[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.10.49' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   54.360395][ T6801] IPVS: ftp: loaded support on port[0] = 21
[   54.671654][   T17] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   55.031734][   T17] usb 1-1: config 0 has an invalid interface number: 63 but max is 0
[   55.039889][   T17] usb 1-1: config 0 has no interface number 0
[   55.047237][   T17] usb 1-1: config 0 interface 63 altsetting 244 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   55.059585][   T17] usb 1-1: config 0 interface 63 altsetting 244 endpoint 0x81 has invalid wMaxPacketSize 0
[   55.070187][   T17] usb 1-1: config 0 interface 63 has no altsetting 0
[   55.077645][   T17] usb 1-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.40
[   55.087275][   T17] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   55.101168][   T17] usb 1-1: config 0 descriptor??
[   55.598220][   T17] input: HID 054c:03d5 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.63/0003:054C:03D5.0001/input/input5
[   55.617818][   T17] sony 0003:054C:03D5.0001: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.0-1/input63
[   55.786086][   T12] usb 1-1: USB disconnect, device number 2
[   55.805503][   T12] ==================================================================
[   55.813698][   T12] BUG: KASAN: use-after-free in __mutex_lock+0x1033/0x13c0
[   55.820870][   T12] Read of size 8 at addr ffff888094878150 by task kworker/0:1/12
[   55.828681][   T12] 
[   55.830990][   T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.7.0-rc6-next-20200522-syzkaller #0
[   55.840340][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.850379][   T12] Workqueue: usb_hub_wq hub_event
[   55.855377][   T12] Call Trace:
[   55.858645][   T12]  dump_stack+0x18f/0x20d
[   55.862965][   T12]  ? __mutex_lock+0x1033/0x13c0
[   55.867788][   T12]  ? __mutex_lock+0x1033/0x13c0
[   55.872620][   T12]  print_address_description.constprop.0.cold+0xd3/0x413
[   55.879618][   T12]  ? joydev_disconnect+0x3d/0xb0
[   55.884531][   T12]  ? __input_unregister_device+0x1b0/0x430
[   55.890315][   T12]  ? input_unregister_device+0xb4/0xf0
[   55.895750][   T12]  ? hidinput_disconnect+0x15e/0x3d0
[   55.901007][   T12]  ? hid_disconnect+0x13f/0x1a0
[   55.905840][   T12]  ? vprintk_func+0x97/0x1a6
[   55.910406][   T12]  ? __mutex_lock+0x1033/0x13c0
[   55.915233][   T12]  kasan_report.cold+0x1f/0x37
[   55.919974][   T12]  ? __mutex_lock+0x1033/0x13c0
[   55.924802][   T12]  __mutex_lock+0x1033/0x13c0
[   55.929463][   T12]  ? print_usage_bug+0x240/0x240
[   55.934376][   T12]  ? joydev_cleanup+0x21/0x190
[   55.939126][   T12]  ? trace_hardirqs_off+0x50/0x220
[   55.944214][   T12]  ? mutex_trylock+0x2c0/0x2c0
[   55.948954][   T12]  ? mark_held_locks+0x9f/0xe0
[   55.953696][   T12]  ? kfree+0x1eb/0x2b0
[   55.957748][   T12]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   55.963717][   T12]  ? kfree_const+0x51/0x60
[   55.968111][   T12]  ? dev_attr_show+0x90/0x90
[   55.972688][   T12]  ? joydev_cleanup+0x21/0x190
[   55.977425][   T12]  joydev_cleanup+0x21/0x190
