Warning: Permanently added '10.128.1.45' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   35.921917][   T83] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   36.011908][   T12] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   36.031877][   T17] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   36.051919][  T102] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   36.061871][ T2680] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   36.081935][ T2689] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   36.161872][   T83] usb 2-1: Using ep0 maxpacket: 8
[   36.251899][   T12] usb 6-1: Using ep0 maxpacket: 8
[   36.281854][   T17] usb 3-1: Using ep0 maxpacket: 8
[   36.292031][  T102] usb 4-1: Using ep0 maxpacket: 8
[   36.292324][   T83] usb 2-1: config index 0 descriptor too short (expected 961, got 36)
[   36.305575][ T2680] usb 5-1: Using ep0 maxpacket: 8
[   36.310687][   T83] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   36.320382][   T83] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 853
[   36.330424][   T83] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[   36.343454][   T83] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[   36.352520][   T83] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   36.360635][ T2689] usb 1-1: Using ep0 maxpacket: 8
[   36.392014][   T12] usb 6-1: config index 0 descriptor too short (expected 961, got 36)
[   36.400280][   T12] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   36.410172][   T12] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 853
[   36.420155][   T12] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[   36.431933][   T17] usb 3-1: config index 0 descriptor too short (expected 961, got 36)
[   36.433113][   T12] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[   36.433130][   T12] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   36.441288][   T17] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   36.468040][   T17] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 853
[   36.477979][   T17] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[   36.491015][   T17] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[   36.491937][  T102] usb 4-1: config index 0 descriptor too short (expected 961, got 36)
[   36.500068][   T17] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   36.516322][ T2680] usb 5-1: config index 0 descriptor too short (expected 961, got 36)
[   36.522087][  T102] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   36.524695][ T2680] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   36.534258][  T102] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 853
[   36.534275][  T102] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[   36.534299][  T102] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[   36.534312][  T102] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   36.583782][ T2680] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 853
[   36.593727][ T2680] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[   36.606853][ T2680] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[   36.615915][ T2680] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   36.642272][ T2689] usb 1-1: config index 0 descriptor too short (expected 961, got 36)
[   36.650665][ T2689] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   36.660513][ T2689] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 853
[   36.670586][ T2689] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[   36.683617][ T2689] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[   36.692661][ T2689] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   37.044079][   T83] usblp 2-1:1.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8
[   37.057555][   T83] usb 2-1: USB disconnect, device number 2
[   37.066221][   T83] usblp0: removed
[   37.133151][   T12] usblp 6-1:1.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8
[   37.144789][   T12] usb 6-1: USB disconnect, device number 2
[   37.151604][   T12] usblp0: removed
[   37.223090][  T102] usblp 4-1:1.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8
[   37.236304][  T102] usb 4-1: USB disconnect, device number 2
[   37.261902][    C0] usblp0: nonzero read bulk status received: -108
[   37.293259][   T17] usblp 3-1:1.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8
[   37.304851][ T2680] usblp 5-1:1.0: usblp1: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8
[   37.316969][   T17] usb 3-1: USB disconnect, device number 2
[   37.324018][ T2680] usb 5-1: USB disconnect, device number 2
[   37.330826][ T2680] usblp1: removed
[   37.331842][    C0] usblp0: nonzero read bulk status received: -108
[   37.351644][ T2705] ==================================================================
[   37.359788][ T2705] BUG: KASAN: use-after-free in usb_autopm_put_interface+0x70/0x90
[   37.367681][ T2705] Read of size 8 at addr ffff8881d8cdf070 by task syz-executor117/2705
[   37.376001][ T2705] 
[   37.378319][ T2705] CPU: 1 PID: 2705 Comm: syz-executor117 Not tainted 5.4.0-rc3+ #0
[   37.386186][ T2705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.396230][ T2705] Call Trace:
[   37.399505][ T2705]  dump_stack+0xca/0x13e
[   37.403728][ T2705]  ? usb_autopm_put_interface+0x70/0x90
[   37.409250][ T2705]  ? usb_autopm_put_interface+0x70/0x90
[   37.414776][ T2705]  print_address_description.constprop.0+0x36/0x50
[   37.421252][ T2705]  ? usb_autopm_put_interface+0x70/0x90
