Warning: Permanently added '10.128.0.108' (ED25519) to the list of known hosts.
executing program
[   37.324202][ T6416] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   37.473922][ T6416] usb 1-1: Using ep0 maxpacket: 32
[   37.477666][ T6416] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   37.479763][ T6416] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[   37.481662][ T6416] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA9, changing to 0x89
[   37.484011][ T6416] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 224
[   37.486113][ T6416] usb 1-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[   37.490100][ T6416] usb 1-1: New USB device found, idVendor=2040, idProduct=5500, bcdDevice=a9.c8
[   37.492111][ T6416] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   37.493682][ T6416] usb 1-1: Product: syz
[   37.494575][ T6416] usb 1-1: Manufacturer: syz
[   37.495490][ T6416] usb 1-1: SerialNumber: syz
[   37.498694][ T6416] usb 1-1: config 0 descriptor??
[   37.501752][ T6413] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   37.710040][ T6416] smsusb:smsusb_probe: board id=8, interface number 0
[   37.717720][ T6416] smsusb:siano_media_device_register: media controller created
[   37.725409][ T6416] smsmdtv:smscore_sendrequest_and_wait: sendrequest returned error -22
[   37.727168][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   37.727211][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   37.727229][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   37.727246][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   37.727262][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   37.727279][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   37.727295][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   37.727312][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   37.727328][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   37.727345][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[   37.742386][ T6416] smsmdtv:smscore_set_device_mode: mode detect failed -22
[   37.743893][ T6416] smsmdtv:smscore_start_device: set device mode failed , rc -22
[   37.745417][ T6416] smsusb:smsusb_init_device: smscore_start_device(...) failed
[   37.747906][ T6416] ------------[ cut here ]------------
[   37.749023][ T6416] WARNING: CPU: 1 PID: 6416 at mm/slub.c:4723 free_large_kmalloc+0x34/0x188
[   37.750835][ T6416] Modules linked in:
[   37.751699][ T6416] CPU: 1 UID: 0 PID: 6416 Comm: kworker/1:3 Not tainted 6.13.0-rc3-syzkaller-g573067a5a685 #0
[   37.753991][ T6416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   37.756114][ T6416] Workqueue: usb_hub_wq hub_event
[   37.757176][ T6416] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   37.758828][ T6416] pc : free_large_kmalloc+0x34/0x188
[   37.760035][ T6416] lr : kfree+0x25c/0x478
[   37.760908][ T6416] sp : ffff8000a3b56830
[   37.761813][ T6416] x29: ffff8000a3b56830 x28: ffff0000c2fb7000 x27: ffff0000d5581e40
[   37.763423][ T6416] x26: 1fffe000185f6e01 x25: 00000000000003f0 x24: 1fffe000185f6a1e
[   37.765020][ T6416] x23: dfff800000000000 x22: ffff0000dce62000 x21: ffff800080b49da0
[   37.766750][ T6416] x20: ffff0000dce62000 x19: fffffdffc3739880 x18: ffff8000a3b560e0
[   37.768615][ T6416] x17: 000000000000f0b3 x16: ffff800083275834 x15: 0000000000000001
[   37.770407][ T6416] x14: 1fffe000183b7ee0 x13: 0000000000000000 x12: 0000000000000000
[   37.772206][ T6416] x11: ffff6000183b7ee1 x10: 0000000000ff0100 x9 : 00003c0003739880
