Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 23.790186][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 23.880305][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 24.000046][ T12] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 111, using maximum allowed: 30 [ 24.011018][ T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 24.021923][ T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 24.031732][ T12] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 111 [ 24.044728][ T12] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 24.053823][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.065603][ T12] usb 1-1: config 0 descriptor?? [ 24.552967][ T12] plantronics 0003:047F:FFFF.0001: ignoring exceeding usage max [ 24.561730][ T12] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 24.570068][ T12] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 24.582333][ T12] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 24.819573][ T379] ================================================================== [ 24.827762][ T379] BUG: KASAN: slab-out-of-bounds in hiddev_ioctl_usage.isra.0+0x1251/0x13b0 [ 24.836411][ T379] Write of size 4 at addr ffff8881c28c8414 by task syz-executor851/379 [ 24.844654][ T379] [ 24.846967][ T379] CPU: 0 PID: 379 Comm: syz-executor851 Not tainted 5.6.0-rc7-syzkaller #0 [ 24.855525][ T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.865559][ T379] Call Trace: [ 24.868830][ T379] dump_stack+0xef/0x16e [ 24.873571][ T379] ? hiddev_ioctl_usage.isra.0+0x1251/0x13b0 [ 24.879527][ T379] ? hiddev_ioctl_usage.isra.0+0x1251/0x13b0 [ 24.885486][ T379] print_address_description.constprop.0.cold+0xd3/0x314 [ 24.892487][ T379] ? hiddev_ioctl_usage.isra.0+0x1251/0x13b0 [ 24.898465][ T379] ? hiddev_ioctl_usage.isra.0+0x1251/0x13b0 [ 24.904519][ T379] __kasan_report.cold+0x37/0x77 [ 24.909447][ T379] ? hiddev_ioctl_usage.isra.0+0x1251/0x13b0 [ 24.915404][ T379] kasan_report+0xe/0x20 [ 24.919632][ T379] hiddev_ioctl_usage.isra.0+0x1251/0x13b0 [ 24.925601][ T379] ? hiddev_hid_event+0x2c0/0x2c0 [ 24.930604][ T379] ? usbhid_init_reports+0x124/0x320 [ 24.935872][ T379] hiddev_ioctl+0x7a1/0x1550 [ 24.940443][ T379] ? hiddev_ioctl_string.isra.0+0x1f0/0x1f0 [ 24.946311][ T379] ? do_sys_openat2+0x43f/0x740 [ 24.951145][ T379] ? file_open_root+0x3d0/0x3d0 [ 24.956015][ T379] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 24.961553][ T379] ? do_sys_open+0xc3/0x140 [ 24.966059][ T379] ? hiddev_ioctl_string.isra.0+0x1f0/0x1f0 [ 24.971962][ T379] ksys_ioctl+0x11a/0x180 [ 24.976322][ T379] __x64_sys_ioctl+0x6f/0xb0 [ 24.980902][ T379] ? lockdep_hardirqs_on+0x382/0x580 [ 24.986173][ T379] do_syscall_64+0xb6/0x5a0 [ 24.990669][ T379] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 24.996550][ T379] RIP: 0033:0x444ba9 [ 25.000464][ T379] Code: e8 bc af 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 25.020049][ T379] RSP: 002b:00007ffed4e27c18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 25.028446][ T379] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000444ba9 [ 25.036394][ T379] RDX: 0000000020000040 RSI: 000000004018480c RDI: 0000000000000004 [ 25.044344][ T379] RBP: 00000000006cf018 R08: 8fce4d9635172f21 R09: 00000000004002e0 [ 25.052303][ T379] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000402850 [ 25.060251][ T379] R13: 00000000004028e0 R14: 0000000000000000 R15: 0000000000000000 [ 25.068201][ T379] [ 25.070522][ T379] The buggy