Warning: Permanently added '10.128.0.40' (ED25519) to the list of known hosts.
executing program
[   36.635998][   T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   36.785837][   T10] usb 1-1: Using ep0 maxpacket: 32
[   36.788832][   T10] usb 1-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[   36.790954][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[   36.792820][   T10] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA9, changing to 0x89
[   36.794963][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 255, changing to 11
[   36.797241][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[   36.799381][   T10] usb 1-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[   36.803795][   T10] usb 1-1: New USB device found, idVendor=2040, idProduct=5500, bcdDevice=a9.c8
[   36.805572][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   36.807190][   T10] usb 1-1: Product: syz
[   36.808008][   T10] usb 1-1: Manufacturer: syz
[   36.808914][   T10] usb 1-1: SerialNumber: syz
[   36.811786][   T10] usb 1-1: config 0 descriptor??
[   36.814690][ T6422] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
executing program
[   37.022656][   T10] smsusb:smsusb_probe: board id=8, interface number 0
[   37.028289][   T10] smsusb:siano_media_device_register: media controller created
[   37.030472][   T10] ------------[ cut here ]------------
[   37.031562][   T10] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[   37.033148][   T10] WARNING: CPU: 0 PID: 10 at drivers/usb/core/urb.c:504 usb_submit_urb+0xa00/0x148c
[   37.034961][   T10] Modules linked in:
[   37.035752][   T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.13.0-rc3-syzkaller-g573067a5a685 #0
[   37.037711][   T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   37.039694][   T10] Workqueue: usb_hub_wq hub_event
[   37.040711][   T10] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   37.042257][   T10] pc : usb_submit_urb+0xa00/0x148c
[   37.043281][   T10] lr : usb_submit_urb+0xa00/0x148c
[   37.044317][   T10] sp : ffff800097a76800
[   37.045140][   T10] x29: ffff800097a76840 x28: ffff0000d4fc6000 x27: 0000000000000003
[   37.046761][   T10] x26: ffff80008cf76b4c x25: ffff0000c2401120 x24: ffff0000c23cab50
[   37.048372][   T10] x23: ffff80008cf7d8c0 x22: dfff800000000000 x21: 0000000000000003
[   37.049992][   T10] x20: 0000000000000820 x19: ffff0000c23cab00 x18: 0000000000000008
[   37.051614][   T10] x17: 0000000000000000 x16: ffff800083275834 x15: 0000000000000001
[   37.053214][   T10] x14: 1fffe000366fc2ea x13: 0000000000000000 x12: 0000000000000000
[   37.054800][   T10] x11: 0000000000000002 x10: 0000000000ff0100 x9 : 4c2ddb16bd3ca900
[   37.056393][   T10] x8 : 4c2ddb16bd3ca900 x7 : 0000000000000001 x6 : 0000000000000001
[   37.057993][   T10] x5 : ffff800097a75f38 x4 : ffff80008fa8f840 x3 : ffff80008073f2fc
[   37.059605][   T10] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
[   37.061241][   T10] Call trace:
[   37.061883][   T10]  usb_submit_urb+0xa00/0x148c (P)
[   37.062925][   T10]  smsusb_submit_urb+0x220/0x310
[   37.063929][   T10]  smsusb_start_streaming+0x30/0x2e0
[   37.065001][   T10]  smsusb_probe+0x15a8/0x1bd8
[   37.065943][   T10]  usb_probe_interface+0x598/0xa40
[   37.066985][   T10]  really_probe+0x38c/0x8fc
[   37.067965][   T10]  __driver_probe_device+0x194/0x374
[   37.069036][   T10]  driver_probe_device+0x78/0x330
