Warning: Permanently added '10.128.0.108' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 25.022148][ T21] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 25.032114][ T1741] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 25.039692][ T12] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 25.047348][ T1742] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 25.054883][ T1737] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 25.062427][ T5] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 25.272111][ T21] usb 1-1: Using ep0 maxpacket: 32 [ 25.302109][ T12] usb 6-1: Using ep0 maxpacket: 32 [ 25.307419][ T1742] usb 5-1: Using ep0 maxpacket: 32 [ 25.312608][ T5] usb 4-1: Using ep0 maxpacket: 32 [ 25.317848][ T1737] usb 3-1: Using ep0 maxpacket: 32 [ 25.323072][ T1741] usb 2-1: Using ep0 maxpacket: 32 [ 25.392209][ T21] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.403264][ T21] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 25.416130][ T21] usb 1-1: New USB device found, idVendor=046d, idProduct=c71c, bcdDevice= 0.40 [ 25.422508][ T12] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.425201][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.436287][ T12] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 25.450247][ T21] usb 1-1: config 0 descriptor?? [ 25.457190][ T12] usb 6-1: New USB device found, idVendor=046d, idProduct=c71c, bcdDevice= 0.40 [ 25.457208][ T12] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.479315][ T1737] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.490280][ T1737] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 25.503482][ T1737] usb 3-1: New USB device found, idVendor=046d, idProduct=c71c, bcdDevice= 0.40 [ 25.512892][ T1737] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.521022][ T1742] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.531980][ T1742] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 25.545089][ T1742] usb 5-1: New USB device found, idVendor=046d, idProduct=c71c, bcdDevice= 0.40 [ 25.554211][ T1742] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.562371][ T5] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.573450][ T5] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 25.586323][ T5] usb 4-1: New USB device found, idVendor=046d, idProduct=c71c, bcdDevice= 0.40 [ 25.595439][ T5] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.605567][ T1741] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.617129][ T1741] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 25.629959][ T1741] usb 2-1: New USB device found, idVendor=046d, idProduct=c71c, bcdDevice= 0.40 [ 25.639061][ T1741] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.647997][ T1737] usb 3-1: config 0 descriptor?? [ 25.654272][ T1742] usb 5-1: config 0 descriptor?? [ 25.659616][ T1741] usb 2-1: config 0 descriptor?? [ 25.665557][ T5] usb 4-1: config 0 descriptor?? [ 25.672013][ T12] usb 6-1: config 0 descriptor?? [ 25.964242][ T21] logitech-djreceiver 0003:046D:C71C.0001: unknown main item tag 0x0 [ 25.972629][ T21] logitech-djreceiver 0003:046D:C71C.0001: unknown main item tag 0x0 [ 25.980741][ T21] logitech-djreceiver 0003:046D:C71C.0001: unknown main item tag 0x0 [ 25.988985][ T21] logitech-djreceiver 0003:046D:C71C.0001: unknown main item tag 0x0 [ 25.997142][ T21] logitech-djreceiver 0003:046D:C71C.0001: unknown main item tag 0x0 [ 26.005312][ T21] logitech-djreceiver 0003:046D:C71C.0001: unknown main item tag 0x0 [ 26.013479][ T21] logitech-djreceiver 0003:046D:C71C.0001: unknown main item tag 0x0 [ 26.021555][ T21] logitech-djreceiver 0003:046D:C71C.0001: unknown main item tag 0x0 [ 26.029699][ T21] logitech-djreceiver 