Warning: Permanently added '10.128.0.47' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   32.275616][   T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   32.515604][   T12] usb 1-1: Using ep0 maxpacket: 8
[   32.635698][   T12] usb 1-1: config 0 has an invalid interface number: 22 but max is 0
[   32.643976][   T12] usb 1-1: config 0 has no interface number 0
[   32.650113][   T12] usb 1-1: config 0 interface 22 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   32.660984][   T12] usb 1-1: config 0 interface 22 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   32.672125][   T12] usb 1-1: New USB device found, idVendor=0a07, idProduct=0082, bcdDevice=b9.42
[   32.681159][   T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   32.690453][   T12] usb 1-1: config 0 descriptor??
[   32.750048][   T12] adutux 1-1:0.22: ADU130  now attached to /dev/usb/adutux0
executing program
[   32.947018][   T12] usb 1-1: USB disconnect, device number 2
[   33.365600][   T12] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   33.605566][   T12] usb 1-1: Using ep0 maxpacket: 8
[   33.725650][   T12] usb 1-1: config 0 has an invalid interface number: 22 but max is 0
[   33.733727][   T12] usb 1-1: config 0 has no interface number 0
[   33.740003][   T12] usb 1-1: config 0 interface 22 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   33.750865][   T12] usb 1-1: config 0 interface 22 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   33.761841][   T12] usb 1-1: New USB device found, idVendor=0a07, idProduct=0082, bcdDevice=b9.42
[   33.770881][   T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   33.780266][   T12] usb 1-1: config 0 descriptor??
[   33.818270][   T12] adutux 1-1:0.22: ADU130  now attached to /dev/usb/adutux0
executing program
[   34.016860][   T22] usb 1-1: USB disconnect, device number 3
[   34.435608][   T22] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   34.675585][   T22] usb 1-1: Using ep0 maxpacket: 8
[   34.796018][   T22] usb 1-1: config 0 has an invalid interface number: 22 but max is 0
[   34.804212][   T22] usb 1-1: config 0 has no interface number 0
[   34.810359][   T22] usb 1-1: config 0 interface 22 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   34.821226][   T22] usb 1-1: config 0 interface 22 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   34.832203][   T22] usb 1-1: New USB device found, idVendor=0a07, idProduct=0082, bcdDevice=b9.42
[   34.841234][   T22] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   34.849951][   T22] usb 1-1: config 0 descriptor??
[   34.888839][   T22] adutux 1-1:0.22: ADU130  now attached to /dev/usb/adutux0
executing program
[   35.086571][   T12] usb 1-1: USB disconnect, device number 4
[   35.106374][   T12] ==================================================================
[   35.114545][   T12] BUG: KASAN: use-after-free in __mutex_unlock_slowpath+0x96/0x670
[   35.122406][   T12] Read of size 8 at addr ffff8881d1d0aa00 by task kworker/0:1/12
[   35.130087][   T12] 
[   35.132403][   T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.3.0-rc2+ #25
[   35.139830][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.149875][   T12] Workqueue: usb_hub_wq hub_event
[   35.154868][   T12] Call Trace:
[   35.158133][   T12]  dump_stack+0xca/0x13e
[   35.162347][   T12]  ? __mutex_unlock_slowpath+0x96/0x670
[   35.167862][   T12]  ? __mutex_unlock_slowpath+0x96/0x670
[   35.173378][   T12]  print_address_description+0x6a/0x32c
[   35.178902][   T12]  ? __mutex_unlock_slowpath+0x96/0x670
[   35.184428][   T12]  ? __mutex_unlock_slowpath+0x96/0x670
[   35.189943][   T12]  __kasan_report.cold+0x1a/0x33
[   35.194851][   T12]  ? __mutex_unlock_slowpath+0x96/0x670
[   35.200367][   T12]  kasan_report+0xe/0x12
[   35.204584][   T12]  check_memory_region+0x128/0x190
[   35.210290][   T12]  __mutex_unlock_slowpath+0x96/0x670
[   35.215651][   T12]  ? wait_for_completion+0x3c0/0x3c0
[   35.220924][   T12]  ? wait_for_completion+0x3c0/0x3c0
[   35.226186][   T12]  adu_disconnect+0x83/0x150
[   35.230748][   T12]  usb_unbind_interface+0x1bd/0x8a0
[   35.235924][   T12]  ? usb_autoresume_device+0x60/0x60
[   35.241182][   T12]  device_release_driver_internal+0x404/0x4c0
[   35.247221][   T12]  bus_remove_device+0x2dc/0x4a0
[   35.252132][   T12]  device_del+0x420/0xb10
[   35.256436][   T12]  ? __device_links_no_driver+0x240/0x240
