Warning: Permanently added '10.128.0.38' (ECDSA) to the list of known hosts. 2021/05/14 16:00:01 parsed 1 programs 2021/05/14 16:00:03 executed programs: 0 [ 52.291065][ T4958] cgroup: Unknown subsys name 'perf_event' [ 52.303381][ T4958] cgroup: Unknown subsys name 'net_cls' [ 52.316646][ T4959] cgroup: Unknown subsys name 'perf_event' [ 52.329976][ T4960] cgroup: Unknown subsys name 'perf_event' [ 52.330804][ T4959] cgroup: Unknown subsys name 'net_cls' [ 52.362282][ T4960] cgroup: Unknown subsys name 'net_cls' [ 52.374813][ T4965] cgroup: Unknown subsys name 'perf_event' [ 52.400299][ T4965] cgroup: Unknown subsys name 'net_cls' [ 52.455393][ T4976] cgroup: Unknown subsys name 'perf_event' [ 52.469754][ T4976] cgroup: Unknown subsys name 'net_cls' [ 52.484261][ T4979] cgroup: Unknown subsys name 'perf_event' [ 52.500733][ T4979] cgroup: Unknown subsys name 'net_cls' [ 65.160444][ T7] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 65.220391][ T32] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 65.400512][ T2607] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 65.580670][ T32] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 44, changing to 9 [ 65.592113][ T32] usb 4-1: New USB device found, idVendor=15c2, idProduct=0037, bcdDevice=d2.65 [ 65.600425][ T7] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 44, changing to 9 [ 65.602185][ T32] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 65.613505][ T7] usb 5-1: New USB device found, idVendor=15c2, idProduct=0037, bcdDevice=d2.65 [ 65.632076][ T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 65.674913][ T7] usb 5-1: config 0 descriptor?? [ 65.688624][ T32] usb 4-1: config 0 descriptor?? [ 65.735224][ T7] input: iMON Panel, Knob and Mouse(15c2:0037) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input5 [ 65.747772][ T2211] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 65.871068][ T2607] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 44, changing to 9 [ 65.882577][ T2607] usb 1-1: New USB device found, idVendor=15c2, idProduct=0037, bcdDevice=d2.65 [ 65.892023][ T2607] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 65.916314][ T2607] usb 1-1: config 0 descriptor?? [ 65.972262][ T7683] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 66.030336][ T7] rc_core: IR keymap rc-imon-pad not found [ 66.037017][ T7] Registered IR keymap rc-empty [ 66.040293][ T2645] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 66.045105][ T7] imon 5-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 66.062013][ T7] imon 5-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 66.200612][ T2211] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 44, changing to 9 [ 66.215510][ T2211] usb 6-1: New USB device found, idVendor=15c2, idProduct=0037, bcdDevice=d2.65 [ 66.226351][ T2211] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.248809][ T7] rc rc0: iMON Remote (15c2:0037) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 66.261745][ T7] input: iMON Remote (15c2:0037) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input6 [ 66.299434][ T32] input: iMON Panel, Knob and Mouse(15c2:0037) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input7 [ 66.301732][ T2211] usb 6-1: config 0 descriptor?? [ 66.332972][ T7] imon 5-1:0.0: iMON device (15c2:0037, intf0) on usb<5:2> initialized [ 66.390225][ C0] imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 66.401968][ T7] usb 5-1: USB disconnect, device number 2 [ 66.410203][ C0] imon 5-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 66.419497][ T7683] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 44, changing to 9 [ 66.420417][ T2645] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 44, changing to 9 [ 66.431535][ T7683] usb 3-1: New USB device found, idVendor=15c2, idProduct=0037, bcdDevice=d2.65 [ 66.443882][ T2645] usb 2-1: New USB device found, idVendor=15c2, idProduct=0037, bcdDevice=d2.65 [ 66.454165][ T7683] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.463751][ T2645] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.552771][ T32] rc_core: IR keymap rc-imon-pad not found [ 66.556504][ T7683] usb 3-1: config 0 descriptor?? [ 66.558664][ T32] Registered IR keymap rc-empty [ 66.558697][ T32] imon 4-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 66.580853][ T32] imon 4-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 66.601066][ T2645] usb 2-1: config 0 descriptor?? [ 66.670879][ T32] rc rc1: iMON Remote (15c2:0037) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc1 [ 66.687104][ T32] input: iMON Remote (15c2:0037) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc1/input8 [ 66.710625][ T2607] input: iMON Panel, Knob and Mouse(15c2:0037) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input9 [ 66.840341][ T2607] rc_core: IR keymap rc-imon-pad not found [ 66.847128][ T2607] Registered IR keymap rc-empty [ 66.852640][ T2607] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 66.865210][ T2607] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 66.931052][ T2607] rc rc2: iMON Remote (15c2:0037) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc2 [ 66.943306][ T2607] input: iMON Remote (15c2:0037) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc2/input10 [ 66.962115][ T2211] input: iMON Panel, Knob and Mouse(15c2:0037) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input11 [ 67.120176][ T2211] rc_core: IR keymap rc-imon-pad not found [ 67.126510][ T2211] Registered IR keymap rc-empty [ 67.133050][ T2211] imon 6-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 67.143693][ T2211] imon 6-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 67.220867][ T2211] rc rc3: iMON Remote (15c2:0037) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc3 [ 67.247277][ T2211] input: iMON Remote (15c2:0037) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc3/input12 [ 67.298848][ T7683] input: iMON Panel, Knob and Mouse(15c2:0037) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input13 [ 67.420360][ T7683] rc_core: IR keymap rc-imon-pad not found [ 67.426832][ T7683] Registered IR keymap rc-empty [ 67.432153][ T7683] imon 3-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 67.443035][ T7683] imon 3-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 67.521088][ T7683] rc rc0: iMON Remote (15c2:0037) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 67.534458][ T7683] input: iMON Remote (15c2:0037) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input14 [ 67.555134][ T7605] imon:display_open: could not find interface for minor 0 [ 67.564097][ T2645] input: iMON Panel, Knob and Mouse(15c2:0037) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input15 [ 67.581073][ T32] imon 4-1:0.0: iMON device (15c2:0037, intf0) on usb<4:2> initialized [ 67.610108][ C1] imon 4-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 67.619086][ T32] usb 4-1: USB disconnect, device number 2 [ 67.630114][ C1] imon 4-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 67.730143][ C0] imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 67.750240][ T2645] rc_core: IR keymap rc-imon-pad not found [ 67.756489][ T2645] Registered IR keymap rc-empty [ 67.760093][ C0] imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 67.762056][ T2645] imon 2-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 67.780250][ T2645] imon 2-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 67.790117][ C0] imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 67.810121][ C0] imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored 2021/05/14 16:00:19 executed programs: 6 [ 67.840194][ C0] imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 67.841447][ T2645] rc rc4: iMON Remote (15c2:0037) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc4 [ 67.860094][ C0] imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 67.880128][ C0] imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 67.907071][ T2645] input: iMON Remote (15c2:0037) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc4/input16 [ 67.910101][ C0] imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 67.938273][ T7743] imon:display_open: could not find interface for minor 0 [ 67.945844][ C0] imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 67.954863][ T7679] imon:display_open: could not find interface for minor 0 [ 67.964094][ T2607] imon 1-1:0.0: iMON device (15c2:0037, intf0) on usb<1:2> initialized [ 67.972945][ C0] imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 67.973029][ C0] imon 6-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.000087][ C0] imon 6-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.008185][ C0] imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.018303][ T2211] imon 6-1:0.0: iMON device (15c2:0037, intf0) on usb<6:2> initialized [ 68.026794][ C0] imon 1-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.026875][ C0] imon 6-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.035971][ C0] imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.044140][ C0] imon 6-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.044221][ C0] imon 1-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.053419][ C0] imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.061755][ C0] imon 1-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.061838][ C0] imon 6-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.071045][ C0] imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.080924][ C0] imon 6-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.080993][ C0] imon 1-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.097076][ C0] imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.100074][ C1] imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.105327][ T7] ================================================================== [ 68.120094][ C1] imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.120792][ T7] BUG: KASAN: use-after-free in imon_disconnect+0x661/0x740 [ 68.140084][ C1] imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.144473][ T7] Read of size 1 at addr ffff8881174e801c by task kworker/0:1/7 [ 68.160077][ C1] imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.160326][ T7] [ 68.160336][ T7] CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.13.0-rc1-syzkaller #0 [ 68.180100][ C1] imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.184555][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.200071][ C1] imon 2-1:0.0: imon usb_rx_callback_intf0: status(-71): ignored [ 68.203235][ T7] Workqueue: usb_hub_wq hub_event [ 68.226646][ T7] Call Trace: [ 68.230096][ T7] dump_stack+0x143/0x1db [ 68.234705][ T7] ? imon_disconnect+0x661/0x740 [ 68.241790][ T7] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 68.250663][ T7] ? imon_disconnect+0x661/0x740 [ 68.255914][ T7] ? imon_disconnect+0x661/0x740 [ 68.260949][ T7] kasan_report.cold+0x7c/0xd8 [ 68.265715][ T7] ? imon_disconnect+0x661/0x740 [ 68.270667][ T7] imon_disconnect+0x661/0x740 [ 68.275634][ T7] usb_unbind_interface+0x1d8/0x8d0 [ 68.280926][ T7] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 68.286650][ T7] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 68.292317][ T7] ? usb_unbind_device+0x1a0/0x1a0 [ 68.297694][ T7] __device_release_driver+0x3bd/0x6f0 [ 68.303161][ T7] device_release_driver+0x26/0x40 [ 68.308931][ T7] bus_remove_device+0x2eb/0x5a0 [ 68.314218][ T7] device_del+0x502/0xd40 [ 68.318693][ T7] ? __device_links_queue_sync_state+0x3f0/0x3f0 [ 68.325135][ T7] ? kobject_put+0x1f3/0x540 [ 68.329732][ T7] usb_disable_device+0x35b/0x7b0 [ 68.335098][ T7] usb_disconnect.cold+0x27d/0x791 [ 68.340337][ T7] hub_event+0x1c9c/0x4330 [ 68.345052][ T7] ? hub_port_debounce+0x3c0/0x3c0 [ 68.350330][ T7] ? lock_downgrade+0x430/0x6e0 [ 68.355968][ T7] ? __do_sys_prctl+0xbb1/0xfd0 [ 68.362144][ T7] ? lock_release+0x6f0/0x6f0 [ 68.366936][ T7] ? lock_downgrade+0x6e0/0x6e0 [ 68.371797][ T7] ? do_raw_spin_lock+0x120/0x2b0 [ 68.377026][ T7] process_one_work+0x98d/0x1580 [ 68.382283][ T7] ? pwq_dec_nr_in_flight+0x320/0x320 [ 68.387752][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 68.392830][ T7] worker_thread+0x64c/0x1120 [ 68.398212][ T7] ? __kthread_parkme+0x118/0x1d0 [ 68.403490][ T7] ? process_one_work+0x1580/0x1580 [ 68.409598][ T7] kthread+0x38c/0x460 [ 68.413809][ T7] ? _raw_spin_unlock_irq+0x1f/0x30 [ 68.419124][ T7] ? __kthread_bind_mask+0xc0/0xc0 [ 68.424386][ T7] ret_from_fork+0x1f/0x30 [ 68.429056][ T7] [ 68.431580][ T7] Allocated by task 7: [ 68.435809][ T7] kasan_save_stack+0x1b/0x40 [ 68.440587][ T7] __kasan_kmalloc+0x7c/0x90 [ 68.445348][ T7] imon_probe+0xf2b/0x2b60 [ 68.450059][ T7] usb_probe_interface+0x315/0x7f0 [ 68.455258][ T7] really_probe+0x291/0xf60 [ 68.459812][ T7] driver_probe_device+0x298/0x410 [ 68.464917][ T7] __device_attach_driver+0x203/0x2c0 [ 68.470582][ T7] bus_for_each_drv+0x15f/0x1e0 [ 68.475782][ T7] __device_attach+0x228/0x4b0 [ 68.480552][ T7] bus_probe_device+0x1e4/0x290 [ 68.485543][ T7] device_add+0xbe0/0x2100 [ 68.489968][ T7] usb_set_configuration+0x113f/0x1910 [ 68.495724][ T7] usb_generic_driver_probe+0xba/0x100 [ 68.501304][ T7] usb_probe_device+0xd9/0x2c0 [ 68.506526][ T7] really_probe+0x291/0xf60 [ 68.511214][ T7] driver_probe_device+0x298/0x410 [ 68.516642][ T7] __device_attach_driver+0x203/0x2c0 [ 68.522726][ T7] bus_for_each_drv+0x15f/0x1e0 [ 68.527940][ T7] __device_attach+0x228/0x4b0 [ 68.532832][ T7] bus_probe_device+0x1e4/0x290 [ 68.537775][ T7] device_add+0xbe0/0x2100 [ 68.542894][ T7] usb_new_device.cold+0x721/0x1058 [ 68.548189][ T7] hub_event+0x2357/0x4330 [ 68.552910][ T7] process_one_work+0x98d/0x1580 [ 68.557899][ T7] worker_thread+0x64c/0x1120 [ 68.562587][ T7] kthread+0x38c/0x460 [ 68.567001][ T7] ret_from_fork+0x1f/0x30 [ 68.571485][ T7] [ 68.573837][ T7] Freed by task 7: [ 68.577564][ T7] kasan_save_stack+0x1b/0x40 [ 68.582259][ T7] kasan_set_track+0x1c/0x30 [ 68.586957][ T7] kasan_set_free_info+0x20/0x30 [ 68.591906][ T7] __kasan_slab_free+0xe0/0x110 [ 68.596765][ T7] slab_free_freelist_hook+0xb4/0x1b0 [ 68.602210][ T7] kfree+0xdb/0x3b0 [ 68.606003][ T7] free_imon_context+0xb8/0x120 [ 68.610837][ T7] imon_disconnect+0x627/0x740 [ 68.616132][ T7] usb_unbind_interface+0x1d8/0x8d0 [ 68.621485][ T7] __device_release_driver+0x3bd/0x6f0 [ 68.627106][ T7] device_release_driver+0x26/0x40 [ 68.632374][ T7] bus_remove_device+0x2eb/0x5a0 [ 68.638064][ T7] device_del+0x502/0xd40 [ 68.642498][ T7] usb_disable_device+0x35b/0x7b0 [ 68.647619][ T7] usb_disconnect.cold+0x27d/0x791 [ 68.653104][ T7] hub_event+0x1c9c/0x4330 [ 68.657729][ T7] process_one_work+0x98d/0x1580 [ 68.663001][ T7] worker_thread+0x64c/0x1120 [ 68.667854][ T7] kthread+0x38c/0x460 [ 68.671980][ T7] ret_from_fork+0x1f/0x30 [ 68.676397][ T7] [ 68.678725][ T7] Last potentially related work creation: [ 68.684951][ T7] kasan_save_stack+0x1b/0x40 [ 68.689670][ T7] kasan_record_aux_stack+0xc5/0xf0 [ 68.694866][ T7] call_rcu+0xb1/0x800 [ 68.699288][ T7] netlink_release+0xd33/0x1c50 [ 68.704490][ T7] __sock_release+0xcd/0x280 [ 68.709191][ T7] sock_close+0x18/0x20 [ 68.713504][ T7] __fput+0x288/0x920 [ 68.717514][ T7] task_work_run+0xdd/0x1a0 [ 68.722035][ T7] exit_to_user_mode_prepare+0x218/0x220 [ 68.727649][ T7] syscall_exit_to_user_mode+0x19/0x60 [ 68.733100][ T7] do_syscall_64+0x47/0xb0 [ 68.737512][ T7] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 68.743414][ T7] [ 68.745723][ T7] Second to last potentially related work creation: [ 68.752563][ T7] kasan_save_stack+0x1b/0x40 [ 68.757318][ T7] kasan_record_aux_stack+0xc5/0xf0 [ 68.762598][ T7] insert_work+0x48/0x370 [ 68.767434][ T7] __queue_work+0x5c3/0xe70 [ 68.772023][ T7] queue_work_on+0xee/0x110 [ 68.776513][ T7] release_tty+0x4e9/0x610 [ 68.781230][ T7] tty_release_struct+0xb4/0xe0 [ 68.786107][ T7] tty_release+0xc70/0x1210 [ 68.790809][ T7] __fput+0x288/0x920 [ 68.794797][ T7] task_work_run+0xdd/0x1a0 [ 68.799390][ T7] exit_to_user_mode_prepare+0x218/0x220 [ 68.805103][ T7] syscall_exit_to_user_mode+0x19/0x60 [ 68.810648][ T7] do_syscall_64+0x47/0xb0 [ 68.815262][ T7] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 68.821559][ T7] [ 68.823868][ T7] The buggy address belongs to the object at ffff8881174e8000 [ 68.823868][ T7] which belongs to the cache kmalloc-2k of size 2048 [ 68.838086][ T7] The buggy address is located 28 bytes inside of [ 68.838086][ T7] 2048-byte region [ffff8881174e8000, ffff8881174e8800) [ 68.851360][ T7] The buggy address belongs to the page: [ 68.856999][ T7] page:ffffea00045d3a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1174e8 [ 68.867753][ T7] head:ffffea00045d3a00 order:3 compound_mapcount:0 compound_pincount:0 [ 68.876061][ T7] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 68.882980][ T7] raw: 0200000000010200 dead000000000100 dead000000000122 ffff888100042000 [ 68.894298][ T7] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 68.903183][ T7] page dumped because: kasan: bad access detected [ 68.909685][ T7] page_owner tracks the page as allocated [ 68.915472][ T7] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4289, ts 27350216461, free_ts 27342352153 [ 68.936346][ T7] get_page_from_freelist+0x1b0c/0x26a0 [ 68.941998][ T7] __alloc_pages+0x1b2/0x4f0 [ 68.946684][ T7] alloc_pages+0x18c/0x2a0 [ 68.951282][ T7] allocate_slab+0x2c5/0x4c0 [ 68.956173][ T7] ___slab_alloc+0x476/0x7b0 [ 68.961050][ T7] __slab_alloc+0x68/0x80 [ 68.965467][ T7] kmem_cache_alloc_trace+0x27e/0x2a0 [ 68.971255][ T7] alloc_tty_struct+0x95/0x920 [ 68.976023][ T7] tty_init_dev.part.0+0x20/0x610 [ 68.981043][ T7] tty_open+0xb16/0x1000 [ 68.985283][ T7] chrdev_open+0x266/0x770 [ 68.989966][ T7] do_dentry_open+0x4b4/0x1090 [ 68.994834][ T7] path_openat+0x1c0e/0x27e0 [ 68.999742][ T7] do_filp_open+0x190/0x3d0 [ 69.004243][ T7] do_sys_openat2+0x16d/0x420 [ 69.008926][ T7] __x64_sys_open+0x119/0x1c0 [ 69.013802][ T7] page last free stack trace: [ 69.018457][ T7] __free_pages_ok+0x488/0xb10 [ 69.023209][ T7] unfreeze_partials+0x16c/0x1b0 [ 69.028392][ T7] put_cpu_partial+0x5b/0x150 [ 69.033056][ T7] qlist_free_all+0x5a/0xc0 [ 69.037869][ T7] kasan_quarantine_reduce+0x180/0x200 [ 69.043669][ T7] __kasan_slab_alloc+0x73/0x80 [ 69.048509][ T7] kmem_cache_alloc+0x1d6/0x360 [ 69.053362][ T7] prepare_kernel_cred+0x23/0x800 [ 69.058674][ T7] call_usermodehelper_exec_async+0x10e/0x580 [ 69.065003][ T7] ret_from_fork+0x1f/0x30 [ 69.069707][ T7] [ 69.072127][ T7] Memory state around the buggy address: [ 69.077833][ T7] ffff8881174e7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.085974][ T7] ffff8881174e7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.094036][ T7] >ffff8881174e8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.102767][ T7] ^ [ 69.107795][ T7] ffff8881174e8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.116102][ T7] ffff8881174e8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.124903][ T7] ================================================================== [ 69.133665][ T7] Disabling lock debugging due to kernel taint [ 69.140147][ T32] ================================================================== [ 69.140198][ T7] Kernel panic - not syncing: panic_on_warn set ... [ 69.148919][ T32] BUG: KASAN: double-free or invalid-free in kfree+0xdb/0x3b0 [ 69.156024][ T7] CPU: 0 PID: 7 Comm: kworker/0:1 Tainted: G B 5.13.0-rc1-syzkaller #0 [ 69.163648][ T32] [ 69.175748][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.186565][ T7] Workqueue: usb_hub_wq hub_event [ 69.191765][ T7] Call Trace: [ 69.195035][ T7] dump_stack+0x143/0x1db [ 69.199485][ T7] panic+0x306/0x73d [ 69.203391][ T7] ? __warn_printk+0xf3/0xf3 [ 69.208434][ T7] ? imon_disconnect+0x661/0x740 [ 69.213751][ T7] ? trace_hardirqs_on+0x38/0x1a0 [ 69.218862][ T7] ? trace_hardirqs_on+0x51/0x1a0 [ 69.223967][ T7] ? imon_disconnect+0x661/0x740 [ 69.228896][ T7] ? imon_disconnect+0x661/0x740 [ 69.234004][ T7] end_report.cold+0x5a/0x5a [ 69.238850][ T7] kasan_report.cold+0x6a/0xd8 [ 69.245714][ T7] ? imon_disconnect+0x661/0x740 [ 69.250766][ T7] imon_disconnect+0x661/0x740 [ 69.255714][ T7] usb_unbind_interface+0x1d8/0x8d0 [ 69.261021][ T7] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 69.267024][ T7] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 69.272772][ T7] ? usb_unbind_device+0x1a0/0x1a0 [ 69.277895][ T7] __device_release_driver+0x3bd/0x6f0 [ 69.283899][ T7] device_release_driver+0x26/0x40 [ 69.289097][ T7] bus_remove_device+0x2eb/0x5a0 [ 69.294275][ T7] device_del+0x502/0xd40 [ 69.298688][ T7] ? __device_links_queue_sync_state+0x3f0/0x3f0 [ 69.305094][ T7] ? kobject_put+0x1f3/0x540 [ 69.309762][ T7] usb_disable_device+0x35b/0x7b0 [ 69.315210][ T7] usb_disconnect.cold+0x27d/0x791 [ 69.320841][ T7] hub_event+0x1c9c/0x4330 [ 69.325616][ T7] ? hub_port_debounce+0x3c0/0x3c0 [ 69.330894][ T7] ? lock_downgrade+0x430/0x6e0 [ 69.336114][ T7] ? __do_sys_prctl+0xbb1/0xfd0 [ 69.341160][ T7] ? lock_release+0x6f0/0x6f0 [ 69.345833][ T7] ? lock_downgrade+0x6e0/0x6e0 [ 69.350956][ T7] ? do_raw_spin_lock+0x120/0x2b0 [ 69.356062][ T7] process_one_work+0x98d/0x1580 [ 69.361700][ T7] ? pwq_dec_nr_in_flight+0x320/0x320 [ 69.367430][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 69.372562][ T7] worker_thread+0x64c/0x1120 [ 69.377423][ T7] ? __kthread_parkme+0x118/0x1d0 [ 69.382626][ T7] ? process_one_work+0x1580/0x1580 [ 69.387911][ T7] kthread+0x38c/0x460 [ 69.392185][ T7] ? _raw_spin_unlock_irq+0x1f/0x30 [ 69.397516][ T7] ? __kthread_bind_mask+0xc0/0xc0 [ 69.402714][ T7] ret_from_fork+0x1f/0x30 [ 69.407388][ T32] CPU: 1 PID: 32 Comm: kworker/1:1 Tainted: G B 5.13.0-rc1-syzkaller #0 [ 69.417115][ T32] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.427326][ T32] Workqueue: usb_hub_wq hub_event [ 69.432455][ T32] Call Trace: [ 69.435743][ T32] dump_stack+0x143/0x1db [ 69.440174][ T32] ? kfree+0xdb/0x3b0 [ 69.444232][ T32] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 69.451436][ T32] ? kfree+0xdb/0x3b0 [ 69.455410][ T32] ? kfree+0xdb/0x3b0 [ 69.459383][ T32] kasan_report_invalid_free+0x51/0x80 [ 69.464920][ T32] __kasan_slab_free+0xfc/0x110 [ 69.469860][ T32] slab_free_freelist_hook+0xb4/0x1b0 [ 69.475396][ T32] ? free_imon_context+0xb8/0x120 [ 69.480432][ T32] kfree+0xdb/0x3b0 [ 69.484556][ T32] ? kasan_check_range+0x13d/0x180 [ 69.490127][ T32] free_imon_context+0xb8/0x120 [ 69.494994][ T32] imon_disconnect+0x5d1/0x740 [ 69.499845][ T32] usb_unbind_interface+0x1d8/0x8d0 [ 69.507128][ T32] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 69.513725][ T32] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 69.519371][ T32] ? usb_unbind_device+0x1a0/0x1a0 [ 69.524589][ T32] __device_release_driver+0x3bd/0x6f0 [ 69.530138][ T32] device_release_driver+0x26/0x40 [ 69.535425][ T32] bus_remove_device+0x2eb/0x5a0 [ 69.540383][ T32] device_del+0x502/0xd40 [ 69.545077][ T32] ? __device_links_queue_sync_state+0x3f0/0x3f0 [ 69.551407][ T32] ? kobject_put+0x1f3/0x540 [ 69.556091][ T32] usb_disable_device+0x35b/0x7b0 [ 69.561365][ T32] usb_disconnect.cold+0x27d/0x791 [ 69.566589][ T32] hub_event+0x1c9c/0x4330 [ 69.571225][ T32] ? hub_port_debounce+0x3c0/0x3c0 [ 69.576630][ T32] ? lock_downgrade+0x430/0x6e0 [ 69.581666][ T32] ? __do_sys_prctl+0xbb1/0xfd0 [ 69.586510][ T32] ? lock_release+0x6f0/0x6f0 [ 69.591356][ T32] ? lock_downgrade+0x6e0/0x6e0 [ 69.596876][ T32] ? do_raw_spin_lock+0x120/0x2b0 [ 69.601980][ T32] process_one_work+0x98d/0x1580 [ 69.607388][ T32] ? pwq_dec_nr_in_flight+0x320/0x320 [ 69.612849][ T32] ? rwlock_bug.part.0+0x90/0x90 [ 69.617779][ T32] worker_thread+0x82b/0x1120 [ 69.622792][ T32] ? __kthread_parkme+0x118/0x1d0 [ 69.627827][ T32] ? process_one_work+0x1580/0x1580 [ 69.633239][ T32] kthread+0x38c/0x460 [ 69.637425][ T32] ? _raw_spin_unlock_irq+0x1f/0x30 [ 69.642736][ T32] ? __kthread_bind_mask+0xc0/0xc0 [ 69.647856][ T32] ret_from_fork+0x1f/0x30 [ 69.652469][ T32] [ 69.654782][ T32] Allocated by task 32: [ 69.659031][ T32] kasan_save_stack+0x1b/0x40 [ 69.663703][ T32] __kasan_kmalloc+0x7c/0x90 [ 69.668284][ T32] imon_probe+0xf2b/0x2b60 [ 69.672693][ T32] usb_probe_interface+0x315/0x7f0 [ 69.677881][ T32] really_probe+0x291/0xf60 [ 69.682378][ T32] driver_probe_device+0x298/0x410 [ 69.687678][ T32] __device_attach_driver+0x203/0x2c0 [ 69.693044][ T32] bus_for_each_drv+0x15f/0x1e0 [ 69.698407][ T32] __device_attach+0x228/0x4b0 [ 69.703367][ T32] bus_probe_device+0x1e4/0x290 [ 69.708665][ T32] device_add+0xbe0/0x2100 [ 69.713073][ T32] usb_set_configuration+0x113f/0x1910 [ 69.718624][ T32] usb_generic_driver_probe+0xba/0x100 [ 69.724446][ T32] usb_probe_device+0xd9/0x2c0 [ 69.729317][ T32] really_probe+0x291/0xf60 [ 69.733824][ T32] driver_probe_device+0x298/0x410 [ 69.739464][ T32] __device_attach_driver+0x203/0x2c0 [ 69.745003][ T32] bus_for_each_drv+0x15f/0x1e0 [ 69.749849][ T32] __device_attach+0x228/0x4b0 [ 69.755572][ T32] bus_probe_device+0x1e4/0x290 [ 69.760767][ T32] device_add+0xbe0/0x2100 [ 69.765348][ T32] usb_new_device.cold+0x721/0x1058 [ 69.770820][ T32] hub_event+0x2357/0x4330 [ 69.775266][ T32] process_one_work+0x98d/0x1580 [ 69.780838][ T32] worker_thread+0x64c/0x1120 [ 69.785860][ T32] kthread+0x38c/0x460 [ 69.789925][ T32] ret_from_fork+0x1f/0x30 [ 69.794943][ T32] [ 69.797268][ T32] Freed by task 32: [ 69.801216][ T32] kasan_save_stack+0x1b/0x40 [ 69.805976][ T32] kasan_set_track+0x1c/0x30 [ 69.810644][ T32] kasan_set_free_info+0x20/0x30 [ 69.815585][ T32] __kasan_slab_free+0xe0/0x110 [ 69.820622][ T32] slab_free_freelist_hook+0xb4/0x1b0 [ 69.826334][ T32] kfree+0xdb/0x3b0 [ 69.830238][ T32] free_imon_context+0xb8/0x120 [ 69.835427][ T32] imon_disconnect+0x627/0x740 [ 69.840291][ T32] usb_unbind_interface+0x1d8/0x8d0 [ 69.845500][ T32] __device_release_driver+0x3bd/0x6f0 [ 69.851149][ T32] device_release_driver+0x26/0x40 [ 69.856431][ T32] bus_remove_device+0x2eb/0x5a0 [ 69.861377][ T32] device_del+0x502/0xd40 [ 69.865874][ T32] usb_disable_device+0x35b/0x7b0 [ 69.870998][ T32] usb_disconnect.cold+0x27d/0x791 [ 69.876644][ T32] hub_event+0x1c9c/0x4330 [ 69.881137][ T32] process_one_work+0x98d/0x1580 [ 69.886073][ T32] worker_thread+0x82b/0x1120 [ 69.890999][ T32] kthread+0x38c/0x460 [ 69.895244][ T32] ret_from_fork+0x1f/0x30 [ 69.899738][ T32] [ 69.902219][ T32] The buggy address belongs to the object at ffff8881194b4000 [ 69.902219][ T32] which belongs to the cache kmalloc-2k of size 2048 [ 69.916537][ T32] The buggy address is located 0 bytes inside of [ 69.916537][ T32] 2048-byte region [ffff8881194b4000, ffff8881194b4800) [ 69.929794][ T32] The buggy address belongs to the page: [ 69.935405][ T32] page:ffffea0004652c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1194b0 [ 69.946702][ T32] head:ffffea0004652c00 order:3 compound_mapcount:0 compound_pincount:0 [ 69.955100][ T32] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 69.962052][ T32] raw: 0200000000010200 0000000000000000 0000000600000001 ffff888100042000 [ 69.970961][ T32] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 69.979961][ T32] page dumped because: kasan: bad access detected [ 69.987103][ T32] page_owner tracks the page as allocated [ 69.993357][ T32] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4372, ts 37769816225, free_ts 37769654092 [ 70.015796][ T32] get_page_from_freelist+0x1b0c/0x26a0 [ 70.021701][ T32] __alloc_pages+0x1b2/0x4f0 [ 70.026623][ T32] alloc_pages+0x18c/0x2a0 [ 70.031542][ T32] allocate_slab+0x2c5/0x4c0 [ 70.036346][ T32] ___slab_alloc+0x476/0x7b0 [ 70.041128][ T32] __slab_alloc+0x68/0x80 [ 70.045454][ T32] __kmalloc+0x2f4/0x310 [ 70.050148][ T32] sk_prot_alloc+0x110/0x290 [ 70.054905][ T32] sk_alloc+0x30/0x350 [ 70.059309][ T32] __netlink_create+0x63/0x2f0 [ 70.064456][ T32] netlink_create+0x3a1/0x5d0 [ 70.069964][ T32] __sock_create+0x3ee/0x790 [ 70.075175][ T32] __sys_socket+0xef/0x200 [ 70.080391][ T32] __x64_sys_socket+0x6f/0xb0 [ 70.085152][ T32] do_syscall_64+0x3a/0xb0 [ 70.089747][ T32] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 70.095919][ T32] page last free stack trace: [ 70.101288][ T32] __free_pages_ok+0x488/0xb10 [ 70.106922][ T32] qlist_free_all+0x5a/0xc0 [ 70.111943][ T32] kasan_quarantine_reduce+0x180/0x200 [ 70.118256][ T32] __kasan_slab_alloc+0x73/0x80 [ 70.123188][ T32] __kmalloc+0x1dd/0x310 [ 70.127444][ T32] tomoyo_supervisor+0xce8/0xf00 [ 70.132415][ T32] tomoyo_path_permission+0x270/0x3a0 [ 70.138118][ T32] tomoyo_check_open_permission+0x30f/0x380 [ 70.144105][ T32] tomoyo_file_open+0xa3/0xd0 [ 70.148786][ T32] security_file_open+0x52/0x4f0 [ 70.153722][ T32] do_dentry_open+0x353/0x1090 [ 70.158651][ T32] path_openat+0x1c0e/0x27e0 [ 70.163516][ T32] do_filp_open+0x190/0x3d0 [ 70.168196][ T32] do_sys_openat2+0x16d/0x420 [ 70.173145][ T32] __x64_sys_openat+0x13f/0x1f0 [ 70.179132][ T32] do_syscall_64+0x3a/0xb0 [ 70.184081][ T32] [ 70.187094][ T32] Memory state around the buggy address: [ 70.192806][ T32] ffff8881194b3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 70.201041][ T32] ffff8881194b3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 70.209098][ T32] >ffff8881194b4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.217142][ T32] ^ [ 70.221192][ T32] ffff8881194b4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.229584][ T32] ffff8881194b4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.238228][ T32] ================================================================== [ 70.252866][ T7] Kernel Offset: disabled [ 70.258140][ T7] Rebooting in 86400 seconds..