Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 25.631074][ T83] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 25.871034][ T83] usb 1-1: Using ep0 maxpacket: 8 [ 25.991149][ T83] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.002234][ T83] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 26.015178][ T83] usb 1-1: New USB device found, idVendor=054c, idProduct=1000, bcdDevice= 0.00 [ 26.024257][ T83] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.033615][ T83] usb 1-1: config 0 descriptor?? [ 26.513042][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.519976][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x2 [ 26.526849][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.533694][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.540469][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.547292][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.554213][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.561042][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.567821][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.574640][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.581450][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.588207][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.595065][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.601887][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.608651][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.615497][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.622337][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.629100][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.635923][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.642736][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.649502][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.656347][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.663164][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.669923][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.676739][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.683546][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.690303][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.697130][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.703938][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 executing program [ 26.710696][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.717573][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.724391][ T83] sony 0003:054C:1000.0001: unknown main item tag 0x0 [ 26.732861][ T83] sony 0003:054C:1000.0001: hidraw0: USB HID v0.00 Device [HID 054c:1000] on usb-dummy_hcd.0-1/input0 [ 26.743871][ T83] sony 0003:054C:1000.0001: failed to claim input [ 26.752114][ T83] usb 1-1: USB disconnect, device number 2 [ 27.111065][ T83] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 27.351066][ T83] usb 1-1: Using ep0 maxpacket: 8 [ 27.471176][ T83] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.482188][ T83] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 27.495038][ T83] usb 1-1: New USB device found, idVendor=054c, idProduct=1000, bcdDevice= 0.00 [ 27.504269][ T83] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.513340][ T83] usb 1-1: config 0 descriptor?? [ 27.992453][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 27.999303][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x2 [ 28.006180][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.012994][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.019771][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.026614][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.033485][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.040252][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.047091][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.053938][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.060700][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.067537][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.074382][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.081222][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.088013][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.094851][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.101668][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.108454][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.115330][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.122162][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.128928][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.135770][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.142583][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.149349][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.156188][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.163034][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.169796][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.176706][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.183538][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.190310][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.191447][ T1725] ================================================================== [ 28.197154][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.205836][ T1725] BUG: KASAN: use-after-free in usbhid_power+0xca/0xe0 [ 28.205847][ T1725] Read of size 8 at addr ffff8881d299c008 by task syz-executor953/1725 [ 28.205851][ T1725] [ 28.205865][ T1725] CPU: 0 PID: 1725 Comm: syz-executor953 Not tainted 5.3.0-rc4+ #26 [ 28.205871][ T1725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.205883][ T1725] Call Trace: [ 28.212738][ T83] sony 0003:054C:1000.0002: unknown main item tag 0x0 [ 28.219529][ T1725] dump_stack+0xca/0x13e [ 28.262354][ T1725] ? usbhid_power+0xca/0xe0 [ 28.266860][ T1725] ? usbhid_power+0xca/0xe0 [ 28.271366][ T1725] print_address_description+0x6a/0x32c [ 28.276914][ T1725] ? usbhid_power+0xca/0xe0 [ 28.281414][ T1725] ? usbhid_power+0xca/0xe0 [ 28.285917][ T1725] __kasan_report.cold+0x1a/0x33 [ 28.290865][ T1725] ? usbhid_power+0xca/0xe0 [ 28.295370][ T1725] kasan_report+0xe/0x12 [ 28.299624][ T1725] usbhid_power+0xca/0xe0 [ 28.303955][ T1725] hidraw_open+0x20d/0x740 [ 28.308379][ T1725] ? usbhid_output_report+0x290/0x290 [ 28.313759][ T1725] ? hidraw_ioctl+0xae0/0xae0 [ 28.318438][ T1725] chrdev_open+0x219/0x5c0 [ 28.322855][ T1725] ? cdev_put.part.0+0x50/0x50 [ 28.327624][ T1725] do_dentry_open+0x494/0x1120 [ 28.332390][ T1725] ? cdev_put.part.0+0x50/0x50 [ 28.337158][ T1725] ? chmod_common+0x3c0/0x3c0 [ 28.341847][ T1725] ? inode_permission+0xbe/0x3a0 [ 28.346792][ T1725] path_openat+0x1430/0x3f50 [ 28.351385][ T1725] ? save_stack+0x1b/0x80 [ 28.355715][ T1725] ? do_sys_open+0x294/0x580 [ 28.360323][ T1725] ? do_syscall_64+0xb7/0x580 [ 28.365006][ T1725] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 28.370379][ T1725] ? __lock_acquire+0x145e/0x3b50 [ 28.375430][ T1725] do_filp_open+0x1a1/0x280 [ 28.379938][ T1725] ? may_open_dev+0xf0/0xf0 [ 28.384442][ T1725] ? __alloc_fd+0x46d/0x600 [ 28.388940][ T1725] ? do_raw_spin_lock+0x11a/0x280 [ 28.393962][ T1725] ? do_raw_spin_unlock+0x50/0x220 [ 28.399097][ T1725] ? _raw_spin_unlock+0x1f/0x30 [ 28.403952][ T1725] ? __alloc_fd+0x46d/0x600 [ 28.408455][ T1725] do_sys_open+0x3c0/0x580 [ 28.412881][ T1725] ? filp_open+0x70/0x70 [ 28.417121][ T1725] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 28.422838][ T1725] do_syscall_64+0xb7/0x580 [ 28.427345][ T1725] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.433239][ T1725] RIP: 0033:0x4019f0 [ 28.437167][ T1725] Code: 01 f0 ff ff 0f 83 c0 0b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d dd 5c 2d 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 94 0b 00 00 c3 48 83 ec 08 e8 fa 00 00 00 [ 28.456781][ T1725] RSP: 002b:00007ffc1ad559f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 28.465201][ T1725] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004019f0 [ 28.473180][ T1725] RDX: 0000000000000000 RSI: 0000000000084000 RDI: 00007ffc1ad55a00 [ 28.481158][ T1725] RBP: 6666666666666667 R08: 000000000000000f R09: 0000000000000000 [ 28.489137][ T1725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402a10 [ 28.497115][ T1725] R13: 0000000000402aa0 R14: 0000000000000000 R15: 0000000000000000 [ 28.505092][ T1725] [ 28.507422][ T1725] Allocated by task 331: [ 28.511670][ T1725] save_stack+0x1b/0x80 [ 28.515826][ T1725] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 28.521460][ T1725] __kmalloc_node_track_caller+0xfc/0x380 [ 28.527188][ T1725] __kmalloc_reserve.isra.0+0x39/0xe0 [ 28.532569][ T1725] __alloc_skb+0xef/0x5a0 [ 28.536903][ T1725] netlink_sendmsg+0x8cd/0xcc0 [ 28.541671][ T1725] sock_sendmsg+0xcf/0x120 [ 28.546090][ T1725] ___sys_sendmsg+0x803/0x920 [ 28.550768][ T1725] __sys_sendmsg+0xec/0x1b0 [ 28.555272][ T1725] do_syscall_64+0xb7/0x580 [ 28.559779][ T1725] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.565661][ T1725] [ 28.567985][ T1725] Freed by task 331: [ 28.571878][ T1725] save_stack+0x1b/0x80 [ 28.576027][ T1725] __kasan_slab_free+0x130/0x180 [ 28.580958][ T1725] kfree+0xe4/0x2f0 [ 28.584762][ T1725] skb_free_head+0x8b/0xa0 [ 28.589170][ T1725] skb_release_data+0x41f/0x7c0 [ 28.594019][ T1725] skb_release_all+0x46/0x60 [ 28.598612][ T1725] consume_skb+0xd9/0x320 [ 28.602947][ T1725] netlink_unicast+0x4d7/0x690 [ 28.607716][ T1725] netlink_sendmsg+0x802/0xcc0 [ 28.612562][ T1725] sock_sendmsg+0xcf/0x120 [ 28.616977][ T1725] ___sys_sendmsg+0x803/0x920 [ 28.621654][ T1725] __sys_sendmsg+0xec/0x1b0 [ 28.626423][ T1725] do_syscall_64+0xb7/0x580 [ 28.631837][ T1725] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.637716][ T1725] [ 28.640077][ T1725] The buggy address belongs to the object at ffff8881d299c000 [ 28.640077][ T1725] which belongs to the cache kmalloc-1k of size 1024 [ 28.654141][ T1725] The buggy address is located 8 bytes inside of [ 28.654141][ T1725] 1024-byte region [ffff8881d299c000, ffff8881d299c400) [ 28.667332][ T1725] The buggy address belongs to the page: [ 28.672980][ T1725] page:ffffea00074a6700 refcount:1 mapcount:0 mapping:ffff8881da002280 index:0x0 compound_mapcount: 0 [ 28.683920][ T1725] flags: 0x200000000010200(slab|head) [ 28.689302][ T1725] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da002280 [ 28.697897][ T1725] raw: 0000000000000000 00000000000e000e 00000001ffffffff 0000000000000000 [ 28.706483][ T1725] page dumped because: kasan: bad access detected [ 28.712890][ T1725] [ 28.715212][ T1725] Memory state around the buggy address: [ 28.720841][ T1725] ffff8881d299bf00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.728929][ T1725] ffff8881d299bf80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 28.737004][ T1725] >ffff8881d299c000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.745064][ T1725] ^ [ 28.749391][ T1725] ffff8881d299c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.757451][ T1725] ffff8881d299c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.765508][ T1725] ================================================================== [ 28.773563][ T1725] Disabling lock debugging due to kernel taint [ 28.779814][ T1725] Kernel panic - not syncing: panic_on_warn set ... [ 28.786410][ T1725] CPU: 0 PID: 1725 Comm: syz-executor953 Tainted: G B 5.3.0-rc4+ #26 [ 28.795922][ T1725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.805978][ T1725] Call Trace: [ 28.809270][ T1725] dump_stack+0xca/0x13e [ 28.813521][ T1725] panic+0x2a3/0x6da [ 28.817408][ T1725] ? add_taint.cold+0x16/0x16 [ 28.822078][ T1725] ? retint_kernel+0x10/0x10 [ 28.826664][ T1725] ? trace_hardirqs_on+0x55/0x1e0 [ 28.831680][ T1725] ? usbhid_power+0xca/0xe0 [ 28.836179][ T1725] end_report+0x43/0x49 [ 28.840330][ T1725] ? usbhid_power+0xca/0xe0 [ 28.844826][ T1725] __kasan_report.cold+0xd/0x33 [ 28.849674][ T1725] ? usbhid_power+0xca/0xe0 [ 28.854172][ T1725] kasan_report+0xe/0x12 [ 28.858413][ T1725] usbhid_power+0xca/0xe0 [ 28.862742][ T1725] hidraw_open+0x20d/0x740 [ 28.867160][ T1725] ? usbhid_output_report+0x290/0x290 [ 28.872529][ T1725] ? hidraw_ioctl+0xae0/0xae0 [ 28.877205][ T1725] chrdev_open+0x219/0x5c0 [ 28.881621][ T1725] ? cdev_put.part.0+0x50/0x50 [ 28.886380][ T1725] do_dentry_open+0x494/0x1120 [ 28.891141][ T1725] ? cdev_put.part.0+0x50/0x50 [ 28.895900][ T1725] ? chmod_common+0x3c0/0x3c0 [ 28.900573][ T1725] ? inode_permission+0xbe/0x3a0 [ 28.905509][ T1725] path_openat+0x1430/0x3f50 [ 28.910084][ T1725] ? save_stack+0x1b/0x80 [ 28.914393][ T1725] ? do_sys_open+0x294/0x580 [ 28.918961][ T1725] ? do_syscall_64+0xb7/0x580 [ 28.923628][ T1725] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 28.929158][ T1725] ? __lock_acquire+0x145e/0x3b50 [ 28.934220][ T1725] do_filp_open+0x1a1/0x280 [ 28.938703][ T1725] ? may_open_dev+0xf0/0xf0 [ 28.943182][ T1725] ? __alloc_fd+0x46d/0x600 [ 28.947693][ T1725] ? do_raw_spin_lock+0x11a/0x280 [ 28.952707][ T1725] ? do_raw_spin_unlock+0x50/0x220 [ 28.957824][ T1725] ? _raw_spin_unlock+0x1f/0x30 [ 28.962668][ T1725] ? __alloc_fd+0x46d/0x600 [ 28.967151][ T1725] do_sys_open+0x3c0/0x580 [ 28.971549][ T1725] ? filp_open+0x70/0x70 [ 28.975773][ T1725] ? trace_hardirqs_off_caller+0x55/0x1e0 [ 28.981495][ T1725] do_syscall_64+0xb7/0x580 [ 28.985981][ T1725] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.991874][ T1725] RIP: 0033:0x4019f0 [ 28.995760][ T1725] Code: 01 f0 ff ff 0f 83 c0 0b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d dd 5c 2d 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 94 0b 00 00 c3 48 83 ec 08 e8 fa 00 00 00 [ 29.015349][ T1725] RSP: 002b:00007ffc1ad559f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 29.023744][ T1725] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004019f0 [ 29.031705][ T1725] RDX: 0000000000000000 RSI: 0000000000084000 RDI: 00007ffc1ad55a00 [ 29.039665][ T1725] RBP: 6666666666666667 R08: 000000000000000f R09: 0000000000000000 [ 29.047647][ T1725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402a10 [ 29.055629][ T1725] R13: 0000000000402aa0 R14: 0000000000000000 R15: 0000000000000000 [ 29.064060][ T1725] Kernel Offset: disabled [ 29.068402][ T1725] Rebooting in 86400 seconds..