[   37.070064][   T10]  __device_attach_driver+0x2a8/0x4f4
[   37.071145][   T10]  bus_for_each_drv+0x228/0x2bc
[   37.072116][   T10]  __device_attach+0x2b4/0x434
[   37.073109][   T10]  device_initial_probe+0x24/0x34
[   37.074137][   T10]  bus_probe_device+0x178/0x240
[   37.075095][   T10]  device_add+0x728/0xa6c
[   37.075966][   T10]  usb_set_configuration+0x15cc/0x1b38
[   37.077049][   T10]  usb_generic_driver_probe+0x8c/0x148
[   37.078153][   T10]  usb_probe_device+0x1a4/0x348
[   37.079112][   T10]  really_probe+0x38c/0x8fc
[   37.080018][   T10]  __driver_probe_device+0x194/0x374
[   37.081092][   T10]  driver_probe_device+0x78/0x330
[   37.082134][   T10]  __device_attach_driver+0x2a8/0x4f4
[   37.083201][   T10]  bus_for_each_drv+0x228/0x2bc
[   37.084165][   T10]  __device_attach+0x2b4/0x434
[   37.085148][   T10]  device_initial_probe+0x24/0x34
[   37.086145][   T10]  bus_probe_device+0x178/0x240
[   37.087098][   T10]  device_add+0x728/0xa6c
[   37.087997][   T10]  usb_new_device+0x908/0x149c
[   37.088950][   T10]  hub_event+0x2454/0x4280
[   37.089847][   T10]  process_one_work+0x7a8/0x15cc
[   37.090835][   T10]  worker_thread+0x97c/0xeec
[   37.091767][   T10]  kthread+0x288/0x310
[   37.092593][   T10]  ret_from_fork+0x10/0x20
[   37.093472][   T10] irq event stamp: 110918
[   37.094330][   T10] hardirqs last  enabled at (110917): [<ffff8000804aab50>] __console_unlock+0x70/0xc4
[   37.096234][   T10] hardirqs last disabled at (110918): [<ffff80008b69c83c>] el1_dbg+0x24/0x80
[   37.097995][   T10] softirqs last  enabled at (110438): [<ffff80008030e7b4>] handle_softirqs+0xb44/0xd34
[   37.099860][   T10] softirqs last disabled at (110433): [<ffff800080020db4>] __do_softirq+0x14/0x20
[   37.101673][   T10] ---[ end trace 0000000000000000 ]---
[   37.102883][   T10] smsusb:smsusb_start_streaming: smsusb_submit_urb(...) failed
[   37.104405][   T10] smsusb:smsusb_init_device: smsusb_start_streaming(...) failed
[   37.106575][   T10] ------------[ cut here ]------------
[   37.107651][   T10] WARNING: CPU: 0 PID: 10 at mm/slub.c:4723 free_large_kmalloc+0x34/0x188
[   37.109254][   T10] Modules linked in:
[   37.109995][   T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Tainted: G        W          6.13.0-rc3-syzkaller-g573067a5a685 #0
[   37.112263][   T10] Tainted: [W]=WARN
[   37.112968][   T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   37.114895][   T10] Workqueue: usb_hub_wq hub_event
[   37.115894][   T10] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   37.117434][   T10] pc : free_large_kmalloc+0x34/0x188
[   37.118479][   T10] lr : kfree+0x25c/0x478
[   37.119330][   T10] sp : ffff800097a76830
[   37.120148][   T10] x29: ffff800097a76830 x28: ffff0000c304a000 x27: ffff0000c19e1e40
[   37.121769][   T10] x26: 1fffe00018609401 x25: 00000000000003f0 x24: 1fffe0001a9f8e1e
[   37.123434][   T10] x23: dfff800000000000 x22: ffff0000dcd62000 x21: ffff800080b49da0
[   37.125013][   T10] x20: ffff0000dcd62000 x19: fffffdffc3735880 x18: ffff800097a760e0
[   37.126593][   T10] x17: 000000000000e3ed x16: ffff800083275834 x15: 0000000000000001
[   37.128170][   T10] x14: 1fffe00018479560 x13: 0000000000000000 x12: 0000000000000000
[   37.129747][   T10] x11: ffff600018479561 x10: 0000000000ff0100 x9 : 00003c0003735880
[   37.131319][   T10] x8 : ffff800092c5e000 x7 : ffff800086978c44 x6 : ffff800086968d84
[   37.132963][   T10] x5 : ffff0000c1ffe4c8 x4 : ffff800097a766b8 x3 : ffff80008698dcb4
