Warning: Permanently added '10.128.0.144' (ECDSA) to the list of known hosts. executing program [ 29.435010][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 29.674977][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 29.795072][ T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 29.806019][ T12] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 29.818826][ T12] usb 1-1: New USB device found, idVendor=046d, idProduct=c219, bcdDevice= 0.00 [ 29.827861][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.837063][ T12] usb 1-1: config 0 descriptor?? [ 30.326631][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.333972][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x2 [ 30.341165][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.348322][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.355482][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.362726][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.369878][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.377026][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.384124][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.391270][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.398409][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.405562][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.412670][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.419812][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.426940][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.434034][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.441184][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.448315][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.455496][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.462612][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.469760][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.476893][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.483985][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.491121][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.498265][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.505415][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.512522][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.519677][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 executing program [ 30.526834][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.533946][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.541096][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.548226][ T12] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 30.557410][ T12] logitech 0003:046D:C219.0001: hidraw0: USB HID v0.00 Device [HID 046d:c219] on usb-dummy_hcd.0-1/input0 [ 30.568773][ T12] logitech 0003:046D:C219.0001: not enough fields in HID_OUTPUT_REPORT 0 [ 30.579105][ T12] usb 1-1: USB disconnect, device number 2 [ 30.934989][ T12] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 31.174971][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 31.295055][ T12] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 31.305979][ T12] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 31.318790][ T12] usb 1-1: New USB device found, idVendor=046d, idProduct=c219, bcdDevice= 0.00 [ 31.327835][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 31.336781][ T12] usb 1-1: config 0 descriptor?? [ 31.816096][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.823281][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x2 [ 31.830499][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.837637][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.844736][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.851873][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.859022][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.866174][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.873353][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.880527][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.887669][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.894765][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.901907][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.909040][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.916190][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.923299][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.930440][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.937638][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.944894][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.952078][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.959221][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.966369][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.973481][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.980635][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.987763][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 