Warning: Permanently added '10.128.0.78' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 115.356753][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 115.596753][ T12] usb 1-1: Using ep0 maxpacket: 8 [ 115.716845][ T12] usb 1-1: config 0 has an invalid interface number: 116 but max is 0 [ 115.725250][ T12] usb 1-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 115.735445][ T12] usb 1-1: config 0 has no interface number 0 [ 115.741591][ T12] usb 1-1: config 0 interface 116 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 7 [ 115.751758][ T12] usb 1-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=69.61 [ 115.760803][ T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.770132][ T12] usb 1-1: config 0 descriptor?? [ 115.822023][ T12] mcba_usb 1-1:0.116 can0: failed tx_urb -2 [ 115.828104][ T12] mcba_usb 1-1:0.116 can0: Failed to send cmd (169) [ 115.836293][ T12] mcba_usb 1-1:0.116 can0: failed tx_urb -2 [ 115.843050][ T12] mcba_usb 1-1:0.116 can0: Failed to send cmd (169) [ 115.849685][ T12] mcba_usb 1-1:0.116: Microchip CAN BUS Analyzer connected executing program [ 115.998794][ T12] usb 1-1: USB disconnect, device number 2 [ 116.006358][ T12] mcba_usb 1-1:0.116 can0: device disconnected [ 116.067427][ T12] ================================================================== [ 116.075531][ T12] BUG: KASAN: use-after-free in __lock_acquire+0x3a5d/0x5340 [ 116.082878][ T12] Read of size 8 at addr ffff8881d44c63c8 by task kworker/0:1/12 [ 116.090577][ T12] [ 116.092883][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.2.0-rc1+ #10 [ 116.100306][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 116.110347][ T12] Workqueue: usb_hub_wq hub_event [ 116.115339][ T12] Call Trace: [ 116.118607][ T12] dump_stack+0xca/0x13e [ 116.122841][ T12] ? __lock_acquire+0x3a5d/0x5340 [ 116.127845][ T12] ? __lock_acquire+0x3a5d/0x5340 [ 116.132843][ T12] print_address_description+0x67/0x231 [ 116.138363][ T12] ? __lock_acquire+0x3a5d/0x5340 [ 116.143361][ T12] ? __lock_acquire+0x3a5d/0x5340 [ 116.148361][ T12] __kasan_report.cold+0x1a/0x32 [ 116.153271][ T12] ? free_netdev+0x310/0x420 [ 116.157838][ T12] ? __lock_acquire+0x3a5d/0x5340 [ 116.162836][ T12] kasan_report+0xe/0x20 [ 116.167053][ T12] __lock_acquire+0x3a5d/0x5340 [ 116.171885][ T12] ? worker_thread+0x96/0xe20 [ 116.176535][ T12] ? kthread+0x30b/0x410 [ 116.180844][ T12] ? ret_from_fork+0x24/0x30 [ 116.185407][ T12] ? find_held_lock+0x2d/0x110 [ 116.190155][ T12] ? debug_check_no_obj_freed+0x20a/0x42e [ 116.195848][ T12] ? mark_held_locks+0xe0/0xe0 [ 116.200584][ T12] ? mark_held_locks+0x9f/0xe0 [ 116.205318][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 116.210577][ T12] ? quarantine_put+0xb2/0x150 [ 116.215312][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 116.220566][ T12] lock_acquire+0x100/0x2b0 [ 116.225066][ T12] ? usb_kill_anchored_urbs+0x1e/0x110 [ 116.230592][ T12] ? kobject_put+0x18c/0x280 [ 116.235151][ T12] _raw_spin_lock_irq+0x2d/0x40 [ 116.239974][ T12] ? usb_kill_anchored_urbs+0x1e/0x110 [ 116.245403][ T12] usb_kill_anchored_urbs+0x1e/0x110 [ 116.250748][ T12] mcba_usb_disconnect+0xd6/0xe4 [ 116.255659][ T12] usb_unbind_interface+0x1bd/0x8a0 [ 116.260967][ T12] ? usb_autoresume_device+0x60/0x60 [ 116.266319][ T12] device_release_driver_internal+0x404/0x4c0 [ 116.272360][ T12] bus_remove_device+0x2dc/0x4a0 [ 116.277274][ T12] device_del+0x460/0xb80 [ 116.281601][ T12] ? __device_links_no_driver+0x240/0x240 [ 116.287397][ T12] ? usb_remove_ep_devs+0x3e/0x80 [ 116.292397][ T12] ? remove_intf_ep_devs+0x13f/0x1d0 [ 116.297684][ T12] usb_disable_device+0x211/0x690 [ 116.302702][ T12] usb_disconnect+0x284/0x830 [ 116.307356][ T12] hub_event+0x1409/0x3590 [ 116.311744][ T12] ? hub_port_debounce+0x260/0x260 [ 116.316835][ T12] process_one_work+0x905/0x1570 [ 116.321772][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 116.327211][ T12] ? do_raw_spin_lock+0x11a/0x280 [ 116.332217][ T12] worker_thread+0x96/0xe20 [ 116.336699][ T12] ? process_one_work+0x1570/0x1570 [ 116.341876][ T12] kthread+0x30b/0x410 [ 116.345922][ T12] ? kthread_park+0x1a0/0x1a0 [ 116.350573][ T12] ret_from_fork+0x24/0x30 [ 116.354963][ T12] [ 116.357267][ T12] Allocated by task 12: [ 116.361399][ T12] save_stack+0x1b/0x80 [ 116.365622][ T12] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 116.371226][ T12] kvmalloc_node+0x61/0xf0 [ 116.375614][ T12] alloc_netdev_mqs+0x97/0xce0 [ 116.380352][ T12] alloc_candev_mqs+0x58/0x320 [ 116.385087][ T12] mcba_usb_probe+0xaf/0xbca [ 116.389664][ T12] usb_probe_interface+0x305/0x7a0 [ 116.394757][ T12] really_probe+0x281/0x660 [ 116.399233][ T12] driver_probe_device+0x104/0x210 [ 116.404314][ T12] __device_attach_driver+0x1c2/0x220 [ 116.409655][ T12] bus_for_each_drv+0x15c/0x1e0 [ 116.414475][ T12] __device_attach+0x217/0x360 [ 116.419208][ T12] bus_probe_device+0x1e4/0x290 [ 116.424028][ T12] device_add+0xae6/0x16f0 [ 116.428420][ T12] usb_set_configuration+0xdf6/0x1670 [ 116.433762][ T12] generic_probe+0x9d/0xd5 [ 116.438150][ T12] usb_probe_device+0x99/0x100 [ 116.442905][ T12] really_probe+0x281/0x660 [ 116.447383][ T12] driver_probe_device+0x104/0x210 [ 116.452476][ T12] __device_attach_driver+0x1c2/0x220 [ 116.457816][ T12] bus_for_each_drv+0x15c/0x1e0 [ 116.462648][ T12] __device_attach+0x217/0x360 [ 116.467380][ T12] bus_probe_device+0x1e4/0x290 [ 116.472206][ T12] device_add+0xae6/0x16f0 [ 116.476595][ T12] usb_new_device.cold+0x8c1/0x1016 [ 116.481764][ T12] hub_event+0x1ada/0x3590 [ 116.486168][ T12] process_one_work+0x905/0x1570 [ 116.491078][ T12] worker_thread+0x96/0xe20 [ 116.495579][ T12] kthread+0x30b/0x410 [ 116.499684][ T12] ret_from_fork+0x24/0x30 [ 116.504070][ T12] [ 116.506372][ T12] Freed by task 12: [ 116.510176][ T12] save_stack+0x1b/0x80 [ 116.514312][ T12] __kasan_slab_free+0x130/0x180 [ 116.519244][ T12] kfree+0xd7/0x280 [ 116.523028][ T12] kvfree+0x59/0x60 [ 116.526805][ T12] device_release+0x71/0x200 [ 116.531366][ T12] kobject_put+0x171/0x280 [ 116.535770][ T12] put_device+0x1b/0x30 [ 116.539907][ T12] free_netdev+0x317/0x420 [ 116.544294][ T12] mcba_usb_disconnect+0xca/0xe4 [ 116.549203][ T12] usb_unbind_interface+0x1bd/0x8a0 [ 116.554373][ T12] device_release_driver_internal+0x404/0x4c0 [ 116.560595][ T12] bus_remove_device+0x2dc/0x4a0 [ 116.565506][ T12] device_del+0x460/0xb80 [ 116.569810][ T12] usb_disable_device+0x211/0x690 [ 116.574807][ T12] usb_disconnect+0x284/0x830 [ 116.579455][ T12] hub_event+0x1409/0x3590 [ 116.583847][ T12] process_one_work+0x905/0x1570 [ 116.588755][ T12] worker_thread+0x96/0xe20 [ 116.593230][ T12] kthread+0x30b/0x410 [ 116.597271][ T12] ret_from_fork+0x24/0x30 [ 116.601652][ T12] [ 116.603957][ T12] The buggy address belongs to the object at ffff8881d44c5500 [ 116.603957][ T12] which belongs to the cache kmalloc-4k of size 4096 [ 116.618156][ T12] The buggy address is located 3784 bytes inside of [ 116.618156][ T12] 4096-byte region [ffff8881d44c5500, ffff8881d44c6500) [ 116.631567][ T12] The buggy address belongs to the page: [ 116.637170][ T12] page:ffffea0007513000 refcount:1 mapcount:0 mapping:ffff8881dac02600 index:0x0 compound_mapcount: 0 [ 116.648084][ T12] flags: 0x200000000010200(slab|head) [ 116.653444][ T12] raw: 0200000000010200 dead000000000100 dead000000000200 ffff8881dac02600 [ 116.662001][ T12] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000 [ 