[   37.134542][   T10] x2 : 0000000000000001 x1 : ffff0000dcd62000 x0 : fffffdffc3735880
[   37.136107][   T10] Call trace:
[   37.136806][   T10]  free_large_kmalloc+0x34/0x188 (P)
[   37.137951][   T10]  kfree+0x25c/0x478
[   37.138725][   T10]  usb_free_urb+0xd0/0x140
[   37.139606][   T10]  smsusb_term_device+0x1ac/0x32c
[   37.140601][   T10]  smsusb_probe+0x1640/0x1bd8
[   37.141546][   T10]  usb_probe_interface+0x598/0xa40
[   37.142574][   T10]  really_probe+0x38c/0x8fc
[   37.143496][   T10]  __driver_probe_device+0x194/0x374
[   37.144546][   T10]  driver_probe_device+0x78/0x330
[   37.145534][   T10]  __device_attach_driver+0x2a8/0x4f4
[   37.146591][   T10]  bus_for_each_drv+0x228/0x2bc
[   37.147570][   T10]  __device_attach+0x2b4/0x434
[   37.148514][   T10]  device_initial_probe+0x24/0x34
[   37.149529][   T10]  bus_probe_device+0x178/0x240
[   37.150513][   T10]  device_add+0x728/0xa6c
[   37.151380][   T10]  usb_set_configuration+0x15cc/0x1b38
[   37.152472][   T10]  usb_generic_driver_probe+0x8c/0x148
[   37.153589][   T10]  usb_probe_device+0x1a4/0x348
[   37.154567][   T10]  really_probe+0x38c/0x8fc
[   37.155501][   T10]  __driver_probe_device+0x194/0x374
[   37.156550][   T10]  driver_probe_device+0x78/0x330
[   37.157585][   T10]  __device_attach_driver+0x2a8/0x4f4
[   37.158668][   T10]  bus_for_each_drv+0x228/0x2bc
[   37.159636][   T10]  __device_attach+0x2b4/0x434
[   37.160584][   T10]  device_initial_probe+0x24/0x34
[   37.161594][   T10]  bus_probe_device+0x178/0x240
[   37.162551][   T10]  device_add+0x728/0xa6c
[   37.163419][   T10]  usb_new_device+0x908/0x149c
[   37.164368][   T10]  hub_event+0x2454/0x4280
[   37.165227][   T10]  process_one_work+0x7a8/0x15cc
[   37.166273][   T10]  worker_thread+0x97c/0xeec
[   37.167272][   T10]  kthread+0x288/0x310
[   37.168081][   T10]  ret_from_fork+0x10/0x20
[   37.168995][   T10] irq event stamp: 111460
[   37.169859][   T10] hardirqs last  enabled at (111459): [<ffff800080bf2374>] kasan_quarantine_put+0x1a0/0x1c8
[   37.171921][   T10] hardirqs last disabled at (111460): [<ffff80008b69c83c>] el1_dbg+0x24/0x80
[   37.173669][   T10] softirqs last  enabled at (110984): [<ffff80008030e7b4>] handle_softirqs+0xb44/0xd34
[   37.175539][   T10] softirqs last disabled at (110975): [<ffff800080020db4>] __do_softirq+0x14/0x20
[   37.177347][   T10] ---[ end trace 0000000000000000 ]---
[   37.178661][   T10] object pointer: 0x00000000d2f1f08c
[   37.179793][   T10] ==================================================================
[   37.181323][   T10] BUG: KASAN: double-free in kfree+0x25c/0x478
[   37.182538][   T10] Free of addr ffff0000dcd62000 by task kworker/0:1/10
[   37.183861][   T10] 
[   37.184334][   T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Tainted: G        W          6.13.0-rc3-syzkaller-g573067a5a685 #0
[   37.186615][   T10] Tainted: [W]=WARN
[   37.187417][   T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   37.189369][   T10] Workqueue: usb_hub_wq hub_event
[   37.190376][   T10] Call trace:
[   37.191014][   T10]  show_stack+0x2c/0x3c (C)
[   37.191934][   T10]  dump_stack_lvl+0xe4/0x150
[   37.192850][   T10]  print_report+0x198/0x538
[   37.193750][   T10]  kasan_report_invalid_free+0xc4/0x118
[   37.194869][   T10]  check_page_allocation+0x1d8/0x2a8
[   37.195931][   T10]  __kasan_kfree_large+0x10/0x1c
[   37.196936][   T10]  free_large_kmalloc+0x64/0x188
