Warning: Permanently added '10.128.0.31' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 23.489642][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 23.579772][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 23.699463][ T12] usb 1-1: config 0 has an invalid interface number: 128 but max is 0 [ 23.707715][ T12] usb 1-1: config 0 has no interface number 0 [ 23.714997][ T12] usb 1-1: too many endpoints for config 0 interface 128 altsetting 0: 111, using maximum allowed: 30 [ 23.726540][ T12] usb 1-1: config 0 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 23.737675][ T12] usb 1-1: config 0 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 23.747762][ T12] usb 1-1: config 0 interface 128 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 111 [ 23.760953][ T12] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 23.770063][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 23.779824][ T12] usb 1-1: config 0 descriptor?? [ 24.262242][ T12] plantronics 0003:047F:FFFF.0001: ignoring exceeding usage max [ 24.271964][ T12] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 24.282386][ T12] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 24.295483][ T12] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input128 [ 24.528951][ T361] ================================================================== [ 24.537184][ T361] BUG: KASAN: slab-out-of-bounds in hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 24.545830][ T361] Read of size 4 at addr ffff8881c1448070 by task syz-executor400/361 [ 24.554036][ T361] [ 24.556355][ T361] CPU: 1 PID: 361 Comm: syz-executor400 Not tainted 5.7.0-rc1-syzkaller #0 [ 24.564979][ T361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.575017][ T361] Call Trace: [ 24.578298][ T361] dump_stack+0xef/0x16e [ 24.582518][ T361] print_address_description.constprop.0.cold+0xd3/0x314 [ 24.589554][ T361] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 24.595519][ T361] __kasan_report.cold+0x37/0x92 [ 24.600442][ T361] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 24.606398][ T361] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 24.612369][ T361] kasan_report+0x33/0x50 [ 24.616723][ T361] hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 24.622544][ T361] ? hiddev_hid_event+0x2c0/0x2c0 [ 24.627593][ T361] ? usbhid_init_reports+0x124/0x320 [ 24.632863][ T361] hiddev_ioctl+0x79b/0x1550 [ 24.637454][ T361] ? hiddev_ioctl_string.isra.0+0x1f0/0x1f0 [ 24.643347][ T361] ? do_sys_openat2+0x46c/0x7d0 [ 24.648209][ T361] ? file_open_root+0x400/0x400 [ 24.653039][ T361] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 24.658560][ T361] ? do_sys_open+0xc3/0x140 [ 24.663054][ T361] ? hiddev_ioctl_string.isra.0+0x1f0/0x1f0 [ 24.668918][ T361] ksys_ioctl+0x11a/0x180 [ 24.673236][ T361] __x64_sys_ioctl+0x6f/0xb0 [ 24.677811][ T361] ? lockdep_hardirqs_on+0x3c7/0x5d0 [ 24.683079][ T361] do_syscall_64+0xb6/0x5a0 [ 24.687578][ T361] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 24.693446][ T361] RIP: 0033:0x444bf9 [ 24.697318][ T361] Code: e8 bc af 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 24.716908][ T361] RSP: 002b:00007fff20029b08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 24.725301][ T361] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000444bf9 [ 24.733261][ T361] RDX: 0000000020000040 RSI: 00000000c018480b RDI: 0000000000000004 [ 24.741540][ T361] RBP: 00000000006cf018 R08: 8fce4d9635172f21 R09: 00000000004002e0 [ 24.749492][ T361] R10: 000000000000000f R11: 0000000000000246 R12: 00000000004028a0 [ 24.757457][ T361] R13: 0000000000402930 R14: 0000000000000000 R15: 0000000000000000 [ 24.765411][ T361] [ 24.767714][ T361] The buggy address belongs to the page: [ 24.773360][ T361] page:ffffea0007050000 refcount:1 mapcount:0 mapping:000000003efc95f9 index:0x0 head:ffffea0007050000 order:7 compound_mapcount:0 compound_pincount:0 [ 24.788516][ T361] flags: 0x200000000010000(head) [ 24.793437][ T361] raw: 0200000000010000 dead000000000100 dead000000000122 0000000000000000 [ 24.801994][ T361] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 24.810548][ T361] page dumped because: kasan: bad access detected [ 24.816927][ T361] [ 24.819226][ T361] Memory state around the buggy address: [ 24.824847][ T361] ffff8881c1447f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.832899][ T361] ffff8881c1447f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.840932][ T361] >ffff8881c1448000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe [ 24.848965][ T361] ^ [ 24.856668][ T361] ffff8881c1448080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.864702][ T361] ffff8881c1448100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.872737][ T361] ================================================================== [ 24.880785][ T361] Disabling lock debugging due to kernel taint [ 24.887009][ T361] Kernel panic - not syncing: panic_on_warn set ... [ 24.893594][ T361] CPU: 1 PID: 361 Comm: syz-executor400 Tainted: G B 5.7.0-rc1-syzkaller #0 [ 24.903566][ T361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.913600][ T361] Call Trace: [ 24.916914][ T361] dump_stack+0xef/0x16e [ 24.921134][ T361] panic+0x2aa/0x6e1 [ 24.925010][ T361] ? add_taint.cold+0x16/0x16 [ 24.929680][ T361] ? retint_kernel+0x10/0x10 [ 24.934269][ T361] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 24.940238][ T361] ? trace_hardirqs_on+0x55/0x200 [ 24.945242][ T361] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 24.951201][ T361] end_report+0x4d/0x53 [ 24.955335][ T361] __kasan_report.cold+0x72/0x92 [ 24.960402][ T361] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 24.966382][ T361] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 24.972349][ T361] kasan_report+0x33/0x50 [ 24.976661][ T361] hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 24.982455][ T361] ? hiddev_hid_event+0x2c0/0x2c0 [ 24.987472][ T361] ? usbhid_init_reports+0x124/0x320 [ 24.992756][ T361] hiddev_ioctl+0x79b/0x1550 [ 24.997325][ T361] ? hiddev_ioctl_string.isra.0+0x1f0/0x1f0 [ 25.003195][ T361] ? do_sys_openat2+0x46c/0x7d0 [ 25.008039][ T361] ? file_open_root+0x400/0x400 [ 25.012867][ T361] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 25.019252][ T361] ? do_sys_open+0xc3/0x140 [ 25.023742][ T361] ? hiddev_ioctl_string.isra.0+0x1f0/0x1f0 [ 25.029606][ T361] ksys_ioctl+0x11a/0x180 [ 25.033907][ T361] __x64_sys_ioctl+0x6f/0xb0 [ 25.038547][ T361] ? lockdep_hardirqs_on+0x3c7/0x5d0 [ 25.043878][ T361] do_syscall_64+0xb6/0x5a0 [ 25.048393][ T361] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 25.054347][ T361] RIP: 0033:0x444bf9 [ 25.058215][ T361] Code: e8 bc af 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 25.077797][ T361] RSP: 002b:00007fff20029b08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 25.086178][ T361] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000444bf9 [ 25.094139][ T361] RDX: 0000000020000040 RSI: 00000000c018480b RDI: 0000000000000004 [ 25.102096][ T361] RBP: 00000000006cf018 R08: 8fce4d9635172f21 R09: 00000000004002e0 [ 25.110042][ T361] R10: 000000000000000f R11: 0000000000000246 R12: 00000000004028a0 [ 25.117985][ T361] R13: 0000000000402930 R14: 0000000000000000 R15: 0000000000000000 [ 25.126596][ T361] Kernel Offset: disabled [ 25.130901][ T361] Rebooting in 86400 seconds..