Warning: Permanently added '10.128.0.131' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 24.733894][ T21] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 25.093942][ T21] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.104891][ T21] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 126, changing to 10 [ 25.116064][ T21] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 25.129098][ T21] usb 1-1: New USB device found, idVendor=046d, idProduct=c219, bcdDevice= 0.40 [ 25.138124][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.147255][ T21] usb 1-1: config 0 descriptor?? [ 25.625505][ T21] logitech 0003:046D:C219.0001: unknown main item tag 0x0 [ 25.635130][ T21] logitech 0003:046D:C219.0001: hidraw0: USB HID v0.00 Device [HID 046d:c219] on usb-dummy_hcd.0-1/input0 [ 25.646609][ T21] logitech 0003:046D:C219.0001: not enough fields in HID_OUTPUT_REPORT 0 executing program [ 25.897155][ T21] usb 1-1: USB disconnect, device number 2 [ 26.253847][ T21] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 26.613946][ T21] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.624828][ T21] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 126, changing to 10 [ 26.635858][ T21] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 26.648805][ T21] usb 1-1: New USB device found, idVendor=046d, idProduct=c219, bcdDevice= 0.40 [ 26.657916][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.666770][ T21] usb 1-1: config 0 descriptor?? [ 27.144915][ T21] logitech 0003:046D:C219.0002: unknown main item tag 0x0 [ 27.153507][ T21] logitech 0003:046D:C219.0002: hidraw1: USB HID v0.00 Device [HID 046d:c219] on usb-dummy_hcd.0-1/input0 [ 27.164868][ T21] logitech 0003:046D:C219.0002: not enough fields in HID_OUTPUT_REPORT 0 [ 27.344186][ T1720] ================================================================== [ 27.352322][ T1720] BUG: KASAN: use-after-free in __pm_runtime_resume+0x162/0x180 [ 27.359921][ T1720] Read of size 1 at addr ffff8881d94971f1 by task syz-executor850/1720 [ 27.368119][ T1720] [ 27.370424][ T1720] CPU: 0 PID: 1720 Comm: syz-executor850 Not tainted 5.3.0-rc5+ #28 [ 27.378370][ T1720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.388398][ T1720] Call Trace: [ 27.391659][ T1720] dump_stack+0xca/0x13e [ 27.395875][ T1720] ? __pm_runtime_resume+0x162/0x180 [ 27.401126][ T1720] ? __pm_runtime_resume+0x162/0x180 [ 27.406394][ T1720] print_address_description+0x6a/0x32c [ 27.411917][ T1720] ? __pm_runtime_resume+0x162/0x180 [ 27.417172][ T1720] ? __pm_runtime_resume+0x162/0x180 [ 27.422426][ T1720] __kasan_report.cold+0x1a/0x33 [ 27.427334][ T1720] ? __pm_runtime_resume+0x162/0x180 [ 27.432585][ T1720] kasan_report+0xe/0x12 [ 27.436796][ T1720] __pm_runtime_resume+0x162/0x180 [ 27.441883][ T1720] usb_autopm_get_interface+0x1b/0x50 [ 27.447225][ T1720] usbhid_power+0x7c/0xe0 [ 27.451523][ T1720] hidraw_open+0x20d/0x740 [ 27.455909][ T1720] ? usbhid_output_report+0x290/0x290 [ 27.461247][ T1720] ? hidraw_ioctl+0xae0/0xae0 [ 27.465894][ T1720] chrdev_open+0x219/0x5c0 [ 27.470303][ T1720] ? rwlock_bug.part.0+0x90/0x90 [ 27.475209][ T1720] ? cdev_put.part.0+0x50/0x50 [ 27.479945][ T1720] do_dentry_open+0x494/0x1120 [ 27.484682][ T1720] ? cdev_put.part.0+0x50/0x50 [ 27.489502][ T1720] ? chmod_common+0x3c0/0x3c0 [ 27.494159][ T1720] ? inode_permission+0xbe/0x3a0 [ 27.499065][ T1720] path_openat+0x1430/0x3f50 [ 27.503623][ T1720] ? save_stack+0x1b/0x80 [ 27.507919][ T1720] ? do_sys_open+0x294/0x580 [ 27.512517][ T1720] ? do_syscall_64+0xb7/0x580 [ 27.517163][ T1720] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 27.522510][ T1720] ? __lock_acquire+0x145e/0x3b50 [ 27.527521][ T1720] do_filp_open+0x1a1/0x280 [ 27.532001][ T1720] ? may_open_dev+0xf0/0xf0 [ 27.536472][ T1720] ? __alloc_fd+0x46d/0x600 [ 27.540950][ T1720] ? do_raw_spin_lock+0x11a/0x280 [ 27.545940][ T1720] ? do_raw_spin_unlock+0x50/0x220 [ 27.551107][ T1720] ? _raw_spin_unlock+0x1f/0x30 [ 27.555926][ T1720] ? __alloc_fd+0x46d/0x600 [ 27.560401][ T1720] do_sys_open+0x3c0/0x580 [ 27.564787][ T1720] ? filp_open+0x70/0x70 [ 27.569013][ T1720] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 27.574706][ T1720] do_syscall_64+0xb7/0x580 [ 27.579184][ T1720] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 27.585047][ T1720] RIP: 0033:0x401b00 [ 27.588912][ T1720] Code: 01 f0 ff ff 0f 83 c0 0b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d cd 5b 2d 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 94 0b 00 00 c3 48 83 ec 08 e8 fa 00 00 00 [ 27.608485][ T1720] RSP: 002b:00007ffecb62f2b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 27.616864][ T1720] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000401b00 [ 27.624836][ T1720] RDX: 0000000000000000 RSI: 0000000000002040 RDI: 00007ffecb62f2c0 [ 27.632778][ T1720] RBP: 6666666666666667 R08: 000000000000000f R09: 8105090001220100 [ 27.640739][ T1720] R10: 0509000000000003 R11: 0000000000000246 R12: 0000000000402b20 [ 27.648680][ T1720] R13: 0000000000402bb0 R14: 0000000000000000 R15: 0000000000000000 [ 27.656643][ T1720] [ 27.658942][ T1720] Allocated by task 21: [ 27.663070][ T1720] save_stack+0x1b/0x80 [ 27.667198][ T1720] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 27.673042][ T1720] usb_set_configuration+0x2c4/0x1670 [ 27.680573][ T1720] generic_probe+0x9d/0xd5 [ 27.684961][ T1720] usb_probe_device+0x99/0x100 [ 27.689693][ T1720] really_probe+0x281/0x6d0 [ 27.694164][ T1720] driver_probe_device+0x101/0x1b0 [ 27.699387][ T1720] __device_attach_driver+0x1c2/0x220 [ 27.704731][ T1720] bus_for_each_drv+0x162/0x1e0 [ 27.709553][ T1720] __device_attach+0x217/0x360 [ 27.714314][ T1720] bus_probe_device+0x1e4/0x290 [ 27.719139][ T1720] device_add+0xae6/0x16f0 [ 27.723525][ T1720] usb_new_device.cold+0x6a4/0xe79 [ 27.728605][ T1720] hub_event+0x1b5c/0x3640 [ 27.733098][ T1720] process_one_work+0x92b/0x1530 [ 27.738003][ T1720] worker_thread+0x96/0xe20 [ 27.742471][ T1720] kthread+0x318/0x420 [ 27.746507][ T1720] ret_from_fork+0x24/0x30 [ 27.750884][ T1720] [ 27.753209][ T1720] Freed by task 21: [ 27.756985][ T1720] save_stack+0x1b/0x80 [ 27.761122][ T1720] __kasan_slab_free+0x130/0x180 [ 27.766026][ T1720] kfree+0xe4/0x2f0 [ 27.769804][ T1720] device_release+0x71/0x200 [ 27.774365][ T1720] kobject_put+0x171/0x280 [ 27.778765][ T1720] put_device+0x1b/0x30 [ 27.782890][ T1720] usb_disable_device+0x2ce/0x690 [ 27.787904][ T1720] usb_disconnect+0x284/0x8d0 [ 27.792550][ T1720] hub_event+0x1454/0x3640 [ 27.796935][ T1720] process_one_work+0x92b/0x1530 [ 27.801842][ T1720] worker_thread+0x96/0xe20 [ 27.806312][ T1720] kthread+0x318/0x420 [ 27.810354][ T1720] ret_from_fork+0x24/0x30 [ 27.814839][ T1720] [ 27.817138][ T1720] The buggy address belongs to the object at ffff8881d9496e80 [ 27.817138][ T1720] which belongs to the cache kmalloc-2k of size 2048 [ 27.831156][ T1720] The buggy address is located 881 bytes inside of [ 27.831156][ T1720] 2048-byte region [ffff8881d9496e80, ffff8881d9497680) [ 27.844476][ T1720] The buggy address belongs to the page: [ 27.850076][ T1720] page:ffffea0007652400 refcount:1 mapcount:0 mapping:ffff8881da00c000 index:0x0 compound_mapcount: 0 [ 27.860992][ T1720] flags: 0x200000000010200(slab|head) [ 27.866340][ T1720] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da00c000 [ 27.874894][ T1720] raw: 0000000000000000 00000000000f000f 00000001ffffffff 0000000000000000 [ 27.883457][ T1720] page dumped because: kasan: bad access detected [ 27.889834][ T1720] [ 27.892130][ T1720] Memory state around the buggy address: [ 27.897730][ T1720] ffff8881d9497080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.905762][ T1720] ffff8881d9497100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.914197][ T1720] >ffff8881d9497180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.922253][ T1720] ^ [ 27.929935][ T1720] ffff8881d9497200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.937965][ T1720] ffff8881d9497280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.946001][ T1720] ================================================================== [ 27.954027][ T1720] Disabling lock debugging due to kernel taint [ 27.960277][ T1720] Kernel panic - not syncing: panic_on_warn set ... [ 27.966849][ T1720] CPU: 0 PID: 1720 Comm: syz-executor850 Tainted: G B 5.3.0-rc5+ #28 [ 27.976269][ T1720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.986296][ T1720] Call Trace: [ 27.989569][ T1720] dump_stack+0xca/0x13e [ 27.993804][ T1720] panic+0x2a3/0x6da [ 27.997676][ T1720] ? add_taint.cold+0x16/0x16 [ 28.002345][ T1720] ? retint_kernel+0x10/0x10 [ 28.006904][ T1720] ? trace_hardirqs_on+0x55/0x1e0 [ 28.011900][ T1720] ? __pm_runtime_resume+0x162/0x180 [ 28.017165][ T1720] end_report+0x43/0x49 [ 28.021290][ T1720] ? __pm_runtime_resume+0x162/0x180 [ 28.026542][ T1720] __kasan_report.cold+0xd/0x33 [ 28.031377][ T1720] ? __pm_runtime_resume+0x162/0x180 [ 28.036639][ T1720] kasan_report+0xe/0x12 [ 28.040847][ T1720] __pm_runtime_resume+0x162/0x180 [ 28.045923][ T1720] usb_autopm_get_interface+0x1b/0x50 [ 28.051262][ T1720] usbhid_power+0x7c/0xe0 [ 28.055558][ T1720] hidraw_open+0x20d/0x740 [ 28.059943][ T1720] ? usbhid_output_report+0x290/0x290 [ 28.065282][ T1720] ? hidraw_ioctl+0xae0/0xae0 [ 28.069927][ T1720] chrdev_open+0x219/0x5c0 [ 28.074404][ T1720] ? rwlock_bug.part.0+0x90/0x90 [ 28.079310][ T1720] ? cdev_put.part.0+0x50/0x50 [ 28.084140][ T1720] do_dentry_open+0x494/0x1120 [ 28.088890][ T1720] ? cdev_put.part.0+0x50/0x50 [ 28.093629][ T1720] ? chmod_common+0x3c0/0x3c0 [ 28.098273][ T1720] ? inode_permission+0xbe/0x3a0 [ 28.103198][ T1720] path_openat+0x1430/0x3f50 [ 28.107762][ T1720] ? save_stack+0x1b/0x80 [ 28.112058][ T1720] ? do_sys_open+0x294/0x580 [ 28.116637][ T1720] ? do_syscall_64+0xb7/0x580 [ 28.121288][ T1720] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 28.126628][ T1720] ? __lock_acquire+0x145e/0x3b50 [ 28.131621][ T1720] do_filp_open+0x1a1/0x280 [ 28.136094][ T1720] ? may_open_dev+0xf0/0xf0 [ 28.140582][ T1720] ? __alloc_fd+0x46d/0x600 [ 28.145156][ T1720] ? do_raw_spin_lock+0x11a/0x280 [ 28.150145][ T1720] ? do_raw_spin_unlock+0x50/0x220 [ 28.155236][ T1720] ? _raw_spin_unlock+0x1f/0x30 [ 28.160066][ T1720] ? __alloc_fd+0x46d/0x600 [ 28.164539][ T1720] do_sys_open+0x3c0/0x580 [ 28.168932][ T1720] ? filp_open+0x70/0x70 [ 28.173144][ T1720] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 28.178833][ T1720] do_syscall_64+0xb7/0x580 [ 28.183309][ T1720] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.189169][ T1720] RIP: 0033:0x401b00 [ 28.193039][ T1720] Code: 01 f0 ff ff 0f 83 c0 0b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d cd 5b 2d 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 94 0b 00 00 c3 48 83 ec 08 e8 fa 00 00 00 [ 28.212611][ T1720] RSP: 002b:00007ffecb62f2b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 28.221182][ T1720] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000401b00 [ 28.229124][ T1720] RDX: 0000000000000000 RSI: 0000000000002040 RDI: 00007ffecb62f2c0 [ 28.237067][ T1720] RBP: 6666666666666667 R08: 000000000000000f R09: 8105090001220100 [ 28.245007][ T1720] R10: 0509000000000003 R11: 0000000000000246 R12: 0000000000402b20 [ 28.252966][ T1720] R13: 0000000000402bb0 R14: 0000000000000000 R15: 0000000000000000 [ 28.261403][ T1720] Kernel Offset: disabled [ 28.265708][ T1720] Rebooting in 86400 seconds..