INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.28' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 44.621192][ T21] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 44.860993][ T21] usb 1-1: Using ep0 maxpacket: 8 [ 44.981021][ T21] usb 1-1: config 0 has an invalid interface number: 122 but max is 0 [ 44.989548][ T21] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 44.999673][ T21] usb 1-1: config 0 has no interface number 0 [ 45.005799][ T21] usb 1-1: config 0 interface 122 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 29 [ 45.016256][ T21] usb 1-1: New USB device found, idVendor=0595, idProduct=4343, bcdDevice= 1.06 [ 45.025743][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 45.035025][ T21] usb 1-1: config 0 descriptor?? [ 45.072044][ T21] usb-storage 1-1:0.122: USB Mass Storage device detected [ 45.113332][ T21] zr364xx 1-1:0.122: Zoran 364xx compatible webcam plugged [ 45.120771][ T21] zr364xx 1-1:0.122: model 0595:4343 detected [ 45.127518][ T21] usb 1-1: 320x240 mode selected executing program [ 45.292312][ T21] usb 1-1: Zoran 364xx controlling device video0 [ 45.299985][ T21] usb 1-1: USB disconnect, device number 2 [ 45.311194][ T21] zr364xx 1-1:0.122: Zoran 364xx webcam unplugged [ 45.671007][ T21] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 45.910955][ T21] usb 1-1: Using ep0 maxpacket: 8 [ 46.031038][ T21] usb 1-1: config 0 has an invalid interface number: 122 but max is 0 [ 46.039523][ T21] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 46.049777][ T21] usb 1-1: config 0 has no interface number 0 [ 46.056182][ T21] usb 1-1: config 0 interface 122 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 29 [ 46.066221][ T21] usb 1-1: New USB device found, idVendor=0595, idProduct=4343, bcdDevice= 1.06 [ 46.075346][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 46.084472][ T21] usb 1-1: config 0 descriptor?? [ 46.121717][ T21] usb-storage 1-1:0.122: USB Mass Storage device detected [ 46.162789][ T21] zr364xx 1-1:0.122: Zoran 364xx compatible webcam plugged [ 46.170194][ T21] zr364xx 1-1:0.122: model 0595:4343 detected [ 46.176828][ T21] usb 1-1: 320x240 mode selected executing program [ 46.341794][ T21] usb 1-1: Zoran 364xx controlling device video0 [ 46.349138][ T21] usb 1-1: USB disconnect, device number 3 [ 46.447768][ T21] zr364xx 1-1:0.122: Zoran 364xx webcam unplugged [ 46.800979][ T21] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 47.040948][ T21] usb 1-1: Using ep0 maxpacket: 8 [ 47.161032][ T21] usb 1-1: config 0 has an invalid interface number: 122 but max is 0 [ 47.169505][ T21] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 47.179850][ T21] usb 1-1: config 0 has no interface number 0 [ 47.185974][ T21] usb 1-1: config 0 interface 122 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 29 [ 47.196142][ T21] usb 1-1: New USB device found, idVendor=0595, idProduct=4343, bcdDevice= 1.06 [ 47.205295][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 47.214228][ T21] usb 1-1: config 0 descriptor?? [ 47.251723][ T21] usb-storage 1-1:0.122: USB Mass Storage device detected [ 47.292855][ T21] zr364xx 1-1:0.122: Zoran 364xx compatible webcam plugged [ 47.300089][ T21] zr364xx 1-1:0.122: model 0595:4343 detected [ 47.306705][ T21] usb 1-1: 320x240 mode selected executing program [ 47.471711][ T21] usb 1-1: Zoran 364xx controlling