[   37.773926][ T6416] x8 : ffff800092c5e000 x7 : ffff800086978c44 x6 : ffff800086968d84
[   37.775673][ T6416] x5 : ffff0000c58dfd28 x4 : ffff8000a3b566b8 x3 : ffff80008698dcb4
[   37.777348][ T6416] x2 : 0000000000000001 x1 : ffff0000dce62000 x0 : fffffdffc3739880
[   37.778939][ T6416] Call trace:
[   37.779572][ T6416]  free_large_kmalloc+0x34/0x188 (P)
[   37.780605][ T6416]  kfree+0x25c/0x478
[   37.781446][ T6416]  usb_free_urb+0xd0/0x140
[   37.782366][ T6416]  smsusb_term_device+0x1ac/0x32c
[   37.783352][ T6416]  smsusb_probe+0x1640/0x1bd8
[   37.784449][ T6416]  usb_probe_interface+0x598/0xa40
[   37.785554][ T6416]  really_probe+0x38c/0x8fc
[   37.786499][ T6416]  __driver_probe_device+0x194/0x374
[   37.787658][ T6416]  driver_probe_device+0x78/0x330
[   37.788846][ T6416]  __device_attach_driver+0x2a8/0x4f4
[   37.790064][ T6416]  bus_for_each_drv+0x228/0x2bc
[   37.791116][ T6416]  __device_attach+0x2b4/0x434
[   37.792158][ T6416]  device_initial_probe+0x24/0x34
[   37.793229][ T6416]  bus_probe_device+0x178/0x240
[   37.794186][ T6416]  device_add+0x728/0xa6c
[   37.795038][ T6416]  usb_set_configuration+0x15cc/0x1b38
[   37.796237][ T6416]  usb_generic_driver_probe+0x8c/0x148
[   37.797377][ T6416]  usb_probe_device+0x1a4/0x348
[   37.798363][ T6416]  really_probe+0x38c/0x8fc
[   37.799229][ T6416]  __driver_probe_device+0x194/0x374
[   37.800278][ T6416]  driver_probe_device+0x78/0x330
[   37.801324][ T6416]  __device_attach_driver+0x2a8/0x4f4
[   37.802378][ T6416]  bus_for_each_drv+0x228/0x2bc
[   37.803331][ T6416]  __device_attach+0x2b4/0x434
[   37.804359][ T6416]  device_initial_probe+0x24/0x34
[   37.805442][ T6416]  bus_probe_device+0x178/0x240
[   37.806448][ T6416]  device_add+0x728/0xa6c
[   37.807335][ T6416]  usb_new_device+0x908/0x149c
[   37.808334][ T6416]  hub_event+0x2454/0x4280
[   37.809234][ T6416]  process_one_work+0x7a8/0x15cc
[   37.810189][ T6416]  worker_thread+0x97c/0xeec
[   37.811073][ T6416]  kthread+0x288/0x310
[   37.811940][ T6416]  ret_from_fork+0x10/0x20
[   37.812910][ T6416] irq event stamp: 4458
[   37.813697][ T6416] hardirqs last  enabled at (4457): [<ffff800080bf2374>] kasan_quarantine_put+0x1a0/0x1c8
[   37.815597][ T6416] hardirqs last disabled at (4458): [<ffff80008b69c83c>] el1_dbg+0x24/0x80
[   37.817377][ T6416] softirqs last  enabled at (3844): [<ffff80008030e7b4>] handle_softirqs+0xb44/0xd34
[   37.819425][ T6416] softirqs last disabled at (3835): [<ffff800080020db4>] __do_softirq+0x14/0x20
[   37.821469][ T6416] ---[ end trace 0000000000000000 ]---
[   37.822933][ T6416] object pointer: 0x0000000089fb30a5
[   37.824051][ T6416] ==================================================================
[   37.825801][ T6416] BUG: KASAN: double-free in kfree+0x25c/0x478
[   37.827153][ T6416] Free of addr ffff0000dce62000 by task kworker/1:3/6416
[   37.828560][ T6416] 
[   37.829105][ T6416] CPU: 1 UID: 0 PID: 6416 Comm: kworker/1:3 Tainted: G        W          6.13.0-rc3-syzkaller-g573067a5a685 #0
[   37.831816][ T6416] Tainted: [W]=WARN
[   37.832691][ T6416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   37.834817][ T6416] Workqueue: usb_hub_wq hub_event
[   37.835914][ T6416] Call trace:
[   37.836550][ T6416]  show_stack+0x2c/0x3c (C)
[   37.837513][ T6416]  dump_stack_lvl+0xe4/0x150
[   37.838446][ T6416]  print_report+0x198/0x538
[   37.839268][ T6416]  kasan_report_invalid_free+0xc4/0x118
[   37.840362][ T6416]  check_page_allocation+0x1d8/0x2a8
[   37.841565][ T6416]  __kasan_kfree_large+0x10/0x1c
