Warning: Permanently added '10.128.0.155' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   62.454733] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   62.694693] usb 1-1: Using ep0 maxpacket: 8
[   62.814817] usb 1-1: config 0 has an invalid interface number: 28 but max is 0
[   62.822365] usb 1-1: config 0 has no interface number 0
[   62.827855] usb 1-1: New USB device found, idVendor=04fa, idProduct=2490, bcdDevice=74.f9
[   62.836228] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   62.846955] usb 1-1: config 0 descriptor??
[   63.074989] ==================================================================
[   63.082589] BUG: KASAN: use-after-free in ds_probe+0x604/0x760
[   63.088606] Read of size 1 at addr ffff8880a5d159e2 by task kworker/0:2/556
[   63.095701] 
[   63.097325] CPU: 0 PID: 556 Comm: kworker/0:2 Not tainted 5.1.0-rc4-319354-g9a33b36 #3
[   63.105365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   63.114758] Workqueue: usb_hub_wq hub_event
[   63.119078] Call Trace:
[   63.121718]  dump_stack+0xe8/0x16e
[   63.125260]  ? ds_probe+0x604/0x760
[   63.128912]  ? ds_probe+0x604/0x760
[   63.132539]  print_address_description+0x6c/0x236
[   63.137400]  ? ds_probe+0x604/0x760
[   63.141014]  ? ds_probe+0x604/0x760
[   63.144642]  kasan_report.cold+0x1a/0x3c
[   63.148716]  ? ds_probe+0x604/0x760
[   63.152333]  ds_probe+0x604/0x760
[   63.155793]  usb_probe_interface+0x31d/0x820
[   63.160195]  ? usb_probe_device+0x150/0x150
[   63.164552]  really_probe+0x2da/0xb10
[   63.168575]  driver_probe_device+0x21d/0x350
[   63.172983]  __device_attach_driver+0x1d8/0x290
[   63.177646]  ? driver_allows_async_probing+0x160/0x160
[   63.182920]  bus_for_each_drv+0x163/0x1e0
[   63.187056]  ? bus_rescan_devices+0x30/0x30
[   63.191477]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   63.196699]  ? lockdep_hardirqs_on+0x37e/0x580
[   63.201288]  __device_attach+0x223/0x3a0
[   63.205338]  ? device_bind_driver+0xe0/0xe0
[   63.209672]  ? kobject_uevent_env+0x295/0x13d0
[   63.214253]  bus_probe_device+0x1f1/0x2a0
[   63.218421]  ? blocking_notifier_call_chain+0x59/0xb0
[   63.223607]  device_add+0xad2/0x16e0
[   63.227336]  ? get_device_parent.isra.0+0x560/0x560
[   63.232441]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   63.237540]  usb_set_configuration+0xdf7/0x1740
[   63.242206]  generic_probe+0xa2/0xda
[   63.245911]  usb_probe_device+0xc0/0x150
[   63.249962]  ? usb_suspend+0x5f0/0x5f0
[   63.253847]  really_probe+0x2da/0xb10
[   63.257657]  driver_probe_device+0x21d/0x350
[   63.262081]  __device_attach_driver+0x1d8/0x290
[   63.266752]  ? driver_allows_async_probing+0x160/0x160
[   63.272041]  bus_for_each_drv+0x163/0x1e0
[   63.276200]  ? bus_rescan_devices+0x30/0x30
[   63.280533]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   63.285639]  ? lockdep_hardirqs_on+0x37e/0x580
[   63.290229]  __device_attach+0x223/0x3a0
[   63.294279]  ? device_bind_driver+0xe0/0xe0
[   63.298592]  ? kobject_uevent_env+0x295/0x13d0
[   63.303194]  bus_probe_device+0x1f1/0x2a0
[   63.307429]  ? blocking_notifier_call_chain+0x59/0xb0
[   63.312653]  device_add+0xad2/0x16e0
[   63.316369]  ? get_device_parent.isra.0+0x560/0x560
[   63.321400]  usb_new_device.cold+0x537/0xccf
[   63.325822]  hub_event+0x138e/0x3b00
[   63.329549]  ? hub_port_debounce+0x350/0x350
[   63.333981]  ? _raw_spin_unlock_irq+0x29/0x40
[   63.338472]  process_one_work+0x90f/0x1580
[   63.342693]  ? wq_pool_ids_show+0x300/0x300
[   63.347002]  ? do_raw_spin_lock+0x11f/0x290
[   63.351316]  worker_thread+0x9b/0xe20
[   63.355117]  ? process_one_work+0x1580/0x1580
[   63.359715]  kthread+0x313/0x420
[   63.363075]  ? kthread_park+0x1a0/0x1a0
[   63.367052]  ret_from_fork+0x3a/0x50
[   63.370785] 
[   63.372422] Allocated by task 1226:
[   63.376312]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   63.381229]  security_task_alloc+0x113/0x180
[   63.385626]  copy_process.part.0+0x1c62/0x76b0
[   63.390196]  _do_fork+0x234/0xed0
[   63.393655]  do_syscall_64+0xcf/0x4f0
[   63.397454]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   63.402626] 
[   63.404234] Freed by task 3916:
[   63.407592]  __kasan_slab_free+0x130/0x180
[   63.411837]  slab_free_freelist_hook+0x5e/0x140
[   63.416523]  kfree+0xce/0x290
[   63.419622]  security_task_free+0x9a/0xf0
[   63.423781]  __put_task_struct+0xec/0x4d0
[   63.427933]  delayed_put_task_struct+0x189/0x290
[   63.432700]  rcu_core+0x83b/0x1a80
[   63.436248]  __do_softirq+0x22a/0x8cd
[   63.440032] 
[   63.441651] The buggy address belongs to the object at ffff8880a5d159c0
[   63.441651]  which belongs to the cache kmalloc-64 of size 64
[   63.454617] The buggy address is located 34 bytes inside of
[   63.454617]  64-byte region [ffff8880a5d159c0, ffff8880a5d15a00)
[   63.466401] The buggy address belongs to the page:
[   63.471345] page:ffffea0002974540 count:1 mapcount:0 mapping:ffff88812c3f5600 index:0x0
[   63.479506] flags: 0xfff00000000200(slab)
[   63.483706] raw: 00fff00000000200 ffffea00029748c0 0000000500000005 ffff88812c3f5600
[   63.491596] raw: 0000000000000000 00000000002a002a 00000001ffffffff 0000000000000000
[   63.499500] page dumped because: kasan: bad access detected
[   63.505203] 
[   63.506821] Memory state around the buggy address:
[   63.511738]  ffff8880a5d15880: fc fc fc fc fb fb fb fb fb fb fb fb fc fc fc fc
[   63.519095]  ffff8880a5d15900: fb fb fb fb fb fb fb fb fc fc fc fc 00 00 00 00
[   63.526482] >ffff8880a5d15980: 00 00 fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   63.533830]                                                        ^
[   63.540317]  ffff8880a5d15a00: fc fc fc fc fb fb fb fb fb fb fb fb fc fc fc fc
[   63.547772]  ffff8880a5d15a80: fb fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb
[   63.555110] ==================================================================
[   63.562470] Disabling lock debugging due to kernel taint
[   63.568038] Kernel panic - not syncing: panic_on_warn set ...