[   37.197967][   T10]  kfree+0x25c/0x478
[   37.198754][   T10]  usb_free_urb+0xd0/0x140
[   37.199637][   T10]  smsusb_term_device+0x1ac/0x32c
[   37.200612][   T10]  smsusb_probe+0x1640/0x1bd8
[   37.201541][   T10]  usb_probe_interface+0x598/0xa40
[   37.202558][   T10]  really_probe+0x38c/0x8fc
[   37.203439][   T10]  __driver_probe_device+0x194/0x374
[   37.204489][   T10]  driver_probe_device+0x78/0x330
[   37.205496][   T10]  __device_attach_driver+0x2a8/0x4f4
[   37.206559][   T10]  bus_for_each_drv+0x228/0x2bc
[   37.207535][   T10]  __device_attach+0x2b4/0x434
[   37.208481][   T10]  device_initial_probe+0x24/0x34
[   37.209487][   T10]  bus_probe_device+0x178/0x240
[   37.210452][   T10]  device_add+0x728/0xa6c
[   37.211332][   T10]  usb_set_configuration+0x15cc/0x1b38
[   37.212410][   T10]  usb_generic_driver_probe+0x8c/0x148
[   37.213519][   T10]  usb_probe_device+0x1a4/0x348
[   37.214533][   T10]  really_probe+0x38c/0x8fc
[   37.215435][   T10]  __driver_probe_device+0x194/0x374
[   37.216484][   T10]  driver_probe_device+0x78/0x330
[   37.217519][   T10]  __device_attach_driver+0x2a8/0x4f4
[   37.218587][   T10]  bus_for_each_drv+0x228/0x2bc
[   37.219545][   T10]  __device_attach+0x2b4/0x434
[   37.220499][   T10]  device_initial_probe+0x24/0x34
[   37.221512][   T10]  bus_probe_device+0x178/0x240
[   37.222542][   T10]  device_add+0x728/0xa6c
[   37.223413][   T10]  usb_new_device+0x908/0x149c
[   37.224365][   T10]  hub_event+0x2454/0x4280
[   37.225250][   T10]  process_one_work+0x7a8/0x15cc
[   37.226257][   T10]  worker_thread+0x97c/0xeec
[   37.227162][   T10]  kthread+0x288/0x310
[   37.227950][   T10]  ret_from_fork+0x10/0x20
[   37.228857][   T10] 
[   37.229316][   T10] The buggy address belongs to the physical page:
[   37.230654][   T10] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11cd62
[   37.232333][   T10] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff)
[   37.233742][   T10] raw: 05ffc00000000000 0000000000000000 fffffdffc3735888 0000000000000000
[   37.235475][   T10] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   37.237142][   T10] page dumped because: kasan: bad access detected
[   37.238391][   T10] 
[   37.238937][   T10] Memory state around the buggy address:
[   37.240064][   T10]  ffff0000dcd61f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   37.241749][   T10]  ffff0000dcd61f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   37.243306][   T10] >ffff0000dcd62000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   37.244855][   T10]                    ^
[   37.245670][   T10]  ffff0000dcd62080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   37.247416][   T10]  ffff0000dcd62100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   37.248997][   T10] ==================================================================
[   37.250698][   T10] Disabling lock debugging due to kernel taint
[   37.251877][   T10] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11cd62
[   37.253539][   T10] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff)
[   37.254919][   T10] raw: 05ffc00000000000 0000000000000000 fffffdffc3735888 0000000000000000
[   37.256682][   T10] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   37.258356][   T10] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[   37.259935][   T10] ------------[ cut here ]------------
[   37.261005][   T10] kernel BUG at ./include/linux/mm.h:1152!
