Warning: Permanently added '10.128.1.3' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 23.802224][ T83] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 24.042218][ T83] usb 1-1: Using ep0 maxpacket: 8 [ 24.162286][ T83] usb 1-1: config 2 has an invalid interface number: 250 but max is 0 [ 24.170577][ T83] usb 1-1: config 2 has no interface number 0 [ 24.176727][ T83] usb 1-1: config 2 interface 250 altsetting 193 endpoint 0x6 has invalid maxpacket 939, setting to 64 [ 24.187766][ T83] usb 1-1: config 2 interface 250 altsetting 193 has an invalid endpoint descriptor of length 2, skipping [ 24.199053][ T83] usb 1-1: config 2 interface 250 altsetting 193 endpoint 0x9 has invalid maxpacket 131, setting to 64 [ 24.210080][ T83] usb 1-1: config 2 interface 250 altsetting 193 bulk endpoint 0x7 has invalid maxpacket 846 [ 24.220249][ T83] usb 1-1: config 2 interface 250 altsetting 193 has 5 endpoint descriptors, different from the interface descriptor's value: 4 [ 24.233671][ T83] usb 1-1: config 2 interface 250 has no altsetting 0 [ 24.472253][ T83] usb 1-1: string descriptor 0 read error: -22 [ 24.478478][ T83] usb 1-1: New USB device found, idVendor=1618, idProduct=9113, bcdDevice=da.a8 [ 24.487535][ T83] usb 1-1: New USB device strings: Mfr=5, Product=2, SerialNumber=6 [ 24.534103][ T83] rsi_91x: rsi_probe: Failed to init usb interface [ 24.541753][ T83] ================================================================== [ 24.549928][ T83] BUG: KASAN: double-free or invalid-free in rsi_91x_deinit+0x270/0x2f0 [ 24.558223][ T83] [ 24.560532][ T83] CPU: 1 PID: 83 Comm: kworker/1:2 Not tainted 5.3.0-rc5+ #28 [ 24.567956][ T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.578109][ T83] Workqueue: usb_hub_wq hub_event [ 24.583106][ T83] Call Trace: [ 24.586367][ T83] dump_stack+0xca/0x13e [ 24.590583][ T83] print_address_description+0x6a/0x32c [ 24.596097][ T83] ? rsi_91x_deinit+0x270/0x2f0 [ 24.600923][ T83] kasan_report_invalid_free+0x61/0xa0 [ 24.606354][ T83] ? rsi_91x_deinit+0x270/0x2f0 [ 24.611176][ T83] __kasan_slab_free+0x162/0x180 [ 24.616084][ T83] ? rsi_91x_deinit+0x270/0x2f0 [ 24.620903][ T83] kfree+0xe4/0x2f0 [ 24.624736][ T83] rsi_91x_deinit+0x270/0x2f0 [ 24.629385][ T83] rsi_probe+0xcec/0x15a0 [ 24.633684][ T83] ? rsi_disconnect+0x630/0x630 [ 24.638507][ T83] ? lockdep_hardirqs_on+0x379/0x580 [ 24.643763][ T83] ? __pm_runtime_resume+0x111/0x180 [ 24.649020][ T83] usb_probe_interface+0x305/0x7a0 [ 24.654101][ T83] ? usb_probe_device+0x100/0x100 [ 24.659095][ T83] really_probe+0x281/0x6d0 [ 24.663572][ T83] driver_probe_device+0x101/0x1b0 [ 24.668652][ T83] __device_attach_driver+0x1c2/0x220 [ 24.673997][ T83] ? driver_allows_async_probing+0x160/0x160 [ 24.679946][ T83] bus_for_each_drv+0x162/0x1e0 [ 24.684769][ T83] ? bus_rescan_devices+0x20/0x20 [ 24.689801][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 24.695578][ T83] ? lockdep_hardirqs_on+0x379/0x580 [ 24.700834][ T83] __device_attach+0x217/0x360 [ 24.705567][ T83] ? device_bind_driver+0xd0/0xd0 [ 24.710565][ T83] ? kobject_uevent_env+0x29e/0x1160 [ 24.715819][ T83] ? kobject_uevent_env+0x2a8/0x1160 [ 24.721205][ T83] bus_probe_device+0x1e4/0x290 [ 