Warning: Permanently added '10.128.0.180' (ECDSA) to the list of known hosts. executing program [ 24.002201][ T21] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 24.242190][ T21] usb 1-1: Using ep0 maxpacket: 8 [ 24.362305][ T21] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 24.373278][ T21] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 24.386071][ T21] usb 1-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00 [ 24.395128][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.404406][ T21] usb 1-1: config 0 descriptor?? [ 24.893945][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 24.901201][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 24.908397][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 24.915532][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 24.922681][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 24.929947][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 24.937104][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 24.944235][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 24.951358][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 24.958518][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 24.965665][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 24.972810][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 24.979917][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 24.987065][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 24.994191][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.001309][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.008456][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.015590][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.022726][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.029865][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.037002][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.044141][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.051229][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.058360][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.065492][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.072626][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.079732][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.086874][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 executing program [ 25.094028][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.101168][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.108314][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.115456][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.122590][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.129689][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.136838][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.143987][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.151099][ T21] logitech 0003:046D:C294.0001: unknown main item tag 0x0 [ 25.159841][ T21] logitech 0003:046D:C294.0001: hidraw0: USB HID v0.00 Device [HID 046d:c294] on usb-dummy_hcd.0-1/input0 [ 25.171286][ T21] logitech 0003:046D:C294.0001: not enough fields in HID_OUTPUT_REPORT 0 [ 25.179821][ T21] logitech: probe of 0003:046D:C294.0001 failed with error -1 [ 25.189013][ T21] usb 1-1: USB disconnect, device number 2 [ 25.542204][ T21] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 25.782201][ T21] usb 1-1: Using ep0 maxpacket: 8 [ 25.902346][ T21] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.913330][ T21] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 25.926143][ T21] usb 1-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00 [ 25.935181][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.944031][ T21] usb 1-1: config 0 descriptor?? [ 26.423530][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.430717][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.437906][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.445041][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.452194][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.459300][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.466445][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.473577][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.480676][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.487828][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.494968][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.502082][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.509256][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.516414][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.523550][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.530689][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.537831][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.544992][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.552095][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.559249][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.566419][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.573550][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.580647][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.587818][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.594974][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.602143][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.609265][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.616422][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.622791][ T1725] ================================================================== [ 26.623665][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.631726][ T1725] BUG: KASAN: use-after-free in usbhid_power+0xca/0xe0 [ 26.638868][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.645606][ T1725] Read of size 8 at addr ffff8881d90d4008 by task syz-executor997/1725 [ 26.645610][ T1725] [ 26.645623][ T1725] CPU: 0 PID: 1725 Comm: syz-executor997 Not tainted 5.3.0-rc5+ #27 [ 26.645633][ T1725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.652759][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.660922][ T1725] Call Trace: [ 26.663306][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.671193][ T1725] dump_stack+0xca/0x13e [ 26.681269][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.688297][ T1725] ? usbhid_power+0xca/0xe0 [ 26.688308][ T1725] ? usbhid_power+0xca/0xe0 [ 26.688321][ T1725] print_address_description+0x6a/0x32c [ 26.688337][ T1725] ? usbhid_power+0xca/0xe0 [ 26.691615][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.698680][ T1725] ? usbhid_power+0xca/0xe0 [ 26.698692][ T1725] __kasan_report.cold+0x1a/0x33 [ 26.698702][ T1725] ? usbhid_power+0xca/0xe0 [ 26.698716][ T1725] kasan_report+0xe/0x12 [ 26.702982][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.710025][ T1725] usbhid_power+0xca/0xe0 [ 26.714548][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.718978][ T1725] hidraw_open+0x20d/0x740 [ 26.724533][ T21] logitech 0003:046D:C294.0002: unknown main item tag 0x0 [ 26.728966][ T1725] ? usbhid_output_report+0x290/0x290 [ 26.789361][ T1725] ? hidraw_ioctl+0xae0/0xae0 [ 26.794016][ T1725] chrdev_open+0x219/0x5c0 [ 26.798409][ T1725] ? cdev_put.part.0+0x50/0x50 [ 26.803151][ T1725] do_dentry_open+0x494/0x1120 [ 26.807893][ T1725] ? cdev_put.part.0+0x50/0x50 [ 26.812655][ T1725] ? chmod_common+0x3c0/0x3c0 [ 26.817331][ T1725] ? inode_permission+0xbe/0x3a0 [ 26.822239][ T1725] path_openat+0x1430/0x3f50 [ 26.826806][ T1725] ? save_stack+0x1b/0x80 [ 26.831107][ T1725] ? do_sys_open+0x294/0x580 [ 26.835666][ T1725] ? do_syscall_64+0xb7/0x580 [ 26.840320][ T1725] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 26.845660][ T1725] ? __lock_acquire+0x145e/0x3b50 [ 26.850654][ T1725] do_filp_open+0x1a1/0x280 [ 26.855132][ T1725] ? may_open_dev+0xf0/0xf0 [ 26.859611][ T1725] ? __alloc_fd+0x46d/0x600 [ 26.864085][ T1725] ? do_raw_spin_lock+0x11a/0x280 [ 26.869087][ T1725] ? do_raw_spin_unlock+0x50/0x220 [ 26.874170][ T1725] ? _raw_spin_unlock+0x1f/0x30 [ 26.878988][ T1725] ? __alloc_fd+0x46d/0x600 [ 26.883464][ T1725] do_sys_open+0x3c0/0x580 [ 26.887852][ T1725] ? filp_open+0x70/0x70 [ 26.892069][ T1725] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 26.897873][ T1725] do_syscall_64+0xb7/0x580 [ 26.902348][ T1725] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 26.908209][ T1725] RIP: 0033:0x4019f0 [ 26.912078][ T1725] Code: 01 f0 ff ff 0f 83 c0 0b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d dd 5c 2d 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 94 0b 00 00 c3 48 83 ec 08 e8 fa 00 00 00 [ 26.931661][ T1725] RSP: 002b:00007ffff5d7a0d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 26.940043][ T1725] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004019f0 [ 26.948028][ T1725] RDX: 0000000000000000 RSI: 0000000000002040 RDI: 00007ffff5d7a0e0 [ 26.955974][ T1725] RBP: 6666666666666667 R08: 000000000000000f R09: 0000000000000000 [ 26.963930][ T1725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402a10 [ 26.971875][ T1725] R13: 0000000000402aa0 R14: 0000000000000000 R15: 0000000000000000 [ 26.979816][ T1725] [ 26.982117][ T1725] Allocated by task 238: [ 26.986331][ T1725] save_stack+0x1b/0x80 [ 26.990458][ T1725] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 26.996059][ T1725] __kmalloc_node_track_caller+0xfc/0x380 [ 27.001748][ T1725] __kmalloc_reserve.isra.0+0x39/0xe0 [ 27.007092][ T1725] __alloc_skb+0xef/0x5a0 [ 27.011389][ T1725] netlink_sendmsg+0x8cd/0xcc0 [ 27.016126][ T1725] sock_sendmsg+0xcf/0x120 [ 27.020510][ T1725] ___sys_sendmsg+0x803/0x920 [ 27.025155][ T1725] __sys_sendmsg+0xec/0x1b0 [ 27.029627][ T1725] do_syscall_64+0xb7/0x580 [ 27.034101][ T1725] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.039959][ T1725] [ 27.042258][ T1725] Freed by task 1701: [ 27.046208][ T1725] save_stack+0x1b/0x80 [ 27.050331][ T1725] __kasan_slab_free+0x130/0x180 [ 27.055238][ T1725] kfree+0xe4/0x2f0 [ 27.059035][ T1725] skb_free_head+0x8b/0xa0 [ 27.063423][ T1725] skb_release_data+0x41f/0x7c0 [ 27.068243][ T1725] skb_release_all+0x46/0x60 [ 27.072802][ T1725] consume_skb+0xd9/0x320 [ 27.077100][ T1725] skb_free_datagram+0x16/0xf0 [ 27.081837][ T1725] netlink_recvmsg+0x65e/0xee0 [ 27.086585][ T1725] sock_recvmsg+0xca/0x110 [ 27.090997][ T1725] ___sys_recvmsg+0x271/0x5a0 [ 27.095645][ T1725] __sys_recvmsg+0xe9/0x1b0 [ 27.100123][ T1725] do_syscall_64+0xb7/0x580 [ 27.104595][ T1725] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.110453][ T1725] [ 27.112756][ T1725] The buggy address belongs to the object at ffff8881d90d4000 [ 27.112756][ T1725] which belongs to the cache kmalloc-1k of size 1024 [ 27.126776][ T1725] The buggy address is located 8 bytes inside of [ 27.126776][ T1725] 1024-byte region [ffff8881d90d4000, ffff8881d90d4400) [ 27.139924][ T1725] The buggy address belongs to the page: [ 27.145526][ T1725] page:ffffea0007643500 refcount:1 mapcount:0 mapping:ffff8881da002280 index:0x0 compound_mapcount: 0 [ 27.156426][ T1725] flags: 0x200000000010200(slab|head) [ 27.161771][ T1725] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da002280 [ 27.170346][ T1725] raw: 0000000000000000 00000000000e000e 00000001ffffffff 0000000000000000 [ 27.178897][ T1725] page dumped because: kasan: bad access detected [ 27.185273][ T1725] [ 27.187572][ T1725] Memory state around the buggy address: [ 27.193185][ T1725] ffff8881d90d3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.201220][ T1725] ffff8881d90d3f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.209249][ T1725] >ffff8881d90d4000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.217276][ T1725] ^ [ 27.221590][ T1725] ffff8881d90d4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.229720][ T1725] ffff8881d90d4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.237747][ T1725] ================================================================== [ 27.245862][ T1725] Disabling lock debugging due to kernel taint [ 27.252174][ T1725] Kernel panic - not syncing: panic_on_warn set ... [ 27.258761][ T1725] CPU: 0 PID: 1725 Comm: syz-executor997 Tainted: G B 5.3.0-rc5+ #27 [ 27.268093][ T1725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.278116][ T1725] Call Trace: [ 27.281386][ T1725] dump_stack+0xca/0x13e [ 27.285611][ T1725] panic+0x2a3/0x6da [ 27.289472][ T1725] ? add_taint.cold+0x16/0x16 [ 27.294115][ T1725] ? retint_kernel+0x10/0x10 [ 27.298677][ T1725] ? trace_hardirqs_on+0x55/0x1e0 [ 27.303670][ T1725] ? usbhid_power+0xca/0xe0 [ 27.308141][ T1725] end_report+0x43/0x49 [ 27.312265][ T1725] ? usbhid_power+0xca/0xe0 [ 27.316740][ T1725] __kasan_report.cold+0xd/0x33 [ 27.321562][ T1725] ? usbhid_power+0xca/0xe0 [ 27.326034][ T1725] kasan_report+0xe/0x12 [ 27.330247][ T1725] usbhid_power+0xca/0xe0 [ 27.334661][ T1725] hidraw_open+0x20d/0x740 [ 27.339063][ T1725] ? usbhid_output_report+0x290/0x290 [ 27.344406][ T1725] ? hidraw_ioctl+0xae0/0xae0 [ 27.349052][ T1725] chrdev_open+0x219/0x5c0 [ 27.353436][ T1725] ? cdev_put.part.0+0x50/0x50 [ 27.358170][ T1725] do_dentry_open+0x494/0x1120 [ 27.362903][ T1725] ? cdev_put.part.0+0x50/0x50 [ 27.367644][ T1725] ? chmod_common+0x3c0/0x3c0 [ 27.372313][ T1725] ? inode_permission+0xbe/0x3a0 [ 27.377226][ T1725] path_openat+0x1430/0x3f50 [ 27.381791][ T1725] ? save_stack+0x1b/0x80 [ 27.386093][ T1725] ? do_sys_open+0x294/0x580 [ 27.390653][ T1725] ? do_syscall_64+0xb7/0x580 [ 27.395301][ T1725] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 27.400642][ T1725] ? __lock_acquire+0x145e/0x3b50 [ 27.405637][ T1725] do_filp_open+0x1a1/0x280 [ 27.410114][ T1725] ? may_open_dev+0xf0/0xf0 [ 27.414589][ T1725] ? __alloc_fd+0x46d/0x600 [ 27.419063][ T1725] ? do_raw_spin_lock+0x11a/0x280 [ 27.424068][ T1725] ? do_raw_spin_unlock+0x50/0x220 [ 27.429152][ T1725] ? _raw_spin_unlock+0x1f/0x30 [ 27.433973][ T1725] ? __alloc_fd+0x46d/0x600 [ 27.438447][ T1725] do_sys_open+0x3c0/0x580 [ 27.442835][ T1725] ? filp_open+0x70/0x70 [ 27.447047][ T1725] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 27.452738][ T1725] do_syscall_64+0xb7/0x580 [ 27.457217][ T1725] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.463092][ T1725] RIP: 0033:0x4019f0 [ 27.466958][ T1725] Code: 01 f0 ff ff 0f 83 c0 0b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d dd 5c 2d 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 94 0b 00 00 c3 48 83 ec 08 e8 fa 00 00 00 [ 27.486531][ T1725] RSP: 002b:00007ffff5d7a0d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 27.494909][ T1725] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004019f0 [ 27.502854][ T1725] RDX: 0000000000000000 RSI: 0000000000002040 RDI: 00007ffff5d7a0e0 [ 27.510796][ T1725] RBP: 6666666666666667 R08: 000000000000000f R09: 0000000000000000 [ 27.518741][ T1725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402a10 [ 27.526686][ T1725] R13: 0000000000402aa0 R14: 0000000000000000 R15: 0000000000000000 [ 27.535096][ T1725] Kernel Offset: disabled [ 27.539402][ T1725] Rebooting in 86400 seconds..