[   37.426775][ T2705]  ? usb_autopm_put_interface+0x70/0x90
[   37.432297][ T2705]  __kasan_report.cold+0x1a/0x33
[   37.437224][ T2705]  ? usb_autopm_put_interface+0x70/0x90
[   37.442754][ T2705]  kasan_report+0xe/0x20
[   37.446979][ T2705]  usb_autopm_put_interface+0x70/0x90
[   37.452329][ T2705]  ? usblp_disconnect+0x1d0/0x1d0
[   37.457326][ T2705]  usblp_release+0x121/0x1d0
[   37.461902][ T2705]  __fput+0x2d7/0x840
[   37.465873][ T2705]  task_work_run+0x13f/0x1c0
[   37.470449][ T2705]  do_exit+0x8c4/0x2c00
[   37.474581][ T2705]  ? find_held_lock+0x2d/0x110
[   37.479319][ T2705]  ? mm_update_next_owner+0x630/0x630
[   37.484666][ T2705]  ? lock_downgrade+0x6e0/0x6e0
[   37.489491][ T2705]  do_group_exit+0x125/0x340
[   37.494060][ T2705]  get_signal+0x466/0x23d0
[   37.498461][ T2705]  ? exit_robust_list+0x2d0/0x2d0
[   37.503487][ T2705]  do_signal+0x88/0x14e0
[   37.507729][ T2705]  ? __fget+0x357/0x530
[   37.511871][ T2705]  ? setup_sigcontext+0x820/0x820
[   37.516870][ T2705]  ? __x64_sys_futex+0x380/0x4f0
[   37.521799][ T2705]  ? __fdget_pos+0x80/0x100
[   37.526295][ T2705]  ? do_futex+0x1b90/0x1b90
[   37.531139][ T2705]  ? ksys_write+0x19f/0x250
[   37.535632][ T2705]  ? __ia32_sys_read+0xb0/0xb0
[   37.540385][ T2705]  exit_to_usermode_loop+0x1a2/0x200
[   37.545648][ T2705]  do_syscall_64+0x45f/0x580
[   37.550222][ T2705]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   37.556104][ T2705] RIP: 0033:0x448569
[   37.559984][ T2705] Code: Bad RIP value.
[   37.564027][ T2705] RSP: 002b:00007fcc286a6db8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   37.572425][ T2705] RAX: fffffffffffffe00 RBX: 00000000006ddc48 RCX: 0000000000448569
[   37.580373][ T2705] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006ddc48
[   37.588342][ T2705] RBP: 00000000006ddc40 R08: 0000000000000000 R09: 0000000000000000
[   37.596290][ T2705] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006ddc4c
[   37.604239][ T2705] R13: 00007fff5babd83f R14: 00007fcc286a79c0 R15: 00000000006ddc4c
[   37.612184][ T2705] 
[   37.614490][ T2705] Allocated by task 102:
[   37.618713][ T2705]  save_stack+0x1b/0x80
[   37.622867][ T2705]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   37.628513][ T2705]  usb_set_configuration+0x2c4/0x1670
[   37.633879][ T2705]  generic_probe+0x9d/0xd5
[   37.638276][ T2705]  usb_probe_device+0x99/0x100
[   37.643064][ T2705]  really_probe+0x281/0x6d0
[   37.647564][ T2705]  driver_probe_device+0x104/0x210
executing program
executing program
[   37.652659][ T2705]  __device_attach_driver+0x1c2/0x220
[   37.658009][ T2705]  bus_for_each_drv+0x162/0x1e0
[   37.663922][ T2705]  __device_attach+0x217/0x360
[   37.668688][ T2705]  bus_probe_device+0x1e4/0x290
[   37.673534][ T2705]  device_add+0xae6/0x16f0
[   37.677937][ T2705]  usb_new_device.cold+0x6a4/0xe79
[   37.683092][ T2705]  hub_event+0x1dd0/0x37e0
[   37.687501][ T2705]  process_one_work+0x92b/0x1530
[   37.692428][ T2705]  worker_thread+0x96/0xe20
[   37.696932][ T2705]  kthread+0x318/0x420
[   37.700997][ T2705]  ret_from_fork+0x24/0x30
[   37.705384][ T2705] 
[   37.707690][ T2705] Freed by task 102:
[   37.711607][ T2705]  save_stack+0x1b/0x80
[   37.715961][ T2705]  __kasan_slab_free+0x130/0x180
[   37.720879][ T2705]  kfree+0xe4/0x320
[   37.724676][ T2705]  device_release+0x71/0x200
[   37.729243][ T2705]  kobject_put+0x171/0x280
[   37.733635][ T2705]  put_device+0x1b/0x30
[   37.737822][ T2705]  usb_disable_device+0x2ce/0x690
[   37.742833][ T2705]  usb_disconnect+0x284/0x8d0
[   37.747500][ T2705]  hub_event+0x16ca/0x37e0
executing program
executing program
[   37.751906][ T2705]  process_one_work+0x92b/0x1530
[   37.756845][ T2705]  worker_thread+0x7ab/0xe20
[   37.761433][ T2705]  kthread+0x318/0x420
[   37.765498][ T2705]  ret_from_fork+0x24/0x30
[   37.769895][ T2705] 
[   37.772201][ T2705] The buggy address belongs to the object at ffff8881d8cdf000
[   37.772201][ T2705]  which belongs to the cache kmalloc-2k of size 2048
[   37.786283][ T2705] The buggy address is located 112 bytes inside of
[   37.786283][ T2705]  2048-byte region [ffff8881d8cdf000, ffff8881d8cdf800)
[   37.799683][ T2705] The buggy address belongs to the page:
[   37.805322][ T2705] page:ffffea0007633600 refcount:1 mapcount:0 mapping:ffff8881da00c000 index:0x0 compound_mapcount: 0
[   37.816257][ T2705] flags: 0x200000000010200(slab|head)
[   37.821695][ T2705] raw: 0200000000010200 0000000000000000 0000000100000001 ffff8881da00c000
[   37.830271][ T2705] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[   37.838830][ T2705] page dumped because: kasan: bad access detected
[   37.845220][ T2705] 
[   37.847527][ T2705] Memory state around the buggy address:
[   37.853139][ T2705]  ffff8881d8cdef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.861193][ T2705]  ffff8881d8cdef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.869286][ T2705] >ffff8881d8cdf000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.877322][ T2705]                                                              ^
[   37.885053][ T2705]  ffff8881d8cdf080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.893106][ T2705]  ffff8881d8cdf100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.901141][ T2705] ==================================================================
[   37.909183][ T2705] Disabling lock debugging due to kernel taint
[   37.915356][ T2705] Kernel panic - not syncing: panic_on_warn set ...