24.726029][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 24.731890][ T83] device_add+0xae6/0x16f0 [ 24.736276][ T83] ? uevent_store+0x50/0x50 [ 24.740749][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 24.746524][ T83] usb_set_configuration+0xdf6/0x1670 [ 24.751867][ T83] generic_probe+0x9d/0xd5 [ 24.756251][ T83] usb_probe_device+0x99/0x100 [ 24.761017][ T83] ? usb_suspend+0x620/0x620 [ 24.765578][ T83] really_probe+0x281/0x6d0 [ 24.770053][ T83] driver_probe_device+0x101/0x1b0 [ 24.775135][ T83] __device_attach_driver+0x1c2/0x220 [ 24.780475][ T83] ? driver_allows_async_probing+0x160/0x160 [ 24.786426][ T83] bus_for_each_drv+0x162/0x1e0 [ 24.791246][ T83] ? bus_rescan_devices+0x20/0x20 [ 24.796253][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 24.802036][ T83] ? lockdep_hardirqs_on+0x379/0x580 [ 24.807310][ T83] __device_attach+0x217/0x360 [ 24.812046][ T83] ? device_bind_driver+0xd0/0xd0 [ 24.817041][ T83] ? kobject_uevent_env+0x29e/0x1160 [ 24.822296][ T83] ? kobject_uevent_env+0x2a8/0x1160 [ 24.827552][ T83] bus_probe_device+0x1e4/0x290 [ 24.832373][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 24.838236][ T83] device_add+0xae6/0x16f0 [ 24.842627][ T83] ? uevent_store+0x50/0x50 [ 24.847100][ T83] usb_new_device.cold+0x6a4/0xe79 [ 24.852181][ T83] hub_event+0x1b5c/0x3640 [ 24.856578][ T83] ? hub_port_debounce+0x260/0x260 [ 24.861702][ T83] process_one_work+0x92b/0x1530 [ 24.866612][ T83] ? pwq_dec_nr_in_flight+0x310/0x310 [ 24.871955][ T83] ? do_raw_spin_lock+0x11a/0x280 [ 24.876972][ T83] worker_thread+0x96/0xe20 [ 24.881446][ T83] ? process_one_work+0x1530/0x1530 [ 24.886615][ T83] kthread+0x318/0x420 [ 24.890654][ T83] ? kthread_create_on_node+0xf0/0xf0 [ 24.895998][ T83] ret_from_fork+0x24/0x30 [ 24.900426][ T83] [ 24.902733][ T83] Allocated by task 83: [ 24.906888][ T83] save_stack+0x1b/0x80 [ 24.911017][ T83] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 24.916633][ T83] rsi_probe+0x11a/0x15a0 [ 24.920945][ T83] usb_probe_interface+0x305/0x7a0 [ 24.926034][ T83] really_probe+0x281/0x6d0 [ 24.930511][ T83] driver_probe_device+0x101/0x1b0 [ 24.935630][ T83] __device_attach_driver+0x1c2/0x220 [ 24.940974][ T83] bus_for_each_drv+0x162/0x1e0 [ 24.945807][ T83] __device_attach+0x217/0x360 [ 24.950541][ T83] bus_probe_device+0x1e4/0x290 [ 24.955361][ T83] device_add+0xae6/0x16f0 [ 24.959753][ T83] usb_set_configuration+0xdf6/0x1670 [ 24.965096][ T83] generic_probe+0x9d/0xd5 [ 24.969482][ T83] usb_probe_device+0x99/0x100 [ 24.974234][ T83] really_probe+0x281/0x6d0 [ 24.978715][ T83] driver_probe_device+0x101/0x1b0 [ 24.983813][ T83] __device_attach_driver+0x1c2/0x220 [ 24.989160][ T83] bus_for_each_drv+0x162/0x1e0 [ 24.993984][ T83] __device_attach+0x217/0x360 [ 24.998717][ T83] bus_probe_device+0x1e4/0x290 [ 25.003553][ T83] device_add+0xae6/0x16f0 [ 25.007941][ T83] usb_new_device.cold+0x6a4/0xe79 [ 25.013024][ T83] hub_event+0x1b5c/0x3640 [ 25.017413][ T83] process_one_work+0x92b/0x1530 [ 25.022319][ T83] worker_thread+0x96/0xe20 [ 25.026814][ T83] kthread+0x318/0x420 [ 25.030853][ T83] ret_from_fork+0x24/0x30 [ 25.035235][ T83] [ 25.037539][ T83] Freed by task 83: [ 25.041343][ T83] save_stack+0x1b/0x80 [ 25.046054][ T83] __kasan_slab_free+0x130/0x180 [ 25.050995][ T83] kfree+0xe4/0x2f0 [ 25.054779][ T83] rsi_probe+0xdfd/0x15a0 [ 25.059080][ T83] usb_probe_interface+0x305/0x7a0 [ 25.064162][ T83] really_probe+0x281/0x6d0 [ 25.068635][ T83] driver_probe_device+0x101/0x1b0 [ 25.073717][ T83] __device_attach_driver+0x1c2/0x220 [ 25.079058][ T83] bus_for_each_drv+0x162/0x1e0 [ 25.083883][ T83] __device_attach+0x217/0x360 [ 25.088617][ T83] bus_probe_device+0x1e4/0x290 [ 25.093440][ T83] device_add+0xae6/0x16f0 [ 25.097828][ T83] usb_set_configuration+0xdf6/0x1670 [ 25.103170][ T83] generic_probe+0x9d/0xd5 [ 25.107558][ T83] usb_probe_device+0x99/0x100 [ 25.112290][ T83] really_probe+0x281/0x6d0 [ 25.116761][ T83] driver_probe_device+0x101/0x1b0 [ 25.121930][ T83] __device_attach_driver+0x1c2/0x220 [ 25.127274][ T83] bus_for_each_drv+0x162/0x1e0 [ 25.132114][ T83] __device_attach+0x217/0x360 [ 25.136847][ T83] bus_probe_device+0x1e4/0x290 [ 25.141665][ T83] device_add+0xae6/0x16f0 [ 25.146055][ T83] usb_new_device.cold+0x6a4/0xe79 [ 25.151135][ T83] hub_event+0x1b5c/0x3640 [ 25.155521][ T83] process_one_work+0x92b/0x1530 [ 25.160428][ T83] worker_thread+0x96/0xe20 [ 25.164902][ T83] kthread+0x318/0x420 [ 25.168945][ T83] ret_from_fork+0x24/0x30 [ 25.173329][ T83] [ 25.175652][ T83] The buggy address belongs to the object at ffff8881d4381180 [ 25.175652][ T83] which belongs to the cache kmalloc-512 of size 512 [ 25.189675][ T83] The buggy address is located 0 bytes inside of [ 25.189675][ T83] 512-byte region [ffff8881d4381180, ffff8881d4381380) [ 25.202741][ T83] The buggy address belongs to the page: [ 25.208344][ T83] page:ffffea000750e000 refcount:1 mapcount:0 mapping:ffff8881da002500 index:0x0 compound_mapcount: 0 [ 25.219884][ T83] flags: 0x200000000010200(slab|head) [ 25.225254][ T83] raw: 0200000000010200 0000000000000000 0000000100000001 ffff8881da002500 [ 25.233811][ T83] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000 [ 25.242363][ T83] page dumped because: kasan: bad access detected [ 25.248744][ T83] [ 25.251043][ T83] Memory state around the buggy address: [ 25.256645][ T83] ffff8881d4381080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.264675][ T83] ffff8881d4381100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.272705][ T83] >ffff8881d4381180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.280732][ T83] ^ [ 25.284770][ T83] ffff8881d4381200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.292799][ T83] ffff8881d4381280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.300867][ T83] ================================================================== [ 25.308915][ T83] Disabling lock debugging due to kernel taint [ 25.315140][ T83] Kernel panic - not syncing: panic_on_warn set ... [ 25.321720][ T83] CPU: 1 PID: 83 Comm: kworker/1:2 Tainted: G B 5.3.0-rc5+ #28 [ 25.330537][ T83] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.340583][ T83] Workqueue: usb_hub_wq hub_event [ 25.345578][ T83] Call Trace: [ 25.348865][ T83] dump_stack+0xca/0x13e [ 25.353082][ T83] panic+0x2a3/0x6da [ 25.356961][ T83] ? add_taint.cold+0x16/0x16 [ 25.361612][ T83] ? rsi_91x_deinit+0x270/0x2f0 [ 25.366440][ T83] ? trace_hardirqs_on+0x55/0x1e0 [ 25.371435][ T83] ? rsi_91x_deinit+0x270/0x2f0 [ 25.376259][ T83] end_report+0x43/0x49 [ 25.380391][ T83] kasan_report_invalid_free+0x7d/0xa0 [ 25.385908][ T83] ? rsi_91x_deinit+0x270/0x2f0 [ 25.390734][ T83] __kasan_slab_free+0x162/0x180 [ 25.395644][ T83] ? rsi_91x_deinit+0x270/0x2f0 [ 25.400465][ T83] kfree+0xe4/0x2f0 [ 25.404249][ T83] rsi_91x_deinit+0x270/0x2f0 [ 25.408902][ T83] rsi_probe+0xcec/0x15a0 [ 25.413204][ T83] ? rsi_disconnect+0x630/0x630 [ 25.418029][ T83] ? lockdep_hardirqs_on+0x379/0x580 [ 25.423286][ T83] ? __pm_runtime_resume+0x111/0x180 [ 25.428546][ T83] usb_probe_interface+0x305/0x7a0 [ 25.433630][ T83] ? usb_probe_device+0x100/0x100 [ 25.438630][ T83] really_probe+0x281/0x6d0 [ 25.443105][ T83] driver_probe_device+0x101/0x1b0 [ 25.448189][ T83] __device_attach_driver+0x1c2/0x220 [ 25.453534][ T83] ? driver_allows_async_probing+0x160/0x160 [ 25.459486][ T83] bus_for_each_drv+0x162/0x1e0 [ 25.464310][ T83] ? bus_rescan_devices+0x20/0x20 [ 25.469323][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 25.475108][ T83] ? lockdep_hardirqs_on+0x379/0x580 [ 25.480395][ T83] __device_attach+0x217/0x360 [ 25.485132][ T83] ? device_bind_driver+0xd0/0xd0 [ 25.490136][ T83] ? kobject_uevent_env+0x29e/0x1160 [ 25.495416][ T83] ? kobject_uevent_env+0x2a8/0x1160 [ 25.500673][ T83] bus_probe_device+0x1e4/0x290 [ 25.505497][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 25.511362][ T83] device_add+0xae6/0x16f0 [ 25.515754][ T83] ? uevent_store+0x50/0x50 [ 25.520231][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 25.526011][ T83] usb_set_configuration+0xdf6/0x1670 [ 25.531356][ T83] generic_probe+0x9d/0xd5 [ 25.535748][ T83] usb_probe_device+0x99/0x100 [ 25.540484][ T83] ? usb_suspend+0x620/0x620 [ 25.545050][ T83] really_probe+0x281/0x6d0 [ 25.549528][ T83] driver_probe_device+0x101/0x1b0 [ 25.554612][ T83] __device_attach_driver+0x1c2/0x220 [ 25.559961][ T83] ? driver_allows_async_probing+0x160/0x160 [ 25.565914][ T83] bus_for_each_drv+0x162/0x1e0 [ 25.570739][ T83] ? bus_rescan_devices+0x20/0x20 [ 25.575837][ T83] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 25.581617][ T83] ? lockdep_hardirqs_on+0x379/0x580 [ 25.586890][ T83] __device_attach+0x217/0x360 [ 25.591628][ T83] ? device_bind_driver+0xd0/0xd0 [ 25.596642][ T83] ? kobject_uevent_env+0x29e/0x1160 [ 25.601899][ T83] ? kobject_uevent_env+0x2a8/0x1160 [ 25.607155][ T83] bus_probe_device+0x1e4/0x290 [ 25.611977][ T83] ? blocking_notifier_call_chain+0x54/0xa0 [ 25.617847][ T83] device_add+0xae6/0x16f0 [ 25.622236][ T83] ? uevent_store+0x50/0x50 [ 25.626730][ T83] usb_new_device.cold+0x6a4/0xe79 [ 25.631812][ T83] hub_event+0x1b5c/0x3640 [ 25.636222][ T83] ? hub_port_debounce+0x260/0x260 [ 25.641306][ T83] process_one_work+0x92b/0x1530 [ 25.646217][ T83] ? pwq_dec_nr_in_flight+0x310/0x310 [ 25.651563][ T83] ? do_raw_spin_lock+0x11a/0x280 [ 25.656560][ T83] worker_thread+0x96/0xe20 [ 25.661036][ T83] ? process_one_work+0x1530/0x1530 [ 25.666221][ T83] kthread+0x318/0x420 [ 25.670264][ T83] ? kthread_create_on_node+0xf0/0xf0 [ 25.675607][ T83] ret_from_fork+0x24/0x30 [ 25.680490][ T83] Kernel Offset: disabled [ 25.684798][ T83] Rebooting in 86400 seconds..