0003:046D:C71C.0001: unknown main item tag 0x0 [ 26.038086][ T21] logitech-djreceiver 0003:046D:C71C.0001: unknown main item tag 0x0 [ 26.048363][ T21] logitech-djreceiver 0003:046D:C71C.0001: hidraw0: USB HID v0.00 Device [HID 046d:c71c] on usb-dummy_hcd.0-1/input0 [ 26.133750][ T1737] logitech-djreceiver 0003:046D:C71C.0002: unknown main item tag 0x0 [ 26.141906][ T1737] logitech-djreceiver 0003:046D:C71C.0002: unknown main item tag 0x0 [ 26.150194][ T1737] logitech-djreceiver 0003:046D:C71C.0002: unknown main item tag 0x0 [ 26.158384][ T1737] logitech-djreceiver 0003:046D:C71C.0002: unknown main item tag 0x0 [ 26.166538][ T1737] logitech-djreceiver 0003:046D:C71C.0002: unknown main item tag 0x0 [ 26.174754][ T1737] logitech-djreceiver 0003:046D:C71C.0002: unknown main item tag 0x0 [ 26.182898][ T1737] logitech-djreceiver 0003:046D:C71C.0002: unknown main item tag 0x0 [ 26.190990][ T1737] logitech-djreceiver 0003:046D:C71C.0002: unknown main item tag 0x0 [ 26.199153][ T1737] logitech-djreceiver 0003:046D:C71C.0002: unknown main item tag 0x0 [ 26.207270][ T1737] logitech-djreceiver 0003:046D:C71C.0002: unknown main item tag 0x0 [ 26.216923][ T1742] logitech-djreceiver 0003:046D:C71C.0003: unknown main item tag 0x0 [ 26.227027][ T5] logitech-djreceiver 0003:046D:C71C.0004: unknown main item tag 0x0 [ 26.237061][ T1741] logitech-djreceiver 0003:046D:C71C.0005: unknown main item tag 0x0 [ 26.246935][ T12] logitech-djreceiver 0003:046D:C71C.0006: unknown main item tag 0x0 [ 26.255140][ T12] logitech-djreceiver 0003:046D:C71C.0006: unknown main item tag 0x0 [ 26.263322][ T12] logitech-djreceiver 0003:046D:C71C.0006: unknown main item tag 0x0 [ 26.271413][ T12] logitech-djreceiver 0003:046D:C71C.0006: unknown main item tag 0x0 [ 26.279579][ T12] logitech-djreceiver 0003:046D:C71C.0006: unknown main item tag 0x0 [ 26.288656][ T12] logitech-djreceiver 0003:046D:C71C.0006: unknown main item tag 0x0 [ 26.296791][ T12] logitech-djreceiver 0003:046D:C71C.0006: unknown main item tag 0x0 [ 26.304964][ T12] logitech-djreceiver 0003:046D:C71C.0006: unknown main item tag 0x0 [ 26.313090][ T12] logitech-djreceiver 0003:046D:C71C.0006: unknown main item tag 0x0 [ 26.321175][ T12] logitech-djreceiver 0003:046D:C71C.0006: unknown main item tag 0x0 [ 26.329385][ T1741] logitech-djreceiver 0003:046D:C71C.0005: unknown main item tag 0x0 [ 26.337548][ T1741] logitech-djreceiver 0003:046D:C71C.0005: unknown main item tag 0x0 [ 26.345710][ T1741] logitech-djreceiver 0003:046D:C71C.0005: unknown main item tag 0x0 [ 26.353859][ T1741] logitech-djreceiver 0003:046D:C71C.0005: unknown main item tag 0x0 [ 26.361944][ T1741] logitech-djreceiver 0003:046D:C71C.0005: unknown main item tag 0x0 [ 26.370068][ T1741] logitech-djreceiver 0003:046D:C71C.0005: unknown main item tag 0x0 [ 26.378201][ T1741] logitech-djreceiver 0003:046D:C71C.0005: unknown main item tag 0x0 [ 26.386327][ T1741] logitech-djreceiver 0003:046D:C71C.0005: unknown main item tag 0x0 [ 26.394567][ T1741] logitech-djreceiver 0003:046D:C71C.0005: unknown main item tag 0x0 [ 26.402781][ T5] logitech-djreceiver 0003:046D:C71C.0004: unknown main item tag 0x0 [ 26.411059][ T5] logitech-djreceiver 0003:046D:C71C.0004: unknown main item tag 0x0 [ 26.419236][ T5] logitech-djreceiver 0003:046D:C71C.0004: unknown main item tag 0x0 [ 26.427382][ T5] logitech-djreceiver 0003:046D:C71C.0004: unknown main item tag 0x0 [ 26.435504][ T5] logitech-djreceiver 0003:046D:C71C.0004: unknown main item tag 0x0 [ 26.443617][ T5] logitech-djreceiver 0003:046D:C71C.0004: unknown main item tag 0x0 [ 26.451692][ T5] logitech-djreceiver 0003:046D:C71C.0004: unknown main item tag 0x0 [ 26.459921][ T5] logitech-djreceiver 