[   55.982005][   T12]  joydev_disconnect+0x45/0xb0
[   55.986765][   T12]  __input_unregister_device+0x1b0/0x430
[   55.992415][   T12]  input_unregister_device+0xb4/0xf0
[   55.997689][   T12]  hidinput_disconnect+0x15e/0x3d0
[   56.002791][   T12]  ? kernfs_remove_by_name_ns+0x62/0xb0
[   56.008316][   T12]  hid_disconnect+0x13f/0x1a0
[   56.012969][   T12]  hid_hw_stop+0x12/0x70
[   56.017194][   T12]  hid_device_remove+0xed/0x240
[   56.022040][   T12]  ? sony_register_touchpad.constprop.0+0x890/0x890
[   56.028625][   T12]  ? hid_compare_device_paths+0xc0/0xc0
[   56.034148][   T12]  device_release_driver_internal+0x231/0x500
[   56.040195][   T12]  bus_remove_device+0x2dc/0x4a0
[   56.045113][   T12]  device_del+0x481/0xd30
[   56.049421][   T12]  ? device_link_add_missing_supplier_links+0x370/0x370
[   56.056342][   T12]  ? mark_held_locks+0x9f/0xe0
[   56.061087][   T12]  ? _raw_spin_unlock_irq+0x1f/0x80
[   56.066264][   T12]  hid_destroy_device+0xe1/0x150
[   56.071184][   T12]  usbhid_disconnect+0x9f/0xe0
[   56.075953][   T12]  usb_unbind_interface+0x1bd/0x8a0
[   56.081138][   T12]  ? __pm_runtime_idle+0xd1/0x320
[   56.086145][   T12]  ? usb_autoresume_device+0x60/0x60
[   56.091413][   T12]  device_release_driver_internal+0x432/0x500
[   56.097460][   T12]  bus_remove_device+0x2dc/0x4a0
[   56.102377][   T12]  device_del+0x481/0xd30
[   56.106734][   T12]  ? device_link_add_missing_supplier_links+0x370/0x370
[   56.113816][   T12]  ? usb_remove_ep_devs+0x3e/0x80
[   56.118817][   T12]  ? remove_intf_ep_devs+0x13f/0x1d0
[   56.124081][   T12]  usb_disable_device+0x211/0x690
[   56.129088][   T12]  usb_disconnect+0x284/0x8d0
[   56.133749][   T12]  hub_event+0x17ca/0x38f0
[   56.138156][   T12]  ? hub_port_debounce+0x260/0x260
[   56.143244][   T12]  ? usermodehelper_read_trylock+0xf0/0x2d0
[   56.149114][   T12]  ? debug_smp_processor_id+0x2f/0x185
[   56.154556][   T12]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   56.160078][   T12]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   56.166056][   T12]  process_one_work+0x965/0x16a0
[   56.171032][   T12]  ? lock_release+0x800/0x800
[   56.175691][   T12]  ? pwq_dec_nr_in_flight+0x310/0x310
[   56.181089][   T12]  ? rwlock_bug.part.0+0x90/0x90
[   56.186060][   T12]  worker_thread+0x96/0xe20
[   56.190551][   T12]  ? process_one_work+0x16a0/0x16a0
[   56.195731][   T12]  kthread+0x3b5/0x4a0
[   56.199789][   T12]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   56.205494][   T12]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   56.211198][   T12]  ret_from_fork+0x24/0x30
[   56.215602][   T12] 
[   56.217910][   T12] Allocated by task 17:
[   56.222052][   T12]  save_stack+0x1b/0x40
[   56.226180][   T12]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   56.231799][   T12]  kmem_cache_alloc_trace+0x153/0x7d0
[   56.237281][   T12]  joydev_connect+0x83/0xd2f
[   56.241864][   T12]  input_attach_handler+0x194/0x200
[   56.247047][   T12]  input_register_device.cold+0xf5/0x246
[   56.252659][   T12]  hidinput_connect+0x4f8f/0xdb30
[   56.257673][   T12]  hid_connect+0x96b/0xbc0
[   56.262066][   T12]  hid_hw_start+0xa2/0x130
