
Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.216' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   57.981084][ T6821] IPVS: ftp: loaded support on port[0] = 21
[   58.292798][   T17] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   58.532658][   T17] usb 1-1: Using ep0 maxpacket: 16
[   58.652849][   T17] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 73, using maximum allowed: 30
[   58.663917][   T17] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   58.676197][   T17] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   58.686884][   T17] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 73
[   58.700576][   T17] usb 1-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00
[   58.710473][   T17] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   58.721659][   T17] usb 1-1: config 0 descriptor??
[   59.215340][   T17] input: HID 0458:5013 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5013.0001/input/input5
[   59.234110][   T17] input: HID 0458:5013 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5013.0001/input/input6
[   59.343538][   T17] kye 0003:0458:5013.0001: input,hiddev96,hidraw0: USB HID v0.00 Device [HID 0458:5013] on usb-dummy_hcd.0-1/input0
[   59.407186][ T2485] usb 1-1: USB disconnect, device number 2
[   59.476847][ T2485] ==================================================================
[   59.486225][ T2485] BUG: KASAN: use-after-free in __mutex_lock+0x1033/0x13c0
[   59.493434][ T2485] Read of size 8 at addr ffff88809452f150 by task kworker/0:2/2485
[   59.501490][ T2485] 
[   59.504006][ T2485] CPU: 0 PID: 2485 Comm: kworker/0:2 Not tainted 5.7.0-rc6-next-20200522-syzkaller #0
[   59.514371][ T2485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.524561][ T2485] Workqueue: usb_hub_wq hub_event
[   59.529602][ T2485] Call Trace:
[   59.532903][ T2485]  dump_stack+0x18f/0x20d
[   59.537256][ T2485]  ? __mutex_lock+0x1033/0x13c0
[   59.545149][ T2485]  ? __mutex_lock+0x1033/0x13c0
[   59.550006][ T2485]  print_address_description.constprop.0.cold+0xd3/0x413
[   59.557008][ T2485]  ? mousedev_destroy+0x20/0xa0
[   59.561846][ T2485]  ? __input_unregister_device+0x1b0/0x430
[   59.567636][ T2485]  ? input_unregister_device+0xb4/0xf0
[   59.573080][ T2485]  ? hidinput_disconnect+0x15e/0x3d0
[   59.578432][ T2485]  ? hid_disconnect+0x13f/0x1a0
[   59.583299][ T2485]  ? vprintk_func+0x97/0x1a6
[   59.587909][ T2485]  ? __mutex_lock+0x1033/0x13c0
[   59.592743][ T2485]  kasan_report.cold+0x1f/0x37
[   59.597517][ T2485]  ? __mutex_lock+0x1033/0x13c0
[   59.602364][ T2485]  __mutex_lock+0x1033/0x13c0
[   59.607035][ T2485]  ? print_usage_bug+0x240/0x240
[   59.611974][ T2485]  ? mousedev_cleanup+0x21/0x180
[   59.617429][ T2485]  ? trace_hardirqs_off+0x50/0x220
[   59.622533][ T2485]  ? mutex_trylock+0x2c0/0x2c0
[   59.627385][ T2485]  ? mark_held_locks+0x9f/0xe0
[   59.632313][ T2485]  ? kfree+0x1eb/0x2b0
[   59.636364][ T2485]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   59.642340][ T2485]  ? kfree_const+0x51/0x60
[   59.646740][ T2485]  ? dev_attr_show+0x90/0x90