[   37.842608][ T6416]  free_large_kmalloc+0x64/0x188
[   37.843583][ T6416]  kfree+0x25c/0x478
[   37.844372][ T6416]  usb_free_urb+0xd0/0x140
[   37.845272][ T6416]  smsusb_term_device+0x1ac/0x32c
[   37.846323][ T6416]  smsusb_probe+0x1640/0x1bd8
[   37.847284][ T6416]  usb_probe_interface+0x598/0xa40
[   37.848371][ T6416]  really_probe+0x38c/0x8fc
[   37.849302][ T6416]  __driver_probe_device+0x194/0x374
[   37.850418][ T6416]  driver_probe_device+0x78/0x330
[   37.851517][ T6416]  __device_attach_driver+0x2a8/0x4f4
[   37.852738][ T6416]  bus_for_each_drv+0x228/0x2bc
[   37.853717][ T6416]  __device_attach+0x2b4/0x434
[   37.854697][ T6416]  device_initial_probe+0x24/0x34
[   37.855786][ T6416]  bus_probe_device+0x178/0x240
[   37.856813][ T6416]  device_add+0x728/0xa6c
[   37.857718][ T6416]  usb_set_configuration+0x15cc/0x1b38
[   37.858875][ T6416]  usb_generic_driver_probe+0x8c/0x148
[   37.860230][ T6416]  usb_probe_device+0x1a4/0x348
[   37.861311][ T6416]  really_probe+0x38c/0x8fc
[   37.862230][ T6416]  __driver_probe_device+0x194/0x374
[   37.863376][ T6416]  driver_probe_device+0x78/0x330
[   37.864380][ T6416]  __device_attach_driver+0x2a8/0x4f4
[   37.865500][ T6416]  bus_for_each_drv+0x228/0x2bc
[   37.866550][ T6416]  __device_attach+0x2b4/0x434
[   37.867541][ T6416]  device_initial_probe+0x24/0x34
[   37.868579][ T6416]  bus_probe_device+0x178/0x240
[   37.869537][ T6416]  device_add+0x728/0xa6c
[   37.870468][ T6416]  usb_new_device+0x908/0x149c
[   37.871517][ T6416]  hub_event+0x2454/0x4280
[   37.872393][ T6416]  process_one_work+0x7a8/0x15cc
[   37.873325][ T6416]  worker_thread+0x97c/0xeec
[   37.874239][ T6416]  kthread+0x288/0x310
[   37.875087][ T6416]  ret_from_fork+0x10/0x20
[   37.875922][ T6416] 
[   37.876400][ T6416] The buggy address belongs to the physical page:
[   37.877716][ T6416] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ce62
[   37.879744][ T6416] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff)
[   37.881269][ T6416] raw: 05ffc00000000000 0000000000000000 dead000000000122 0000000000000000
[   37.883027][ T6416] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   37.884635][ T6416] page dumped because: kasan: bad access detected
[   37.885964][ T6416] 
[   37.886422][ T6416] Memory state around the buggy address:
[   37.887665][ T6416]  ffff0000dce61f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   37.889359][ T6416]  ffff0000dce61f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   37.890998][ T6416] >ffff0000dce62000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   37.892743][ T6416]                    ^
[   37.893553][ T6416]  ffff0000dce62080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   37.895260][ T6416]  ffff0000dce62100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   37.897078][ T6416] ==================================================================
[   37.899162][ T6416] Disabling lock debugging due to kernel taint
[   37.900584][ T6416] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ce62
[   37.902315][ T6416] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff)
[   37.903881][ T6416] raw: 05ffc00000000000 0000000000000000 dead000000000122 0000000000000000
[   37.905714][ T6416] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   37.907602][ T6416] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[   37.909287][ T6416] ------------[ cut here ]------------
[   37.910310][ T6416] kernel BUG at ./include/linux/mm.h:1152!