[   56.266460][   T12]  sony_probe+0x214/0x2d0
[   56.270762][   T12]  hid_device_probe+0x2be/0x3f0
[   56.275584][   T12]  really_probe+0x281/0x6d0
[   56.280077][   T12]  driver_probe_device+0xfe/0x1d0
[   56.285075][   T12]  __device_attach_driver+0x1c2/0x220
[   56.290421][   T12]  bus_for_each_drv+0x162/0x1e0
[   56.295246][   T12]  __device_attach+0x21a/0x360
[   56.299982][   T12]  bus_probe_device+0x1e4/0x290
[   56.304805][   T12]  device_add+0xaf1/0x1900
[   56.309194][   T12]  hid_add_device+0x33c/0x9a0
[   56.313851][   T12]  usbhid_probe+0xac8/0xff0
[   56.318327][   T12]  usb_probe_interface+0x305/0x7a0
[   56.323411][   T12]  really_probe+0x281/0x6d0
[   56.327886][   T12]  driver_probe_device+0xfe/0x1d0
[   56.332882][   T12]  __device_attach_driver+0x1c2/0x220
[   56.338225][   T12]  bus_for_each_drv+0x162/0x1e0
[   56.343067][   T12]  __device_attach+0x21a/0x360
[   56.347816][   T12]  bus_probe_device+0x1e4/0x290
[   56.352739][   T12]  device_add+0xaf1/0x1900
[   56.357138][   T12]  usb_set_configuration+0xec5/0x1740
[   56.362482][   T12]  usb_generic_driver_probe+0x9d/0xe0
[   56.367828][   T12]  usb_probe_device+0xc6/0x1f0
[   56.372566][   T12]  really_probe+0x281/0x6d0
[   56.377053][   T12]  driver_probe_device+0xfe/0x1d0
[   56.382049][   T12]  __device_attach_driver+0x1c2/0x220
[   56.387392][   T12]  bus_for_each_drv+0x162/0x1e0
[   56.392215][   T12]  __device_attach+0x21a/0x360
[   56.396951][   T12]  bus_probe_device+0x1e4/0x290
[   56.401792][   T12]  device_add+0xaf1/0x1900
[   56.406182][   T12]  usb_new_device.cold+0x753/0x103d
[   56.411354][   T12]  hub_event+0x1eca/0x38f0
[   56.415745][   T12]  process_one_work+0x965/0x16a0
[   56.420653][   T12]  worker_thread+0x96/0xe20
[   56.425133][   T12]  kthread+0x3b5/0x4a0
[   56.429174][   T12]  ret_from_fork+0x24/0x30
[   56.433570][   T12] 
[   56.435872][   T12] Freed by task 12:
[   56.439653][   T12]  save_stack+0x1b/0x40
[   56.443792][   T12]  __kasan_slab_free+0xf7/0x140
[   56.448618][   T12]  kfree+0x109/0x2b0
[   56.452487][   T12]  device_release+0x71/0x200
[   56.457064][   T12]  kobject_put+0x1c8/0x2f0
[   56.461457][   T12]  cdev_device_del+0x69/0x80
[   56.466023][   T12]  joydev_disconnect+0x3d/0xb0
[   56.470760][   T12]  __input_unregister_device+0x1b0/0x430
[   56.476369][   T12]  input_unregister_device+0xb4/0xf0
[   56.481629][   T12]  hidinput_disconnect+0x15e/0x3d0
[   56.486713][   T12]  hid_disconnect+0x13f/0x1a0
[   56.491366][   T12]  hid_hw_stop+0x12/0x70
[   56.495582][   T12]  hid_device_remove+0xed/0x240
[   56.500403][   T12]  device_release_driver_internal+0x231/0x500
[   56.506443][   T12]  bus_remove_device+0x2dc/0x4a0
[   56.511353][   T12]  device_del+0x481/0xd30
[   56.515670][   T12]  hid_destroy_device+0xe1/0x150
[   56.520578][   T12]  usbhid_disconnect+0x9f/0xe0
[   56.525316][   T12]  usb_unbind_interface+0x1bd/0x8a0
[   56.530499][   T12]  device_release_driver_internal+0x432/0x500
[   56.536554][   T12]  bus_remove_device+0x2dc/0x4a0
[   56.541465][   T12]  device_del+0x481/0xd30
[   56.545767][   T12]  usb_disable_device+0x211/0x690
[   56.550763][   T12]  usb_disconnect+0x284/0x8d0
