[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   25.230844] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   28.578010] random: sshd: uninitialized urandom read (32 bytes read)
[   28.911005] random: sshd: uninitialized urandom read (32 bytes read)
[   29.457420] random: sshd: uninitialized urandom read (32 bytes read)
[   29.639197] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts.
[   35.419479] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   35.519989] FAULT_INJECTION: forcing a failure.
[   35.519989] name failslab, interval 1, probability 0, space 0, times 1
[   35.531395] CPU: 1 PID: 4682 Comm: syz-executor735 Not tainted 4.19.0-rc1-next-20180830+ #52
[   35.539954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.549333] Call Trace:
[   35.551954]  dump_stack+0x1c9/0x2b4
[   35.555581]  ? dump_stack_print_info.cold.2+0x52/0x52
[   35.560885]  ? trace_hardirqs_on+0xbd/0x2c0
[   35.565226]  should_fail.cold.4+0xa/0x11
[   35.569287]  ? kasan_check_write+0x14/0x20
[   35.573517]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[   35.578611]  ? save_stack+0xa9/0xd0
[   35.582223]  ? graph_lock+0x170/0x170
[   35.586013]  ? kasan_kmalloc+0xc4/0xe0
[   35.589950]  ? kmem_cache_alloc_trace+0x152/0x730
[   35.594783]  ? kobject_uevent_env+0x20f/0x1110
[   35.599346]  ? kobject_uevent+0x1f/0x30
[   35.603309]  ? device_release_driver_internal+0x60e/0x750
[   35.608841]  ? find_held_lock+0x36/0x1c0
[   35.612948]  ? __lock_is_held+0xb5/0x140
[   35.617008]  ? check_same_owner+0x340/0x340
[   35.621311]  ? kmem_cache_alloc_trace+0x275/0x730
[   35.626162]  ? rcu_note_context_switch+0x680/0x680
[   35.631092]  __should_failslab+0x124/0x180
[   35.635332]  should_failslab+0x9/0x14
[   35.639117]  __kmalloc+0x2b2/0x720
[   35.642649]  ? kobject_uevent_env+0x20f/0x1110
[   35.647216]  ? rcu_read_lock_sched_held+0x108/0x120
[   35.652226]  ? kobject_get_path+0xc2/0x1a0
[   35.656505]  kobject_get_path+0xc2/0x1a0
[   35.660565]  kobject_uevent_env+0x234/0x1110
[   35.664962]  kobject_uevent+0x1f/0x30
[   35.668773]  device_release_driver_internal+0x60e/0x750
[   35.674119]  device_release_driver+0x19/0x20
[   35.678520]  usb_driver_release_interface+0x110/0x190
[   35.683696]  proc_disconnect_claim+0x288/0x410
[   35.688262]  ? proc_ioctl+0x780/0x780
[   35.692060]  ? mark_held_locks+0x160/0x160
[   35.696290]  usbdev_do_ioctl+0x17ee/0x3b30
[   35.700526]  ? processcompl_compat+0x680/0x680
[   35.705101]  ? mark_held_locks+0x160/0x160
[   35.709371]  ? print_usage_bug+0xc0/0xc0
[   35.713424]  ? __lock_acquire+0x7fc/0x5020
[   35.717667]  ? graph_lock+0x170/0x170
[   35.721448]  ? graph_lock+0x170/0x170
[   35.725232]  ? graph_lock+0x170/0x170
[   35.729019]  ? find_held_lock+0x36/0x1c0
[   35.733067]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.738590]  ? _parse_integer+0x13b/0x190
[   35.742719]  ? graph_lock+0x170/0x170
[   35.746504]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   35.752029]  ? _kstrtoull+0x188/0x250
[   35.755815]  ? _parse_integer+0x190/0x190
[   35.759942]  ? graph_lock+0x170/0x170
[   35.763723]  ? lock_release+0x9f0/0x9f0
[   35.767781]  ? find_held_lock+0x36/0x1c0
[   35.771848]  ? lock_downgrade+0x8f0/0x8f0
[   35.776001]  ? kasan_check_read+0x11/0x20
[   35.780147]  ? rcu_is_watching+0x8c/0x150
[   35.784276]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   35.788928]  ? graph_lock+0x170/0x170
