Warning: Permanently added '10.128.0.109' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   69.099914] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   69.339872] usb 1-1: Using ep0 maxpacket: 8
[   69.459974] usb 1-1: config 0 has an invalid interface number: 28 but max is 0
[   69.467638] usb 1-1: config 0 has no interface number 0
[   69.473348] usb 1-1: New USB device found, idVendor=04fa, idProduct=2490, bcdDevice=74.f9
[   69.481738] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   69.491127] usb 1-1: config 0 descriptor??
[   69.730135] ==================================================================
[   69.737870] BUG: KASAN: use-after-free in ds_probe+0x604/0x760
[   69.743839] Read of size 1 at addr ffff888097344f22 by task kworker/1:0/17
[   69.750832] 
[   69.752446] CPU: 1 PID: 17 Comm: kworker/1:0 Not tainted 5.1.0-rc5-319617-gd34f951 #4
[   69.760478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   69.769870] Workqueue: usb_hub_wq hub_event
[   69.774327] Call Trace:
[   69.776932]  dump_stack+0xe8/0x16e
[   69.780466]  ? ds_probe+0x604/0x760
[   69.784113]  ? ds_probe+0x604/0x760
[   69.787763]  print_address_description+0x6c/0x236
[   69.792619]  ? ds_probe+0x604/0x760
[   69.796241]  ? ds_probe+0x604/0x760
[   69.799856]  kasan_report.cold+0x1a/0x3c
[   69.803949]  ? ds_probe+0x604/0x760
[   69.807657]  ds_probe+0x604/0x760
[   69.811146]  usb_probe_interface+0x31d/0x820
[   69.815553]  ? usb_probe_device+0x150/0x150
[   69.819930]  really_probe+0x2da/0xb10
[   69.823721]  driver_probe_device+0x21d/0x350
[   69.828113]  __device_attach_driver+0x1d8/0x290
[   69.832775]  ? driver_allows_async_probing+0x160/0x160
[   69.838045]  bus_for_each_drv+0x163/0x1e0
[   69.842181]  ? bus_rescan_devices+0x30/0x30
[   69.846498]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   69.851635]  ? lockdep_hardirqs_on+0x37e/0x580
[   69.856207]  __device_attach+0x223/0x3a0
[   69.860254]  ? device_bind_driver+0xe0/0xe0
[   69.864575]  ? kobject_uevent_env+0x295/0x13d0
[   69.869267]  bus_probe_device+0x1f1/0x2a0
[   69.873405]  ? blocking_notifier_call_chain+0x59/0xb0
[   69.878588]  device_add+0xad2/0x16e0
[   69.882295]  ? get_device_parent.isra.0+0x560/0x560
[   69.887353]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   69.892454]  usb_set_configuration+0xdf7/0x1740
[   69.897124]  generic_probe+0xa2/0xda
[   69.900825]  usb_probe_device+0xc0/0x150
[   69.904876]  ? usb_suspend+0x5f0/0x5f0
[   69.908748]  really_probe+0x2da/0xb10
[   69.912533]  driver_probe_device+0x21d/0x350
[   69.916934]  __device_attach_driver+0x1d8/0x290
[   69.921594]  ? driver_allows_async_probing+0x160/0x160
[   69.926864]  bus_for_each_drv+0x163/0x1e0
[   69.931002]  ? bus_rescan_devices+0x30/0x30
[   69.935322]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   69.940425]  ? lockdep_hardirqs_on+0x37e/0x580
[   69.945050]  __device_attach+0x223/0x3a0
[   69.949102]  ? device_bind_driver+0xe0/0xe0
[   69.953419]  ? kobject_uevent_env+0x295/0x13d0
[   69.958074]  bus_probe_device+0x1f1/0x2a0
[   69.962215]  ? blocking_notifier_call_chain+0x59/0xb0
[   69.967393]  device_add+0xad2/0x16e0
[   69.971102]  ? get_device_parent.isra.0+0x560/0x560
[   69.976112]  usb_new_device.cold+0x537/0xccf
[   69.980625]  hub_event+0x1398/0x3b00
[   69.984430]  ? hub_port_debounce+0x350/0x350
[   69.988929]  ? _raw_spin_unlock_irq+0x29/0x40
[   69.993424]  process_one_work+0x90f/0x1580
[   69.997694]  ? wq_pool_ids_show+0x300/0x300
[   70.002027]  ? do_raw_spin_lock+0x11f/0x290
[   70.006388]  worker_thread+0x9b/0xe20
[   70.010274]  ? process_one_work+0x1580/0x1580
[   70.014777]  kthread+0x313/0x420
[   70.018134]  ? kthread_park+0x1a0/0x1a0
[   70.022137]  ret_from_fork+0x3a/0x50
[   70.025848] 
[   70.027469] Allocated by task 5185:
[   70.031193]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   70.036116]  security_task_alloc+0x113/0x180
[   70.040516]  copy_process.part.0+0x1c62/0x76b0
[   70.045079]  _do_fork+0x234/0xed0
[   70.048637]  do_syscall_64+0xcf/0x4f0
[   70.052429]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.057709] 
[   70.059322] Freed by task 9:
[   70.062349]  __kasan_slab_free+0x130/0x180
[   70.066631]  slab_free_freelist_hook+0x5e/0x140
[   70.071286]  kfree+0xce/0x280
[   70.074381]  security_task_free+0x9a/0xf0
[   70.078507]  __put_task_struct+0xec/0x4d0
[   70.082703]  delayed_put_task_struct+0x189/0x290
[   70.087491]  rcu_core+0x843/0x1a90
[   70.091024]  __do_softirq+0x22a/0x8cd
[   70.094848] 
[   70.096477] The buggy address belongs to the object at ffff888097344f00
[   70.096477]  which belongs to the cache kmalloc-64 of size 64
[   70.109256] The buggy address is located 34 bytes inside of
[   70.109256]  64-byte region [ffff888097344f00, ffff888097344f40)
[   70.121053] The buggy address belongs to the page:
[   70.125971] page:ffffea00025cd100 count:1 mapcount:0 mapping:ffff88812c3f5600 index:0x0
[   70.134245] flags: 0xfff00000000200(slab)
[   70.138423] raw: 00fff00000000200 ffffea00025fb740 0000000b0000000b ffff88812c3f5600
[   70.146422] raw: 0000000000000000 00000000802a002a 00000001ffffffff 0000000000000000
[   70.154286] page dumped because: kasan: bad access detected
[   70.159986] 
[   70.161593] Memory state around the buggy address:
[   70.166501]  ffff888097344e00: fb fb fb fb fc fc fc fc fb fb fb fb fb fb fb fb
[   70.173988]  ffff888097344e80: fc fc fc fc 00 00 00 00 00 00 fc fc fc fc fc fc
[   70.181381] >ffff888097344f00: fb fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb
[   70.188732]                                ^
[   70.193127]  ffff888097344f80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   70.200472]  ffff888097345000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.207807] ==================================================================
[   70.215145] Disabling lock debugging due to kernel taint
[   70.220894] Kernel panic - not syncing: panic_on_warn set ...
