Warning: Permanently added '10.128.0.109' (ECDSA) to the list of known hosts.
2019/08/19 23:48:19 parsed 1 programs
2019/08/19 23:48:20 executed programs: 0
syzkaller login: [   27.199052][ T1733] cgroup1: Unknown subsys name 'perf_event'
[   27.205360][ T1733] cgroup1: Unknown subsys name 'net_cls'
[   28.083502][   T21] usb 1-1: new low-speed USB device number 2 using dummy_hcd
[   28.443126][   T21] usb 1-1: config 0 has an invalid interface number: 236 but max is 2
[   28.451363][   T21] usb 1-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[   28.461544][   T21] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 3
[   28.470411][   T21] usb 1-1: config 0 has no interface number 0
[   28.476522][   T21] usb 1-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[   28.486614][   T21] usb 1-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0
[   28.495658][   T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   28.504752][   T21] usb 1-1: config 0 descriptor??
[   28.548040][   T21] iowarrior 1-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior0
[   28.865373][  T101] usb 1-1: USB disconnect, device number 2
[   28.884372][  T101] iowarrior 1-1:0.236: I/O-Warror #0 now disconnected
[   29.653153][  T101] usb 1-1: new low-speed USB device number 3 using dummy_hcd
[   30.013110][  T101] usb 1-1: config 0 has an invalid interface number: 236 but max is 2
[   30.021275][  T101] usb 1-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[   30.031449][  T101] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 3
[   30.040310][  T101] usb 1-1: config 0 has no interface number 0
[   30.046418][  T101] usb 1-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[   30.056513][  T101] usb 1-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0
[   30.065542][  T101] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   30.074283][  T101] usb 1-1: config 0 descriptor??
[   30.115310][  T101] iowarrior 1-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior0
[   30.359797][   T21] usb 1-1: USB disconnect, device number 3
[   30.373939][   T21] ==================================================================
[   30.382101][   T21] BUG: KASAN: use-after-free in __mutex_lock+0xf23/0x1360
[   30.389181][   T21] Read of size 8 at addr ffff8881cf81d458 by task kworker/1:1/21
[   30.396861][   T21] 
[   30.399168][   T21] CPU: 1 PID: 21 Comm: kworker/1:1 Not tainted 5.3.0-rc5+ #27
[   30.406595][   T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.416628][   T21] Workqueue: usb_hub_wq hub_event
[   30.421624][   T21] Call Trace:
[   30.424889][   T21]  dump_stack+0xca/0x13e
[   30.429103][   T21]  ? __mutex_lock+0xf23/0x1360
[   30.433837][   T21]  ? __mutex_lock+0xf23/0x1360
[   30.438576][   T21]  print_address_description+0x6a/0x32c
[   30.444095][   T21]  ? __mutex_lock+0xf23/0x1360
[   30.448835][   T21]  ? __mutex_lock+0xf23/0x1360
[   30.453574][   T21]  __kasan_report.cold+0x1a/0x33
[   30.458489][   T21]  ? __mutex_lock+0xf23/0x1360
[   30.463228][   T21]  kasan_report+0xe/0x12
[   30.467480][   T21]  __mutex_lock+0xf23/0x1360
[   30.472043][   T21]  ? lock_downgrade+0x6e0/0x6e0
[   30.476866][   T21]  ? iowarrior_disconnect+0xf0/0x2c0
[   30.482126][   T21]  ? mutex_trylock+0x2c0/0x2c0
[   30.486876][   T21]  ? __mutex_unlock_slowpath+0xea/0x670
[   30.492393][   T21]  ? lockdep_hardirqs_on+0x379/0x580
[   30.497658][   T21]  ? wait_for_completion+0x3c0/0x3c0