31.994857][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 32.001995][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 32.009127][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 32.015348][ T1726] ================================================================== [ 32.016286][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 32.024320][ T1726] BUG: KASAN: use-after-free in usbhid_power+0xca/0xe0 [ 32.024333][ T1726] Read of size 8 at addr ffff8881d32dc008 by task syz-executor231/1726 [ 32.031482][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 32.038255][ T1726] [ 32.038269][ T1726] CPU: 1 PID: 1726 Comm: syz-executor231 Not tainted 5.3.0-rc5+ #27 [ 32.038275][ T1726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.038282][ T1726] Call Trace: [ 32.046545][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 32.053598][ T1726] dump_stack+0xca/0x13e [ 32.055930][ T12] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 32.063852][ T1726] ? usbhid_power+0xca/0xe0 [ 32.099968][ T1726] ? usbhid_power+0xca/0xe0 [ 32.104450][ T1726] print_address_description+0x6a/0x32c [ 32.109970][ T1726] ? usbhid_power+0xca/0xe0 [ 32.114448][ T1726] ? usbhid_power+0xca/0xe0 [ 32.118928][ T1726] __kasan_report.cold+0x1a/0x33 [ 32.123842][ T1726] ? usbhid_power+0xca/0xe0 [ 32.128321][ T1726] kasan_report+0xe/0x12 [ 32.132542][ T1726] usbhid_power+0xca/0xe0 [ 32.136849][ T1726] hidraw_open+0x20d/0x740 [ 32.141241][ T1726] ? usbhid_output_report+0x290/0x290 [ 32.146588][ T1726] ? hidraw_ioctl+0xae0/0xae0 [ 32.151241][ T1726] chrdev_open+0x219/0x5c0 [ 32.155645][ T1726] ? cdev_put.part.0+0x50/0x50 [ 32.160397][ T1726] do_dentry_open+0x494/0x1120 [ 32.165141][ T1726] ? cdev_put.part.0+0x50/0x50 [ 32.169879][ T1726] ? chmod_common+0x3c0/0x3c0 [ 32.174530][ T1726] ? inode_permission+0xbe/0x3a0 [ 32.179444][ T1726] path_openat+0x1430/0x3f50 [ 32.184517][ T1726] ? save_stack+0x1b/0x80 [ 32.188821][ T1726] ? do_sys_open+0x294/0x580 [ 32.193384][ T1726] ? do_syscall_64+0xb7/0x580 [ 32.198033][ T1726] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 32.203381][ T1726] ? __lock_acquire+0x145e/0x3b50 [ 32.208440][ T1726] do_filp_open+0x1a1/0x280 [ 32.212949][ T1726] ? may_open_dev+0xf0/0xf0 [ 32.217446][ T1726] ? __alloc_fd+0x46d/0x600 [ 32.221930][ T1726] ? do_raw_spin_lock+0x11a/0x280 [ 32.226933][ T1726] ? do_raw_spin_unlock+0x50/0x220 [ 32.232019][ T1726] ? _raw_spin_unlock+0x1f/0x30 [ 32.236845][ T1726] ? __alloc_fd+0x46d/0x600 [ 32.241325][ T1726] do_sys_open+0x3c0/0x580 [ 32.245720][ T1726] ? filp_open+0x70/0x70 [ 32.249941][ T1726] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 32.255637][ T1726] do_syscall_64+0xb7/0x580 [ 32.260118][ T1726] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.265985][ T1726] RIP: 0033:0x4019f0 [ 32.269861][ T1726] Code: 01 f0 ff ff 0f 83 c0 0b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d dd 5c 2d 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 94 0b 00 00 c3 48 83 ec 08 e8 fa 00 00 00 [ 32.289440][ T1726] RSP: 002b:00007ffeae3816a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 32.297837][ T1726] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004019f0 [ 32.305785][ T1726] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffeae3816b0 [ 32.313731][ T1726] RBP: 6666666666666667 R08: 000000000000000f R09: 0000000000000000 [ 32.321691][ T1726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402a10 [ 32.329639][ T1726] R13: 0000000000402aa0 R14: 0000000000000000 R15: 0000000000000000 [ 32.337597][ T1726] [ 32.339900][ T1726] Allocated by task 12: [ 32.344056][ T1726] save_stack+0x1b/0x80 [ 32.348194][ T1726] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 32.353813][ T1726] __kmalloc_node_track_caller+0xfc/0x380 [ 32.359506][ T1726] __kmalloc_reserve.isra.0+0x39/0xe0 [ 32.364849][ T1726] __alloc_skb+0xef/0x5a0 [ 32.369157][ T1726] alloc_uevent_skb+0x7b/0x210 [ 32.373901][ T1726] kobject_uevent_env+0x8ee/0x1160 [ 32.379001][ T1726] device_del+0x6b2/0xb10 [ 32.383308][ T1726] usb_disable_device+0x211/0x690 [ 32.388306][ T1726] usb_disconnect+0x284/0x8d0 [ 32.392958][ T1726] hub_event+0x1454/0x3640 [ 32.397352][ T1726] process_one_work+0x92b/0x1530 [ 32.402266][ T1726] worker_thread+0x7ab/0xe20 [ 32.406832][ T1726] kthread+0x318/0x420 [ 32.410876][ T1726] ret_from_fork+0x24/0x30 [ 32.415275][ T1726] [ 32.417582][ T1726] Freed by task 239: [ 32.421464][ T1726] save_stack+0x1b/0x80 [ 32.425595][ T1726] __kasan_slab_free+0x130/0x180 [ 32.430507][ T1726] kfree+0xe4/0x2f0 [ 32.434302][ T1726] skb_free_head+0x8b/0xa0 [ 32.438695][ T1726] skb_release_data+0x41f/0x7c0 [ 32.443519][ T1726] skb_release_all+0x46/0x60 [ 32.448095][ T1726] consume_skb+0xd9/0x320 [ 32.452401][ T1726] skb_free_datagram+0x16/0xf0 [ 32.457144][ T1726] netlink_recvmsg+0x65e/0xee0 [ 32.461884][ T1726] sock_recvmsg+0xca/0x110 [ 32.466294][ T1726] ___sys_recvmsg+0x271/0x5a0 [ 32.470949][ T1726] __sys_recvmsg+0xe9/0x1b0 [ 32.475429][ T1726] do_syscall_64+0xb7/0x580 [ 32.479906][ T1726] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.485768][ T1726] [ 32.488083][ T1726] The buggy address belongs to the object at ffff8881d32dc000 [ 32.488083][ T1726] which belongs to the cache kmalloc-1k of size 1024 [ 32.502110][ T1726] The buggy address is located 8 bytes inside of [ 32.502110][ T1726] 1024-byte region [ffff8881d32dc000, ffff8881d32dc400) [ 32.515264][ T1726] The buggy address belongs to the page: [ 32.520872][ T1726] page:ffffea00074cb700 refcount:1 mapcount:0 mapping:ffff8881da002280 index:0x0 compound_mapcount: 0 [ 32.531776][ T1726] flags: 0x200000000010200(slab|head) [ 32.537126][ T1726] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da002280 [ 32.545688][ T1726] raw: 0000000000000000 00000000800e000e 00000001ffffffff 0000000000000000 [ 32.554243][ T1726] page dumped because: kasan: bad access detected [ 32.560636][ T1726] [ 32.562937][ T1726] Memory state around the buggy address: [ 32.568559][ T1726] ffff8881d32dbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.576602][ T1726] ffff8881d32dbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.584638][ T1726] >ffff8881d32dc000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.592677][ T1726] ^ [ 32.596978][ T1726] ffff8881d32dc080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.605024][ T1726] ffff8881d32dc100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.613055][ T1726] ================================================================== [ 32.621099][ T1726] Disabling lock debugging due to kernel taint [ 32.627301][ T1726] Kernel panic - not syncing: panic_on_warn set ... [ 32.633866][ T1726] CPU: 1 PID: 1726 Comm: syz-executor231 Tainted: G B 5.3.0-rc5+ #27 [ 32.643305][ T1726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.653360][ T1726] Call Trace: [ 32.656634][ T1726] dump_stack+0xca/0x13e [ 32.660848][ T1726] panic+0x2a3/0x6da [ 32.664710][ T1726] ? add_taint.cold+0x16/0x16 [ 32.669359][ T1726] ? retint_kernel+0x10/0x10 [ 32.673921][ T1726] ? trace_hardirqs_on+0x55/0x1e0 [ 32.678917][ T1726] ? usbhid_power+0xca/0xe0 [ 32.683389][ T1726] end_report+0x43/0x49 [ 32.687516][ T1726] ? usbhid_power+0xca/0xe0 [ 32.692005][ T1726] __kasan_report.cold+0xd/0x33 [ 32.696826][ T1726] ? usbhid_power+0xca/0xe0 [ 32.701296][ T1726] kasan_report+0xe/0x12 [ 32.705509][ T1726] usbhid_power+0xca/0xe0 [ 32.709805][ T1726] hidraw_open+0x20d/0x740 [ 32.714191][ T1726] ? usbhid_output_report+0x290/0x290 [ 32.719532][ T1726] ? hidraw_ioctl+0xae0/0xae0 [ 32.724179][ T1726] chrdev_open+0x219/0x5c0 [ 32.728566][ T1726] ? cdev_put.part.0+0x50/0x50 [ 32.733307][ T1726] do_dentry_open+0x494/0x1120 [ 32.738144][ T1726] ? cdev_put.part.0+0x50/0x50 [ 32.742888][ T1726] ? chmod_common+0x3c0/0x3c0 [ 32.747544][ T1726] ? inode_permission+0xbe/0x3a0 [ 32.752453][ T1726] path_openat+0x1430/0x3f50 [ 32.757015][ T1726] ? save_stack+0x1b/0x80 [ 32.761317][ T1726] ? do_sys_open+0x294/0x580 [ 32.765879][ T1726] ? do_syscall_64+0xb7/0x580 [ 32.770528][ T1726] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 32.775868][ T1726] ? __lock_acquire+0x145e/0x3b50 [ 32.780878][ T1726] do_filp_open+0x1a1/0x280 [ 32.785360][ T1726] ? may_open_dev+0xf0/0xf0 [ 32.789834][ T1726] ? __alloc_fd+0x46d/0x600 [ 32.794372][ T1726] ? do_raw_spin_lock+0x11a/0x280 [ 32.799379][ T1726] ? do_raw_spin_unlock+0x50/0x220 [ 32.804467][ T1726] ? _raw_spin_unlock+0x1f/0x30 [ 32.809290][ T1726] ? __alloc_fd+0x46d/0x600 [ 32.813768][ T1726] do_sys_open+0x3c0/0x580 [ 32.818172][ T1726] ? filp_open+0x70/0x70 [ 32.822385][ T1726] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 32.828074][ T1726] do_syscall_64+0xb7/0x580 [ 32.832551][ T1726] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.838411][ T1726] RIP: 0033:0x4019f0 [ 32.842276][ T1726] Code: 01 f0 ff ff 0f 83 c0 0b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d dd 5c 2d 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 94 0b 00 00 c3 48 83 ec 08 e8 fa 00 00 00 [ 32.861914][ T1726] RSP: 002b:00007ffeae3816a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 32.870320][ T1726] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004019f0 [ 32.878288][ T1726] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffeae3816b0 [ 32.886242][ T1726] RBP: 6666666666666667 R08: 000000000000000f R09: 0000000000000000 [ 32.894189][ T1726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402a10 [ 32.902131][ T1726] R13: 0000000000402aa0 R14: 0000000000000000 R15: 0000000000000000 [ 32.910570][ T1726] Kernel Offset: disabled [ 32.914881][ T1726] Rebooting in 86400 seconds..