address belongs to the page: [ 25.076134][ T379] page:ffffea00070a2000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 compound_mapcount: 0 [ 25.087049][ T379] flags: 0x200000000010000(head) [ 25.091973][ T379] raw: 0200000000010000 dead000000000100 dead000000000122 0000000000000000 [ 25.100549][ T379] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 25.109122][ T379] page dumped because: kasan: bad access detected [ 25.115518][ T379] [ 25.117827][ T379] Memory state around the buggy address: [ 25.123442][ T379] ffff8881c28c8300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.131478][ T379] ffff8881c28c8380: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.141361][ T379] >ffff8881c28c8400: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.149395][ T379] ^ [ 25.153960][ T379] ffff8881c28c8480: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.162005][ T379] ffff8881c28c8500: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 25.170048][ T379] ================================================================== [ 25.178084][ T379] Disabling lock debugging due to kernel taint [ 25.186405][ T379] Kernel panic - not syncing: panic_on_warn set ... [ 25.198055][ T379] CPU: 0 PID: 379 Comm: syz-executor851 Tainted: G B 5.6.0-rc7-syzkaller #0 [ 25.208852][ T379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.218897][ T379] Call Trace: [ 25.222175][ T379] dump_stack+0xef/0x16e [ 25.226393][ T379] panic+0x2aa/0x6e1 [ 25.230265][ T379] ? add_taint.cold+0x16/0x16 [ 25.234922][ T379] ? retint_kernel+0x10/0x10 [ 25.239491][ T379] ? trace_hardirqs_on+0x55/0x200 [ 25.244504][ T379] ? hiddev_ioctl_usage.isra.0+0x1251/0x13b0 [ 25.250473][ T379] end_report+0x43/0x49 [ 25.254633][ T379] ? hiddev_ioctl_usage.isra.0+0x1251/0x13b0 [ 25.260598][ T379] __kasan_report.cold+0x55/0x77 [ 25.265648][ T379] ? hiddev_ioctl_usage.isra.0+0x1251/0x13b0 [ 25.271668][ T379] kasan_report+0xe/0x20 [ 25.275903][ T379] hiddev_ioctl_usage.isra.0+0x1251/0x13b0 [ 25.281689][ T379] ? hiddev_hid_event+0x2c0/0x2c0 [ 25.286712][ T379] ? usbhid_init_reports+0x124/0x320 [ 25.291980][ T379] hiddev_ioctl+0x7a1/0x1550 [ 25.299631][ T379] ? hiddev_ioctl_string.isra.0+0x1f0/0x1f0 [ 25.305626][ T379] ? do_sys_openat2+0x43f/0x740 [ 25.310571][ T379] ? file_open_root+0x3d0/0x3d0 [ 25.315408][ T379] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 25.321022][ T379] ? do_sys_open+0xc3/0x140 [ 25.325507][ T379] ? hiddev_ioctl_string.isra.0+0x1f0/0x1f0 [ 25.331378][ T379] ksys_ioctl+0x11a/0x180 [ 25.335689][ T379] __x64_sys_ioctl+0x6f/0xb0 [ 25.340271][ T379] ? lockdep_hardirqs_on+0x382/0x580 [ 25.345538][ T379] do_syscall_64+0xb6/0x5a0 [ 25.350022][ T379] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 25.355893][ T379] RIP: 0033:0x444ba9 [ 25.359785][ T379] Code: e8 bc af 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 25.379631][ T379] RSP: 002b:00007ffed4e27c18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 25.389190][ T379] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000444ba9 [ 25.397147][ T379] RDX: 0000000020000040 RSI: 000000004018480c RDI: 0000000000000004 [ 25.405833][ T379] RBP: 00000000006cf018 R08: 8fce4d9635172f21 R09: 00000000004002e0 [ 25.413873][ T379] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000402850 [ 25.421825][ T379] R13: 00000000004028e0 R14: 0000000000000000 R15: 0000000000000000 [ 25.430348][ T379] Kernel Offset: disabled [ 25.434702][ T379] Rebooting in 86400 seconds..