[   37.262106][   T10] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
[   37.263676][   T10] Modules linked in:
[   37.264438][   T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Tainted: G    B   W          6.13.0-rc3-syzkaller-g573067a5a685 #0
[   37.266702][   T10] Tainted: [B]=BAD_PAGE, [W]=WARN
[   37.267679][   T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   37.269639][   T10] Workqueue: usb_hub_wq hub_event
[   37.270674][   T10] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   37.272235][   T10] pc : free_large_kmalloc+0x158/0x188
[   37.273339][   T10] lr : free_large_kmalloc+0x158/0x188
[   37.274465][   T10] sp : ffff800097a76830
[   37.275320][   T10] x29: ffff800097a76830 x28: ffff0000c304a000 x27: ffff0000c19e1e40
[   37.277019][   T10] x26: 1fffe00018609401 x25: 00000000000003f0 x24: 1fffe0001a9f8e1e
[   37.278613][   T10] x23: dfff800000000000 x22: 0000000000000000 x21: 0000000000000000
[   37.280379][   T10] x20: fffffffffffff000 x19: fffffdffc3735880 x18: 0000000000000008
[   37.282074][   T10] x17: 0000000000000000 x16: ffff800083275834 x15: 0000000000000001
[   37.283864][   T10] x14: 1fffe000366fc2ea x13: 0000000000000000 x12: 0000000000000000
[   37.285579][   T10] x11: 0000000000000001 x10: 0000000000ff0100 x9 : 4c2ddb16bd3ca900
[   37.287327][   T10] x8 : 4c2ddb16bd3ca900 x7 : 0000000000000001 x6 : 0000000000000001
[   37.289045][   T10] x5 : ffff800097a75d18 x4 : ffff80008fa8f840 x3 : ffff80008073f2fc
[   37.290708][   T10] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000003e
[   37.292412][   T10] Call trace:
[   37.293080][   T10]  free_large_kmalloc+0x158/0x188 (P)
[   37.294303][   T10]  kfree+0x25c/0x478
[   37.295191][   T10]  usb_free_urb+0xd0/0x140
[   37.296175][   T10]  smsusb_term_device+0x1ac/0x32c
[   37.297260][   T10]  smsusb_probe+0x1640/0x1bd8
[   37.298311][   T10]  usb_probe_interface+0x598/0xa40
[   37.299577][   T10]  really_probe+0x38c/0x8fc
[   37.300540][   T10]  __driver_probe_device+0x194/0x374
[   37.301700][   T10]  driver_probe_device+0x78/0x330
[   37.302775][   T10]  __device_attach_driver+0x2a8/0x4f4
[   37.303943][   T10]  bus_for_each_drv+0x228/0x2bc
[   37.304978][   T10]  __device_attach+0x2b4/0x434
[   37.305942][   T10]  device_initial_probe+0x24/0x34
[   37.307011][   T10]  bus_probe_device+0x178/0x240
[   37.308043][   T10]  device_add+0x728/0xa6c
[   37.309032][   T10]  usb_set_configuration+0x15cc/0x1b38
[   37.310169][   T10]  usb_generic_driver_probe+0x8c/0x148
[   37.311303][   T10]  usb_probe_device+0x1a4/0x348
[   37.312331][   T10]  really_probe+0x38c/0x8fc
[   37.313359][   T10]  __driver_probe_device+0x194/0x374
[   37.314407][   T10]  driver_probe_device+0x78/0x330
[   37.315542][   T10]  __device_attach_driver+0x2a8/0x4f4
[   37.316670][   T10]  bus_for_each_drv+0x228/0x2bc
[   37.317826][   T10]  __device_attach+0x2b4/0x434
[   37.318873][   T10]  device_initial_probe+0x24/0x34
[   37.319889][   T10]  bus_probe_device+0x178/0x240
[   37.320895][   T10]  device_add+0x728/0xa6c
[   37.321853][   T10]  usb_new_device+0x908/0x149c
[   37.322817][   T10]  hub_event+0x2454/0x4280
[   37.323848][   T10]  process_one_work+0x7a8/0x15cc
[   37.324924][   T10]  worker_thread+0x97c/0xeec
[   37.325919][   T10]  kthread+0x288/0x310
[   37.326724][   T10]  ret_from_fork+0x10/0x20
[   37.327740][   T10] Code: b0071f41 911d7421 aa1303e0 97fc23ab (d4210000) 
[   37.329235][   T10] ---[ end trace 0000000000000000 ]---
[   37.668850][   T10] Kernel panic - not syncing: Oops - BUG: Fatal exception
[   37.670333][   T10] SMP: stopping secondary CPUs
[   37.671303][   T10] Kernel Offset: disabled
[   37.672138][   T10] CPU features: 0x100,00002070,00800250,82017203
[   37.673363][   T10] Memory Limit: none
[   38.000942][   T10] Rebooting in 86400 seconds..