Warning: Permanently added '10.128.0.125' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 22.846762][ T83] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 22.936888][ T83] usb 1-1: Using ep0 maxpacket: 8 [ 23.056649][ T83] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 111, using maximum allowed: 30 [ 23.067585][ T83] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 23.078570][ T83] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 23.088414][ T83] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 111 [ 23.101476][ T83] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 23.110590][ T83] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 23.120483][ T83] usb 1-1: config 0 descriptor?? [ 23.599655][ T83] plantronics 0003:047F:FFFF.0001: ignoring exceeding usage max [ 23.608439][ T83] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 23.619141][ T83] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 23.631872][ T83] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 23.866289][ T382] ================================================================== [ 23.874681][ T382] BUG: KASAN: slab-out-of-bounds in hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 23.883334][ T382] Read of size 4 at addr ffff8881c19c8070 by task syz-executor747/382 [ 23.891458][ T382] [ 23.893771][ T382] CPU: 1 PID: 382 Comm: syz-executor747 Not tainted 5.6.0-rc7-syzkaller #0 [ 23.902349][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.912379][ T382] Call Trace: [ 23.915659][ T382] dump_stack+0xef/0x16e [ 23.919886][ T382] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 23.925856][ T382] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 23.931816][ T382] print_address_description.constprop.0.cold+0xd3/0x314 [ 23.938814][ T382] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 23.944781][ T382] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 23.950737][ T382] __kasan_report.cold+0x37/0x77 [ 23.955650][ T382] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 23.961623][ T382] kasan_report+0xe/0x20 [ 23.965918][ T382] hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 23.971725][ T382] ? hiddev_hid_event+0x2c0/0x2c0 [ 23.976733][ T382] ? usbhid_init_reports+0x124/0x320 [ 23.982001][ T382] hiddev_ioctl+0x7a1/0x1550 [ 23.986592][ T382] ? hiddev_ioctl_string.isra.0+0x1f0/0x1f0 [ 23.992500][ T382] ? do_sys_openat2+0x43f/0x740 [ 23.997326][ T382] ? file_open_root+0x3d0/0x3d0 [ 24.002157][ T382] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 24.007676][ T382] ? do_sys_open+0xc3/0x140 [ 24.012193][ T382] ? hiddev_ioctl_string.isra.0+0x1f0/0x1f0 [ 24.018059][ T382] ksys_ioctl+0x11a/0x180 [ 24.022455][ T382] __x64_sys_ioctl+0x6f/0xb0 [ 24.027021][ T382] ? lockdep_hardirqs_on+0x382/0x580 [ 24.032283][ T382] do_syscall_64+0xb6/0x5a0 [ 24.036776][ T382] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 24.042643][ T382] RIP: 0033:0x445189 [ 24.046518][ T382] Code: e8 ec b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b d4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 24.066113][ T382] RSP: 002b:00007fff1e72e778 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 24.074645][ T382] RAX: ffffffffffffffda RBX: 00000000004a6c70 RCX: 0000000000445189 [ 24.082862][ T382] RDX: 00000000200006c0 RSI: 00000000c018480b RDI: 0000000000000004 [ 24.090910][ T382] RBP: 00007fff1e72e780 R08: 8fce4d9635172f21 R09: 0000000120080522 [ 24.098865][ T382] R10: 000000000000000f R11: 0000000000000246 R12: 00000000004a6c70 [ 24.106823][ T382] R13: 0000000000402ae0 R14: 0000000000000000 R15: 0000000000000000 [ 24.114789][ T382] [ 24.117106][ T382] The buggy address belongs to the page: [ 24.122842][ T382] page:ffffea0007066000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 compound_mapcount: 0 [ 24.133761][ T382] flags: 0x200000000010000(head) [ 24.138694][ T382] raw: 0200000000010000 dead000000000100 dead000000000122 0000000000000000 [ 24.147267][ T382] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 24.155834][ T382] page dumped because: kasan: bad access detected [ 24.162218][ T382] [ 24.164524][ T382] Memory state around the buggy address: [ 24.170132][ T382] ffff8881c19c7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.178172][ T382] ffff8881c19c7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.186208][ T382] >ffff8881c19c8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe [ 24.194242][ T382] ^ [ 24.201943][ T382] ffff8881c19c8080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.209992][ T382] ffff8881c19c8100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 24.218038][ T382] ================================================================== [ 24.226083][ T382] Disabling lock debugging due to kernel taint [ 24.232316][ T382] Kernel panic - not syncing: panic_on_warn set ... [ 24.238906][ T382] CPU: 1 PID: 382 Comm: syz-executor747 Tainted: G B 5.6.0-rc7-syzkaller #0 [ 24.248891][ T382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.258995][ T382] Call Trace: [ 24.262294][ T382] dump_stack+0xef/0x16e [ 24.266544][ T382] panic+0x2aa/0x6e1 [ 24.270419][ T382] ? add_taint.cold+0x16/0x16 [ 24.275088][ T382] ? retint_kernel+0x10/0x10 [ 24.279676][ T382] ? trace_hardirqs_on+0x55/0x200 [ 24.284685][ T382] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 24.290656][ T382] end_report+0x43/0x49 [ 24.294790][ T382] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 24.300756][ T382] __kasan_report.cold+0x55/0x77 [ 24.305669][ T382] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 24.311623][ T382] kasan_report+0xe/0x20 [ 24.315841][ T382] hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 24.321643][ T382] ? hiddev_hid_event+0x2c0/0x2c0 [ 24.326650][ T382] ? usbhid_init_reports+0x124/0x320 [ 24.331921][ T382] hiddev_ioctl+0x7a1/0x1550 [ 24.336486][ T382] ? hiddev_ioctl_string.isra.0+0x1f0/0x1f0 [ 24.342352][ T382] ? do_sys_openat2+0x43f/0x740 [ 24.347175][ T382] ? file_open_root+0x3d0/0x3d0 [ 24.352014][ T382] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 24.357535][ T382] ? do_sys_open+0xc3/0x140 [ 24.362012][ T382] ? hiddev_ioctl_string.isra.0+0x1f0/0x1f0 [ 24.367949][ T382] ksys_ioctl+0x11a/0x180 [ 24.372301][ T382] __x64_sys_ioctl+0x6f/0xb0 [ 24.376891][ T382] ? lockdep_hardirqs_on+0x382/0x580 [ 24.382156][ T382] do_syscall_64+0xb6/0x5a0 [ 24.386647][ T382] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 24.392514][ T382] RIP: 0033:0x445189 [ 24.396385][ T382] Code: e8 ec b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b d4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 24.416068][ T382] RSP: 002b:00007fff1e72e778 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 24.424471][ T382] RAX: ffffffffffffffda RBX: 00000000004a6c70 RCX: 0000000000445189 [ 24.432430][ T382] RDX: 00000000200006c0 RSI: 00000000c018480b RDI: 0000000000000004 [ 24.440395][ T382] RBP: 00007fff1e72e780 R08: 8fce4d9635172f21 R09: 0000000120080522 [ 24.448498][ T382] R10: 000000000000000f R11: 0000000000000246 R12: 00000000004a6c70 [ 24.457407][ T382] R13: 0000000000402ae0 R14: 0000000000000000 R15: 0000000000000000 [ 24.466184][ T382] Kernel Offset: disabled [ 24.470503][ T382] Rebooting in 86400 seconds..