Warning: Permanently added '10.128.0.131' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   21.696239][   T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   21.936157][   T12] usb 1-1: Using ep0 maxpacket: 8
[   22.056226][   T12] usb 1-1: config 31 has an invalid interface number: 202 but max is 0
[   22.064681][   T12] usb 1-1: config 31 has an invalid descriptor of length 0, skipping remainder of the config
[   22.074873][   T12] usb 1-1: config 31 has no interface number 0
[   22.081068][   T12] usb 1-1: config 31 interface 202 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[   22.090987][   T12] usb 1-1: New USB device found, idVendor=1618, idProduct=9113, bcdDevice=a6.1e
[   22.100013][   T12] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   22.150041][   T12] rsi_91x: rsi_probe: Failed to init usb interface
[   22.157569][   T12] ==================================================================
[   22.165718][   T12] BUG: KASAN: double-free or invalid-free in rsi_91x_deinit+0x270/0x2f0
[   22.174031][   T12] 
[   22.176345][   T12] CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.3.0-rc7+ #0
[   22.183686][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   22.193725][   T12] Workqueue: usb_hub_wq hub_event
[   22.198720][   T12] Call Trace:
[   22.201985][   T12]  dump_stack+0xca/0x13e
[   22.206207][   T12]  print_address_description+0x6a/0x32c
[   22.211735][   T12]  ? rsi_91x_deinit+0x270/0x2f0
[   22.216563][   T12]  kasan_report_invalid_free+0x61/0xa0
[   22.221998][   T12]  ? rsi_91x_deinit+0x270/0x2f0
[   22.226827][   T12]  __kasan_slab_free+0x162/0x180
[   22.231743][   T12]  ? rsi_91x_deinit+0x270/0x2f0
[   22.236570][   T12]  kfree+0xe4/0x2f0
[   22.240357][   T12]  rsi_91x_deinit+0x270/0x2f0
[   22.245010][   T12]  rsi_probe+0xcec/0x15a0
[   22.249315][   T12]  ? rsi_disconnect+0x630/0x630
[   22.254145][   T12]  ? lockdep_hardirqs_on+0x379/0x580
[   22.259408][   T12]  ? __pm_runtime_resume+0x111/0x180
[   22.264677][   T12]  usb_probe_interface+0x305/0x7a0
[   22.269766][   T12]  ? usb_probe_device+0x100/0x100
[   22.274770][   T12]  really_probe+0x281/0x6d0
[   22.279253][   T12]  driver_probe_device+0x101/0x1b0
[   22.284342][   T12]  __device_attach_driver+0x1c2/0x220
[   22.289694][   T12]  ? driver_allows_async_probing+0x160/0x160
[   22.295649][   T12]  bus_for_each_drv+0x162/0x1e0
[   22.300478][   T12]  ? bus_rescan_devices+0x20/0x20
[   22.305481][   T12]  ? _raw_spin_unlock_irqrestore+0x3e/0x50
[   22.311262][   T12]  ? lockdep_hardirqs_on+0x379/0x580
[   22.316540][   T12]  __device_attach+0x217/0x360
[   22.321281][   T12]  ? device_bind_driver+0xd0/0xd0
[   22.326283][   T12]  ? kobject_uevent_env+0x29e/0x1150
[   22.331546][   T12]  ? kobject_uevent_env+0x2a8/0x1150
[   22.336840][   T12]  bus_probe_device+0x1e4/0x290
[   22.341677][   T12]  ? blocking_notifier_call_chain+0x54/0xa0
[   22.347563][   T12]  device_add+0xae6/0x16f0
[   22.351954][   T12]  ? uevent_store+0x50/0x50
[   22.356437][   T12]  usb_set_configuration+0xdf6/0x1670
[   22.361798][   T12]  generic_probe+0x9d/0xd5
[   22.366190][   T12]  usb_probe_device+0x99/0x100
[   22.371017][   T12]  ? usb_suspend+0x620/0x620
[   22.375584][   T12]  really_probe+0x281/0x6d0
[   22.380065][   T12]  driver_probe_device+0x101/0x1b0
[   22.385152][   T12]  __device_attach_driver+0x1c2/0x220
[   22.390503][   T12]  ? driver_allows_async_probing+0x160/0x160
[   22.396455][   T12]  bus_for_each_drv+0x162/0x1e0
[   22.401281][   T12]  ? bus_rescan_devices+0x20/0x20
[   22.406282][   T12]  ? _raw_spin_unlock_irqrestore+0x3e/0x50
[   22.412067][   T12]  ? lockdep_hardirqs_on+0x379/0x580
[   22.417326][   T12]  __device_attach+0x217/0x360
[   22.422065][   T12]  ? device_bind_driver+0xd0/0xd0
[   22.427066][   T12]  ? kobject_uevent_env+0x29e/0x1150
[   22.432326][   T12]  ? kobject_uevent_env+0x2a8/0x1150
[   22.437587][   T12]  bus_probe_device+0x1e4/0x290
[   22.442412][   T12]  ? blocking_notifier_call_chain+0x54/0xa0
[   22.448278][   T12]  device_add+0xae6/0x16f0
[   22.452669][   T12]  ? uevent_store+0x50/0x50
[   22.457159][   T12]  usb_new_device.cold+0x6a4/0xe79
[   22.462251][   T12]  hub_event+0x1b5c/0x3640
[   22.466654][   T12]  ? hub_port_debounce+0x260/0x260
[   22.471750][   T12]  process_one_work+0x92b/0x1530
[   22.476664][   T12]  ? pwq_dec_nr_in_flight+0x310/0x310
[   22.482012][   T12]  ? do_raw_spin_lock+0x11a/0x280
[   22.487015][   T12]  worker_thread+0x96/0xe20