[   37.921940][ T2705] CPU: 1 PID: 2705 Comm: syz-executor117 Tainted: G    B             5.4.0-rc3+ #0
[   37.931207][ T2705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.941263][ T2705] Call Trace:
[   37.944635][ T2705]  dump_stack+0xca/0x13e
[   37.948855][ T2705]  panic+0x2aa/0x6e1
[   37.952724][ T2705]  ? add_taint.cold+0x16/0x16
[   37.957374][ T2705]  ? usb_autopm_put_interface+0x70/0x90
[   37.962905][ T2705]  ? trace_hardirqs_on+0x55/0x1e0
[   37.967904][ T2705]  ? usb_autopm_put_interface+0x70/0x90
[   37.973438][ T2705]  ? usblp_disconnect+0x1d0/0x1d0
[   37.978445][ T2705]  end_report+0x43/0x49
[   37.982578][ T2705]  ? usb_autopm_put_interface+0x70/0x90
[   37.988112][ T2705]  __kasan_report.cold+0xd/0x33
[   37.992939][ T2705]  ? usb_autopm_put_interface+0x70/0x90
[   37.998455][ T2705]  kasan_report+0xe/0x20
[   38.002684][ T2705]  usb_autopm_put_interface+0x70/0x90
[   38.008027][ T2705]  ? usblp_disconnect+0x1d0/0x1d0
[   38.013022][ T2705]  usblp_release+0x121/0x1d0
[   38.017586][ T2705]  __fput+0x2d7/0x840
[   38.021542][ T2705]  task_work_run+0x13f/0x1c0
[   38.026113][ T2705]  do_exit+0x8c4/0x2c00
[   38.030243][ T2705]  ? find_held_lock+0x2d/0x110
[   38.034980][ T2705]  ? mm_update_next_owner+0x630/0x630
[   38.040340][ T2705]  ? lock_downgrade+0x6e0/0x6e0
[   38.045168][ T2705]  do_group_exit+0x125/0x340
[   38.049745][ T2705]  get_signal+0x466/0x23d0
[   38.054138][ T2705]  ? exit_robust_list+0x2d0/0x2d0
[   38.059136][ T2705]  do_signal+0x88/0x14e0
[   38.063456][ T2705]  ? __fget+0x357/0x530
[   38.067585][ T2705]  ? setup_sigcontext+0x820/0x820
[   38.072583][ T2705]  ? __x64_sys_futex+0x380/0x4f0
[   38.077492][ T2705]  ? __fdget_pos+0x80/0x100
[   38.081969][ T2705]  ? do_futex+0x1b90/0x1b90
[   38.086534][ T2705]  ? ksys_write+0x19f/0x250
[   38.091010][ T2705]  ? __ia32_sys_read+0xb0/0xb0
[   38.095755][ T2705]  exit_to_usermode_loop+0x1a2/0x200
[   38.101012][ T2705]  do_syscall_64+0x45f/0x580
[   38.105585][ T2705]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   38.111468][ T2705] RIP: 0033:0x448569
[   38.115358][ T2705] Code: Bad RIP value.
[   38.119406][ T2705] RSP: 002b:00007fcc286a6db8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   38.127791][ T2705] RAX: fffffffffffffe00 RBX: 00000000006ddc48 RCX: 0000000000448569
[   38.135836][ T2705] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006ddc48
[   38.143785][ T2705] RBP: 00000000006ddc40 R08: 0000000000000000 R09: 0000000000000000
[   38.151730][ T2705] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006ddc4c
[   38.159679][ T2705] R13: 00007fff5babd83f R14: 00007fcc286a79c0 R15: 00000000006ddc4c
[   38.168251][ T2705] Kernel Offset: disabled
[   38.172560][ T2705] Rebooting in 86400 seconds..