Warning: Permanently added '10.128.10.26' (ECDSA) to the list of known hosts. executing program [ 31.702542][ T12] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 32.062575][ T12] usb 1-1: config 29 has an invalid interface number: 217 but max is 0 [ 32.070992][ T12] usb 1-1: config 29 has no interface number 0 [ 32.077299][ T12] usb 1-1: config 29 interface 217 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 32.088049][ T12] usb 1-1: config 29 interface 217 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 10 [ 32.099224][ T12] usb 1-1: config 29 interface 217 altsetting 0 endpoint 0x4 has invalid maxpacket 128, setting to 64 [ 32.110224][ T12] usb 1-1: config 29 interface 217 altsetting 0 has a duplicate endpoint with address 0xF, skipping [ 32.352510][ T12] usb 1-1: string descriptor 0 read error: -22 [ 32.358777][ T12] usb 1-1: New USB device found, idVendor=1618, idProduct=9116, bcdDevice=9e.a5 [ 32.367846][ T12] usb 1-1: New USB device strings: Mfr=2, Product=255, SerialNumber=3 [ 32.416154][ T12] rsi_91x: rsi_probe: Failed to init usb interface [ 32.423646][ T12] ================================================================== [ 32.431979][ T12] BUG: KASAN: double-free or invalid-free in rsi_91x_deinit+0x270/0x2f0 [ 32.440275][ T12] [ 32.442585][ T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.2.0-rc6+ #13 [ 32.450024][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.460063][ T12] Workqueue: usb_hub_wq hub_event [ 32.465067][ T12] Call Trace: [ 32.468331][ T12] dump_stack+0xca/0x13e [ 32.472551][ T12] print_address_description+0x67/0x231 [ 32.478073][ T12] ? rsi_91x_deinit+0x270/0x2f0 [ 32.482911][ T12] kasan_report_invalid_free+0x61/0xa0 [ 32.488348][ T12] ? rsi_91x_deinit+0x270/0x2f0 [ 32.493176][ T12] __kasan_slab_free+0x162/0x180 [ 32.498114][ T12] ? rsi_91x_deinit+0x270/0x2f0 [ 32.502952][ T12] kfree+0xd7/0x280 [ 32.506741][ T12] rsi_91x_deinit+0x270/0x2f0 [ 32.511411][ T12] rsi_probe+0xcec/0x15a0 [ 32.515720][ T12] ? rsi_disconnect+0x630/0x630 [ 32.520545][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 32.525821][ T12] ? __pm_runtime_resume+0x111/0x180 [ 32.531095][ T12] usb_probe_interface+0x305/0x7a0 [ 32.536182][ T12] ? usb_probe_device+0x100/0x100 [ 32.541181][ T12] really_probe+0x281/0x660 [ 32.545661][ T12] driver_probe_device+0x104/0x210 [ 32.550756][ T12] __device_attach_driver+0x1c2/0x220 [ 32.556123][ T12] ? driver_allows_async_probing+0x160/0x160 [ 32.562074][ T12] bus_for_each_drv+0x15c/0x1e0 [ 32.566897][ T12] ? bus_rescan_devices+0x20/0x20 [ 32.571910][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 32.577690][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 32.582974][ T12] __device_attach+0x217/0x360 [ 32.587734][ T12] ? device_bind_driver+0xd0/0xd0 [ 32.592735][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 32.597996][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 32.603262][ T12] bus_probe_device+0x1e4/0x290 [ 32.608089][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 32.613957][ T12] device_add+0xae6/0x16f0 [ 32.618353][ T12] ? uevent_store+0x50/0x50 [ 32.622854][ T12] usb_set_configuration+0xdf6/0x1670 [ 32.628231][ T12] generic_probe+0x9d/0xd5 [ 32.632624][ T12] usb_probe_device+0x99/0x100 [ 32.637365][ T12] ? usb_suspend+0x620/0x620 [ 32.641926][ T12] really_probe+0x281/0x660 [ 32.646417][ T12] driver_probe_device+0x104/0x210 [ 32.651501][ T12] __device_attach_driver+0x1c2/0x220 [ 32.656934][ T12] ? driver_allows_async_probing+0x160/0x160 [ 32.663079][ T12] bus_for_each_drv+0x15c/0x1e0 [ 32.667907][ T12] ? bus_rescan_devices+0x20/0x20 [ 32.672918][ T12] ? _raw_spin_unlock_irqrestore+0x3e/0x50 [ 32.678703][ T12] ? lockdep_hardirqs_on+0x379/0x580 [ 32.683967][ T12] __device_attach+0x217/0x360 [ 32.688720][ T12] ? device_bind_driver+0xd0/0xd0 [ 32.693730][ T12] ? kobject_uevent_env+0x29e/0x1150 [ 32.698994][ T12] ? kobject_uevent_env+0x2a8/0x1150 [ 32.704256][ T12] bus_probe_device+0x1e4/0x290 [ 32.709094][ T12] ? blocking_notifier_call_chain+0x54/0xa0 [ 32.714990][ T12] device_add+0xae6/0x16f0 [ 32.719385][ T12] ? uevent_store+0x50/0x50 [ 32.723865][ T12] usb_new_device.cold+0x8c1/0x1016 [ 32.729044][ T12] ? usb_port_suspend+0xa40/0xa40 [ 32.734042][ T12] ? mark_held_locks+0x9f/0xe0 [ 32.738781][ T12] ? _raw_spin_unlock_irq+0x24/0x30 [ 32.743951][ T12] hub_event+0x1ada/0x3590 [ 32.748339][ T12] ? hub_port_debounce+0x260/0x260 [ 32.753431][ T12] process_one_work+0x905/0x1570 [ 32.758346][ T12] ? pwq_dec_nr_in_flight+0x310/0x310 [ 32.763700][ T12] ? do_raw_spin_lock+0x11a/0x280 [ 32.768708][ T12] worker_thread+0x96/0xe20 [ 32.773203][ T12] ? process_one_work+0x1570/0x1570 [ 32.778389][ T12] kthread+0x30b/0x410 [ 32.782454][ T12] ? kthread_park+0x1a0/0x1a0 [ 32.787107][ T12] ret_from_fork+0x24/0x30 [ 32.791517][ T12] [ 32.793827][ T12] Allocated by task 12: [ 32.797963][ T12] save_stack+0x1b/0x80 [ 32.802095][ T12] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 32.807701][ T12] rsi_probe+0x11a/0x15a0 [ 32.812011][ T12] usb_probe_interface+0x305/0x7a0 [ 32.817097][ T12] really_probe+0x281/0x660 [ 32.821573][ T12] driver_probe_device+0x104/0x210 [ 32.826660][ T12] __device_attach_driver+0x1c2/0x220 [ 32.832016][ T12] bus_for_each_drv+0x15c/0x1e0 [ 32.836841][ T12] __device_attach+0x217/0x360 [ 32.841576][ T12] bus_probe_device+0x1e4/0x290 [ 32.846399][ T12] device_add+0xae6/0x16f0 [ 32.850787][ T12] usb_set_configuration+0xdf6/0x1670 [ 32.856130][ T12] generic_probe+0x9d/0xd5 [ 32.860518][ T12] usb_probe_device+0x99/0x100 [ 32.865276][ T12] really_probe+0x281/0x660 [ 32.869759][ T12] driver_probe_device+0x104/0x210 [ 32.874862][ T12] __device_attach_driver+0x1c2/0x220 [ 32.880210][ T12] bus_for_each_drv+0x15c/0x1e0 [ 32.885038][ T12] __device_attach+0x217/0x360 [ 32.889795][ T12] bus_probe_device+0x1e4/0x290 [ 32.894649][ T12] device_add+0xae6/0x16f0 [ 32.899054][ T12] usb_new_device.cold+0x8c1/0x1016 [ 32.904241][ T12] hub_event+0x1ada/0x3590 [ 32.908647][ T12] process_one_work+0x905/0x1570 [ 32.913558][ T12] worker_thread+0x96/0xe20 [ 32.918034][ T12] kthread+0x30b/0x410 [ 32.922087][ T12] ret_from_fork+0x24/0x30 [ 32.926471][ T12] [ 32.928776][ T12] Freed by task 12: [ 32.932579][ T12] save_stack+0x1b/0x80 [ 32.936710][ T12] __kasan_slab_free+0x130/0x180 [ 32.941624][ T12] kfree+0xd7/0x280 [ 32.945420][ T12] rsi_probe+0xdfd/0x15a0 [ 32.949731][ T12] usb_probe_interface+0x305/0x7a0 [ 32.954817][ T12] really_probe+0x281/0x660 [ 32.959315][ T12] driver_probe_device+0x104/0x210 [ 32.964401][ T12] __device_attach_driver+0x1c2/0x220 [ 32.969745][ T12] bus_for_each_drv+0x15c/0x1e0 [ 32.974567][ T12] __device_attach+0x217/0x360 [ 32.979324][ T12] bus_probe_device+0x1e4/0x290 [ 32.984148][ T12] device_add+0xae6/0x16f0 [ 32.988537][ T12] usb_set_configuration+0xdf6/0x1670 [ 32.993880][ T12] generic_probe+0x9d/0xd5 [ 32.998269][ T12] usb_probe_device+0x99/0x100 [ 33.003012][ T12] really_probe+0x281/0x660 [ 33.007488][ T12] driver_probe_device+0x104/0x210 [ 33.012574][ T12] __device_attach_driver+0x1c2/0x220 [ 33.017923][ T12] bus_for_each_drv+0x15c/0x1e0 [ 33.022753][ T12] __device_attach+0x217/0x360 [ 33.027491][ T12] bus_probe_device+0x1e4/0x290 [ 33.032313][ T12] device_add+0xae6/0x16f0 [ 33.036725][ T12] usb_new_device.cold+0x8c1/0x1016 [ 33.042010][ T12] hub_event+0x1ada/0x3590 [ 33.046404][ T12] process_one_work+0x905/0x1570 [ 33.051341][ T12] worker_thread+0x96/0xe20 [ 33.055822][ T12] kthread+0x30b/0x410 [ 33.059868][ T12] ret_from_fork+0x24/0x30 [ 33.064253][ T12] [ 33.066561][ T12] The buggy address belongs to the object at ffff8881d05e9180 [ 33.066561][ T12] which belongs to the cache kmalloc-512 of size 512 [ 33.080766][ T12] The buggy address is located 0 bytes inside of [ 33.080766][ T12] 512-byte region [ffff8881d05e9180, ffff8881d05e9380) [ 33.093838][ T12] The buggy address belongs to the page: [ 33.099455][ T12] page:ffffea0007417a00 refcount:1 mapcount:0 mapping:ffff8881dac02c00 index:0xffff8881d05e9680 compound_mapcount: 0 [ 33.111664][ T12] flags: 0x200000000010200(slab|head) [ 33.117014][ T12] raw: 0200000000010200 ffffea0007417b00 0000000700000007 ffff8881dac02c00 [ 33.125576][ T12] raw: ffff8881d05e9680 00000000800c000b 00000001ffffffff 0000000000000000 [ 33.134131][ T12] page dumped because: kasan: bad access detected [ 33.140526][ T12] [ 33.142825][ T12] Memory state around the buggy address: [ 33.148437][ T12] ffff8881d05e9080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.156494][ T12] ffff8881d05e9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.164557][ T12] >ffff8881d05e9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.172615][ T12] ^ [ 33.176664][ T12] ffff8881d05e9200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.184699][ T12] ffff8881d05e9280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.192738][ T12] ================================================================== [ 33.200770][ T12] Disabling lock debugging due to kernel taint [ 33.206982][ T12] Kernel panic - not syncing: panic_on_warn set ... [ 33.211160][ T1726] usb-fuzzer-gadget dummy_udc.0: unregistering UD