[   63.573963] CPU: 0 PID: 556 Comm: kworker/0:2 Tainted: G    B             5.1.0-rc4-319354-g9a33b36 #3
[   63.583430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   63.592892] Workqueue: usb_hub_wq hub_event
[   63.597212] Call Trace:
[   63.599809]  dump_stack+0xe8/0x16e
[   63.603346]  panic+0x29d/0x5f2
[   63.606532]  ? __warn_printk+0xf8/0xf8
[   63.610428]  ? retint_kernel+0x10/0x10
[   63.614321]  ? trace_hardirqs_on+0x55/0x1c0
[   63.618679]  ? ds_probe+0x604/0x760
[   63.622304]  end_report+0x48/0x4e
[   63.625761]  ? ds_probe+0x604/0x760
[   63.629383]  kasan_report.cold+0xd/0x3c
[   63.633358]  ? ds_probe+0x604/0x760
[   63.636981]  ds_probe+0x604/0x760
[   63.640434]  usb_probe_interface+0x31d/0x820
[   63.644835]  ? usb_probe_device+0x150/0x150
[   63.649150]  really_probe+0x2da/0xb10
[   63.652959]  driver_probe_device+0x21d/0x350
[   63.657388]  __device_attach_driver+0x1d8/0x290
[   63.662055]  ? driver_allows_async_probing+0x160/0x160
[   63.667330]  bus_for_each_drv+0x163/0x1e0
[   63.671484]  ? bus_rescan_devices+0x30/0x30
[   63.675819]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   63.681017]  ? lockdep_hardirqs_on+0x37e/0x580
[   63.685618]  __device_attach+0x223/0x3a0
[   63.689692]  ? device_bind_driver+0xe0/0xe0
[   63.694019]  ? kobject_uevent_env+0x295/0x13d0
[   63.698628]  bus_probe_device+0x1f1/0x2a0
[   63.704319]  ? blocking_notifier_call_chain+0x59/0xb0
[   63.709523]  device_add+0xad2/0x16e0
[   63.713248]  ? get_device_parent.isra.0+0x560/0x560
[   63.718267]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   63.723386]  usb_set_configuration+0xdf7/0x1740
[   63.728076]  generic_probe+0xa2/0xda
[   63.731796]  usb_probe_device+0xc0/0x150
[   63.735853]  ? usb_suspend+0x5f0/0x5f0
[   63.739731]  really_probe+0x2da/0xb10
[   63.743538]  driver_probe_device+0x21d/0x350
[   63.747944]  __device_attach_driver+0x1d8/0x290
[   63.752626]  ? driver_allows_async_probing+0x160/0x160
[   63.757903]  bus_for_each_drv+0x163/0x1e0
[   63.762049]  ? bus_rescan_devices+0x30/0x30
[   63.766903]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   63.772224]  ? lockdep_hardirqs_on+0x37e/0x580
[   63.778566]  __device_attach+0x223/0x3a0
[   63.782639]  ? device_bind_driver+0xe0/0xe0
[   63.786963]  ? kobject_uevent_env+0x295/0x13d0
[   63.791728]  bus_probe_device+0x1f1/0x2a0
[   63.795885]  ? blocking_notifier_call_chain+0x59/0xb0
[   63.801212]  device_add+0xad2/0x16e0
[   63.804924]  ? get_device_parent.isra.0+0x560/0x560
[   63.809942]  usb_new_device.cold+0x537/0xccf
[   63.814349]  hub_event+0x138e/0x3b00
[   63.818084]  ? hub_port_debounce+0x350/0x350
[   63.822500]  ? _raw_spin_unlock_irq+0x29/0x40
[   63.827027]  process_one_work+0x90f/0x1580
[   63.831346]  ? wq_pool_ids_show+0x300/0x300
[   63.835664]  ? do_raw_spin_lock+0x11f/0x290
[   63.839985]  worker_thread+0x9b/0xe20
[   63.843796]  ? process_one_work+0x1580/0x1580
[   63.848292]  kthread+0x313/0x420
[   63.851656]  ? kthread_park+0x1a0/0x1a0
[   63.855636]  ret_from_fork+0x3a/0x50
[   63.859870] Kernel Offset: disabled
[   63.863524] Rebooting in 86400 seconds..