Warning: Permanently added '10.128.0.202' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   54.490683] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   54.730650] usb 1-1: Using ep0 maxpacket: 8
[   54.850732] usb 1-1: config 0 has an invalid interface number: 28 but max is 0
[   54.858306] usb 1-1: config 0 has no interface number 0
[   54.863768] usb 1-1: New USB device found, idVendor=04fa, idProduct=2490, bcdDevice=74.f9
[   54.872151] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   54.881399] usb 1-1: config 0 descriptor??
[   55.120902] ==================================================================
[   55.128402] BUG: KASAN: use-after-free in ds_probe+0x604/0x760
[   55.134359] Read of size 1 at addr ffff888218885442 by task kworker/1:1/21
[   55.141346] 
[   55.142971] CPU: 1 PID: 21 Comm: kworker/1:1 Not tainted 5.1.0-rc5-319617-gd34f951 #4
[   55.150917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.160257] Workqueue: usb_hub_wq hub_event
[   55.164558] Call Trace:
[   55.167143]  dump_stack+0xe8/0x16e
[   55.170672]  ? ds_probe+0x604/0x760
[   55.174287]  ? ds_probe+0x604/0x760
[   55.177898]  print_address_description+0x6c/0x236
[   55.182731]  ? ds_probe+0x604/0x760
[   55.186341]  ? ds_probe+0x604/0x760
[   55.189972]  kasan_report.cold+0x1a/0x3c
[   55.194022]  ? ds_probe+0x604/0x760
[   55.197666]  ds_probe+0x604/0x760
[   55.201110]  usb_probe_interface+0x31d/0x820
[   55.205504]  ? usb_probe_device+0x150/0x150
[   55.209810]  really_probe+0x2da/0xb10
[   55.213632]  driver_probe_device+0x21d/0x350
[   55.218028]  __device_attach_driver+0x1d8/0x290
[   55.222689]  ? driver_allows_async_probing+0x160/0x160
[   55.227945]  bus_for_each_drv+0x163/0x1e0
[   55.232079]  ? bus_rescan_devices+0x30/0x30
[   55.236397]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   55.241508]  ? lockdep_hardirqs_on+0x37e/0x580
[   55.246079]  __device_attach+0x223/0x3a0
[   55.250130]  ? device_bind_driver+0xe0/0xe0
[   55.254435]  ? kobject_uevent_env+0x295/0x13d0
[   55.258998]  bus_probe_device+0x1f1/0x2a0
[   55.263135]  ? blocking_notifier_call_chain+0x59/0xb0
[   55.268327]  device_add+0xad2/0x16e0
[   55.272031]  ? get_device_parent.isra.0+0x560/0x560
[   55.277046]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   55.282135]  usb_set_configuration+0xdf7/0x1740
[   55.286803]  generic_probe+0xa2/0xda
[   55.290504]  usb_probe_device+0xc0/0x150
[   55.294551]  ? usb_suspend+0x5f0/0x5f0
[   55.298421]  really_probe+0x2da/0xb10
[   55.302223]  driver_probe_device+0x21d/0x350
[   55.306637]  __device_attach_driver+0x1d8/0x290
[   55.311298]  ? driver_allows_async_probing+0x160/0x160
[   55.316586]  bus_for_each_drv+0x163/0x1e0
[   55.320724]  ? bus_rescan_devices+0x30/0x30
[   55.325031]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   55.330125]  ? lockdep_hardirqs_on+0x37e/0x580
[   55.334712]  __device_attach+0x223/0x3a0
[   55.338760]  ? device_bind_driver+0xe0/0xe0
[   55.343070]  ? kobject_uevent_env+0x295/0x13d0
[   55.347637]  bus_probe_device+0x1f1/0x2a0
[   55.351788]  ? blocking_notifier_call_chain+0x59/0xb0
[   55.356975]  device_add+0xad2/0x16e0
[   55.360677]  ? get_device_parent.isra.0+0x560/0x560
[   55.365680]  usb_new_device.cold+0x537/0xccf
[   55.370793]  hub_event+0x1398/0x3b00
[   55.374525]  ? hub_port_debounce+0x350/0x350