device video0 [ 47.479205][ T21] usb 1-1: USB disconnect, device number 4 [ 47.579387][ T21] zr364xx 1-1:0.122: Zoran 364xx webcam unplugged [ 47.960972][ T21] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 48.200980][ T21] usb 1-1: Using ep0 maxpacket: 8 [ 48.321214][ T21] usb 1-1: config 0 has an invalid interface number: 122 but max is 0 [ 48.329648][ T21] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 48.340304][ T21] usb 1-1: config 0 has no interface number 0 [ 48.346575][ T21] usb 1-1: config 0 interface 122 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 29 [ 48.356826][ T21] usb 1-1: New USB device found, idVendor=0595, idProduct=4343, bcdDevice= 1.06 [ 48.366048][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.375143][ T21] usb 1-1: config 0 descriptor?? [ 48.411776][ T21] usb-storage 1-1:0.122: USB Mass Storage device detected [ 48.452864][ T21] zr364xx 1-1:0.122: Zoran 364xx compatible webcam plugged [ 48.460228][ T21] zr364xx 1-1:0.122: model 0595:4343 detected [ 48.466612][ T21] usb 1-1: 320x240 mode selected executing program [ 48.631786][ T21] usb 1-1: Zoran 364xx controlling device video0 [ 48.639266][ T21] usb 1-1: USB disconnect, device number 5 [ 48.739646][ T21] zr364xx 1-1:0.122: Zoran 364xx webcam unplugged [ 49.100953][ T21] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 49.340981][ T21] usb 1-1: Using ep0 maxpacket: 8 [ 49.461027][ T21] usb 1-1: config 0 has an invalid interface number: 122 but max is 0 [ 49.469490][ T21] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 49.480078][ T21] usb 1-1: config 0 has no interface number 0 [ 49.486361][ T21] usb 1-1: config 0 interface 122 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 29 [ 49.496503][ T21] usb 1-1: New USB device found, idVendor=0595, idProduct=4343, bcdDevice= 1.06 [ 49.505873][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 49.514665][ T21] usb 1-1: config 0 descriptor?? [ 49.551659][ T21] usb-storage 1-1:0.122: USB Mass Storage device detected [ 49.592118][ T21] zr364xx 1-1:0.122: Zoran 364xx compatible webcam plugged [ 49.599466][ T21] zr364xx 1-1:0.122: model 0595:4343 detected [ 49.606077][ T21] usb 1-1: 320x240 mode selected executing program [ 49.771639][ T21] usb 1-1: Zoran 364xx controlling device video0 [ 49.779139][ T21] usb 1-1: USB disconnect, device number 6 [ 49.879364][ T21] zr364xx 1-1:0.122: Zoran 364xx webcam unplugged [ 50.240996][ T21] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 50.480986][ T21] usb 1-1: Using ep0 maxpacket: 8 [ 50.601022][ T21] usb 1-1: config 0 has an invalid interface number: 122 but max is 0 [ 50.609246][ T21] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 50.619677][ T21] usb 1-1: config 0 has no interface number 0 [ 50.625805][ T21] usb 1-1: config 0 interface 122 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 29 [ 50.635851][ T21] usb 1-1: New USB device found, idVendor=0595, idProduct=4343, bcdDevice= 1.06 [ 50.645041][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 50.653810][ T21] usb 1-1: config 0 descriptor?? [ 50.691929][ T21] usb-storage 1-1:0.122: USB Mass Storage device detected [ 50.732855][ T21] zr364xx 1-1:0.122: Zoran 364xx compatible webcam plugged [ 50.740340][ T21] zr364xx 1-1:0.122: model 0595:4343 detected [ 50.747060][ T21] usb 1-1: 320x240 mode selected executing program [ 50.911793][ T21] usb 1-1: Zoran 364xx controlling device video0 [ 50.919282][ T21] usb 1-1: USB disconnect, device number 7 [ 51.019327][ T21] zr364xx 1-1:0.122: Zoran 364xx webcam unplugged [ 51.370975][ T21] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 51.610975][ T21] usb 1-1: Using ep0 maxpacket: 8 [ 51.731032][ T21] usb 1-1: config 0 has an invalid interface number: 122 but max is 0 [ 51.739427][ T21] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 51.749654][ T21] usb 1-1: config 0 has no interface number 0 [ 51.755767][ T21] usb 1-1: config 0 interface 122 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 29 [ 51.766127][ T21] usb 1-1: New USB device found, idVendor=0595, idProduct=4343, bcdDevice= 1.06 [ 51.775382][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.784306][ T21] usb 1-1: config 0 descriptor?? [ 51.821671][ T21] usb-storage 1-1:0.122: USB Mass Storage device detected [ 51.862858][ T21] zr364xx 1-1:0.122: Zoran 364xx compatible webcam plugged [ 51.870198][ T21] zr364xx 1-1:0.122: model 0595:4343 detected [ 51.876446][ T21] usb 1-1: 320x240 mode selected executing program [ 52.041612][ T21] usb 1-1: Zoran 364xx controlling device video0 [ 52.049156][ T21] usb 1-1: USB disconnect, device number 8 [ 52.149535][ T21] zr364xx 1-1:0.122: Zoran 364xx webcam unplugged [ 52.500957][ T21] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 52.740970][ T21] usb 1-1: Using ep0 maxpacket: 8 [ 52.861061][ T21] usb 1-1: config 0 has an invalid interface number: 122 but max is 0 [ 52.869551][ T21] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 52.880061][ T21] usb 1-1: config 0 has no interface number 0 [ 52.886631][ T21] usb 1-1: config 0 interface 122 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 29 [ 52.896890][ T21] usb 1-1: New USB device found, idVendor=0595, idProduct=4343, bcdDevice= 1.06 [ 52.906420][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.915965][ T21] usb 1-1: config 0 descriptor?? [ 52.971686][ T21] usb-storage 1-1:0.122: USB Mass Storage device detected [ 53.012900][ T21] zr364xx 1-1:0.122: Zoran 364xx compatible webcam plugged [ 53.020430][ T21] zr364xx 1-1:0.122: model 0595:4343 detected [ 53.026702][ T21] usb 1-1: 320x240 mode selected executing program [ 53.181641][ T21] usb 1-1: Zoran 364xx controlling device video0 [ 53.189131][ T21] usb 1-1: USB disconnect, device number 9 [ 53.289333][ T21] zr364xx 1-1:0.122: Zoran 364xx webcam unplugged [ 53.641018][ T21] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 53.881006][ T21] usb 1-1: Using ep0 maxpacket: 8 [ 54.001051][ T21] usb 1-1: config 0 has an invalid interface number: 122 but max is 0 [ 54.009326][ T21] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 54.019782][ T21] usb 1-1: config 0 has no interface number 0 [ 54.026031][ T21] usb 1-1: config 0 interface 122 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 29 [ 54.036058][ T21] usb 1-1: New USB device found, idVendor=0595, idProduct=4343, bcdDevice= 1.06 [ 54.045981][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.055240][ T21] usb 1-1: config 0 descriptor?? [ 54.091681][ T21] usb-storage 1-1:0.122: USB Mass Storage device detected [ 54.132864][ T21] zr364xx 1-1:0.122: Zoran 364xx compatible webcam plugged [ 54.140213][ T21] zr364xx 1-1:0.122: model 0595:4343 detected [ 54.146556][ T21] usb 1-1: 320x240 mode selected executing