[   59.651334][ T2485]  ? mousedev_cleanup+0x21/0x180
[   59.656264][ T2485]  mousedev_cleanup+0x21/0x180
[   59.661026][ T2485]  mousedev_destroy+0x28/0xa0
[   59.665711][ T2485]  __input_unregister_device+0x1b0/0x430
[   59.671339][ T2485]  input_unregister_device+0xb4/0xf0
[   59.676611][ T2485]  hidinput_disconnect+0x15e/0x3d0
[   59.681707][ T2485]  ? kernfs_remove_by_name_ns+0x62/0xb0
[   59.687257][ T2485]  hid_disconnect+0x13f/0x1a0
[   59.691929][ T2485]  hid_device_remove+0x186/0x240
[   59.696851][ T2485]  ? hid_compare_device_paths+0xc0/0xc0
[   59.702377][ T2485]  device_release_driver_internal+0x231/0x500
[   59.708559][ T2485]  bus_remove_device+0x2dc/0x4a0
[   59.713516][ T2485]  device_del+0x481/0xd30
[   59.718725][ T2485]  ? device_link_add_missing_supplier_links+0x370/0x370
[   59.725817][ T2485]  ? mark_held_locks+0x9f/0xe0
[   59.730564][ T2485]  ? _raw_spin_unlock_irq+0x1f/0x80
[   59.735763][ T2485]  hid_destroy_device+0xe1/0x150
[   59.740683][ T2485]  usbhid_disconnect+0x9f/0xe0
[   59.745455][ T2485]  usb_unbind_interface+0x1bd/0x8a0
[   59.750728][ T2485]  ? __pm_runtime_idle+0xd1/0x320
[   59.755731][ T2485]  ? usb_autoresume_device+0x60/0x60
[   59.761344][ T2485]  device_release_driver_internal+0x432/0x500
[   59.767501][ T2485]  bus_remove_device+0x2dc/0x4a0
[   59.772529][ T2485]  device_del+0x481/0xd30
[   59.776845][ T2485]  ? device_link_add_missing_supplier_links+0x370/0x370
[   59.783762][ T2485]  ? usb_remove_ep_devs+0x3e/0x80
[   59.788779][ T2485]  ? remove_intf_ep_devs+0x13f/0x1d0
[   59.794163][ T2485]  usb_disable_device+0x211/0x690
[   59.799207][ T2485]  usb_disconnect+0x284/0x8d0
[   59.803895][ T2485]  hub_event+0x17ca/0x38f0
[   59.808327][ T2485]  ? hub_port_debounce+0x260/0x260
[   59.813521][ T2485]  ? usermodehelper_read_trylock+0xf0/0x2d0
[   59.819491][ T2485]  ? debug_smp_processor_id+0x2f/0x185
[   59.824943][ T2485]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   59.830601][ T2485]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   59.836661][ T2485]  process_one_work+0x965/0x16a0
[   59.841753][ T2485]  ? lock_release+0x800/0x800
[   59.846619][ T2485]  ? pwq_dec_nr_in_flight+0x310/0x310
[   59.852502][ T2485]  ? rwlock_bug.part.0+0x90/0x90
[   59.857526][ T2485]  worker_thread+0x96/0xe20
[   59.862025][ T2485]  ? process_one_work+0x16a0/0x16a0
[   59.867283][ T2485]  kthread+0x3b5/0x4a0
[   59.871347][ T2485]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   59.877331][ T2485]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   59.883061][ T2485]  ret_from_fork+0x24/0x30
[   59.887478][ T2485] 
[   59.889891][ T2485] Allocated by task 17:
[   59.894174][ T2485]  save_stack+0x1b/0x40
[   59.898320][ T2485]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   59.903934][ T2485]  kmem_cache_alloc_trace+0x153/0x7d0
[   59.909703][ T2485]  mousedev_create+0x90/0xa20
[   59.914446][ T2485]  mousedev_connect+0x20/0x280
[   59.919201][ T2485]  input_attach_handler+0x194/0x200
[   59.924557][ T2485]  input_register_device.cold+0xf5/0x246
[   59.930180][ T2485]  hidinput_connect+0x4f8f/0xdb30