[   35.262129][   T12]  ? usb_remove_ep_devs+0x3e/0x80
[   35.267126][   T12]  ? remove_intf_ep_devs+0x13f/0x1d0
[   35.272384][   T12]  usb_disable_device+0x211/0x690
[   35.277383][   T12]  usb_disconnect+0x284/0x8d0
[   35.282030][   T12]  hub_event+0x1454/0x3640
[   35.287540][   T12]  ? find_held_lock+0x2d/0x110
[   35.292281][   T12]  ? mark_held_locks+0xe0/0xe0
[   35.297024][   T12]  ? hub_port_debounce+0x260/0x260
[   35.302110][   T12]  process_one_work+0x92b/0x1530
[   35.307034][   T12]  ? pwq_dec_nr_in_flight+0x310/0x310
[   35.312385][   T12]  ? do_raw_spin_lock+0x11a/0x280
[   35.317389][   T12]  worker_thread+0x96/0xe20
[   35.321871][   T12]  ? process_one_work+0x1530/0x1530
[   35.327044][   T12]  kthread+0x318/0x420
[   35.331086][   T12]  ? kthread_create_on_node+0xf0/0xf0
[   35.336431][   T12]  ret_from_fork+0x24/0x30
[   35.340917][   T12] 
[   35.343238][   T12] Allocated by task 22:
[   35.347382][   T12]  save_stack+0x1b/0x80
[   35.351517][   T12]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   35.357126][   T12]  adu_probe+0x7d/0x6e0
[   35.361255][   T12]  usb_probe_interface+0x305/0x7a0
[   35.366338][   T12]  really_probe+0x281/0x650
[   35.370816][   T12]  driver_probe_device+0x101/0x1b0
[   35.375898][   T12]  __device_attach_driver+0x1c2/0x220
[   35.381240][   T12]  bus_for_each_drv+0x15c/0x1e0
[   35.386067][   T12]  __device_attach+0x217/0x360
[   35.390804][   T12]  bus_probe_device+0x1e4/0x290
[   35.395627][   T12]  device_add+0xae6/0x16f0
[   35.400014][   T12]  usb_set_configuration+0xdf6/0x1670
[   35.405353][   T12]  generic_probe+0x9d/0xd5
[   35.409746][   T12]  usb_probe_device+0x99/0x100
[   35.414479][   T12]  really_probe+0x281/0x650
[   35.418954][   T12]  driver_probe_device+0x101/0x1b0
[   35.424033][   T12]  __device_attach_driver+0x1c2/0x220
[   35.429397][   T12]  bus_for_each_drv+0x15c/0x1e0
[   35.434225][   T12]  __device_attach+0x217/0x360
[   35.438985][   T12]  bus_probe_device+0x1e4/0x290
[   35.443815][   T12]  device_add+0xae6/0x16f0
[   35.448206][   T12]  usb_new_device.cold+0x6a4/0xe79
[   35.453291][   T12]  hub_event+0x1b5c/0x3640
[   35.457680][   T12]  process_one_work+0x92b/0x1530
[   35.462589][   T12]  worker_thread+0x96/0xe20
[   35.467066][   T12]  kthread+0x318/0x420
[   35.471111][   T12]  ret_from_fork+0x24/0x30
[   35.475543][   T12] 
[   35.477857][   T12] Freed by task 1733:
[   35.481826][   T12]  save_stack+0x1b/0x80
[   35.485961][   T12]  __kasan_slab_free+0x130/0x180
[   35.490868][   T12]  kfree+0xe4/0x2f0
[   35.494652][   T12]  adu_release+0x3cc/0x590
[   35.499041][   T12]  __fput+0x2d7/0x840
[   35.502999][   T12]  task_work_run+0x13f/0x1c0
[   35.507571][   T12]  exit_to_usermode_loop+0x1d2/0x200
[   35.512835][   T12]  do_syscall_64+0x45f/0x580
[   35.517405][   T12]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.523267][   T12] 
[   35.525575][   T12] The buggy address belongs to the object at ffff8881d1d0aa00
[   35.525575][   T12]  which belongs to the cache kmalloc-512 of size 512
[   35.540096][   T12] The buggy address is located 0 bytes inside of
[   35.540096][   T12]  512-byte region [ffff8881d1d0aa00, ffff8881d1d0ac00)
[   35.553261][   T12] The buggy address belongs to the page:
[   35.558870][   T12] page:ffffea0007474280 refcount:1 mapcount:0 mapping:ffff8881da002500 index:0x0 compound_mapcount: 0
[   35.569779][   T12] flags: 0x200000000010200(slab|head)
[   35.575319][   T12] raw: 0200000000010200 ffffea000748c280 0000000500000005 ffff8881da002500
[   35.583897][   T12] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[   35.592463][   T12] page dumped because: kasan: bad access detected
[   35.598849][   T12] 
[   35.601150][   T12] Memory state around the buggy address:
[   35.606761][   T12]  ffff8881d1d0a900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.614799][   T12]  ffff8881d1d0a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.622841][   T12] >ffff8881d1d0aa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.630869][   T12]                    ^
[   35.634910][   T12]  ffff8881d1d0aa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.643095][   T12]  ffff8881d1d0ab00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.651127][   T12] ==================================================================
[   35.659320][   T12] Disabling lock debugging due to kernel taint
[   35.665575][   T12] Kernel panic - not syncing: panic_on_warn set ...