[   30.502920][   T21]  ? __kasan_slab_free+0x145/0x180
[   30.508006][   T21]  ? iowarrior_disconnect+0xf0/0x2c0
[   30.513261][   T21]  iowarrior_disconnect+0xf0/0x2c0
[   30.518354][   T21]  usb_unbind_interface+0x1bd/0x8a0
[   30.523525][   T21]  ? usb_autoresume_device+0x60/0x60
[   30.528785][   T21]  device_release_driver_internal+0x42f/0x500
[   30.534827][   T21]  bus_remove_device+0x2dc/0x4a0
[   30.539738][   T21]  device_del+0x420/0xb10
[   30.544041][   T21]  ? __device_links_no_driver+0x240/0x240
[   30.549730][   T21]  ? usb_remove_ep_devs+0x3e/0x80
[   30.554727][   T21]  ? remove_intf_ep_devs+0x13f/0x1d0
[   30.559985][   T21]  usb_disable_device+0x211/0x690
[   30.564983][   T21]  usb_disconnect+0x284/0x8d0
[   30.569634][   T21]  hub_event+0x1454/0x3640
[   30.574022][   T21]  ? find_held_lock+0x2d/0x110
[   30.578757][   T21]  ? mark_held_locks+0xe0/0xe0
[   30.583508][   T21]  ? hub_port_debounce+0x260/0x260
[   30.588602][   T21]  process_one_work+0x92b/0x1530
[   30.593513][   T21]  ? pwq_dec_nr_in_flight+0x310/0x310
[   30.598858][   T21]  ? do_raw_spin_lock+0x11a/0x280
[   30.603855][   T21]  worker_thread+0x96/0xe20
[   30.608334][   T21]  ? process_one_work+0x1530/0x1530
[   30.613504][   T21]  kthread+0x318/0x420
[   30.617547][   T21]  ? kthread_create_on_node+0xf0/0xf0
[   30.622893][   T21]  ret_from_fork+0x24/0x30
[   30.627279][   T21] 
[   30.629583][   T21] Allocated by task 101:
[   30.633797][   T21]  save_stack+0x1b/0x80
[   30.637932][   T21]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   30.643538][   T21]  iowarrior_probe+0x7a/0x10b2
[   30.648271][   T21]  usb_probe_interface+0x305/0x7a0
[   30.653357][   T21]  really_probe+0x281/0x6d0
[   30.657832][   T21]  driver_probe_device+0x101/0x1b0
[   30.662915][   T21]  __device_attach_driver+0x1c2/0x220
[   30.668260][   T21]  bus_for_each_drv+0x162/0x1e0
[   30.673090][   T21]  __device_attach+0x217/0x360
[   30.677823][   T21]  bus_probe_device+0x1e4/0x290
[   30.682659][   T21]  device_add+0xae6/0x16f0
[   30.687052][   T21]  usb_set_configuration+0xdf6/0x1670
[   30.692397][   T21]  generic_probe+0x9d/0xd5
[   30.696787][   T21]  usb_probe_device+0x99/0x100
[   30.701522][   T21]  really_probe+0x281/0x6d0
[   30.705995][   T21]  driver_probe_device+0x101/0x1b0
[   30.711079][   T21]  __device_attach_driver+0x1c2/0x220
[   30.716422][   T21]  bus_for_each_drv+0x162/0x1e0
[   30.721245][   T21]  __device_attach+0x217/0x360
[   30.725981][   T21]  bus_probe_device+0x1e4/0x290
[   30.730816][   T21]  device_add+0xae6/0x16f0
[   30.735208][   T21]  usb_new_device.cold+0x6a4/0xe79
[   30.740291][   T21]  hub_event+0x1b5c/0x3640
[   30.744682][   T21]  process_one_work+0x92b/0x1530
[   30.749593][   T21]  worker_thread+0x96/0xe20
[   30.754066][   T21]  kthread+0x318/0x420
[   30.758107][   T21]  ret_from_fork+0x24/0x30
[   30.762492][   T21] 
[   30.764795][   T21] Freed by task 1897:
[   30.768749][   T21]  save_stack+0x1b/0x80
[   30.772890][   T21]  __kasan_slab_free+0x130/0x180
[   30.777810][   T21]  kfree+0xe4/0x2f0
[   30.781592][   T21]  iowarrior_release+0x187/0x280
[   30.786501][   T21]  __fput+0x2d7/0x840
[   30.790453][   T21]  task_work_run+0x13f/0x1c0
[   30.795016][   T21]  exit_to_usermode_loop+0x1d2/0x200
[   30.800270][   T21]  do_syscall_64+0x45f/0x580
[   30.804832][   T21]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   30.810695]