[   35.792711]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   35.798258]  ? proc_fail_nth_write+0x9e/0x210
[   35.802740]  ? proc_cwd_link+0x1d0/0x1d0
[   35.806788]  ? trace_hardirqs_off+0xb8/0x2b0
[   35.811181]  ? find_held_lock+0x36/0x1c0
[   35.815234]  usbdev_ioctl+0x25/0x30
[   35.818878]  ? usbdev_compat_ioctl+0x30/0x30
[   35.823283]  do_vfs_ioctl+0x1de/0x1720
[   35.827158]  ? __lock_is_held+0xb5/0x140
[   35.831347]  ? ioctl_preallocate+0x300/0x300
[   35.835748]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   35.841277]  ? __fget_light+0x2f7/0x440
[   35.845237]  ? fget_raw+0x20/0x20
[   35.848683]  ? __sb_end_write+0xac/0xe0
[   35.852694]  ? do_syscall_64+0x9a/0x820
[   35.856709]  ? do_syscall_64+0x9a/0x820
[   35.860679]  ? lockdep_hardirqs_on+0x421/0x5c0
[   35.865251]  ? security_file_ioctl+0x94/0xc0
[   35.869646]  ksys_ioctl+0xa9/0xd0
[   35.873138]  __x64_sys_ioctl+0x73/0xb0
[   35.877018]  do_syscall_64+0x1b9/0x820
[   35.880891]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   35.886239]  ? syscall_return_slowpath+0x5e0/0x5e0
[   35.891154]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.895993]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[   35.900998]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   35.906001]  ? prepare_exit_to_usermode+0x291/0x3b0
[   35.911003]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.915834]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   35.921005] RIP: 0033:0x444ca9
[   35.924222] Code: e8 0c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db ce fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   35.943128] RSP: 002b:00007ffcce5daa98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   35.950905] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444ca9
[   35.958219] RDX: 0000000020000280 RSI: 000000008108551b RDI: 0000000000000003
executing program
[   35.965478] RBP: 00007ffcce5daab0 R08: 0000000000000001 R09: 0000000000000000
[   35.972729] R10: 000000000000000a R11: 0000000000000246 R12: ffffffffffffffff
[   35.979983] R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000
[   35.992965] FAULT_INJECTION: forcing a failure.
[   35.992965] name failslab, interval 1, probability 0, space 0, times 0
[   36.004198] CPU: 0 PID: 4683 Comm: syz-executor735 Not tainted 4.19.0-rc1-next-20180830+ #52
[   36.012761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.022094] Call Trace:
[   36.024679]  dump_stack+0x1c9/0x2b4
[   36.028294]  ? dump_stack_print_info.cold.2+0x52/0x52
[   36.033473]  should_fail.cold.4+0xa/0x11
[   36.037519]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[   36.042608]  ? kasan_kmalloc+0xc4/0xe0
[   36.046476]  ? __kmalloc_track_caller+0x14a/0x720
[   36.051302]  ? kstrdup+0x39/0x70
[   36.054649]  ? kstrdup_const+0x66/0x80
[   36.058519]  ? __kernfs_new_node+0xe8/0x8d0
[   36.062824]  ? kernfs_new_node+0x95/0x120
[   36.067064]  ? kernfs_create_link+0xdb/0x250
[   36.071461]  ? device_bind_driver+0x19/0xd0
[   36.075768]  ? usb_driver_claim_interface+0x348/0x3f0
[   36.080942]  ? claimintf+0x10e/0x170
[   36.084644]  ? proc_disconnect_claim+0x2bd/0x410
[   36.089392]  ? usbdev_do_ioctl+0x17ee/0x3b30
[   36.093782]  ? usbdev_ioctl+0x25/0x30
[   36.097577]  ? do_vfs_ioctl+0x1de/0x1720
[   36.101633]  ? graph_lock+0x170/0x170
[   36.105434]  ? find_held_lock+0x36/0x1c0
[   36.109482]  ? __lock_is_held+0xb5/0x140
[   36.113534]  ? check_same_owner+0x340/0x340
[   36.117842]  ? rcu_note_context_switch+0x680/0x680