[   55.378920]  ? _raw_spin_unlock_irq+0x29/0x40
[   55.383424]  process_one_work+0x90f/0x1580
[   55.387650]  ? wq_pool_ids_show+0x300/0x300
[   55.391955]  ? do_raw_spin_lock+0x11f/0x290
[   55.396265]  worker_thread+0x9b/0xe20
[   55.400055]  ? process_one_work+0x1580/0x1580
[   55.404532]  kthread+0x313/0x420
[   55.407878]  ? kthread_park+0x1a0/0x1a0
[   55.411859]  ret_from_fork+0x3a/0x50
[   55.415563] 
[   55.417171] Allocated by task 1:
[   55.420519]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   55.425433]  __kthread_create_on_node+0xd7/0x410
[   55.430170]  kthread_create_on_node+0xc0/0x100
[   55.434751]  cryptomgr_notify+0x583/0xbd0
[   55.438879]  notifier_call_chain+0xca/0x240
[   55.443182]  blocking_notifier_call_chain+0x8a/0xb0
[   55.448183]  crypto_probing_notify+0x27/0x80
[   55.452575]  crypto_wait_for_test+0x42/0xe0
[   55.456878]  crypto_register_alg+0xab/0xd0
[   55.461093]  crypto_register_rngs+0x100/0x1b0
[   55.465593]  do_one_initcall+0xde/0x597
[   55.469552]  kernel_init_freeable+0x4da/0x5c7
[   55.474028]  kernel_init+0x12/0x1ca
[   55.477658]  ret_from_fork+0x3a/0x50
[   55.481349] 
[   55.482956] Freed by task 1:
[   55.485958]  __kasan_slab_free+0x130/0x180
[   55.490187]  slab_free_freelist_hook+0x5e/0x140
[   55.494838]  kfree+0xce/0x280
[   55.497923]  __kthread_create_on_node+0x30b/0x410
[   55.502748]  kthread_create_on_node+0xc0/0x100
[   55.507315]  cryptomgr_notify+0x583/0xbd0
[   55.511444]  notifier_call_chain+0xca/0x240
[   55.515746]  blocking_notifier_call_chain+0x8a/0xb0
[   55.520743]  crypto_probing_notify+0x27/0x80
[   55.525134]  crypto_wait_for_test+0x42/0xe0
[   55.529454]  crypto_register_alg+0xab/0xd0
[   55.533688]  crypto_register_rngs+0x100/0x1b0
[   55.538164]  do_one_initcall+0xde/0x597
[   55.542123]  kernel_init_freeable+0x4da/0x5c7
[   55.546599]  kernel_init+0x12/0x1ca
[   55.550203]  ret_from_fork+0x3a/0x50
[   55.553893] 
[   55.555500] The buggy address belongs to the object at ffff888218885420
[   55.555500]  which belongs to the cache kmalloc-64 of size 64
[   55.567981] The buggy address is located 34 bytes inside of
[   55.567981]  64-byte region [ffff888218885420, ffff888218885460)
[   55.579678] The buggy address belongs to the page:
[   55.584597] page:ffffea0008622140 count:1 mapcount:0 mapping:ffff88812c3f5600 index:0x0
[   55.592721] flags: 0x57ff00000000200(slab)
[   55.596942] raw: 057ff00000000200 dead000000000100 dead000000000200 ffff88812c3f5600
[   55.604831] raw: 0000000000000000 00000000802a002a 00000001ffffffff 0000000000000000
[   55.612690] page dumped because: kasan: bad access detected
[   55.618378] 
[   55.619985] Memory state around the buggy address:
[   55.624914]  ffff888218885300: fb fb fb fb fb fb fb fb fc fc fc fc 00 00 00 00
[   55.632257]  ffff888218885380: 00 00 00 00 fc fc fc fc 00 00 00 00 00 00 fc fc
[   55.639612] >ffff888218885400: fc fc fc fc fb fb fb fb fb fb fb fb fc fc fc fc
[   55.646951]                                            ^
[   55.652379]  ffff888218885480: fb fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb
[   55.659717]  ffff888218885500: fb fb fb fb fc fc fc fc 00 00 00 00 00 00 fc fc
[   55.667055] ==================================================================
[   55.674389] Disabling lock debugging due to kernel taint
[   55.679967] Kernel panic - not syncing: panic_on_warn set ...
