Starting Network Time Synchronization... [ OK ] Started Network Time Synchronization. [ OK ] Started Raise network interfaces. [ OK ] Reached target Network. Starting Permit User Sessions... Starting OpenBSD Secure Shell server... [ OK ] Started Permit User Sessions. [ OK ] Started OpenBSD Secure Shell server. [ 13.174696][ C0] random: crng init done [ 13.175525][ C0] random: 7 urandom warning(s) missed due to ratelimiting Warning: Permanently added '10.128.1.41' (ECDSA) to the list of known hosts. executing program [* ] A start job is running for dev-ttyS0.device (8s / 1min 30s) [** ] A start job is running for dev-ttyS0.device (9s / 1min 30s) [*** ] A start job is running for dev-ttyS0.device (10s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (10s / 1min 30s) [ *** ] A start job is running for dev-ttyS0.device (11s / 1min 30s) [ ***] A start job is running for dev-ttyS0.device (11s / 1min 30s) [ **] A start job is running for dev-ttyS0.device (12s / 1min 30s) [ *] A start job is running for dev-ttyS0.device (13s / 1min 30s)[ 19.360184][ T22] audit: type=1400 audit(1587855975.238:8): avc: denied { execmem } for pid=393 comm="syz-executor146" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 19.623352][ T115] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 19.713418][ T115] usb 1-1: Using ep0 maxpacket: 8 [ 19.833396][ T115] usb 1-1: config 0 has an invalid interface number: 128 but max is 0 [ 19.841556][ T115] usb 1-1: config 0 has no interface number 0 [ 19.847668][ T115] usb 1-1: too many endpoints for config 0 interface 128 altsetting 0: 111, using maximum allowed: 30 [ 19.847687][ T115] usb 1-1: config 0 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 19.847694][ T115] usb 1-1: config 0 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 19.847702][ T115] usb 1-1: config 0 interface 128 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 111 [ 19.847718][ T115] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 19.847726][ T115] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [[ 19.855670][ T115] usb 1-1: config 0 descriptor?? **] A start job is running for dev-ttyS0.device (13s / 1min 30s)[ 20.394057][ T115] plantronics 0003:047F:FFFF.0001: ignoring exceeding usage max [ 20.402579][ T115] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 20.411741][ T115] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 20.421595][ T115] plantronics 0003:047F:FFFF.0001: hiddev96,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input128 [ ***] A start job is running for dev-ttyS0.device (14s / 1min 30s)[ 20.663394][ T393] ================================================================== [ 20.671470][ T393] BUG: KASAN: slab-out-of-bounds in hiddev_ioctl_usage+0x16f2/0x1830 [ 20.679525][ T393] Read of size 4 at addr ffff8881cdcc8070 by task syz-executor146/393 [ 20.687650][ T393] [ 20.689953][ T393] CPU: 1 PID: 393 Comm: syz-executor146 Not tainted 5.4.35-syzkaller-00684-g954c82e77d8a #0 [ 20.700321][ T393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.710350][ T393] Call Trace: [ 20.713614][ T393] dump_stack+0x14a/0x1ce [ 20.717918][ T393] ? show_regs_print_info+0x12/0x12 [ 20.723092][ T393] ? printk+0xd2/0x114 [ 20.727126][ T393] print_address_description+0x93/0x620 [ 20.732636][ T393] __kasan_report+0x16d/0x1e0 [ 20.737289][ T393] ? hiddev_ioctl_usage+0x16f2/0x1830 [ 20.742637][ T393] kasan_report+0x34/0x60 [ 20.746952][ T393] hiddev_ioctl_usage+0x16f2/0x1830 [ 20.752132][ T393] ? usbhid_init_reports+0x28d/0x2a0 [ 20.757578][ T393] hiddev_ioctl+0x7a7/0x29a0 [ 20.762161][ T393] ? hiddev_poll+0x1c0/0x1c0 [ 20.766729][ T393] ? hiddev_poll+0x1c0/0x1c0 [ 20.771286][ T393] do_vfs_ioctl+0x770/0x1750 [ 20.775843][ T393] ? selinux_file_ioctl+0x73b/0x990 [ 20.781006][ T393] ? ioctl_preallocate+0x250/0x250 [ 20.786083][ T393] ? kmem_cache_free+0xac/0x600 [ 20.790897][ T393] ? __fd_install+0x113/0x260 [ 20.795551][ T393] ? do_sys_open+0x642/0x7d0 [ 20.800107][ T393] ? __fpregs_load_activate+0x2d3/0x390 [ 20.805617][ T393] ? security_file_ioctl+0xad/0xc0 [ 20.810704][ T393] __x64_sys_ioctl+0xd4/0x110 [ 20.815347][ T393] do_syscall_64+0xcb/0x150 [ 20.819819][ T393] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 20.825674][ T393] RIP: 0033:0x444bf9 [ 20.829623][ T393] Code: e8 bc af 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 20.849204][ T393] RSP: 002b:00007ffca28bc748 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 20.857578][ T393] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000444bf9 [ 20.865515][ T393] RDX: 0000000020000040 RSI: 00000000c018480b RDI: 0000000000000004 [ 20.873549][ T393] RBP: 00000000006cf018 R08: 8fce4d9635172f21 R09: 00000000004002e0 [ 20.881494][ T393] R10: 000000000000000f R11: 0000000000000246 R12: 00000000004028a0 [ 20.889432][ T393] R13: 0000000000402930 R14: 0000000000000000 R15: 0000000000000000 [ 20.897370][ T393] [ 20.899665][ T393] The buggy address belongs to the page: [ 20.905273][ T393] page:ffffea0007372000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 compound_mapcount: 0 [ 20.916259][ T393] flags: 0x8000000000010000(head) [ 20.921262][ T393] raw: 8000000000010000 dead000000000100 dead000000000122 0000000000000000 [ 20.929820][ T393] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 20.938363][ T393] page dumped because: kasan: bad access detected [ 20.944747][ T393] [ 20.947039][ T393] Memory state around the buggy address: [ 20.952813][ T393] ffff8881cdcc7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.960838][ T393] ffff8881cdcc7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.968874][ T393] >ffff8881cdcc8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe [ 20.976898][ T393] ^ [ 20.984585][ T393] ffff8881cdcc8080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.992611][ T393] ffff8881cdcc8100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 21.000700][ T393] ================================================================== [ 21.008737][ T393] Disabling lock debugging due to kernel taint