[   22.491498][   T12]  ? process_one_work+0x1530/0x1530
[   22.496680][   T12]  kthread+0x318/0x420
[   22.500738][   T12]  ? kthread_create_on_node+0xf0/0xf0
[   22.506086][   T12]  ret_from_fork+0x24/0x30
[   22.510473][   T12] 
[   22.512777][   T12] Allocated by task 12:
[   22.516918][   T12]  save_stack+0x1b/0x80
[   22.521049][   T12]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   22.526655][   T12]  rsi_probe+0x11a/0x15a0
[   22.530960][   T12]  usb_probe_interface+0x305/0x7a0
[   22.536051][   T12]  really_probe+0x281/0x6d0
[   22.540532][   T12]  driver_probe_device+0x101/0x1b0
[   22.545626][   T12]  __device_attach_driver+0x1c2/0x220
[   22.550974][   T12]  bus_for_each_drv+0x162/0x1e0
[   22.555797][   T12]  __device_attach+0x217/0x360
[   22.560536][   T12]  bus_probe_device+0x1e4/0x290
[   22.565361][   T12]  device_add+0xae6/0x16f0
[   22.569755][   T12]  usb_set_configuration+0xdf6/0x1670
[   22.575101][   T12]  generic_probe+0x9d/0xd5
[   22.579493][   T12]  usb_probe_device+0x99/0x100
[   22.584239][   T12]  really_probe+0x281/0x6d0
[   22.588716][   T12]  driver_probe_device+0x101/0x1b0
[   22.593803][   T12]  __device_attach_driver+0x1c2/0x220
[   22.599151][   T12]  bus_for_each_drv+0x162/0x1e0
[   22.603977][   T12]  __device_attach+0x217/0x360
[   22.608717][   T12]  bus_probe_device+0x1e4/0x290
[   22.613545][   T12]  device_add+0xae6/0x16f0
[   22.617938][   T12]  usb_new_device.cold+0x6a4/0xe79
[   22.623022][   T12]  hub_event+0x1b5c/0x3640
[   22.627414][   T12]  process_one_work+0x92b/0x1530
[   22.632325][   T12]  worker_thread+0x96/0xe20
[   22.636803][   T12]  kthread+0x318/0x420
[   22.640849][   T12]  ret_from_fork+0x24/0x30
[   22.645235][   T12] 
[   22.647540][   T12] Freed by task 12:
[   22.651322][   T12]  save_stack+0x1b/0x80
[   22.655451][   T12]  __kasan_slab_free+0x130/0x180
[   22.660361][   T12]  kfree+0xe4/0x2f0
[   22.664147][   T12]  rsi_probe+0xdfd/0x15a0
[   22.668450][   T12]  usb_probe_interface+0x305/0x7a0
[   22.673536][   T12]  really_probe+0x281/0x6d0
[   22.678710][   T12]  driver_probe_device+0x101/0x1b0
[   22.683796][   T12]  __device_attach_driver+0x1c2/0x220
[   22.689161][   T12]  bus_for_each_drv+0x162/0x1e0
[   22.693999][   T12]  __device_attach+0x217/0x360
[   22.698764][   T12]  bus_probe_device+0x1e4/0x290
[   22.703596][   T12]  device_add+0xae6/0x16f0
[   22.707994][   T12]  usb_set_configuration+0xdf6/0x1670
[   22.713348][   T12]  generic_probe+0x9d/0xd5
[   22.717752][   T12]  usb_probe_device+0x99/0x100
[   22.722494][   T12]  really_probe+0x281/0x6d0
[   22.726984][   T12]  driver_probe_device+0x101/0x1b0
[   22.732074][   T12]  __device_attach_driver+0x1c2/0x220
[   22.737421][   T12]  bus_for_each_drv+0x162/0x1e0
[   22.742255][   T12]  __device_attach+0x217/0x360
[   22.747009][   T12]  bus_probe_device+0x1e4/0x290
[   22.751847][   T12]  device_add+0xae6/0x16f0
[   22.756255][   T12]  usb_new_device.cold+0x6a4/0xe79
[   22.761344][   T12]  hub_event+0x1b5c/0x3640
[   22.765750][   T12]  process_one_work+0x92b/0x1530
[   22.770666][   T12]  worker_thread+0x96/0xe20
[   22.775147][   T12]  kthread+0x318/0x420
[   22.779200][   T12]  ret_from_fork+0x24/0x30
[   22.783600][   T12] 
[   22.785912][   T12] The buggy address belongs to the object at ffff8881d3bc6280
[   22.785912][   T12]  which belongs to the cache kmalloc-512 of size 512
[   22.799943][   T12] The buggy address is located 0 bytes inside of
[   22.799943][   T12]  512-byte region [ffff8881d3bc6280, ffff8881d3bc6480)
[   22.813023][   T12] The buggy address belongs to the page:
[   22.818635][   T12] page:ffffea00074ef180 refcount:1 mapcount:0 mapping:ffff8881da002500 index:0x0 compound_mapcount: 0
[   22.829538][   T12] flags: 0x200000000010200(slab|head)
[   22.834888][   T12] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da002500
[   22.843447][   T12] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   22.851999][   T12] page dumped because: kasan: bad access detected
[   22.858380][   T12] 
[   22.860682][   T12] Memory state around the buggy address:
[   22.866373][   T12]  ffff8881d3bc6180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.874408][   T12]  ffff8881d3bc6200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.882446][   T12] >ffff8881d3bc6280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.890487][   T12]                    ^
[   22.894531][   T12]  ffff8881d3bc6300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.90