[   36.122757]  ? rcu_read_lock_sched_held+0x108/0x120
[   36.127761]  __should_failslab+0x124/0x180
[   36.131983]  should_failslab+0x9/0x14
[   36.135768]  kmem_cache_alloc+0x29c/0x710
[   36.139897]  ? memcpy+0x45/0x50
[   36.143165]  ? kstrdup+0x59/0x70
[   36.146519]  __kernfs_new_node+0x127/0x8d0
[   36.150740]  ? kernfs_dop_revalidate+0x3c0/0x3c0
[   36.155480]  ? graph_lock+0x170/0x170
[   36.159260]  ? lock_acquire+0x1e4/0x4f0
[   36.163242]  ? blocking_notifier_call_chain+0x129/0x190
[   36.168598]  ? find_held_lock+0x36/0x1c0
[   36.172649]  ? find_held_lock+0x36/0x1c0
[   36.176700]  ? lock_downgrade+0x8f0/0x8f0
[   36.180831]  ? unregister_die_notifier+0x20/0x20
[   36.185578]  kernfs_new_node+0x95/0x120
[   36.189544]  kernfs_create_link+0xdb/0x250
[   36.193774]  sysfs_do_create_link_sd.isra.2+0x90/0x130
[   36.199043]  sysfs_create_link+0x65/0xc0
[   36.203099]  driver_sysfs_add+0x107/0x2a0
[   36.207238]  device_bind_driver+0x19/0xd0
[   36.211375]  usb_driver_claim_interface+0x348/0x3f0
[   36.216381]  claimintf+0x10e/0x170
[   36.219970]  proc_disconnect_claim+0x2bd/0x410
[   36.224548]  ? proc_ioctl+0x780/0x780
[   36.228353]  ? mark_held_locks+0x160/0x160
[   36.232578]  usbdev_do_ioctl+0x17ee/0x3b30
[   36.236806]  ? processcompl_compat+0x680/0x680
[   36.241380]  ? mark_held_locks+0x160/0x160
[   36.245648]  ? print_usage_bug+0xc0/0xc0
[   36.249706]  ? __lock_acquire+0x7fc/0x5020
[   36.253927]  ? graph_lock+0x170/0x170
[   36.257712]  ? graph_lock+0x170/0x170
[   36.261500]  ? graph_lock+0x170/0x170
[   36.265293]  ? find_held_lock+0x36/0x1c0
[   36.269342]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.274873]  ? _parse_integer+0x13b/0x190
[   36.279003]  ? graph_lock+0x170/0x170
[   36.282790]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   36.288310]  ? _kstrtoull+0x188/0x250
[   36.292098]  ? _parse_integer+0x190/0x190
[   36.296236]  ? graph_lock+0x170/0x170
[   36.300022]  ? lock_release+0x9f0/0x9f0
[   36.303980]  ? find_held_lock+0x36/0x1c0
[   36.308029]  ? lock_downgrade+0x8f0/0x8f0
[   36.312172]  ? kasan_check_read+0x11/0x20
[   36.316313]  ? rcu_is_watching+0x8c/0x150
[   36.320452]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   36.325114]  ? graph_lock+0x170/0x170
[   36.328918]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   36.334450]  ? proc_fail_nth_write+0x9e/0x210
[   36.338927]  ? proc_cwd_link+0x1d0/0x1d0
[   36.342972]  ? trace_hardirqs_off+0xb8/0x2b0
[   36.347366]  ? find_held_lock+0x36/0x1c0
[   36.351420]  usbdev_ioctl+0x25/0x30
[   36.355031]  ? usbdev_compat_ioctl+0x30/0x30
[   36.359422]  do_vfs_ioctl+0x1de/0x1720
[   36.363297]  ? __lock_is_held+0xb5/0x140
[   36.367346]  ? ioctl_preallocate+0x300/0x300
[   36.371737]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.377265]  ? __fget_light+0x2f7/0x440
[   36.381296]  ? fget_raw+0x20/0x20
[   36.384740]  ? __sb_end_write+0xac/0xe0
[   36.388711]  ? do_syscall_64+0x9a/0x820
[   36.392682]  ? do_syscall_64+0x9a/0x820
[   36.396644]  ? lockdep_hardirqs_on+0x421/0x5c0
[   36.401214]  ? security_file_ioctl+0x94/0xc0
[   36.405629]  ksys_ioctl+0xa9/0xd0
[   36.409087]  __x64_sys_ioctl+0x73/0xb0
[   36.412982]  do_syscall_64+0x1b9/0x820
[   36.416866]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   36.422223]  ? syscall_return_slowpath+0x5e0/0x5e0
