  ? __switch_to+0x5bd/0xe70
[   30.016584][    C1]  __schedule+0x70b/0x1440
[   30.020971][    C1]  ? __sched_text_start+0x8/0x8
[   30.025809][    C1]  ? __debug_object_init+0xb2/0xdd0
[   30.030978][    C1]  ? enqueue_hrtimer+0x380/0x380
[   30.035891][    C1]  ? _raw_spin_unlock_irqrestore+0x3e/0x50
[   30.041666][    C1]  schedule+0xca/0x250
[   30.045709][    C1]  do_nanosleep+0x201/0x6b0
[   30.050184][    C1]  ? schedule_timeout_idle+0x80/0x80
[   30.055629][    C1]  ? debug_object_fixup+0x30/0x30
[   30.060629][    C1]  ? memset+0x20/0x40
[   30.064588][    C1]  hrtimer_nanosleep+0x258/0x510
[   30.069496][    C1]  ? nanosleep_copyout+0x100/0x100
[   30.074580][    C1]  ? _copy_from_user+0x123/0x190
[   30.079487][    C1]  ? clock_was_set_work+0x20/0x20
[   30.084486][    C1]  ? put_old_itimerspec32+0x1d0/0x1d0
[   30.089834][    C1]  ? nsecs_to_jiffies+0x30/0x30
[   30.094679][    C1]  __x64_sys_nanosleep+0x19d/0x220
[   30.099896][    C1]  ? hrtimer_nanosleep+0x510/0x510
[   30.104985][    C1]  ? do_syscall_64+0x1a/0x580
[   30.109682][    C1]  do_syscall_64+0xb7/0x580
[   30.114172][    C1]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   30.120046][    C1] RIP: 0033:0x457d20
[   30.123937][    C1] Code: c0 5b 5d c3 66 0f 1f 44 00 00 8b 04 24 48 83 c4 18 5b 5d c3 66 0f 1f 44 00 00 83 3d 31 ea 61 00 00 75 14 b8 23 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 24 d3 fb ff c3 48 83 ec 08 e8 ea 46 00 00
[   30.143509][    C1] RSP: 002b:00007ffd74f204d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000023
[   30.151890][    C1] RAX: ffffffffffffffda RBX: 00000000000072b0 RCX: 0000000000457d20
[   30.159840][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffd74f204e0
[   30.167784][    C1] RBP: 0000000000000002 R08: 0000000000000001 R09: 00005555572ee940
[   30.175729][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   30.183853][    C1] R13: 00007ffd74f20530 R14: 00000000000072b0 R15: 00007ffd74f20540
[   30.192489][    C1] Kernel Offset: disabled
[   30.196850][    C1] Rebooting in 86400 seconds..