Warning: Permanently added '10.128.0.132' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 58.195991][ T12] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 58.556004][ T12] usb 1-1: config 0 has an invalid interface number: 225 but max is 0 [ 58.564633][ T12] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 58.574865][ T12] usb 1-1: config 0 has no interface number 0 [ 58.580989][ T12] usb 1-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice= 9.8d [ 58.590041][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.599053][ T12] usb 1-1: config 0 descriptor?? [ 58.639255][ T12] mcba_usb 1-1:0.225 can0: failed tx_urb -2 [ 58.645230][ T12] mcba_usb 1-1:0.225 can0: Failed to send cmd (169) [ 58.651900][ T12] mcba_usb 1-1:0.225 can0: failed tx_urb -2 [ 58.658323][ T12] mcba_usb 1-1:0.225 can0: Failed to send cmd (169) [ 58.665041][ T12] mcba_usb 1-1:0.225: Microchip CAN BUS Analyzer connected executing program [ 58.819100][ T21] usb 1-1: USB disconnect, device number 2 [ 58.826214][ T21] mcba_usb 1-1:0.225 can0: device disconnected [ 58.886457][ T21] ================================================================== [ 58.894633][ T21] BUG: KASAN: use-after-free in __lock_acquire+0x3a5d/0x5340 [ 58.901982][ T21] Read of size 8 at addr ffff8881d44bb0c8 by task kworker/1:1/21 [ 58.909667][ T21] [ 58.911984][ T21] CPU: 1 PID: 21 Comm: kworker/1:1 Not tainted 5.2.0-rc6+ #13 [ 58.919422][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.929467][ T21] Workqueue: usb_hub_wq hub_event [ 58.934468][ T21] Call Trace: [ 58.937740][ T21] dump_stack+0xca/0x13e [ 58.941963][ T21] ? __lock_acquire+0x3a5d/0x5340 [ 58.946964][ T21] ? __lock_acquire+0x3a5d/0x5340 [ 58.951971][ T21] print_address_description+0x67/0x231 [ 58.957558][ T21] ? __lock_acquire+0x3a5d/0x5340 [ 58.962562][ T21] ? __lock_acquire+0x3a5d/0x5340 [ 58.967601][ T21] __kasan_report.cold+0x1a/0x32 [ 58.972521][ T21] ? free_netdev+0x2e0/0x420 [ 58.977086][ T21] ? __lock_acquire+0x3a5d/0x5340 [ 58.982094][ T21] kasan_report+0xe/0x20 [ 58.986306][ T21] __lock_acquire+0x3a5d/0x5340 [ 58.991135][ T21] ? worker_thread+0x96/0xe20 [ 58.995784][ T21] ? kthread+0x30b/0x410 [ 58.999999][ T21] ? ret_from_fork+0x24/0x30 [ 59.004560][ T21] ? find_held_lock+0x2d/0x110 [ 59.009296][ T21] ? debug_check_no_obj_freed+0x20a/0x42e [ 59.014990][ T21] ? mark_held_locks+0xe0/0xe0 [ 59.019731][ T21] ? mark_held_locks+0x9f/0xe0 [ 59.024466][ T21] ? lockdep_hardirqs_on+0x379/0x580 [ 59.029732][ T21] ? quarantine_put+0xb2/0x150 [ 59.034514][ T21] ? lockdep_hardirqs_on+0x379/0x580 [ 59.039831][ T21] lock_acquire+0x100/0x2b0 [ 59.044352][ T21] ? usb_kill_anchored_urbs+0x1e/0x110 [ 59.049794][ T21] ? kobject_put+0x18c/0x280 [ 59.054359][ T21] _raw_spin_lock_irq+0x2d/0x40 [ 59.059181][ T21] ? usb_kill_anchored_urbs+0x1e/0x110 [ 59.064613][ T21] usb_kill_anchored_urbs+0x1e/0x110 [ 59.069911][ T21] mcba_usb_disconnect+0xd6/0xe4 [ 59.074825][ T21] usb_unbind_interface+0x1bd/0x8a0 [ 59.079994][ T21] ? usb_autoresume_device+0x60/0x60 [ 59.085248][ T21] device_release_driver_internal+0x404/0x4c0 [ 59.098612][ T21] bus_remove_device+0x2dc/0x4a0 [ 59.103584][ T21] device_del+0x460/0xb80 [ 59.107889][ T21] ? __device_links_no_driver+0x240/0x240 [ 59.113644][ T21] ? usb_remove_ep_devs+0x3e/0x80 [ 59.118649][ T21] ? remove_intf_ep_devs+0x13f/0x1d0 [ 59.123912][ T21] usb_disable_device+0x211/0x690 [ 59.128911][ T21] usb_disconnect+0x284/0x830 [ 59.133565][ T21] hub_event+0x1409/0x3590 [ 59.137958][ T21] ? hub_port_debounce+0x260/0x260 [ 59.143049][ T21] process_one_work+0x905/0x1570 [ 59.147968][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 59.153318][ T21] ? do_raw_spin_lock+0x11a/0x280 [ 59.158374][ T21] worker_thread+0x96/0xe20 [ 59.162922][ T21] ? process_one_work+0x1570/0x1570 [ 59.168097][ T21] kthread+0x30b/0x410 [ 59.172135][ T21] ? kthread_park+0x1a0/0x1a0 [ 59.176785][ T21] ret_from_fork+0x24/0x30 [ 59.181167][ T21] [ 59.183569][ T21] Allocated by task 12: [ 59.187701][ T21] save_stack+0x1b/0x80 [ 59.191836][ T21] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 59.197451][ T21] kvmalloc_node+0x61/0xf0 [ 59.201882][ T21] alloc_netdev_mqs+0x97/0xce0 [ 59.206627][ T21] alloc_candev_mqs+0x58/0x320 [ 59.211363][ T21] mcba_usb_probe+0xaf/0xbca [ 59.215925][ T21] usb_probe_interface+0x305/0x7a0 [ 59.221004][ T21] really_probe+0x281/0x660 [ 59.225474][ T21] driver_probe_device+0x104/0x210 [ 59.230594][ T21] __device_attach_driver+0x1c2/0x220 [ 59.235950][ T21] bus_for_each_drv+0x15c/0x1e0 [ 59.240784][ T21] __device_attach+0x217/0x360 [ 59.245518][ T21] bus_probe_device+0x1e4/0x290 [ 59.250345][ T21] device_add+0xae6/0x16f0 [ 59.254741][ T21] usb_set_configuration+0xdf6/0x1670 [ 59.260121][ T21] generic_probe+0x9d/0xd5 [ 59.264519][ T21] usb_probe_device+0x99/0x100 [ 59.269252][ T21] really_probe+0x281/0x660 [ 59.273760][ T21] driver_probe_device+0x104/0x210 [ 59.278851][ T21] __device_attach_driver+0x1c2/0x220 [ 59.284234][ T21] bus_for_each_drv+0x15c/0x1e0 [ 59.289060][ T21] __device_attach+0x217/0x360 [ 59.293812][ T21] bus_probe_device+0x1e4/0x290 [ 59.298641][ T21] device_add+0xae6/0x16f0 [ 59.303034][ T21] usb_new_device.cold+0x8c1/0x1016 [ 59.308212][ T21] hub_event+0x1ada/0x3590 [ 59.312611][ T21] process_one_work+0x905/0x1570 [ 59.317619][ T21] worker_thread+0x96/0xe20 [ 59.322138][ T21] kthread+0x30b/0x410 [ 59.326191][ T21] ret_from_fork+0x24/0x30 [ 59.330619][ T21] [ 59.332963][ T21] Freed by task 21: [ 59.336752][ T21] save_stack+0x1b/0x80 [ 59.340926][ T21] __kasan_slab_free+0x130/0x180 [ 59.345844][ T21] kfree+0xd7/0x280 [ 59.349749][ T21] kvfree+0x59/0x60 [ 59.353534][ T21] device_release+0x71/0x200 [ 59.358104][ T21] kobject_put+0x171/0x280 [ 59.362492][ T21] put_device+0x1b/0x30 [ 59.366625][ T21] free_netdev+0x317/0x420 [ 59.371014][ T21] mcba_usb_disconnect+0xca/0xe4 [ 59.375929][ T21] usb_unbind_interface+0x1bd/0x8a0 [ 59.381212][ T21] device_release_driver_internal+0x404/0x4c0 [ 59.387253][ T21] bus_remove_device+0x2dc/0x4a0 [ 59.392172][ T21] device_del+0x460/0xb80 [ 59.396481][ T21] usb_disable_device+0x211/0x690 [ 59.401517][ T21] usb_disconnect+0x284/0x830 [ 59.406213][ T21] hub_event+0x1409/0x3590 [ 59.410610][ T21] process_one_work+0x905/0x1570 [ 59.415522][ T21] worker_thread+0x96/0xe20 [ 59.420093][ T21] kthread+0x30b/0x410 [ 59.424140][ T21] ret_from_fork+0x24/0x30 [ 59.428582][ T21] [ 59.430893][ T21] The buggy address belongs to the object at ffff8881d44ba200 [ 59.430893][ T21] which belongs to the cache kmalloc-4k of size 4096 [ 59.444933][ T21] The buggy address is located 3784 bytes inside of [ 59.444933][ T21] 4096-byte region [ffff8881d44ba200, ffff8881d44bb200) [ 59.458365][ T21] The buggy address belongs to the page: [ 59.463979][ T21] page:ffffea0007512e00 refcount:1 mapcount:0 mapping:ffff8881dac02600 index:0x0 compound_mapcount: 0 [ 59.474885][ T21] flags: 0x200000000010200(slab|head) [ 59.480241][ T21] raw: 0200000000010200 dead000000000100 dead000000000200 ffff8881dac02600 [ 59.488862][ T21] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000 [ 59.497526][ T21] page dumped because: kasan: bad access detected [ 59.503907][ T21] [ 59.506209][ T21] Memory state around the buggy address: [ 59.511817][ T21] ffff8881d44baf80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.519893][ T21] ffff8881d44bb000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.527928][ T21] >ffff8881d44bb080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.535965][ T21] ^ [ 59.542371][ T21] ffff8881d44bb100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.550436][ T21] ffff8881d44bb180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.558480][ T21] ================================================================== [ 59.566574][ T21] Disabling lock debugging due to kernel taint [ 59.572705][ T21] Kernel panic - not syncing: panic_on_warn set ... [ 59.579270][ T21] CPU: 1 PID: 21 Comm: kworker/1:1 Tainted: G B 5.2.0-rc6+ #13 [ 59.588084][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.598122][ T21] Workqueue: usb_hub_wq hub_event [ 59.603141][ T21] Call Trace: [ 59.606413][ T21] dump_stack+0xca/0x13e [ 59.610635][ T21] panic+0x292/0x6c9 [ 59.614505][ T21] ? __warn_printk+0xf3/0xf3 [ 59.619115][ T21] ? lock_downgrade+0x630/0x630 [ 59.623951][ T21] ? print_shadow_for_address+0xb8/0x114 [ 59.629613][ T21] ? trace_hardirqs_off+0x50/0x1c0 [ 59.634720][ T21] ? __lock_acquire+0x3a5d/0x5340 [ 59.639719][ T21] end_report+0x43/0x49 [ 59.643853][ T21] ? __lock_acquire+0x3a5d/0x5340 [ 59.648859][ T21] __kasan_report.cold+0xd/0x32 [ 59.653699][ T21] ? free_netdev+0x2e0/0x420 [ 59.658273][ T21] ? __lock_acquire+0x3a5d/0x5340 [ 59.663277][ T21] kasan_report+0xe/0x20 [ 59.667497][ T21] __lock_acquire+0x3a5d/0x5340 [ 59.672332][ T21] ? worker_thread+0x96/0xe20 [ 59.676985][ T21] ? kthread+0x30b/0x410 [ 59.681215][ T21] ? ret_from_fork+0x24/0x30 [ 59.685793][ T21] ? find_held_lock+0x2d/0x110 [ 59.690532][ T21] ? debug_check_no_obj_freed+0x20a/0x42e [ 59.696227][ T21] ? mark_held_locks+0xe0/0xe0 [ 59.700968][ T21] ? mark_held_locks+0x9f/0xe0 [ 59.705708][ T21] ? lockdep_hardirqs_on+0x379/0x580 [ 59.711018][ T21] ? quarantine_put+0xb2/0x150 [ 59.715823][ T21] ? lockdep_hardirqs_on+0x379/0x580 [ 59.721135][ T21] lock_acquire+0x100/0x2b0 [ 59.725621][ T21] ? usb_kill_anchored_urbs+0x1e/0x110 [ 59.731060][ T21] ? kobject_put+0x18c/0x280 [ 59.735627][ T21] _raw_spin_lock_irq+0x2d/0x40 [ 59.740453][ T21] ? usb_kill_anchored_urbs+0x1e/0x110 [ 59.745902][ T21] usb_kill_anchored_urbs+0x1e/0x110 [ 59.751184][ T21] mcba_usb_disconnect+0xd6/0xe4 [ 59.756199][ T21] usb_unbind_interface+0x1bd/0x8a0 [ 59.761373][ T21] ? usb_autoresume_device+0x60/0x60 [ 59.766640][ T21] device_release_driver_internal+0x404/0x4c0 [ 59.772685][ T21] bus_remove_device+0x2dc/0x4a0 [ 59.777601][ T21] device_del+0x460/0xb80 [ 59.781941][ T21] ? __device_links_no_driver+0x240/0x240 [ 59.787645][ T21] ? usb_remove_ep_devs+0x3e/0x80 [ 59.792659][ T21] ? remove_intf_ep_devs+0x13f/0x1d0 [ 59.797921][ T21] usb_disable_device+0x211/0x690 [ 59.802921][ T21] usb_disconnect+0x284/0x830 [ 59.807614][ T21] hub_event+0x1409/0x3590 [ 59.812017][ T21] ? hub_port_debounce+0x260/0x260 [ 59.817116][ T21] process_one_work+0x905/0x1570 [ 59.822032][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 59.827470][ T21] ? do_raw_spin_lock+0x11a/0x280 [ 59.832473][ T21] worker_thread+0x96/0xe20 [ 59.836952][ T21] ? process_one_work+0x1570/0x1570 [ 59.842132][ T21] kthread+0x30b/0x410 [ 59.846174][ T21] ? kthread_park+0x1a0/0x1a0 [ 59.850831][ T21] ret_from_fork+0x24/0x30 [ 59.855516][ T21] Kernel Offset: disabled [ 59.859828][ T21] Rebooting in 86400 seconds..