Warning: Permanently added '10.128.1.4' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 37.479503][ T22] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 37.719449][ T22] usb 1-1: Using ep0 maxpacket: 8 [ 37.839568][ T22] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 37.850557][ T22] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 37.863496][ T22] usb 1-1: New USB device found, idVendor=046d, idProduct=ca03, bcdDevice= 0.00 [ 37.872552][ T22] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 37.881768][ T22] usb 1-1: config 0 descriptor?? [ 38.365428][ T22] logitech 0003:046D:CA03.0001: hidraw0: USB HID v0.00 Device [HID 046d:ca03] on usb-dummy_hcd.0-1/input0 [ 38.376970][ T22] ================================================================== [ 38.385085][ T22] BUG: KASAN: slab-out-of-bounds in lg4ff_init+0x89c/0x1800 [ 38.392365][ T22] Write of size 8 at addr ffff8881d961b3c0 by task kworker/1:1/22 [ 38.400141][ T22] [ 38.402462][ T22] CPU: 1 PID: 22 Comm: kworker/1:1 Not tainted 5.3.0-rc7+ #0 [ 38.409814][ T22] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.419853][ T22] Workqueue: usb_hub_wq hub_event [ 38.424860][ T22] Call Trace: [ 38.428156][ T22] dump_stack+0xca/0x13e [ 38.432378][ T22] ? lg4ff_init+0x89c/0x1800 [ 38.436944][ T22] ? lg4ff_init+0x89c/0x1800 [ 38.441531][ T22] print_address_description+0x6a/0x32c [ 38.447053][ T22] ? lg4ff_init+0x89c/0x1800 [ 38.451619][ T22] ? lg4ff_init+0x89c/0x1800 [ 38.456272][ T22] __kasan_report.cold+0x1a/0x33 [ 38.461188][ T22] ? lg4ff_init+0x89c/0x1800 [ 38.465752][ T22] kasan_report+0xe/0x12 [ 38.469975][ T22] check_memory_region+0x128/0x190 [ 38.475153][ T22] lg4ff_init+0x89c/0x1800 [ 38.479548][ T22] ? lg4ff_raw_event+0x400/0x400 [ 38.484475][ T22] lg_probe+0x3b3/0x890 [ 38.488609][ T22] ? mutex_trylock+0x2c0/0x2c0 [ 38.493367][ T22] ? lg_remove+0xa0/0xa0 [ 38.497587][ T22] ? __mutex_unlock_slowpath+0xea/0x670 [ 38.503120][ T22] ? rwlock_bug.part.0+0x90/0x90 [ 38.508055][ T22] ? wait_for_completion+0x3c0/0x3c0 [ 38.513416][ T22] ? hid_match_one_id+0x9d/0x2c0 [ 38.518458][ T22] ? lg_remove+0xa0/0xa0 [ 38.522784][ T22] hid_device_probe+0x2be/0x3f0 [ 38.527623][ T22] ? hid_match_device+0x1f0/0x1f0 [ 38.532665][ T22] really_probe+0x281/0x6d0 [ 38.537153][ T22] driver_probe_device+0x101/0x1b0 [ 38.542273][ T22] __device_attach_driver+0x1c2/0x220 [ 38.548071][ T22] ? driver_allows_async_probing+0x160/0x160 [ 38.554066][ T22] bus_for_each_drv+0x162/0x1e0 [ 38.558899][ T22] ? bus_rescan_devices+0x20/0x20 [ 38.563916][ T22] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 38.569698][ T22] ? lockdep_hardirqs_on+0x379/0x580 [ 38.574960][ T22] __device_attach+0x217/0x360 [ 38.579715][ T22] ? device_bind_driver+0xd0/0xd0 [ 38.584734][ T22] ? kobject_uevent_env+0x29e/0x1150 [ 38.590027][ T22] ? kobject_uevent_env+0x2a8/0x1150 [ 38.595295][ T22] bus_probe_device+0x1e4/0x290 [ 38.600162][ T22] ? blocking_notifier_call_chain+0x54/0xa0 [ 38.606057][ T22] device_add+0xae6/0x16f0 [ 38.610477][ T22] ? up_write+0x97/0x270 [ 38.614694][ T22] ? uevent_store+0x50/0x50 [ 38.619190][ T22] ? __debugfs_create_file+0x2da/0x3c0 [ 38.624648][ T22] hid_add_device+0x33c/0x990 [ 38.629324][ T22] ? __hid_bus_reprobe_drivers+0x130/0x130 [ 38.635130][ T22] ? lockdep_init_map+0x1b0/0x5e0 [ 38.640134][ T22] usbhid_probe+0xa81/0xfa0 [ 38.644721][ T22] usb_probe_interface+0x305/0x7a0 [ 38.649808][ T22] ? usb_probe_device+0x100/0x100 [ 38.654831][ T22] really_probe+0x281/0x6d0 [ 38.659313][ T22] driver_probe_device+0x101/0x1b0 [ 38.664408][ T22] __device_attach_driver+0x1c2/0x220 [ 38.669761][ T22] ? driver_allows_async_probing+0x160/0x160 [ 38.675734][ T22] bus_for_each_drv+0x162/0x1e0 [ 38.680570][ T22] ? bus_rescan_devices+0x20/0x20 [ 38.685571][ T22] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 38.691352][ T22] ? lockdep_hardirqs_on+0x379/0x580 [ 38.696629][ T22] __device_attach+0x217/0x360 [ 38.701370][ T22] ? device_bind_driver+0xd0/0xd0 [ 38.706369][ T22] ? kobject_uevent_env+0x29e/0x1150 [ 38.711708][ T22] ? kobject_uevent_env+0x2a8/0x1150 [ 38.716972][ T22] bus_probe_device+0x1e4/0x290 [ 38.721819][ T22] ? blocking_notifier_call_chain+0x54/0xa0 [ 38.727701][ T22] device_add+0xae6/0x16f0 [ 38.732110][ T22] ? uevent_store+0x50/0x50 [ 38.736611][ T22] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 38.742401][ T22] usb_set_configuration+0xdf6/0x1670 [ 38.747769][ T22] generic_probe+0x9d/0xd5 [ 38.752163][ T22] usb_probe_device+0x99/0x100 [ 38.756903][ T22] ? usb_suspend+0x620/0x620 [ 38.761472][ T22] really_probe+0x281/0x6d0 [ 38.765966][ T22] driver_probe_device+0x101/0x1b0 [ 38.771078][ T22] __device_attach_driver+0x1c2/0x220 [ 38.776441][ T22] ? driver_allows_async_probing+0x160/0x160 [ 38.782414][ T22] bus_for_each_drv+0x162/0x1e0 [ 38.787253][ T22] ? bus_rescan_devices+0x20/0x20 [ 38.792276][ T22] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 38.798168][ T22] ? lockdep_hardirqs_on+0x379/0x580 [ 38.803443][ T22] __device_attach+0x217/0x360 [ 38.808186][ T22] ? device_bind_driver+0xd0/0xd0 [ 38.813188][ T22] ? kobject_uevent_env+0x29e/0x1150 [ 38.818534][ T22] ? kobject_uevent_env+0x2a8/0x1150 [ 38.825115][ T22] bus_probe_device+0x1e4/0x290 [ 38.829957][ T22] ? blocking_notifier_call_chain+0x54/0xa0 [ 38.835840][ T22] device_add+0xae6/0x16f0 [ 38.840410][ T22] ? uevent_store+0x50/0x50 [ 38.844893][ T22] usb_new_device.cold+0x6a4/0xe79 [ 38.849980][ T22] hub_event+0x1b5c/0x3640 [ 38.854373][ T22] ? hub_port_debounce+0x260/0x260 [ 38.859493][ T22] process_one_work+0x92b/0x1530 [ 38.864422][ T22] ? pwq_dec_nr_in_flight+0x310/0x310 [ 38.869776][ T22] ? do_raw_spin_lock+0x11a/0x280 [ 38.874776][ T22] worker_thread+0x96/0xe20 [ 38.879258][ T22] ? process_one_work+0x1530/0x1530 [ 38.884691][ T22] kthread+0x318/0x420 [ 38.888750][ T22] ? kthread_create_on_node+0xf0/0xf0 [ 38.894113][ T22] ret_from_fork+0x24/0x30 [ 38.898501][ T22] [ 38.900821][ T22] Allocated by task 22: [ 38.904955][ T22] save_stack+0x1b/0x80 [ 38.909093][ T22] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 38.914721][ T22] hidraw_connect+0x4b/0x3e0 [ 38.919299][ T22] hid_connect+0x5c7/0xbb0 [ 38.923693][ T22] hid_hw_start+0xa2/0x130 [ 38.928082][ T22] lg_probe+0x2a4/0x890 [ 38.932236][ T22] hid_device_probe+0x2be/0x3f0 [ 38.937063][ T22] really_probe+0x281/0x6d0 [ 38.941541][ T22] driver_probe_device+0x101/0x1b0 [ 38.946642][ T22] __device_attach_driver+0x1c2/0x220 [ 38.951989][ T22] bus_for_each_drv+0x162/0x1e0 [ 38.956828][ T22] __device_attach+0x217/0x360 [ 38.961584][ T22] bus_probe_device+0x1e4/0x290 [ 38.966417][ T22] device_add+0xae6/0x16f0 [ 38.970814][ T22] hid_add_device+0x33c/0x990 [ 38.975590][ T22] usbhid_probe+0xa81/0xfa0 [ 38.980099][ T22] usb_probe_interface+0x305/0x7a0 [ 38.985225][ T22] really_probe+0x281/0x6d0 [ 38.989733][ T22] driver_probe_device+0x101/0x1b0 [ 38.994891][ T22] __device_attach_driver+0x1c2/0x220 [ 39.000261][ T22] bus_for_each_drv+0x162/0x1e0 [ 39.005252][ T22] __device_attach+0x217/0x360 [ 39.010014][ T22] bus_probe_device+0x1e4/0x290 [ 39.014846][ T22] device_add+0xae6/0x16f0 [ 39.019243][ T22] usb_set_configuration+0xdf6/0x1670 [ 39.024599][ T22] generic_probe+0x9d/0xd5 [ 39.029008][ T22] usb_probe_device+0x99/0x100 [ 39.033748][ T22] really_probe+0x281/0x6d0 [ 39.038228][ T22] driver_probe_device+0x101/0x1b0 [ 39.043333][ T22] __device_attach_driver+0x1c2/0x220 [ 39.048682][ T22] bus_for_each_drv+0x162/0x1e0 [ 39.053510][ T22] __device_attach+0x217/0x360 [ 39.058260][ T22] bus_probe_device+0x1e4/0x290 [ 39.063108][ T22] device_add+0xae6/0x16f0 [ 39.067512][ T22] usb_new_device.cold+0x6a4/0xe79 [ 39.072688][ T22] hub_event+0x1b5c/0x3640 [ 39.077086][ T22] process_one_work+0x92b/0x1530 [ 39.082017][ T22] worker_thread+0x96/0xe20 [ 39.086496][ T22] kthread+0x318/0x420 [ 39.090541][ T22] ret_from_fork+0x24/0x30 [ 39.094926][ T22] [ 39.097236][ T22] Freed by task 1: [ 39.100934][ T22] save_stack+0x1b/0x80 [ 39.105063][ T22] __kasan_slab_free+0x130/0x180 [ 39.109998][ T22] kfree+0xe4/0x2f0 [ 39.113781][ T22] call_usermodehelper_exec+0x242/0x4d0 [ 39.119334][ T22] __request_module+0x459/0xb20 [ 39.124186][ T22] crypto_probing_notify+0x57/0x80 [ 39.129307][ T22] crypto_wait_for_test+0xb2/0xd0 [ 39.134323][ T22] crypto_register_alg+0xa6/0xd0 [ 39.139244][ T22] crypto_register_shash+0x32/0x50 [ 39.144351][ T22] do_one_initcall+0xf0/0x614 [ 39.149005][ T22] kernel_init_freeable+0x4a9/0x596 [ 39.154192][ T22] kernel_init+0xd/0x1bf [ 39.158412][ T22] ret_from_fork+0x24/0x30 [ 39.162799][ T22] [ 39.165117][ T22] The buggy address belongs to the object at ffff8881d961b300 [ 39.165117][ T22] which belongs to the cache kmalloc-192 of size 192 [ 39.179242][ T22] The buggy address is located 0 bytes to the right of [ 39.179242][ T22] 192-byte region [ffff8881d961b300, ffff8881d961b3c0) [ 39.192832][ T22] The buggy address belongs to the page: [ 39.198461][ T22] page:ffffea00076586c0 refcount:1 mapcount:0 mapping:ffff8881da002a00 index:0x0 [ 39.207568][ T22] flags: 0x200000000000200(slab) [ 39.212501][ T22] raw: 0200000000000200 dead000000000100 dead000000000122 ffff8881da002a00 [ 39.221073][ T22] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 39.229631][ T22] page dumped because: kasan: bad access detected [ 39.236017][ T22] [ 39.238319][ T22] Memory state around the buggy address: [ 39.243930][ T22] ffff8881d961b280: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 39.251990][ T22] ffff8881d961b300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.260029][ T22] >ffff8881d961b380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 39.268063][