[   59.935288][ T2485]  hid_connect+0x96b/0xbc0
[   59.939770][ T2485]  hid_hw_start+0xa2/0x130
[   59.944165][ T2485]  kye_probe+0x44/0x536
[   59.948404][ T2485]  hid_device_probe+0x2be/0x3f0
[   59.953234][ T2485]  really_probe+0x281/0x6d0
[   59.957721][ T2485]  driver_probe_device+0xfe/0x1d0
[   59.962725][ T2485]  __device_attach_driver+0x1c2/0x220
[   59.968085][ T2485]  bus_for_each_drv+0x162/0x1e0
[   59.972933][ T2485]  __device_attach+0x21a/0x360
[   59.977709][ T2485]  bus_probe_device+0x1e4/0x290
[   59.982898][ T2485]  device_add+0xaf1/0x1900
[   59.987349][ T2485]  hid_add_device+0x33c/0x9a0
[   59.992009][ T2485]  usbhid_probe+0xac8/0xff0
[   59.996588][ T2485]  usb_probe_interface+0x305/0x7a0
[   60.001677][ T2485]  really_probe+0x281/0x6d0
[   60.006181][ T2485]  driver_probe_device+0xfe/0x1d0
[   60.011290][ T2485]  __device_attach_driver+0x1c2/0x220
[   60.016655][ T2485]  bus_for_each_drv+0x162/0x1e0
[   60.021484][ T2485]  __device_attach+0x21a/0x360
[   60.026227][ T2485]  bus_probe_device+0x1e4/0x290
[   60.031057][ T2485]  device_add+0xaf1/0x1900
[   60.035454][ T2485]  usb_set_configuration+0xec5/0x1740
[   60.040895][ T2485]  usb_generic_driver_probe+0x9d/0xe0
[   60.046266][ T2485]  usb_probe_device+0xc6/0x1f0
[   60.051020][ T2485]  really_probe+0x281/0x6d0
[   60.055512][ T2485]  driver_probe_device+0xfe/0x1d0
[   60.060527][ T2485]  __device_attach_driver+0x1c2/0x220
[   60.065907][ T2485]  bus_for_each_drv+0x162/0x1e0
[   60.070925][ T2485]  __device_attach+0x21a/0x360
[   60.075876][ T2485]  bus_probe_device+0x1e4/0x290
[   60.080824][ T2485]  device_add+0xaf1/0x1900
[   60.085223][ T2485]  usb_new_device.cold+0x753/0x103d
[   60.090417][ T2485]  hub_event+0x1eca/0x38f0
[   60.094900][ T2485]  process_one_work+0x965/0x16a0
[   60.099914][ T2485]  worker_thread+0x96/0xe20
[   60.104407][ T2485]  kthread+0x3b5/0x4a0
[   60.108456][ T2485]  ret_from_fork+0x24/0x30
[   60.112858][ T2485] 
[   60.115171][ T2485] Freed by task 2485:
[   60.119406][ T2485]  save_stack+0x1b/0x40
[   60.123548][ T2485]  __kasan_slab_free+0xf7/0x140
[   60.128386][ T2485]  kfree+0x109/0x2b0
[   60.132271][ T2485]  device_release+0x71/0x200
[   60.136840][ T2485]  kobject_put+0x1c8/0x2f0
[   60.141248][ T2485]  cdev_device_del+0x69/0x80
[   60.145836][ T2485]  mousedev_destroy+0x20/0xa0
[   60.150498][ T2485]  __input_unregister_device+0x1b0/0x430
[   60.156143][ T2485]  input_unregister_device+0xb4/0xf0
[   60.161415][ T2485]  hidinput_disconnect+0x15e/0x3d0
[   60.166518][ T2485]  hid_disconnect+0x13f/0x1a0
[   60.171173][ T2485]  hid_device_remove+0x186/0x240
[   60.176987][ T2485]  device_release_driver_internal+0x231/0x500
[   60.183079][ T2485]  bus_remove_device+0x2dc/0x4a0
[   60.188967][ T2485]  device_del+0x481/0xd30
[   60.193283][ T2485]  hid_destroy_device+0xe1/0x150
[   60.198304][ T2485]  usbhid_disconnect+0x9f/0xe0
[   60.203263][ T2485]  usb_unbind_interface+0x1bd/0x8a0
[   60.208462][ T2485]  device_release_driver_internal+0x432/0x500
[   60.214707][ T2485]  bus_remove_device+0x2dc/0x4a0
[   60.219651][ T2485]  device_del+0x481/0xd30