[   36.427244]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.432079]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[   36.437087]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   36.442220]  ? prepare_exit_to_usermode+0x291/0x3b0
[   36.447271]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.452114]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   36.457319] RIP: 0033:0x444ca9
executing program
[   36.460501] Code: e8 0c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db ce fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   36.479394] RSP: 002b:00007ffcce5daa98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   36.487092] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444ca9
[   36.494371] RDX: 0000000020000280 RSI: 000000008108551b RDI: 0000000000000003
[   36.501626] RBP: 00007ffcce5daab0 R08: 0000000000000001 R09: 0000000000000000
[   36.508881] R10: 000000000000000a R11: 0000000000000246 R12: ffffffffffffffff
[   36.516157] R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000
[   36.534700] ==================================================================
[   36.542075] BUG: KASAN: use-after-free in __lock_acquire+0x3829/0x5020
[   36.548724] Read of size 8 at addr ffff8801b87825b8 by task syz-executor735/4685
[   36.556239] 
[   36.557852] CPU: 0 PID: 4685 Comm: syz-executor735 Not tainted 4.19.0-rc1-next-20180830+ #52
[   36.566403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.575735] Call Trace:
[   36.578308]  dump_stack+0x1c9/0x2b4
[   36.581921]  ? dump_stack_print_info.cold.2+0x52/0x52
[   36.587095]  ? printk+0xa7/0xcf
[   36.590463]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   36.595210]  ? __lock_acquire+0x3829/0x5020
[   36.599524]  print_address_description+0x6c/0x20b
[   36.604354]  ? __lock_acquire+0x3829/0x5020
[   36.608662]  kasan_report.cold.7+0x242/0x30d
[   36.613069]  __asan_report_load8_noabort+0x14/0x20
[   36.618016]  __lock_acquire+0x3829/0x5020
[   36.622160]  ? mark_held_locks+0x160/0x160
[   36.626390]  ? __lock_acquire+0x7fc/0x5020
[   36.630607]  ? mark_held_locks+0x160/0x160
[   36.634829]  ? mark_held_locks+0x160/0x160
[   36.639050]  ? mark_held_locks+0x160/0x160
[   36.643272]  ? print_usage_bug+0xc0/0xc0
[   36.647317]  ? __lock_acquire+0x7fc/0x5020
[   36.651536]  ? kernel_text_address+0x79/0xf0
[   36.655928]  ? __lock_acquire+0x7fc/0x5020
[   36.660175]  ? __lock_acquire+0x7fc/0x5020
[   36.664405]  ? mark_held_locks+0x160/0x160
[   36.668629]  ? mark_held_locks+0x160/0x160
[   36.672851]  ? graph_lock+0x170/0x170
[   36.676635]  ? lock_acquire+0x1e4/0x4f0
[   36.680593]  ? graph_lock+0x170/0x170
[   36.684379]  ? __lock_acquire+0x7fc/0x5020
[   36.688640]  ? lock_release+0x9f0/0x9f0
[   36.692606]  lock_acquire+0x1e4/0x4f0
[   36.696395]  ? destroy_async_on_interface+0x155/0x5c0
[   36.701569]  ? lock_release+0x9f0/0x9f0
[   36.705528]  ? trace_hardirqs_off+0xb8/0x2b0
[   36.709921]  ? _raw_spin_unlock_irq+0x27/0x70
[   36.714402]  ? destroy_async_on_interface+0x155/0x5c0
[   36.719574]  ? trace_hardirqs_on+0x2c0/0x2c0
[   36.723977]  ? trace_hardirqs_on+0xbd/0x2c0
[   36.728282]  ? kasan_check_read+0x11/0x20
[   36.732421]  ? usb_hcd_flush_endpoint+0x263/0x440
[   36.737251]  _raw_spin_lock_irqsave+0x96/0xc0
[   36.741733]  ? destroy_async_on_interface+0x155/0x5c0
[   36.746908]  destroy_async_on_interface+0x155/0x5c0
[   36.751916]  ? _raw_spin_unlock_irq+0x27/0x70
[   36.756398]  ? destroy_async+0x490/0x490
[   36.760448]  ? usb_hcd_unlink_urb+0x280/0x280
[   36.764927]  ? lockdep_hardirqs_on+0x421/0x5c0