[   35.672162][   T12] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G    B             5.3.0-rc2+ #25
[   35.681036][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.691079][   T12] Workqueue: usb_hub_wq hub_event
[   35.696072][   T12] Call Trace:
[   35.699337][   T12]  dump_stack+0xca/0x13e
[   35.703551][   T12]  panic+0x2a3/0x6da
[   35.707424][   T12]  ? add_taint.cold+0x16/0x16
[   35.712178][   T12]  ? retint_kernel+0x10/0x10
[   35.716741][   T12]  ? trace_hardirqs_on+0x55/0x1e0
[   35.721736][   T12]  ? __mutex_unlock_slowpath+0x96/0x670
[   35.727251][   T12]  end_report+0x43/0x49
[   35.731379][   T12]  ? __mutex_unlock_slowpath+0x96/0x670
[   35.736893][   T12]  __kasan_report.cold+0xd/0x33
[   35.741782][   T12]  ? __mutex_unlock_slowpath+0x96/0x670
[   35.747313][   T12]  kasan_report+0xe/0x12
[   35.751546][   T12]  check_memory_region+0x128/0x190
[   35.756639][   T12]  __mutex_unlock_slowpath+0x96/0x670
[   35.761995][   T12]  ? wait_for_completion+0x3c0/0x3c0
[   35.767256][   T12]  ? wait_for_completion+0x3c0/0x3c0
[   35.772520][   T12]  adu_disconnect+0x83/0x150
[   35.777084][   T12]  usb_unbind_interface+0x1bd/0x8a0
[   35.782257][   T12]  ? usb_autoresume_device+0x60/0x60
[   35.787518][   T12]  device_release_driver_internal+0x404/0x4c0
[   35.793559][   T12]  bus_remove_device+0x2dc/0x4a0
[   35.798991][   T12]  device_del+0x420/0xb10
[   35.803291][   T12]  ? __device_links_no_driver+0x240/0x240
[   35.809075][   T12]  ? usb_remove_ep_devs+0x3e/0x80
[   35.814088][   T12]  ? remove_intf_ep_devs+0x13f/0x1d0
[   35.819357][   T12]  usb_disable_device+0x211/0x690
[   35.824365][   T12]  usb_disconnect+0x284/0x8d0
[   35.829017][   T12]  hub_event+0x1454/0x3640
[   35.833412][   T12]  ? find_held_lock+0x2d/0x110
[   35.838153][   T12]  ? mark_held_locks+0xe0/0xe0
[   35.842892][   T12]  ? hub_port_debounce+0x260/0x260
[   35.847984][   T12]  process_one_work+0x92b/0x1530
[   35.852891][   T12]  ? pwq_dec_nr_in_flight+0x310/0x310
[   35.858233][   T12]  ? do_raw_spin_lock+0x11a/0x280
[   35.863229][   T12]  worker_thread+0x96/0xe20
[   35.867704][   T12]  ? process_one_work+0x1530/0x1530
[   35.872883][   T12]  kthread+0x318/0x420
[   35.876932][   T12]  ? kthread_create_on_node+0xf0/0xf0
[   35.882282][   T12]  ret_from_fork+0x24/0x30
[   35.887213][   T12] Kernel Offset: disabled
[   35.891601][   T12] Rebooting in 86400 seconds..