0003:046D:C71C.0004: unknown main item tag 0x0 [ 26.468050][ T5] logitech-djreceiver 0003:046D:C71C.0004: unknown main item tag 0x0 [ 26.476269][ T1742] logitech-djreceiver 0003:046D:C71C.0003: unknown main item tag 0x0 [ 26.484444][ T1742] logitech-djreceiver 0003:046D:C71C.0003: unknown main item tag 0x0 [ 26.492637][ T1742] logitech-djreceiver 0003:046D:C71C.0003: unknown main item tag 0x0 [ 26.500736][ T1742] logitech-djreceiver 0003:046D:C71C.0003: unknown main item tag 0x0 [ 26.508895][ T1742] logitech-djreceiver 0003:046D:C71C.0003: unknown main item tag 0x0 [ 26.517021][ T1742] logitech-djreceiver 0003:046D:C71C.0003: unknown main item tag 0x0 [ 26.525341][ T1742] logitech-djreceiver 0003:046D:C71C.0003: unknown main item tag 0x0 [ 26.533479][ T1742] logitech-djreceiver 0003:046D:C71C.0003: unknown main item tag 0x0 [ 26.541657][ T1742] logitech-djreceiver 0003:046D:C71C.0003: unknown main item tag 0x0 [ 26.551991][ T1737] logitech-djreceiver 0003:046D:C71C.0002: hidraw1: USB HID v0.00 Device [HID 046d:c71c] on usb-dummy_hcd.2-1/input0 [ 26.565429][ T1741] logitech-djreceiver 0003:046D:C71C.0005: hidraw2: USB HID v0.00 Device [HID 046d:c71c] on usb-dummy_hcd.1-1/input0 [ 26.578805][ T5] logitech-djreceiver 0003:046D:C71C.0004: hidraw3: USB HID v0.00 Device [HID 046d:c71c] on usb-dummy_hcd.3-1/input0 [ 26.592618][ T1742] logitech-djreceiver 0003:046D:C71C.0003: hidraw4: USB HID v0.00 Device [HID 046d:c71c] on usb-dummy_hcd.4-1/input0 [ 26.605812][ T12] logitech-djreceiver 0003:046D:C71C.0006: hidraw5: USB HID v0.00 Device [HID 046d:c71c] on usb-dummy_hcd.5-1/input0 executing program [ 26.703580][ T21] usb 1-1: USB disconnect, device number 2 [ 26.718157][ T1778] ================================================================== [ 26.726346][ T1778] BUG: KASAN: use-after-free in hidraw_ioctl+0x5e1/0xae0 [ 26.733367][ T1778] Read of size 4 at addr ffff8881d375c018 by task syz-executor762/1778 [ 26.741860][ T1778] [ 26.744180][ T1778] CPU: 1 PID: 1778 Comm: syz-executor762 Not tainted 5.3.0-rc2+ #25 [ 26.752403][ T1778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.762477][ T1778] Call Trace: [ 26.765807][ T1778] dump_stack+0xca/0x13e [ 26.770065][ T1778] ? hidraw_ioctl+0x5e1/0xae0 [ 26.774759][ T1778] ? hidraw_ioctl+0x5e1/0xae0 [ 26.779440][ T1778] print_address_description+0x6a/0x32c [ 26.784978][ T1778] ? hidraw_ioctl+0x5e1/0xae0 [ 26.789639][ T1778] ? hidraw_ioctl+0x5e1/0xae0 [ 26.794316][ T1778] __kasan_report.cold+0x1a/0x33 [ 26.799267][ T1778] ? hidraw_ioctl+0x5e1/0xae0 [ 26.803977][ T1778] kasan_report+0xe/0x12 [ 26.808215][ T1778] hidraw_ioctl+0x5e1/0xae0 [ 26.812711][ T1778] ? hidraw_disconnect+0x2c0/0x2c0 [ 26.817809][ T1778] ? find_held_lock+0x2d/0x110 [ 26.822569][ T1778] ? __fget+0x32e/0x530 [ 26.826727][ T1778] ? hidraw_disconnect+0x2c0/0x2c0 [ 26.831822][ T1778] do_vfs_ioctl+0xd2d/0x1330 [ 26.836522][ T1778] ? ioctl_preallocate+0x200/0x200 [ 26.841671][ T1778] ? __fget+0x357/0x530 [ 26.845820][ T1778] ? ksys_dup3+0x3c0/0x3c0 [ 26.850312][ T1778] ? __sched_text_start+0x8/0x8 [ 26.855232][ T1778] ksys_ioctl+0x9b/0xc0 [ 26.859378][ T1778] __x64_sys_ioctl+0x6f/0xb0 [ 26.863959][ T1778] ? lockdep_hardirqs_on+0x379/0x580 [ 26.869250][ T1778] do_syscall_64+0xb7/0x580 [ 26.873755][ T1778] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 26.879634][ T1778] RIP: 0033:0x44c439 [ 26.883517][ T1778] Code: e8 ec e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 26.903132][ T1778] RSP: 002b:00007f189cd55ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 26.911556][ T1778] RAX: ffffffffffffffda RBX: 00000000006ddc58 RCX: 000000000044c439 [ 26.919645][ T1778] RDX: 0000000020000940 RSI: 0000000090044802 RDI: 