[   36.769492]  ? trace_hardirqs_on+0xbd/0x2c0
[   36.773800]  ? kasan_check_read+0x11/0x20
[   36.777932]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   36.783024]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   36.788549]  ? usb_disable_endpoint+0x1c6/0x200
[   36.793207]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   36.798214]  driver_disconnect+0xea/0x150
[   36.802351]  ? usb_autoresume_device+0x60/0x60
[   36.806919]  usb_unbind_interface+0x25a/0xbe0
[   36.811400]  ? lockdep_hardirqs_on+0x421/0x5c0
[   36.815966]  ? usb_autoresume_device+0x60/0x60
[   36.820531]  ? kasan_check_read+0x11/0x20
[   36.824665]  ? __pm_runtime_idle+0xcc/0x150
[   36.828972]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   36.834059]  ? kasan_check_write+0x14/0x20
[   36.838283]  ? do_raw_spin_lock+0xc1/0x200
[   36.842502]  ? usb_autoresume_device+0x60/0x60
[   36.847083]  device_release_driver_internal+0x651/0x750
[   36.852501]  device_release_driver+0x19/0x20
[   36.856902]  usb_driver_release_interface+0x110/0x190
[   36.862077]  proc_disconnect_claim+0x288/0x410
[   36.866645]  ? proc_ioctl+0x780/0x780
[   36.870433]  ? mark_held_locks+0x160/0x160
[   36.874658]  usbdev_do_ioctl+0x17ee/0x3b30
[   36.878879]  ? processcompl_compat+0x680/0x680
[   36.883448]  ? mark_held_locks+0x160/0x160
[   36.887664]  ? print_usage_bug+0xc0/0xc0
[   36.891707]  ? __lock_acquire+0x7fc/0x5020
[   36.895927]  ? graph_lock+0x170/0x170
[   36.899709]  ? graph_lock+0x170/0x170
[   36.903494]  ? graph_lock+0x170/0x170
[   36.907280]  ? find_held_lock+0x36/0x1c0
[   36.911328]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.916850]  ? _parse_integer+0x13b/0x190
[   36.920980]  ? graph_lock+0x170/0x170
[   36.924865]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   36.930390]  ? _kstrtoull+0x188/0x250
[   36.934183]  ? _parse_integer+0x190/0x190
[   36.938323]  ? graph_lock+0x170/0x170
[   36.942112]  ? lock_release+0x9f0/0x9f0
[   36.946093]  ? find_held_lock+0x36/0x1c0
[   36.950166]  ? lock_downgrade+0x8f0/0x8f0
[   36.954363]  ? kasan_check_read+0x11/0x20
[   36.958500]  ? rcu_is_watching+0x8c/0x150
[   36.962645]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   36.967314]  ? graph_lock+0x170/0x170
[   36.971105]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   36.976646]  ? proc_fail_nth_write+0x9e/0x210
[   36.981162]  ? proc_cwd_link+0x1d0/0x1d0
[   36.985225]  ? trace_hardirqs_off+0xb8/0x2b0
[   36.989620]  ? find_held_lock+0x36/0x1c0
[   36.993668]  usbdev_ioctl+0x25/0x30
[   36.997291]  ? usbdev_compat_ioctl+0x30/0x30
[   37.001689]  do_vfs_ioctl+0x1de/0x1720
[   37.005561]  ? __lock_is_held+0xb5/0x140
[   37.009607]  ? ioctl_preallocate+0x300/0x300
[   37.014000]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.019522]  ? __fget_light+0x2f7/0x440
[   37.023483]  ? fget_raw+0x20/0x20
[   37.026921]  ? __sb_end_write+0xac/0xe0
[   37.030883]  ? do_syscall_64+0x9a/0x820
[   37.034842]  ? do_syscall_64+0x9a/0x820
[   37.038799]  ? lockdep_hardirqs_on+0x421/0x5c0
[   37.043368]  ? security_file_ioctl+0x94/0xc0
[   37.047762]  ksys_ioctl+0xa9/0xd0
[   37.051206]  __x64_sys_ioctl+0x73/0xb0
[   37.055081]  do_syscall_64+0x1b9/0x820
[   37.058958]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   37.064306]  ? syscall_return_slowpath+0x5e0/0x5e0
[   37.069219]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.074042]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[   37.079057]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   37.084056]  ? prepare_exit_to_usermode+0x291/0x3b0
