Warning: Permanently added '10.128.0.238' (ECDSA) to the list of known hosts. executing program [ 22.650051][ T22] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 22.890123][ T22] usb 1-1: Using ep0 maxpacket: 8 [ 23.010096][ T22] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 31, changing to 8 [ 23.021097][ T22] usb 1-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 23.033858][ T22] usb 1-1: config 0 interface 0 has no altsetting 0 [ 23.040449][ T22] usb 1-1: New USB device found, idVendor=054c, idProduct=09cc, bcdDevice= 0.00 [ 23.049433][ T22] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 23.058482][ T22] usb 1-1: config 0 descriptor?? [ 23.531792][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.538639][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x2 [ 23.545446][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.552211][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.558943][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.565712][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.572472][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.579219][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.585987][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.592751][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.599491][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.606270][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.613031][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.619853][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.626624][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.633384][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.640144][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.646887][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.653653][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.660427][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.667158][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.673948][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.680709][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.687441][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.694205][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.700969][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.707714][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.714479][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.721235][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 executing program [ 23.727965][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.734755][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.741527][ T22] sony 0003:054C:09CC.0001: unknown main item tag 0x0 [ 23.749560][ T22] sony 0003:054C:09CC.0001: hidraw0: USB HID v80.00 Device [HID 054c:09cc] on usb-dummy_hcd.0-1/input0 [ 23.760654][ T22] sony 0003:054C:09CC.0001: failed to claim input [ 23.768385][ T22] usb 1-1: USB disconnect, device number 2 [ 24.120034][ T22] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 24.360131][ T22] usb 1-1: Using ep0 maxpacket: 8 [ 24.480080][ T22] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 31, changing to 8 [ 24.491257][ T22] usb 1-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 24.504003][ T22] usb 1-1: config 0 interface 0 has no altsetting 0 [ 24.510617][ T22] usb 1-1: New USB device found, idVendor=054c, idProduct=09cc, bcdDevice= 0.00 [ 24.519601][ T22] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.528569][ T22] usb 1-1: config 0 descriptor?? [ 25.011110][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.018013][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x2 [ 25.024804][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.031566][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.038298][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.045161][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.051936][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.058687][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.065458][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.072217][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.079102][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.085881][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.092658][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.099403][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.106177][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.112946][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.119686][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.126467][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.133247][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.140027][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.146768][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.153537][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.160297][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.167028][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.173818][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.180595][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.187328][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.194093][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.200938][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.207679][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.210374][ T1722] ================================================================== [ 25.214666][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.222698][ T1722] BUG: KASAN: use-after-free in usbhid_power+0xca/0xe0 [ 25.222707][ T1722] Read of size 8 at addr ffff8881d69f8008 by task syz-executor285/1722 [ 25.222714][ T1722] [ 25.229442][ T22] sony 0003:054C:09CC.0002: unknown main item tag 0x0 [ 25.236254][ T1722] CPU: 0 PID: 1722 Comm: syz-executor285 Not tainted 5.3.0-rc4+ #26 [ 25.236260][ T1722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.236264][ T1722] Call Trace: [ 25.236276][ T1722] dump_stack+0xca/0x13e [ 25.236288][ T1722] ? usbhid_power+0xca/0xe0 [ 25.283378][ T1722] ? usbhid_power+0xca/0xe0 [ 25.287853][ T1722] print_address_description+0x6a/0x32c [ 25.293369][ T1722] ? usbhid_power+0xca/0xe0 [ 25.297840][ T1722] ? usbhid_power+0xca/0xe0 [ 25.302333][ T1722] __kasan_report.cold+0x1a/0x33 [ 25.307239][ T1722] ? usbhid_power+0xca/0xe0 [ 25.311713][ T1722] kasan_report+0xe/0x12 [ 25.315922][ T1722] usbhid_power+0xca/0xe0 [ 25.320220][ T1722] hidraw_open+0x20d/0x740 [ 25.324608][ T1722] ? usbhid_output_report+0x290/0x290 [ 25.329946][ T1722] ? hidraw_ioctl+0xae0/0xae0 [ 25.334592][ T1722] chrdev_open+0x219/0x5c0 [ 25.338976][ T1722] ? cdev_put.part.0+0x50/0x50 [ 25.343708][ T1722] do_dentry_open+0x494/0x1120 [ 25.348443][ T1722] ? cdev_put.part.0+0x50/0x50 [ 25.353178][ T1722] ? chmod_common+0x3c0/0x3c0 [ 25.357822][ T1722] ? inode_permission+0xbe/0x3a0 [ 25.362735][ T1722] path_openat+0x1430/0x3f50 [ 25.367306][ T1722] ? save_stack+0x1b/0x80 [ 25.371604][ T1722] ? do_sys_open+0x294/0x580 [ 25.376164][ T1722] ? do_syscall_64+0xb7/0x580 [ 25.380812][ T1722] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 25.386155][ T1722] ? __lock_acquire+0x145e/0x3b50 [ 25.391146][ T1722] do_filp_open+0x1a1/0x280 [ 25.395666][ T1722] ? may_open_dev+0xf0/0xf0 [ 25.400148][ T1722] ? __alloc_fd+0x46d/0x600 [ 25.404638][ T1722] ? do_raw_spin_lock+0x11a/0x280 [ 25.409634][ T1722] ? do_raw_spin_unlock+0x50/0x220 [ 25.414714][ T1722] ? _raw_spin_unlock+0x1f/0x30 [ 25.419535][ T1722] ? __alloc_fd+0x46d/0x600 [ 25.424017][ T1722] do_sys_open+0x3c0/0x580 [ 25.428406][ T1722] ? filp_open+0x70/0x70 [ 25.432622][ T1722] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 25.438319][ T1722] do_syscall_64+0xb7/0x580 [ 25.442814][ T1722] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 25.448668][ T1722] RIP: 0033:0x4019f0 [ 25.452527][ T1722] Code: 01 f0 ff ff 0f 83 c0 0b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d dd 5c 2d 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 94 0b 00 00 c3 48 83 ec 08 e8 fa 00 00 00 [ 25.472106][ T1722] RSP: 002b:00007ffd6ffd2798 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 25.480487][ T1722] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004019f0 [ 25.488433][ T1722] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffd6ffd27a0 [ 25.496463][ T1722] RBP: 6666666666666667 R08: 000000000000000f R09: 0000000000000000 [ 25.504498][ T1722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402a10 [ 25.512442][ T1722] R13: 0000000000402aa0 R14: 0000000000000000 R15: 0000000000000000 [ 25.520387][ T1722] [ 25.522688][ T1722] Allocated by task 22: [ 25.526818][ T1722] save_stack+0x1b/0x80 [ 25.530945][ T1722] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 25.536545][ T1722] __kmalloc_node_track_caller+0xfc/0x380 [ 25.542231][ T1722] __kmalloc_reserve.isra.0+0x39/0xe0 [ 25.547567][ T1722] __alloc_skb+0xef/0x5a0 [ 25.551865][ T1722] alloc_uevent_skb+0x7b/0x210 [ 25.556599][ T1722] kobject_uevent_env+0x8ee/0x1160 [ 25.561682][ T1722] device_release_driver_internal+0x3ef/0x500 [ 25.567714][ T1722] bus_remove_device+0x2dc/0x4a0 [ 25.572621][ T1722] device_del+0x420/0xb10 [ 25.576921][ T1722] usb_disconnect+0x4c3/0x8d0 [ 25.581570][ T1722] hub_event+0x1454/0x3640 [ 25.585959][ T1722] process_one_work+0x92b/0x1530 [ 25.590873][ T1722] worker_thread+0x7ab/0xe20 [ 25.595433][ T1722] kthread+0x318/0x420 [ 25.599473][ T1722] ret_from_fork+0x24/0x30 [ 25.603864][ T1722] [ 25.606167][ T1722] Freed by task 238: [ 25.610033][ T1722] save_stack+0x1b/0x80 [ 25.614159][ T1722] __kasan_slab_free+0x130/0x180 [ 25.619063][ T1722] kfree+0xe4/0x2f0 [ 25.622844][ T1722] skb_free_head+0x8b/0xa0 [ 25.627249][ T1722] skb_release_data+0x41f/0x7c0 [ 25.632076][ T1722] skb_release_all+0x46/0x60 [ 25.636637][ T1722] consume_skb+0xd9/0x320 [ 25.640932][ T1722] skb_free_datagram+0x16/0xf0 [ 25.645664][ T1722] netlink_recvmsg+0x65e/0xee0 [ 25.650515][ T1722] sock_recvmsg+0xca/0x110 [ 25.654906][ T1722] ___sys_recvmsg+0x271/0x5a0 [ 25.659553][ T1722] __sys_recvmsg+0xe9/0x1b0 [ 25.664028][ T1722] do_syscall_64+0xb7/0x580 [ 25.668519][ T1722] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 25.674375][ T1722] [ 25.676679][ T1722] The buggy address belongs to the object at ffff8881d69f8000 [ 25.676679][ T1722] which belongs to the cache kmalloc-1k of size 1024 [ 25.690701][ T1722] The buggy address is located 8 bytes inside of [ 25.690701][ T1722] 1024-byte region [ffff8881d69f8000, ffff8881d69f8400) [ 25.703848][ T1722] The buggy address belongs to the page: [ 25.709451][ T1722] page:ffffea00075a7e00 refcount:1 mapcount:0 mapping:ffff8881da002280 index:0x0 compound_mapcount: 0 [ 25.720347][ T1722] flags: 0x200000000010200(slab|head) [ 25.725690][ T1722] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da002280 [ 25.734244][ T1722] raw: 0000000000000000 00000000800e000e 00000001ffffffff 0000000000000000 [ 25.742790][ T1722] page dumped because: kasan: bad access detected [ 25.749168][ T1722] [ 25.751469][ T1722] Memory state around the buggy address: [ 25.757076][ T1722] ffff8881d69f7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.765105][ T1722] ffff8881d69f7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.773222][ T1722] >ffff8881d69f8000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.781250][ T1722] ^ [ 25.785549][ T1722] ffff8881d69f8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.793577][ T1722] ffff8881d69f8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.801603][ T1722] ================================================================== [ 25.809630][ T1722] Disabling lock debugging due to kernel taint [ 25.815808][ T1722] Kernel panic - not syncing: panic_on_warn set ... [ 25.822366][ T1722] CPU: 0 PID: 1722 Comm: syz-executor285 Tainted: G B 5.3.0-rc4+ #26 [ 25.831692][ T1722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.841714][ T1722] Call Trace: [ 25.844978][ T1722] dump_stack+0xca/0x13e [ 25.849186][ T1722] panic+0x2a3/0x6da [ 25.853049][ T1722] ? add_taint.cold+0x16/0x16 [ 25.857694][ T1722] ? retint_kernel+0x10/0x10 [ 25.862250][ T1722] ? trace_hardirqs_on+0x55/0x1e0 [ 25.867243][ T1722] ? usbhid_power+0xca/0xe0 [ 25.871714][ T1722] end_report+0x43/0x49 [ 25.875838][ T1722] ? usbhid_power+0xca/0xe0 [ 25.880307][ T1722] __kasan_report.cold+0xd/0x33 [ 25.885127][ T1722] ? usbhid_power+0xca/0xe0 [ 25.889605][ T1722] kasan_report+0xe/0x12 [ 25.893817][ T1722] usbhid_power+0xca/0xe0 [ 25.898119][ T1722] hidraw_open+0x20d/0x740 [ 25.902506][ T1722] ? usbhid_output_report+0x290/0x290 [ 25.907857][ T1722] ? hidraw_ioctl+0xae0/0xae0 [ 25.912504][ T1722] chrdev_open+0x219/0x5c0 [ 25.916889][ T1722] ? cdev_put.part.0+0x50/0x50 [ 25.921633][ T1722] do_dentry_open+0x494/0x1120 [ 25.926389][ T1722] ? cdev_put.part.0+0x50/0x50 [ 25.931117][ T1722] ? chmod_common+0x3c0/0x3c0 [ 25.935766][ T1722] ? inode_permission+0xbe/0x3a0 [ 25.940670][ T1722] path_openat+0x1430/0x3f50 [ 25.945223][ T1722] ? save_stack+0x1b/0x80 [ 25.949518][ T1722] ? do_sys_open+0x294/0x580 [ 25.954073][ T1722] ? do_syscall_64+0xb7/0x580 [ 25.958717][ T1722] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 25.964060][ T1722] ? __lock_acquire+0x145e/0x3b50 [ 25.969052][ T1722] do_filp_open+0x1a1/0x280 [ 25.973518][ T1722] ? may_open_dev+0xf0/0xf0 [ 25.977986][ T1722] ? __alloc_fd+0x46d/0x600 [ 25.982597][ T1722] ? do_raw_spin_lock+0x11a/0x280 [ 25.987588][ T1722] ? do_raw_spin_unlock+0x50/0x220 [ 25.992676][ T1722] ? _raw_spin_unlock+0x1f/0x30 [ 25.997491][ T1722] ? __alloc_fd+0x46d/0x600 [ 26.001958][ T1722] do_sys_open+0x3c0/0x580 [ 26.006339][ T1722] ? filp_open+0x70/0x70 [ 26.010548][ T1722] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 26.016231][ T1722] do_syscall_64+0xb7/0x580 [ 26.020699][ T1722] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 26.026554][ T1722] RIP: 0033:0x4019f0 [ 26.030420][ T1722] Code: 01 f0 ff ff 0f 83 c0 0b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d dd 5c 2d 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 94 0b 00 00 c3 48 83 ec 08 e8 fa 00 00 00 [ 26.049998][ T1722] RSP: 002b:00007ffd6ffd2798 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 26.058382][ T1722] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004019f0 [ 26.066325][ T1722] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffd6ffd27a0 [ 26.074264][ T1722] RBP: 6666666666666667 R08: 000000000000000f R09: 0000000000000000 [ 26.082204][ T1722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402a10 [ 26.090139][ T1722] R13: 0000000000402aa0 R14: 0000000000000000 R15: 0000000000000000 [ 26.098605][ T1722] Kernel Offset: disabled [ 26.102912][ T1722] Rebooting in 86400 seconds..