[info] Using makefile-style concurrent boot in runlevel 2. [ 14.764285][ C1] random: crng init done [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 25.827839][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 26.067769][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 26.187893][ T12] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 111, using maximum allowed: 30 [ 26.198912][ T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.209831][ T12] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 111 [ 26.222812][ T12] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 26.231858][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.241319][ T12] usb 1-1: config 0 descriptor?? [ 26.719520][ T12] plantronics 0003:047F:FFFF.0001: ignoring exceeding usage max [ 26.728704][ T12] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 26.736605][ T12] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 26.748545][ T12] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 26.988046][ T1724] ================================================================== [ 26.996190][ T1724] BUG: KASAN: slab-out-of-bounds in hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 27.004844][ T1724] Read of size 4 at addr ffff8881d3fc81dc by task syz-executor894/1724 [ 27.013048][ T1724] [ 27.015403][ T1724] CPU: 0 PID: 1724 Comm: syz-executor894 Not tainted 5.3.0+ #0 [ 27.022924][ T1724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.033044][ T1724] Call Trace: [ 27.036314][ T1724] dump_stack+0xca/0x13e [ 27.040532][ T1724] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 27.046485][ T1724] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 27.052440][ T1724] print_address_description.constprop.0+0x36/0x50 [ 27.058934][ T1724] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 27.064923][ T1724] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 27.070877][ T1724] __kasan_report.cold+0x1a/0x33 [ 27.075825][ T1724] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 27.081790][ T1724] kasan_report+0xe/0x12 [ 27.086006][ T1724] hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 27.091782][ T1724] ? hiddev_hid_event+0x2c0/0x2c0 [ 27.096783][ T1724] ? usbhid_init_reports+0x124/0x320 [ 27.102041][ T1724] hiddev_ioctl+0x7a1/0x1550 [ 27.106603][ T1724] ? hiddev_ioctl_string.isra.0+0x1d0/0x1d0 [ 27.112468][ T1724] ? mark_lock+0xbc/0x1160 [ 27.116855][ T1724] ? find_held_lock+0x2d/0x110 [ 27.121596][ T1724] ? debug_check_no_obj_freed+0x20f/0x443 [ 27.127287][ T1724] ? lock_downgrade+0x6e0/0x6e0 [ 27.132111][ T1724] ? lock_acquire+0x127/0x320 [ 27.136761][ T1724] ? debug_check_no_obj_freed+0xc4/0x443 [ 27.142366][ T1724] ? hiddev_ioctl_string.isra.0+0x1d0/0x1d0 [ 27.148232][ T1724] do_vfs_ioctl+0xd2d/0x1330 [ 27.152806][ T1724] ? putname+0xe1/0x120 [ 27.156934][ T1724] ? putname+0xe1/0x120 [ 27.161060][ T1724] ? ioctl_preallocate+0x200/0x200 [ 27.166142][ T1724] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 27.171399][ T1724] ? __kasan_slab_free+0x145/0x180 [ 27.176483][ T1724] ? kmem_cache_free+0x2cd/0x380 [ 27.181394][ T1724] ? putname+0xe1/0x120 [ 27.185521][ T1724] ? do_sys_open+0x2e7/0x580 [ 27.190080][ T1724] ksys_ioctl+0x9b/0xc0 [ 27.194219][ T1724] __x64_sys_ioctl+0x6f/0xb0 [ 27.198782][ T1724] ? lockdep_hardirqs_on+0x382/0x580 [ 27.204038][ T1724] do_syscall_64+0xb7/0x580 [ 27.208513][ T1724] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.214377][ T1724] RIP: 0033:0x444969 [ 27.218421][ T1724] Code: e8 bc af 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 27.237999][ T1724] RSP: 002b:00007ffff4d72ed8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 27.246384][ T1724] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000444969 [ 27.254331][ T1724] RDX: 0000000020000100 RSI: 00000000c018480b RDI: 0000000000000004 [ 27.262278][ T1724] RBP: 00000000006cf018 R08: 8fce4d9635172f21 R09: 00000000004002e0 [ 27.270236][ T1724] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000402610 [ 27.278183][ T1724] R13: 00000000004026a0 R14: 0000000000000000 R15: 0000000000000000 [ 27.286302][ T1724] [ 