[   70.226824] CPU: 1 PID: 17 Comm: kworker/1:0 Tainted: G    B             5.1.0-rc5-319617-gd34f951 #4
[   70.236194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.245735] Workqueue: usb_hub_wq hub_event
[   70.250054] Call Trace:
[   70.252662]  dump_stack+0xe8/0x16e
[   70.256206]  panic+0x29d/0x5f2
[   70.259399]  ? __warn_printk+0xf8/0xf8
[   70.263293]  ? retint_kernel+0x10/0x10
[   70.267201]  ? trace_hardirqs_on+0x55/0x1c0
[   70.271531]  ? ds_probe+0x604/0x760
[   70.275156]  end_report+0x48/0x4e
[   70.278608]  ? ds_probe+0x604/0x760
[   70.282230]  kasan_report.cold+0xd/0x3c
[   70.286200]  ? ds_probe+0x604/0x760
[   70.289822]  ds_probe+0x604/0x760
[   70.293312]  usb_probe_interface+0x31d/0x820
[   70.297717]  ? usb_probe_device+0x150/0x150
[   70.302057]  really_probe+0x2da/0xb10
[   70.305855]  driver_probe_device+0x21d/0x350
[   70.310257]  __device_attach_driver+0x1d8/0x290
[   70.314924]  ? driver_allows_async_probing+0x160/0x160
[   70.320196]  bus_for_each_drv+0x163/0x1e0
[   70.324342]  ? bus_rescan_devices+0x30/0x30
[   70.328661]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   70.333762]  ? lockdep_hardirqs_on+0x37e/0x580
[   70.338344]  __device_attach+0x223/0x3a0
[   70.342407]  ? device_bind_driver+0xe0/0xe0
[   70.346735]  ? kobject_uevent_env+0x295/0x13d0
[   70.351322]  bus_probe_device+0x1f1/0x2a0
[   70.355475]  ? blocking_notifier_call_chain+0x59/0xb0
[   70.360752]  device_add+0xad2/0x16e0
[   70.364469]  ? get_device_parent.isra.0+0x560/0x560
[   70.369490]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   70.374599]  usb_set_configuration+0xdf7/0x1740
[   70.379284]  generic_probe+0xa2/0xda
[   70.383011]  usb_probe_device+0xc0/0x150
[   70.387067]  ? usb_suspend+0x5f0/0x5f0
[   70.390964]  really_probe+0x2da/0xb10
[   70.394776]  driver_probe_device+0x21d/0x350
[   70.399180]  __device_attach_driver+0x1d8/0x290
[   70.403847]  ? driver_allows_async_probing+0x160/0x160
[   70.409142]  bus_for_each_drv+0x163/0x1e0
[   70.413294]  ? bus_rescan_devices+0x30/0x30
[   70.417632]  ? _raw_spin_unlock_irqrestore+0x4b/0x60
[   70.422737]  ? lockdep_hardirqs_on+0x37e/0x580
[   70.427334]  __device_attach+0x223/0x3a0
[   70.431394]  ? device_bind_driver+0xe0/0xe0
[   70.435741]  ? kobject_uevent_env+0x295/0x13d0
[   70.440330]  bus_probe_device+0x1f1/0x2a0
[   70.444489]  ? blocking_notifier_call_chain+0x59/0xb0
[   70.449679]  device_add+0xad2/0x16e0
[   70.453399]  ? get_device_parent.isra.0+0x560/0x560
[   70.458424]  usb_new_device.cold+0x537/0xccf
[   70.462839]  hub_event+0x1398/0x3b00
[   70.466680]  ? hub_port_debounce+0x350/0x350
[   70.471077]  ? _raw_spin_unlock_irq+0x29/0x40
[   70.475574]  process_one_work+0x90f/0x1580
[   70.479815]  ? wq_pool_ids_show+0x300/0x300
[   70.484132]  ? do_raw_spin_lock+0x11f/0x290
[   70.488455]  worker_thread+0x9b/0xe20
[   70.492257]  ? process_one_work+0x1580/0x1580
[   70.496879]  kthread+0x313/0x420
[   70.500239]  ? kthread_park+0x1a0/0x1a0
[   70.504213]  ret_from_fork+0x3a/0x50
[   70.508880] Kernel Offset: disabled
[   70.512615] Rebooting in 86400 seconds..