[   60.223962][ T2485]  usb_disable_device+0x211/0x690
[   60.228973][ T2485]  usb_disconnect+0x284/0x8d0
[   60.233845][ T2485]  hub_event+0x17ca/0x38f0
[   60.238261][ T2485]  process_one_work+0x965/0x16a0
[   60.243193][ T2485]  worker_thread+0x96/0xe20
[   60.247689][ T2485]  kthread+0x3b5/0x4a0
[   60.251874][ T2485]  ret_from_fork+0x24/0x30
[   60.257494][ T2485] 
[   60.259854][ T2485] The buggy address belongs to the object at ffff88809452f000
[   60.259854][ T2485]  which belongs to the cache kmalloc-2k of size 2048
[   60.273917][ T2485] The buggy address is located 336 bytes inside of
[   60.273917][ T2485]  2048-byte region [ffff88809452f000, ffff88809452f800)
[   60.287277][ T2485] The buggy address belongs to the page:
[   60.292914][ T2485] page:ffffea0002514bc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
[   60.302698][ T2485] flags: 0xfffe0000000200(slab)
[   60.307584][ T2485] raw: 00fffe0000000200 ffffea0002461788 ffffea0002786608 ffff8880aa000e00
[   60.316468][ T2485] raw: 0000000000000000 ffff88809452f000 0000000100000001 0000000000000000
[   60.325051][ T2485] page dumped because: kasan: bad access detected
[   60.331442][ T2485] 
[   60.333767][ T2485] Memory state around the buggy address:
[   60.339403][ T2485]  ffff88809452f000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.347446][ T2485]  ffff88809452f080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.355504][ T2485] >ffff88809452f100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.363573][ T2485]                                                  ^
[   60.370237][ T2485]  ffff88809452f180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.378284][ T2485]  ffff88809452f200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.386334][ T2485] ==================================================================
[   60.394392][ T2485] Disabling lock debugging due to kernel taint
[   60.409716][ T2485] Kernel panic - not syncing: panic_on_warn set ...
[   60.416371][ T2485] CPU: 0 PID: 2485 Comm: kworker/0:2 Tainted: G    B             5.7.0-rc6-next-20200522-syzkaller #0
[   60.427301][ T2485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.437540][ T2485] Workqueue: usb_hub_wq hub_event
[   60.442560][ T2485] Call Trace:
[   60.445849][ T2485]  dump_stack+0x18f/0x20d
[   60.450176][ T2485]  ? __mutex_lock+0xf50/0x13c0
[   60.454945][ T2485]  panic+0x2e3/0x75c
[   60.458848][ T2485]  ? __warn_printk+0xf3/0xf3
[   60.463552][ T2485]  ? preempt_schedule_common+0x5e/0xc0
[   60.468986][ T2485]  ? __mutex_lock+0x1033/0x13c0
[   60.473943][ T2485]  ? __mutex_lock+0x1033/0x13c0
[   60.478777][ T2485]  ? preempt_schedule_thunk+0x16/0x18
[   60.484296][ T2485]  ? trace_hardirqs_on+0x55/0x230
[   60.489304][ T2485]  ? __mutex_lock+0x1033/0x13c0
[   60.494141][ T2485]  ? __mutex_lock+0x1033/0x13c0
[   60.498976][ T2485]  end_report+0x4d/0x53
[   60.503125][ T2485]  kasan_report.cold+0xd/0x37
[   60.513271][ T2485]  ? __mutex_lock+0x1033/0x13c0
[   60.518110][ T2485]  __mutex_lock+0x1033/0x13c0
[   60.522964][ T2485]  ? print_usage_bug+0x240/0x240