116.670553][ T12] page dumped because: kasan: bad access detected [ 116.676932][ T12] [ 116.679243][ T12] Memory state around the buggy address: [ 116.684851][ T12] ffff8881d44c6280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.692895][ T12] ffff8881d44c6300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.700947][ T12] >ffff8881d44c6380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.708976][ T12] ^ [ 116.715366][ T12] ffff8881d44c6400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.723416][ T12] ffff8881d44c6480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.731447][ T12] ================================================================== [ 116.739478][ T12] Disabling lock debugging due to kernel taint [ 116.745600][ T12] Kernel panic - not syncing: panic_on_warn set ... [ 116.752179][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G B 5.2.0-rc1+ #10 [ 116.760994][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 116.771048][ T12] Workqueue: usb_hub_wq hub_event [ 116.776045][ T12] Call Trace: [ 116.779316][ T12] dump_stack+0xca/0x13e [ 116.783535][ T12] panic+0x292/0x6c9 [ 116.787400][ T12] ? __warn_printk+0xf3/0xf3 [ 116.791973][ T12] ? lock_downgrade+0x630/0x630 [ 116.796799][ T12] ? print_shadow_for_address+0xb8/0x114 [ 116.802405][ T12] ? trace_hardirqs_off+0x50/0x1c0 [ 116.807500][ T12] ? __lock_acquire+0x3a5d/0x5340 [ 116.812494][ T12] end_report+0x43/0x49 [ 116.816625][ T12] ? __lock_acquire+0x3a5d/0x5340 [ 116.821622][ T12] __kasan_report.cold+0xd/0x32 [ 116.826446][ T12] ? free_netdev+0x310/0x420 [ 116.831102][ T12] ? __lock_acquire+0x3a5d/0x5340 [ 116.836099][ T12] kasan_report+0xe/0x20 [ 116.840319][ T12] __lock_acquire+0x3a5d/0x5340 [ 116.845145][ T12] ? worker_thread+0x96/0xe20 [ 116.849795][ T12] ? kthread+0x30b/0x410 [ 116.854096][ T12] ? ret_from_fork+0x24/0x30 [ 116.858661][ T12] ? find_held_lock+0x2d/0x110 [ 116.863397][ T12] ? debug_check_no_obj_freed+0x20a/0x42e [ 116.869088][ T12] ? mark_held_locks+0xe0/0xe0 [ 116.873835][ T12] ? mark_held_locks+0x9f/0xe0 [ 116.878585][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 116.883841][ T12] ? quarantine_put+0xb2/0x150 [ 116.888581][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 116.894021][ T12] lock_acquire+0x100/0x2b0 [ 116.898515][ T12] ? usb_kill_anchored_urbs+0x1e/0x110 [ 116.903945][ T12] ? kobject_put+0x18c/0x280 [ 116.908511][ T12] _raw_spin_lock_irq+0x2d/0x40 [ 116.913336][ T12] ? usb_kill_anchored_urbs+0x1e/0x110 [ 116.918769][ T12] usb_kill_anchored_urbs+0x1e/0x110 [ 116.924196][ T12] mcba_usb_disconnect+0xd6/0xe4 [ 116.929113][ T12] usb_unbind_interface+0x1bd/0x8a0 [ 116.934282][ T12] ? usb_autoresume_device+0x60/0x60 [ 116.939539][ T12] device_release_driver_internal+0x404/0x4c0 [ 116.945593][ T12] bus_remove_device+0x2dc/0x4a0 [ 116.950510][ T12] device_del+0x460/0xb80 [ 116.954811][ T12] ? __device_links_no_driver+0x240/0x240 [ 116.960504][ T12] ? usb_remove_ep_devs+0x3e/0x80 [ 116.965499][ T12] ? remove_intf_ep_devs+0x13f/0x1d0 [ 116.970761][ T12] usb_disable_device+0x211/0x690 [ 116.975758][ T12] usb_disconnect+0x284/0x830 [ 116.980406][ T12] hub_event+0x1409/0x3590 [ 116.984813][ T12] ? hub_port_debounce+0x260/0x260 [ 116.989940][ T12] process_one_work+0x905/0x1570 [ 116.994865][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 117.000208][ T12] ? do_raw_spin_lock+0x11a/0x280 [ 117.005204][ T12] worker_thread+0x96/0xe20 [ 117.009683][ T12] ? process_one_work+0x1570/0x1570 [ 117.014862][ T12] kthread+0x30b/0x410 [ 117.018912][ T12] ? kthread_park+0x1a0/0x1a0 [ 117.023561][ T12] ret_from_fork+0x24/0x30 [ 117.028490][ T12] Kernel Offset: disabled [ 117.032804][ T12] Rebooting in 86400 seconds..