27.288603][ T1724] The buggy address belongs to the page: [ 27.294210][ T1724] page:ffffea00074fe000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 compound_mapcount: 0 [ 27.305111][ T1724] flags: 0x200000000010000(head) [ 27.311414][ T1724] raw: 0200000000010000 dead000000000100 dead000000000122 0000000000000000 [ 27.319982][ T1724] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.328532][ T1724] page dumped because: kasan: bad access detected [ 27.334911][ T1724] [ 27.337212][ T1724] Memory state around the buggy address: [ 27.342837][ T1724] ffff8881d3fc8080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.350867][ T1724] ffff8881d3fc8100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.358899][ T1724] >ffff8881d3fc8180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.366942][ T1724] ^ [ 27.373857][ T1724] ffff8881d3fc8200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.381888][ T1724] ffff8881d3fc8280: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 27.389917][ T1724] ================================================================== [ 27.397946][ T1724] Disabling lock debugging due to kernel taint [ 27.404316][ T1724] Kernel panic - not syncing: panic_on_warn set ... [ 27.410902][ T1724] CPU: 0 PID: 1724 Comm: syz-executor894 Tainted: G B 5.3.0+ #0 [ 27.419806][ T1724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.429856][ T1724] Call Trace: [ 27.433130][ T1724] dump_stack+0xca/0x13e [ 27.437388][ T1724] panic+0x2a3/0x6da [ 27.441256][ T1724] ? add_taint.cold+0x16/0x16 [ 27.445906][ T1724] ? retint_kernel+0x10/0x10 [ 27.450468][ T1724] ? trace_hardirqs_on+0x55/0x1e0 [ 27.455472][ T1724] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 27.461426][ T1724] end_report+0x43/0x49 [ 27.465555][ T1724] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 27.471520][ T1724] __kasan_report.cold+0xd/0x33 [ 27.476356][ T1724] ? hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 27.482327][ T1724] kasan_report+0xe/0x12 [ 27.486543][ T1724] hiddev_ioctl_usage.isra.0+0x12d0/0x13b0 [ 27.492320][ T1724] ? hiddev_hid_event+0x2c0/0x2c0 [ 27.497314][ T1724] ? usbhid_init_reports+0x124/0x320 [ 27.502569][ T1724] hiddev_ioctl+0x7a1/0x1550 [ 27.507129][ T1724] ? hiddev_ioctl_string.isra.0+0x1d0/0x1d0 [ 27.512992][ T1724] ? mark_lock+0xbc/0x1160 [ 27.517379][ T1724] ? find_held_lock+0x2d/0x110 [ 27.522118][ T1724] ? debug_check_no_obj_freed+0x20f/0x443 [ 27.527818][ T1724] ? lock_downgrade+0x6e0/0x6e0 [ 27.532639][ T1724] ? lock_acquire+0x127/0x320 [ 27.537302][ T1724] ? debug_check_no_obj_freed+0xc4/0x443 [ 27.542903][ T1724] ? hiddev_ioctl_string.isra.0+0x1d0/0x1d0 [ 27.548765][ T1724] do_vfs_ioctl+0xd2d/0x1330 [ 27.553342][ T1724] ? putname+0xe1/0x120 [ 27.557469][ T1724] ? putname+0xe1/0x120 [ 27.561594][ T1724] ? ioctl_preallocate+0x200/0x200 [ 27.566677][ T1724] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 27.571932][ T1724] ? __kasan_slab_free+0x145/0x180 [ 27.577201][ T1724] ? kmem_cache_free+0x2cd/0x380 [ 27.582142][ T1724] ? putname+0xe1/0x120 [ 27.586268][ T1724] ? do_sys_open+0x2e7/0x580 [ 27.590830][ T1724] ksys_ioctl+0x9b/0xc0 [ 27.594957][ T1724] __x64_sys_ioctl+0x6f/0xb0 [ 27.599519][ T1724] ? lockdep_hardirqs_on+0x382/0x580 [ 27.604774][ T1724] do_syscall_64+0xb7/0x580 [ 27.609252][ T1724] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.615148][ T1724] RIP: 0033:0x444969 [ 27.619065][ T1724] Code: e8 bc af 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 27.638689][ T1724] RSP: 002b:00007ffff4d72ed8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 27.647078][ T1724] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000444969 [ 27.655141][ T1724] RDX: 0000000020000100 RSI: 00000000c018480b RDI: 0000000000000004 [ 27.663120][ T1724] RBP: 00000000006cf018 R08: 8fce4d9635172f21 R09: 00000000004002e0 [ 27.671064][ T1724] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000402610 [ 27.679007][ T1724] R13: 00000000004026a0 R14: 0000000000000000 R15: 0000000000000000 [ 27.687636][ T1724] Kernel Offset: disabled [ 27.691945][ T1724] Rebooting in 86400 seconds..