0000000000000004 [ 26.927632][ T1778] RBP: 00000000006ddc50 R08: 0000000000000000 R09: 0000000000000000 [ 26.935623][ T1778] R10: 00007f189cd56700 R11: 0000000000000246 R12: 00000000006ddc5c [ 26.943619][ T1778] R13: 00007ffe17975c3f R14: 00007f189cd569c0 R15: 0000000000000005 [ 26.951615][ T1778] [ 26.953956][ T1778] The buggy address belongs to the page: [ 26.959599][ T1778] page:ffffea00074dd700 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 [ 26.968965][ T1778] flags: 0x200000000000000() [ 26.973540][ T1778] raw: 0200000000000000 ffffea0007464f08 ffff88821fffabd0 0000000000000000 [ 26.982113][ T1778] raw: 0000000000000000 0000000000000002 00000000ffffff7f 0000000000000000 [ 26.990690][ T1778] page dumped because: kasan: bad access detected [ 26.997125][ T1778] [ 26.999442][ T1778] Memory state around the buggy address: [ 27.005080][ T1778] ffff8881d375bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.013235][ T1778] ffff8881d375bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.021315][ T1778] >ffff8881d375c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.029392][ T1778] ^ [ 27.034954][ T1778] ffff8881d375c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.043060][ T1778] ffff8881d375c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.052115][ T1778] ================================================================== [ 27.060160][ T1778] Disabling lock debugging due to kernel taint [ 27.066421][ T1778] Kernel panic - not syncing: panic_on_warn set ... [ 27.073050][ T1778] CPU: 1 PID: 1778 Comm: syz-executor762 Tainted: G B 5.3.0-rc2+ #25 [ 27.082511][ T1778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.092569][ T1778] Call Trace: [ 27.095856][ T1778] dump_stack+0xca/0x13e [ 27.100088][ T1778] panic+0x2a3/0x6da [ 27.103969][ T1778] ? add_taint.cold+0x16/0x16 [ 27.108632][ T1778] ? retint_kernel+0x10/0x10 [ 27.113212][ T1778] ? trace_hardirqs_on+0x55/0x1e0 [ 27.118223][ T1778] ? hidraw_ioctl+0x5e1/0xae0 [ 27.122892][ T1778] end_report+0x43/0x49 [ 27.127057][ T1778] ? hidraw_ioctl+0x5e1/0xae0 [ 27.131732][ T1778] __kasan_report.cold+0xd/0x33 [ 27.136571][ T1778] ? hidraw_ioctl+0x5e1/0xae0 [ 27.141234][ T1778] kasan_report+0xe/0x12 [ 27.145479][ T1778] hidraw_ioctl+0x5e1/0xae0 [ 27.150010][ T1778] ? hidraw_disconnect+0x2c0/0x2c0 [ 27.155146][ T1778] ? find_held_lock+0x2d/0x110 [ 27.159921][ T1778] ? __fget+0x32e/0x530 [ 27.164141][ T1778] ? hidraw_disconnect+0x2c0/0x2c0 [ 27.169270][ T1778] do_vfs_ioctl+0xd2d/0x1330 [ 27.173856][ T1778] ? ioctl_preallocate+0x200/0x200 [ 27.178983][ T1778] ? __fget+0x357/0x530 [ 27.183139][ T1778] ? ksys_dup3+0x3c0/0x3c0 [ 27.187576][ T1778] ? __sched_text_start+0x8/0x8 [ 27.192432][ T1778] ksys_ioctl+0x9b/0xc0 [ 27.196578][ T1778] __x64_sys_ioctl+0x6f/0xb0 [ 27.201158][ T1778] ? lockdep_hardirqs_on+0x379/0x580 [ 27.206449][ T1778] do_syscall_64+0xb7/0x580 [ 27.212079][ T1778] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.217967][ T1778] RIP: 0033:0x44c439 [ 27.221846][ T1778] Code: e8 ec e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 27.241435][ T1778] RSP: 002b:00007f189cd55ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 27.249854][ T1778] RAX: ffffffffffffffda RBX: 00000000006ddc58 RCX: 000000000044c439 [ 27.257816][ T1778] RDX: 0000000020000940 RSI: 0000000090044802 RDI: 0000000000000004 [ 27.265788][ T1778] RBP: 00000000006ddc50 R08: 0000000000000000 R09: 0000000000000000 [ 27.273769][ T1778] R10: 00007f189cd56700 R11: 0000000000000246 R12: 00000000006ddc5c [ 27.281737][ T1778] R13: 00007ffe17975c3f R14: 00007f189cd569c0 R15: 0000000000000005 [ 27.290028][ T1778] Kernel Offset: disabled [ 27.301238][ T1778] Rebooting in 86400 seconds..