program [ 54.301607][ T21] usb 1-1: Zoran 364xx controlling device video0 [ 54.411597][ T1928] ================================================================== [ 54.419802][ T1928] BUG: KASAN: null-ptr-deref in read_word_at_a_time+0xe/0x20 [ 54.419962][ T21] usb 1-1: USB disconnect, device number 10 [ 54.427158][ T1928] Read of size 1 at addr 0000000000000000 by task v4l_id/1928 [ 54.427164][ T1928] [ 54.427175][ T1928] CPU: 0 PID: 1928 Comm: v4l_id Not tainted 5.2.0-rc6+ #13 [ 54.427181][ T1928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.427189][ T1928] Call Trace: [ 54.427202][ T1928] dump_stack+0xca/0x13e [ 54.427213][ T1928] ? read_word_at_a_time+0xe/0x20 [ 54.427223][ T1928] ? read_word_at_a_time+0xe/0x20 [ 54.427235][ T1928] __kasan_report.cold+0x5/0x32 [ 54.427246][ T1928] ? mutex_trylock+0x1a0/0x1a0 [ 54.427255][ T1928] ? read_word_at_a_time+0xe/0x20 [ 54.427265][ T1928] kasan_report+0xe/0x20 [ 54.427283][ T1928] read_word_at_a_time+0xe/0x20 [ 54.427293][ T1928] strscpy+0x8a/0x280 [ 54.427304][ T1928] zr364xx_vidioc_querycap+0xb0/0x210 [ 54.427315][ T1928] ? is_module_text_address+0xc/0x1a [ 54.427320][ C1] usb 1-1: error submitting urb (error=-19) [ 54.427330][ T1928] v4l_querycap+0x121/0x340 [ 54.427339][ T1928] __video_do_ioctl+0x5b0/0xb30 [ 54.427349][ T1928] ? copy_overflow+0x30/0x30 [ 54.427360][ T1928] ? stack_trace_save+0x9f/0xe0 [ 54.427374][ T1928] ? stack_trace_consume_entry+0x180/0x180 [ 54.548576][ T1928] video_usercopy+0x446/0xee0 [ 54.553241][ T1928] ? copy_overflow+0x30/0x30 [ 54.557807][ T1928] ? __kprobes_text_end+0x10dc28/0x10dc28 [ 54.563776][ T1928] ? v4l_enumstd+0x60/0x60 [ 54.568319][ T1928] ? debug_check_no_obj_freed+0x20a/0x42e [ 54.574039][ T1928] ? do_raw_spin_lock+0x11a/0x280 [ 54.579040][ T1928] ? video_usercopy+0xee0/0xee0 [ 54.584208][ T1928] v4l2_ioctl+0x147/0x1a0 [ 54.588519][ T1928] ? video_devdata+0xa0/0xa0 [ 54.593492][ T1928] do_vfs_ioctl+0xcda/0x12e0 [ 54.598067][ T1928] ? quarantine_put+0xb2/0x150 [ 54.602805][ T1928] ? ioctl_preallocate+0x200/0x200 [ 54.607895][ T1928] ? putname+0xe1/0x120 [ 54.612216][ T1928] ? putname+0xe1/0x120 [ 54.617091][ T1928] ? rcu_read_lock_sched_held+0x113/0x130 [ 54.622798][ T1928] ? kmem_cache_free+0x258/0x2a0 [ 54.627726][ T1928] ? rcu_read_lock_sched_held+0x113/0x130 [ 54.633433][ T1928] ksys_ioctl+0x9b/0xc0 [ 54.637578][ T1928] __x64_sys_ioctl+0x6f/0xb0 [ 54.642266][ T1928] ? lockdep_hardirqs_on+0x379/0x580 [ 54.647950][ T1928] do_syscall_64+0xb7/0x560 [ 54.652794][ T1928] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.658754][ T1928] RIP: 0033:0x7f67f7c42347 [ 54.663150][ T1928] Code: 90 90 90 48 8b 05 f1 fa 2a 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 90 90 90 90 90 90 90 90 90 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c1 fa 2a 00 31 d2 48 29 c2 64 [ 54.682976][ T1928] RSP: 002b:00007ffea6e39508 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [ 54.691692][ T1928] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f67f7c42347 [ 54.699645][ T1928] RDX: 00007ffea6e39510 RSI: 0000000080685600 RDI: 0000000000000003 [ 54.707814][ T1928] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 54.716209][ T1928] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000400884 [ 54.724177][ T1928] R13: 00007ffea6e39660 R14: 0000000000000000 R15: 0000000000000000 [ 54.732395][ T1928] ================================================================== [ 54.740960][ T1928] Disabling lock debugging due to kernel taint [ 54.747381][ T1928] Kernel panic - not syncing: panic_on_warn set ... [ 54.754065][ T1928] CPU: 0 PID: 1928 Comm: v4l_id Tainted: G B 5.2.0-rc6+ #13 [ 54.762626][ T1928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.772668][ T1928] Call Trace: [ 54.775939][ T1928] dump_stack+0xca/0x13e [ 54.780249][ T1928] panic+0x292/0x6c9 [ 54.784143][ T1928] ? __warn_printk+0xf3/0xf3 [ 54.788939][ T1928] ? retint_kernel+0x10/0x10 [ 54.794104][ T1928] ? trace_hardirqs_on+0x55/0x1c0 [ 54.799390][ T1928] ? read_word_at_a_time+0xe/0x20 [ 54.804511][ T1928] end_report+0x43/0x49 [ 54.808781][ T1928] ? read_word_at_a_time+0xe/0x20 [ 54.813899][ T1928] __kasan_report.cold+0xd/0x32 [ 54.818847][ T1928] ? mutex_trylock+0x1a0/0x1a0 [ 54.823932][ T1928] ? read_word_at_a_time+0xe/0x20 [ 54.828935][ T1928] kasan_report+0xe/0x20 [ 54.833258][ T1928] read_word_at_a_time+0xe/0x20 [ 54.838167][ T1928] strscpy+0x8a/0x280 [ 54.842144][ T1928] zr364xx_vidioc_querycap+0xb0/0x210 [ 54.847494][ T1928] ? is_module_text_address+0xc/0x1a [ 54.852980][ T1928] v4l_querycap+0x121/0x340 [ 54.857468][ T1928] __video_do_ioctl+0x5b0/0xb30 [ 54.862315][ T1928] ? copy_overflow+0x30/0x30 [ 54.866983][ T1928] ? stack_trace_save+0x9f/0xe0 [ 54.872539][ T1928] ? stack_trace_consume_entry+0x180/0x180 [ 54.878418][ T1928] video_usercopy+0x446/0xee0 [ 54.883279][ T1928] ? copy_overflow+0x30/0x30 [ 54.887869][ T1928] ? __kprobes_text_end+0x10dc28/0x10dc28 [ 54.893858][ T1928] ? v4l_enumstd+0x60/0x60 [ 54.898636][ T1928] ? debug_check_no_obj_freed+0x20a/0x42e [ 54.904349][ T1928] ? do_raw_spin_lock+0x11a/0x280 [ 54.909587][ T1928] ? video_usercopy+0xee0/0xee0 [ 54.914420][ T1928] v4l2_ioctl+0x147/0x1a0 [ 54.918726][ T1928] ? video_devdata+0xa0/0xa0 [ 54.923590][ T1928] do_vfs_ioctl+0xcda/0x12e0 [ 54.928307][ T1928] ? quarantine_put+0xb2/0x150 [ 54.933055][ T1928] ? ioctl_preallocate+0x200/0x200 [ 54.938147][ T1928] ? putname+0xe1/0x120 [ 54.942287][ T1928] ? putname+0xe1/0x120 [ 54.946698][ T1928] ? rcu_read_lock_sched_held+0x113/0x130 [ 54.952575][ T1928] ? kmem_cache_free+0x258/0x2a0 [ 54.957896][ T1928] ? rcu_read_lock_sched_held+0x113/0x130 [ 54.963621][ T1928] ksys_ioctl+0x9b/0xc0 [ 54.967773][ T1928] __x64_sys_ioctl+0x6f/0xb0 [ 54.972457][ T1928] ? lockdep_hardirqs_on+0x379/0x580 [ 54.977719][ T1928] do_syscall_64+0xb7/0x560 [ 54.982259][ T1928] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.988149][ T1928] RIP: 0033:0x7f67f7c42347 [ 54.993036][ T1928] Code: 90 90 90 48 8b 05 f1 fa 2a 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 90 90 90 90 90 90 90 90 90 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c1 fa 2a 00 31 d2 48 29 c2 64 [ 55.012891][ T1928] RSP: 002b:00007ffea6e39508 EFLAGS: 00000202 ORIG_RAX: 0000000000000010 [ 55.021287][ T1928] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f67f7c42347 [ 55.029559][ T1928] RDX: 00007ffea6e39510 RSI: 0000000080685600 RDI: 0000000000000003 [ 55.037511][ T1928] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 55.046123][ T1928] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000400884 [ 55.054213][ T1928] R13: 00007ffea6e39660 R14: 0000000000000000 R15: 0000000000000000 [ 55.062223][ T1928] Kernel Offset: disabled [ 55.066535][ T1928] Rebooting in 86400 seconds..