[   56.555437][   T12]  hub_event+0x17ca/0x38f0
[   56.559838][   T12]  process_one_work+0x965/0x16a0
[   56.564763][   T12]  worker_thread+0x96/0xe20
[   56.569248][   T12]  kthread+0x3b5/0x4a0
[   56.573290][   T12]  ret_from_fork+0x24/0x30
[   56.577673][   T12] 
[   56.579975][   T12] The buggy address belongs to the object at ffff888094878000
[   56.579975][   T12]  which belongs to the cache kmalloc-8k of size 8192
[   56.594012][   T12] The buggy address is located 336 bytes inside of
[   56.594012][   T12]  8192-byte region [ffff888094878000, ffff88809487a000)
[   56.607336][   T12] The buggy address belongs to the page:
[   56.612951][   T12] page:ffffea0002521e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 head:ffffea0002521e00 order:2 compound_mapcount:0 compound_pincount:0
[   56.628193][   T12] flags: 0xfffe0000010200(slab|head)
[   56.633453][   T12] raw: 00fffe0000010200 ffffea00025d3b08 ffff8880aa001b50 ffff8880aa0021c0
[   56.642018][   T12] raw: 0000000000000000 ffff888094878000 0000000100000001 0000000000000000
[   56.650572][   T12] page dumped because: kasan: bad access detected
[   56.656954][   T12] 
[   56.659255][   T12] Memory state around the buggy address:
[   56.664858][   T12]  ffff888094878000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.672892][   T12]  ffff888094878080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.680924][   T12] >ffff888094878100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.688954][   T12]                                                  ^
[   56.695601][   T12]  ffff888094878180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.703636][   T12]  ffff888094878200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.711668][   T12] ==================================================================
[   56.719697][   T12] Disabling lock debugging due to kernel taint
[   56.728518][   T12] Kernel panic - not syncing: panic_on_warn set ...
[   56.735116][   T12] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G    B             5.7.0-rc6-next-20200522-syzkaller #0
[   56.745857][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   56.755910][   T12] Workqueue: usb_hub_wq hub_event
[   56.760919][   T12] Call Trace:
[   56.764201][   T12]  dump_stack+0x18f/0x20d
[   56.768523][   T12]  ? __mutex_lock+0xf50/0x13c0
[   56.773282][   T12]  panic+0x2e3/0x75c
[   56.777167][   T12]  ? __warn_printk+0xf3/0xf3
[   56.781732][   T12]  ? preempt_schedule_common+0x5e/0xc0
[   56.787162][   T12]  ? __mutex_lock+0x1033/0x13c0
[   56.791983][   T12]  ? __mutex_lock+0x1033/0x13c0
[   56.796804][   T12]  ? preempt_schedule_thunk+0x16/0x18
[   56.802162][   T12]  ? trace_hardirqs_on+0x55/0x230
[   56.807158][   T12]  ? __mutex_lock+0x1033/0x13c0
[   56.811992][   T12]  ? __mutex_lock+0x1033/0x13c0
[   56.816812][   T12]  end_report+0x4d/0x53
[   56.820938][   T12]  kasan_report.cold+0xd/0x37
[   56.825598][   T12]  ? __mutex_lock+0x1033/0x13c0
[   56.830416][   T12]  __mutex_lock+0x1033/0x13c0
[   56.835066][   T12]  ? print_usage_bug+0x240/0x240
[   56.839975][   T12]  ? joydev_cleanup+0x21/0x190