[   37.089060]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.093942]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   37.099136] RIP: 0033:0x444ca9
[   37.102334] Code: e8 0c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db ce fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   37.121217] RSP: 002b:00007ffcce5daa98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   37.128909] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444ca9
[   37.136171] RDX: 0000000020000280 RSI: 000000008108551b RDI: 0000000000000003
[   37.143437] RBP: 00007ffcce5daab0 R08: 0000000000000001 R09: 0000000000000000
[   37.150689] R10: 000000000000000a R11: 0000000000000246 R12: ffffffffffffffff
[   37.157942] R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000
[   37.165243] 
[   37.166911] Allocated by task 4683:
[   37.170529]  save_stack+0x43/0xd0
[   37.173966]  kasan_kmalloc+0xc4/0xe0
[   37.177665]  kmem_cache_alloc_trace+0x152/0x730
[   37.182318]  usbdev_open+0xe4/0xad0
[   37.185936]  chrdev_open+0x25a/0x770
[   37.189633]  do_dentry_open+0x499/0x1250
[   37.193676]  vfs_open+0xa0/0xd0
[   37.196937]  path_openat+0x130f/0x5340
[   37.200805]  do_filp_open+0x255/0x380
[   37.204589]  do_sys_open+0x584/0x720
[   37.208285]  __x64_sys_open+0x7e/0xc0
[   37.212068]  do_syscall_64+0x1b9/0x820
[   37.215940]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   37.221106] 
[   37.222739] Freed by task 4683:
[   37.226002]  save_stack+0x43/0xd0
[   37.229441]  __kasan_slab_free+0x11a/0x170
[   37.233701]  kasan_slab_free+0xe/0x10
[   37.237498]  kfree+0xd9/0x210
[   37.240609]  usbdev_release+0x3f1/0x520
[   37.244578]  __fput+0x3c1/0xa80
[   37.247931]  ____fput+0x15/0x20
[   37.251207]  task_work_run+0x1e8/0x2a0
[   37.255082]  exit_to_usermode_loop+0x318/0x380
[   37.259656]  do_syscall_64+0x6be/0x820
[   37.263528]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   37.268695] 
[   37.270308] The buggy address belongs to the object at ffff8801b8782580
[   37.270308]  which belongs to the cache kmalloc-512 of size 512
[   37.282947] The buggy address is located 56 bytes inside of
[   37.282947]  512-byte region [ffff8801b8782580, ffff8801b8782780)
[   37.294725] The buggy address belongs to the page:
[   37.299639] page:ffffea0006e1e080 count:1 mapcount:0 mapping:ffff8801dac00940 index:0x0
[   37.307776] flags: 0x2fffc0000000100(slab)
[   37.312008] raw: 02fffc0000000100 ffffea0007410708 ffffea0006e22b88 ffff8801dac00940
[   37.319884] raw: 0000000000000000 ffff8801b8782080 0000000100000006 0000000000000000
[   37.327753] page dumped because: kasan: bad access detected
[   37.333539] 
[   37.335153] Memory state around the buggy address:
[   37.340069]  ffff8801b8782480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.347409]  ffff8801b8782500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.354748] >ffff8801b8782580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.362085]                                         ^
[   37.367362]  ffff8801b8782600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.374713]  ffff8801b8782680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.382048] ==================================================================
[   37.389379] Disabling lock debugging due to kernel taint
[   37.394805] Kernel panic - not syncing: panic_on_warn set ...