[   37.911487][ T6416] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
[   37.912942][ T6416] Modules linked in:
[   37.913797][ T6416] CPU: 1 UID: 0 PID: 6416 Comm: kworker/1:3 Tainted: G    B   W          6.13.0-rc3-syzkaller-g573067a5a685 #0
[   37.916278][ T6416] Tainted: [B]=BAD_PAGE, [W]=WARN
[   37.917353][ T6416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   37.919298][ T6416] Workqueue: usb_hub_wq hub_event
[   37.920357][ T6416] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   37.922083][ T6416] pc : free_large_kmalloc+0x158/0x188
[   37.923071][ T6416] lr : free_large_kmalloc+0x158/0x188
[   37.924203][ T6416] sp : ffff8000a3b56830
[   37.925000][ T6416] x29: ffff8000a3b56830 x28: ffff0000c2fb7000 x27: ffff0000d5581e40
[   37.926680][ T6416] x26: 1fffe000185f6e01 x25: 00000000000003f0 x24: 1fffe000185f6a1e
[   37.928450][ T6416] x23: dfff800000000000 x22: 0000000000000000 x21: 0000000000000000
[   37.930119][ T6416] x20: fffffffffffff000 x19: fffffdffc3739880 x18: 0000000000000008
[   37.931779][ T6416] x17: 0000000000000000 x16: ffff800083275834 x15: 0000000000000001
[   37.933422][ T6416] x14: 1fffe00036700aea x13: 0000000000000000 x12: 0000000000000000
[   37.935063][ T6416] x11: 0000000000000001 x10: 0000000000ff0100 x9 : 1de891dfb4985100
[   37.936737][ T6416] x8 : 1de891dfb4985100 x7 : 0000000000000001 x6 : 0000000000000001
[   37.938383][ T6416] x5 : ffff8000a3b55d18 x4 : ffff80008fa8f840 x3 : ffff80008073f2fc
[   37.940018][ T6416] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000003e
[   37.941611][ T6416] Call trace:
[   37.942242][ T6416]  free_large_kmalloc+0x158/0x188 (P)
[   37.943363][ T6416]  kfree+0x25c/0x478
[   37.944145][ T6416]  usb_free_urb+0xd0/0x140
[   37.945175][ T6416]  smsusb_term_device+0x1ac/0x32c
[   37.946220][ T6416]  smsusb_probe+0x1640/0x1bd8
[   37.947115][ T6416]  usb_probe_interface+0x598/0xa40
[   37.948128][ T6416]  really_probe+0x38c/0x8fc
[   37.949113][ T6416]  __driver_probe_device+0x194/0x374
[   37.950368][ T6416]  driver_probe_device+0x78/0x330
[   37.951430][ T6416]  __device_attach_driver+0x2a8/0x4f4
[   37.952673][ T6416]  bus_for_each_drv+0x228/0x2bc
[   37.953842][ T6416]  __device_attach+0x2b4/0x434
[   37.954851][ T6416]  device_initial_probe+0x24/0x34
[   37.955944][ T6416]  bus_probe_device+0x178/0x240
[   37.956952][ T6416]  device_add+0x728/0xa6c
[   37.957849][ T6416]  usb_set_configuration+0x15cc/0x1b38
[   37.958985][ T6416]  usb_generic_driver_probe+0x8c/0x148
[   37.960152][ T6416]  usb_probe_device+0x1a4/0x348
[   37.961240][ T6416]  really_probe+0x38c/0x8fc
[   37.962126][ T6416]  __driver_probe_device+0x194/0x374
[   37.963357][ T6416]  driver_probe_device+0x78/0x330
[   37.964459][ T6416]  __device_attach_driver+0x2a8/0x4f4
[   37.965551][ T6416]  bus_for_each_drv+0x228/0x2bc
[   37.966559][ T6416]  __device_attach+0x2b4/0x434
[   37.967530][ T6416]  device_initial_probe+0x24/0x34
[   37.968578][ T6416]  bus_probe_device+0x178/0x240
[   37.969602][ T6416]  device_add+0x728/0xa6c
[   37.970496][ T6416]  usb_new_device+0x908/0x149c
[   37.971500][ T6416]  hub_event+0x2454/0x4280
[   37.972423][ T6416]  process_one_work+0x7a8/0x15cc
[   37.973455][ T6416]  worker_thread+0x97c/0xeec
[   37.974446][ T6416]  kthread+0x288/0x310
[   37.975333][ T6416]  ret_from_fork+0x10/0x20
[   37.976223][ T6416] Code: b0071f41 911d7421 aa1303e0 97fc23ab (d4210000) 
[   37.977601][ T6416] ---[ end trace 0000000000000000 ]---
[   38.312352][ T6416] Kernel panic - not syncing: Oops - BUG: Fatal exception
[   38.313846][ T6416] SMP: stopping secondary CPUs
[   38.314828][ T6416] Kernel Offset: disabled
[   38.315816][ T6416] CPU features: 0x100,00002070,00800250,82017203
[   38.317009][ T6416] Memory Limit: none
[   38.618817][ T6416] Rebooting in 86400 seconds..