[   56.844709][   T12]  ? trace_hardirqs_off+0x50/0x220
[   56.849790][   T12]  ? mutex_trylock+0x2c0/0x2c0
[   56.854528][   T12]  ? mark_held_locks+0x9f/0xe0
[   56.859263][   T12]  ? kfree+0x1eb/0x2b0
[   56.863315][   T12]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   56.869268][   T12]  ? kfree_const+0x51/0x60
[   56.873656][   T12]  ? dev_attr_show+0x90/0x90
[   56.878216][   T12]  ? joydev_cleanup+0x21/0x190
[   56.882959][   T12]  joydev_cleanup+0x21/0x190
[   56.887521][   T12]  joydev_disconnect+0x45/0xb0
[   56.892256][   T12]  __input_unregister_device+0x1b0/0x430
[   56.897872][   T12]  input_unregister_device+0xb4/0xf0
[   56.903140][   T12]  hidinput_disconnect+0x15e/0x3d0
[   56.908223][   T12]  ? kernfs_remove_by_name_ns+0x62/0xb0
[   56.913739][   T12]  hid_disconnect+0x13f/0x1a0
[   56.918385][   T12]  hid_hw_stop+0x12/0x70
[   56.922609][   T12]  hid_device_remove+0xed/0x240
[   56.927431][   T12]  ? sony_register_touchpad.constprop.0+0x890/0x890
[   56.934003][   T12]  ? hid_compare_device_paths+0xc0/0xc0
[   56.939526][   T12]  device_release_driver_internal+0x231/0x500
[   56.945563][   T12]  bus_remove_device+0x2dc/0x4a0
[   56.950474][   T12]  device_del+0x481/0xd30
[   56.954792][   T12]  ? device_link_add_missing_supplier_links+0x370/0x370
[   56.961712][   T12]  ? mark_held_locks+0x9f/0xe0
[   56.966463][   T12]  ? _raw_spin_unlock_irq+0x1f/0x80
[   56.971693][   T12]  hid_destroy_device+0xe1/0x150
[   56.976604][   T12]  usbhid_disconnect+0x9f/0xe0
[   56.981341][   T12]  usb_unbind_interface+0x1bd/0x8a0
[   56.986628][   T12]  ? __pm_runtime_idle+0xd1/0x320
[   56.991627][   T12]  ? usb_autoresume_device+0x60/0x60
[   56.996900][   T12]  device_release_driver_internal+0x432/0x500
[   57.003004][   T12]  bus_remove_device+0x2dc/0x4a0
[   57.007917][   T12]  device_del+0x481/0xd30
[   57.012275][   T12]  ? device_link_add_missing_supplier_links+0x370/0x370
[   57.019183][   T12]  ? usb_remove_ep_devs+0x3e/0x80
[   57.024181][   T12]  ? remove_intf_ep_devs+0x13f/0x1d0
[   57.029438][   T12]  usb_disable_device+0x211/0x690
[   57.034436][   T12]  usb_disconnect+0x284/0x8d0
[   57.039083][   T12]  hub_event+0x17ca/0x38f0
[   57.043478][   T12]  ? hub_port_debounce+0x260/0x260
[   57.048573][   T12]  ? usermodehelper_read_trylock+0xf0/0x2d0
[   57.054475][   T12]  ? debug_smp_processor_id+0x2f/0x185
[   57.059925][   T12]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   57.065446][   T12]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   57.071402][   T12]  process_one_work+0x965/0x16a0
[   57.076348][   T12]  ? lock_release+0x800/0x800
[   57.081005][   T12]  ? pwq_dec_nr_in_flight+0x310/0x310
[   57.086376][   T12]  ? rwlock_bug.part.0+0x90/0x90
[   57.091303][   T12]  worker_thread+0x96/0xe20
[   57.095781][   T12]  ? process_one_work+0x16a0/0x16a0
[   57.100952][   T12]  kthread+0x3b5/0x4a0
[   57.105004][   T12]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   57.110708][   T12]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   57.116399][   T12]  ret_from_fork+0x24/0x30
[   57.122119][   T12] Kernel Offset: disabled
[   57.126456][   T12] Rebooting in 86400 seconds..