[   37.394805] 
[   37.402150] CPU: 0 PID: 4685 Comm: syz-executor735 Tainted: G    B             4.19.0-rc1-next-20180830+ #52
[   37.412091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.421654] Call Trace:
[   37.424239]  dump_stack+0x1c9/0x2b4
[   37.427851]  ? dump_stack_print_info.cold.2+0x52/0x52
[   37.433021]  ? lock_downgrade+0x8f0/0x8f0
[   37.437151]  panic+0x238/0x4e7
[   37.440328]  ? add_taint.cold.5+0x16/0x16
[   37.444458]  ? add_taint.cold.5+0x5/0x16
[   37.448497]  ? trace_hardirqs_off+0xaf/0x2b0
[   37.452887]  ? trace_hardirqs_off+0x77/0x2b0
[   37.457279]  ? __lock_acquire+0x3829/0x5020
[   37.461584]  kasan_end_report+0x47/0x4f
[   37.465544]  kasan_report.cold.7+0x76/0x30d
[   37.469973]  __asan_report_load8_noabort+0x14/0x20
[   37.474909]  __lock_acquire+0x3829/0x5020
[   37.479039]  ? mark_held_locks+0x160/0x160
[   37.483252]  ? __lock_acquire+0x7fc/0x5020
[   37.487470]  ? mark_held_locks+0x160/0x160
[   37.491687]  ? mark_held_locks+0x160/0x160
[   37.495904]  ? mark_held_locks+0x160/0x160
[   37.500117]  ? print_usage_bug+0xc0/0xc0
[   37.504167]  ? __lock_acquire+0x7fc/0x5020
[   37.508449]  ? kernel_text_address+0x79/0xf0
[   37.512879]  ? __lock_acquire+0x7fc/0x5020
[   37.517109]  ? __lock_acquire+0x7fc/0x5020
[   37.521443]  ? mark_held_locks+0x160/0x160
[   37.525661]  ? mark_held_locks+0x160/0x160
[   37.529996]  ? graph_lock+0x170/0x170
[   37.533783]  ? lock_acquire+0x1e4/0x4f0
[   37.537741]  ? graph_lock+0x170/0x170
[   37.541522]  ? __lock_acquire+0x7fc/0x5020
[   37.545733]  ? lock_release+0x9f0/0x9f0
[   37.549691]  lock_acquire+0x1e4/0x4f0
[   37.553478]  ? destroy_async_on_interface+0x155/0x5c0
[   37.558653]  ? lock_release+0x9f0/0x9f0
[   37.562611]  ? trace_hardirqs_off+0xb8/0x2b0
[   37.567001]  ? _raw_spin_unlock_irq+0x27/0x70
[   37.571476]  ? destroy_async_on_interface+0x155/0x5c0
[   37.576800]  ? trace_hardirqs_on+0x2c0/0x2c0
[   37.581293]  ? trace_hardirqs_on+0xbd/0x2c0
[   37.585618]  ? kasan_check_read+0x11/0x20
[   37.589749]  ? usb_hcd_flush_endpoint+0x263/0x440
[   37.594574]  _raw_spin_lock_irqsave+0x96/0xc0
[   37.599050]  ? destroy_async_on_interface+0x155/0x5c0
[   37.604221]  destroy_async_on_interface+0x155/0x5c0
[   37.609220]  ? _raw_spin_unlock_irq+0x27/0x70
[   37.613698]  ? destroy_async+0x490/0x490
[   37.617740]  ? usb_hcd_unlink_urb+0x280/0x280
[   37.622216]  ? lockdep_hardirqs_on+0x421/0x5c0
[   37.626779]  ? trace_hardirqs_on+0xbd/0x2c0
[   37.631083]  ? kasan_check_read+0x11/0x20
[   37.635274]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   37.640374]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   37.645895]  ? usb_disable_endpoint+0x1c6/0x200
[   37.650691]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   37.655725]  driver_disconnect+0xea/0x150
[   37.659859]  ? usb_autoresume_device+0x60/0x60
[   37.664427]  usb_unbind_interface+0x25a/0xbe0
[   37.668907]  ? lockdep_hardirqs_on+0x421/0x5c0
[   37.673472]  ? usb_autoresume_device+0x60/0x60
[   37.678038]  ? kasan_check_read+0x11/0x20
[   37.682177]  ? __pm_runtime_idle+0xcc/0x150
[   37.686486]  ? trace_hardirqs_off_caller+0x2b0/0x2b0
[   37.691602]  ? kasan_check_write+0x14/0x20
[   37.695823]  ? do_raw_spin_lock+0xc1/0x200
[   37.700044]  ? usb_autoresume_device+0x60/0x60
[   37.704610]  device_release_driver_internal+0x651/0x750
[   37.709959]  device_release_driver+0x19/0x20
[   37.714356]  usb_driver_release_interface+0x110/0x190