[   55.685862] CPU: 1 PID: 21 Comm: kworker/1:1 Tainted: G    B             5.1.0-rc5-319617-gd34f951 #4
[   55.695208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.704568] Workqueue: usb_hub_wq hub_event
[   55.708875] Call Trace:
[   55.711467]  dump_stack+0xe8/0x16e
[   55.715004]  panic+0x29d/0x5f2
[   55.718190]  ? __warn_printk+0xf8/0xf8
[   55.722071]  ? retint_kernel+0x10/0x10
[   55.725956]  ? trace_hardirqs_on+0x55/0x1c0
[   55.730278]  ? ds_probe+0x604/0x760
[   55.733911]  end_report+0x48/0x4e
[   55.737356]  ? ds_probe+0x604/0x760
[   55.740974]  kasan_report.cold+0xd/0x3c
[   55.744943]  ? ds_probe+0x604/0x760
[   55.748568]  ds_probe+0x604/0x760
[   55.752022]  usb_probe_interface+0x31d/0x820
[   55.756438]  ? usb_probe_device+0x150/0x150
[   55.760872]  really_probe+0x2da/0xb10
[   55.764686]  driver_probe_device+0x21d/0x350
[   55.769112]  __device_attach_driver+0x1d8/0x290
[   55.773808]  ? driver_allows_async_probing+0x160/0x160
[   55.779081]  bus_for_each_drv+0x163/0x1e0
[   55.783224]  ? bus_rescan_devices+0x30/0x30
[   55.787541]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   55.792651]  ? lockdep_hardirqs_on+0x37e/0x580
[   55.797242]  __device_attach+0x223/0x3a0
[   55.801299]  ? device_bind_driver+0xe0/0xe0
[   55.805615]  ? kobject_uevent_env+0x295/0x13d0
[   55.810191]  bus_probe_device+0x1f1/0x2a0
[   55.814357]  ? blocking_notifier_call_chain+0x59/0xb0
[   55.819550]  device_add+0xad2/0x16e0
[   55.823261]  ? get_device_parent.isra.0+0x560/0x560
[   55.828303]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   55.833409]  usb_set_configuration+0xdf7/0x1740
[   55.838092]  generic_probe+0xa2/0xda
[   55.841804]  usb_probe_device+0xc0/0x150
[   55.845862]  ? usb_suspend+0x5f0/0x5f0
[   55.849740]  really_probe+0x2da/0xb10
[   55.853543]  driver_probe_device+0x21d/0x350
[   55.857944]  __device_attach_driver+0x1d8/0x290
[   55.862605]  ? driver_allows_async_probing+0x160/0x160
[   55.867878]  bus_for_each_drv+0x163/0x1e0
[   55.872021]  ? bus_rescan_devices+0x30/0x30
[   55.876354]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   55.881454]  ? lockdep_hardirqs_on+0x37e/0x580
[   55.886031]  __device_attach+0x223/0x3a0
[   55.890095]  ? device_bind_driver+0xe0/0xe0
[   55.894415]  ? kobject_uevent_env+0x295/0x13d0
[   55.898988]  bus_probe_device+0x1f1/0x2a0
[   55.903135]  ? blocking_notifier_call_chain+0x59/0xb0
[   55.908318]  device_add+0xad2/0x16e0
[   55.912043]  ? get_device_parent.isra.0+0x560/0x560
[   55.917068]  usb_new_device.cold+0x537/0xccf
[   55.921476]  hub_event+0x1398/0x3b00
[   55.925197]  ? hub_port_debounce+0x350/0x350
[   55.929650]  ? _raw_spin_unlock_irq+0x29/0x40
[   55.934149]  process_one_work+0x90f/0x1580
[   55.938385]  ? wq_pool_ids_show+0x300/0x300
[   55.942713]  ? do_raw_spin_lock+0x11f/0x290
[   55.947044]  worker_thread+0x9b/0xe20
[   55.950848]  ? process_one_work+0x1580/0x1580
[   55.955337]  kthread+0x313/0x420
[   55.958694]  ? kthread_park+0x1a0/0x1a0
[   55.962664]  ret_from_fork+0x3a/0x50
[   55.967103] Kernel Offset: disabled
[   55.970747] Rebooting in 86400 seconds..