[   60.527880][ T2485]  ? mousedev_cleanup+0x21/0x180
[   60.532886][ T2485]  ? trace_hardirqs_off+0x50/0x220
[   60.538059][ T2485]  ? mutex_trylock+0x2c0/0x2c0
[   60.542817][ T2485]  ? mark_held_locks+0x9f/0xe0
[   60.547558][ T2485]  ? kfree+0x1eb/0x2b0
[   60.551613][ T2485]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   60.557587][ T2485]  ? kfree_const+0x51/0x60
[   60.561978][ T2485]  ? dev_attr_show+0x90/0x90
[   60.566547][ T2485]  ? mousedev_cleanup+0x21/0x180
[   60.571456][ T2485]  mousedev_cleanup+0x21/0x180
[   60.576217][ T2485]  mousedev_destroy+0x28/0xa0
[   60.581043][ T2485]  __input_unregister_device+0x1b0/0x430
[   60.587275][ T2485]  input_unregister_device+0xb4/0xf0
[   60.592544][ T2485]  hidinput_disconnect+0x15e/0x3d0
[   60.597638][ T2485]  ? kernfs_remove_by_name_ns+0x62/0xb0
[   60.603159][ T2485]  hid_disconnect+0x13f/0x1a0
[   60.607825][ T2485]  hid_device_remove+0x186/0x240
[   60.612758][ T2485]  ? hid_compare_device_paths+0xc0/0xc0
[   60.618295][ T2485]  device_release_driver_internal+0x231/0x500
[   60.624357][ T2485]  bus_remove_device+0x2dc/0x4a0
[   60.629388][ T2485]  device_del+0x481/0xd30
[   60.633817][ T2485]  ? device_link_add_missing_supplier_links+0x370/0x370
[   60.640740][ T2485]  ? mark_held_locks+0x9f/0xe0
[   60.645493][ T2485]  ? _raw_spin_unlock_irq+0x1f/0x80
[   60.651633][ T2485]  hid_destroy_device+0xe1/0x150
[   60.656549][ T2485]  usbhid_disconnect+0x9f/0xe0
[   60.661288][ T2485]  usb_unbind_interface+0x1bd/0x8a0
[   60.666728][ T2485]  ? __pm_runtime_idle+0xd1/0x320
[   60.671986][ T2485]  ? usb_autoresume_device+0x60/0x60
[   60.677259][ T2485]  device_release_driver_internal+0x432/0x500
[   60.683314][ T2485]  bus_remove_device+0x2dc/0x4a0
[   60.688345][ T2485]  device_del+0x481/0xd30
[   60.692691][ T2485]  ? device_link_add_missing_supplier_links+0x370/0x370
[   60.699620][ T2485]  ? usb_remove_ep_devs+0x3e/0x80
[   60.704620][ T2485]  ? remove_intf_ep_devs+0x13f/0x1d0
[   60.709878][ T2485]  usb_disable_device+0x211/0x690
[   60.714896][ T2485]  usb_disconnect+0x284/0x8d0
[   60.719550][ T2485]  hub_event+0x17ca/0x38f0
[   60.723949][ T2485]  ? hub_port_debounce+0x260/0x260
[   60.729064][ T2485]  ? usermodehelper_read_trylock+0xf0/0x2d0
[   60.735049][ T2485]  ? debug_smp_processor_id+0x2f/0x185
[   60.740488][ T2485]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   60.746101][ T2485]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   60.752681][ T2485]  process_one_work+0x965/0x16a0
[   60.757725][ T2485]  ? lock_release+0x800/0x800
[   60.762401][ T2485]  ? pwq_dec_nr_in_flight+0x310/0x310
[   60.767876][ T2485]  ? rwlock_bug.part.0+0x90/0x90
[   60.775559][ T2485]  worker_thread+0x96/0xe20
[   60.780296][ T2485]  ? process_one_work+0x16a0/0x16a0
[   60.785480][ T2485]  kthread+0x3b5/0x4a0
[   60.789791][ T2485]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   60.795489][ T2485]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   60.801366][ T2485]  ret_from_fork+0x24/0x30
[   60.807326][ T2485] Kernel Offset: disabled
[   60.811665][ T2485] Rebooting in 86400 seconds..