[   37.719538]  proc_disconnect_claim+0x288/0x410
[   37.724114]  ? proc_ioctl+0x780/0x780
[   37.727927]  ? mark_held_locks+0x160/0x160
[   37.732163]  usbdev_do_ioctl+0x17ee/0x3b30
[   37.736453]  ? processcompl_compat+0x680/0x680
[   37.741027]  ? mark_held_locks+0x160/0x160
[   37.745245]  ? print_usage_bug+0xc0/0xc0
[   37.749301]  ? __lock_acquire+0x7fc/0x5020
[   37.753528]  ? graph_lock+0x170/0x170
[   37.757327]  ? graph_lock+0x170/0x170
[   37.761116]  ? graph_lock+0x170/0x170
[   37.764927]  ? find_held_lock+0x36/0x1c0
[   37.769076]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.774606]  ? _parse_integer+0x13b/0x190
[   37.778740]  ? graph_lock+0x170/0x170
[   37.782529]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   37.788050]  ? _kstrtoull+0x188/0x250
[   37.791835]  ? _parse_integer+0x190/0x190
[   37.795968]  ? graph_lock+0x170/0x170
[   37.799754]  ? lock_release+0x9f0/0x9f0
[   37.803711]  ? find_held_lock+0x36/0x1c0
[   37.807758]  ? lock_downgrade+0x8f0/0x8f0
[   37.811895]  ? kasan_check_read+0x11/0x20
[   37.816026]  ? rcu_is_watching+0x8c/0x150
[   37.820166]  ? rcu_cleanup_dead_rnp+0x200/0x200
[   37.824831]  ? graph_lock+0x170/0x170
[   37.828679]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   37.834207]  ? proc_fail_nth_write+0x9e/0x210
[   37.838686]  ? proc_cwd_link+0x1d0/0x1d0
[   37.842732]  ? trace_hardirqs_off+0xb8/0x2b0
[   37.847151]  ? find_held_lock+0x36/0x1c0
[   37.851214]  usbdev_ioctl+0x25/0x30
[   37.854828]  ? usbdev_compat_ioctl+0x30/0x30
[   37.859227]  do_vfs_ioctl+0x1de/0x1720
[   37.863100]  ? __lock_is_held+0xb5/0x140
[   37.867173]  ? ioctl_preallocate+0x300/0x300
[   37.871568]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.877091]  ? __fget_light+0x2f7/0x440
[   37.881063]  ? fget_raw+0x20/0x20
[   37.884499]  ? __sb_end_write+0xac/0xe0
[   37.888469]  ? do_syscall_64+0x9a/0x820
[   37.892426]  ? do_syscall_64+0x9a/0x820
[   37.896394]  ? lockdep_hardirqs_on+0x421/0x5c0
[   37.900959]  ? security_file_ioctl+0x94/0xc0
[   37.905351]  ksys_ioctl+0xa9/0xd0
[   37.908790]  __x64_sys_ioctl+0x73/0xb0
[   37.912734]  do_syscall_64+0x1b9/0x820
[   37.916615]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   37.921963]  ? syscall_return_slowpath+0x5e0/0x5e0
[   37.926876]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.931701]  ? trace_hardirqs_on_caller+0x2b0/0x2b0
[   37.936704]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   37.941732]  ? prepare_exit_to_usermode+0x291/0x3b0
[   37.946738]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.951568]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   37.956741] RIP: 0033:0x444ca9
[   37.959918] Code: e8 0c ad 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db ce fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   37.978801] RSP: 002b:00007ffcce5daa98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   37.986493] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444ca9
[   37.993743] RDX: 0000000020000280 RSI: 000000008108551b RDI: 0000000000000003
[   38.000995] RBP: 00007ffcce5daab0 R08: 0000000000000001 R09: 0000000000000000
[   38.008245] R10: 000000000000000a R11: 0000000000000246 R12: ffffffffffffffff
[   38.015497] R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000
[   38.023046] Dumping ftrace buffer:
[   38.026572]    (ftrace buffer empty)
[   38.030261] Kernel Offset: disabled
[   38.033871] Rebooting in 86400 seconds..