
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[   15.093877][    C1] random: crng init done
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.205' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   38.477195][   T22] usb 6-1: new low-speed USB device number 2 using dummy_hcd
[   38.484749][  T101] usb 2-1: new low-speed USB device number 2 using dummy_hcd
[   38.497161][   T17] usb 5-1: new low-speed USB device number 2 using dummy_hcd
[   38.504857][ T1781] usb 4-1: new low-speed USB device number 2 using dummy_hcd
[   38.512857][ T1780] usb 1-1: new low-speed USB device number 2 using dummy_hcd
[   38.517146][   T12] usb 3-1: new low-speed USB device number 2 using dummy_hcd
[   38.847246][  T101] usb 2-1: config 0 has an invalid interface number: 236 but max is 2
[   38.856249][  T101] usb 2-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[   38.866623][  T101] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3
[   38.875547][  T101] usb 2-1: config 0 has no interface number 0
[   38.881788][   T22] usb 6-1: config 0 has an invalid interface number: 236 but max is 2
[   38.890164][   T22] usb 6-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[   38.897321][   T12] usb 3-1: config 0 has an invalid interface number: 236 but max is 2
[   38.902063][   T22] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 3
[   38.910362][   T12] usb 3-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[   38.919200][   T22] usb 6-1: config 0 has no interface number 0
[   38.919261][ T1780] usb 1-1: config 0 has an invalid interface number: 236 but max is 2
[   38.929368][   T12] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3
[   38.935399][ T1780] usb 1-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[   38.935413][ T1780] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 3
[   38.943595][   T12] usb 3-1: config 0 has no interface number 0
[   38.952476][ T1780] usb 1-1: config 0 has no interface number 0
[   38.963301][   T12] usb 3-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[   38.971538][   T17] usb 5-1: config 0 has an invalid interface number: 236 but max is 2
[   38.977609][   T12] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0
[   38.977622][   T12] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   38.983354][   T12] usb 3-1: config 0 descriptor??
[   38.983695][   T17] usb 5-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[   38.983712][   T17] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3
[   39.042942][   T17] usb 5-1: config 0 has no interface number 0
[   39.046410][   T12] iowarrior 3-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior0
[   39.050541][ T1781] usb 4-1: config 0 has an invalid interface number: 236 but max is 2
[   39.068451][ T1781] usb 4-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[   39.078665][ T1781] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 3
[   39.087644][ T1781] usb 4-1: config 0 has no interface number 0
[   39.093738][  T101] usb 2-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[   39.103877][  T101] usb 2-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0
[   39.112987][  T101] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   39.121027][   T22] usb 6-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[   39.131141][   T22] usb 6-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0
[   39.140282][   T22] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   39.148321][ T1781] usb 4-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[   39.158460][ T1781] usb 4-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0
[   39.167500][ T1781] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   39.175616][ T1780] usb 1-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[   39.185771][ T1780] usb 1-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0
[   39.194832][ T1780] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   39.203775][  T101] usb 2-1: config 0 descriptor??
[   39.209355][   T22] usb 6-1: config 0 descriptor??
[   39.214756][   T17] usb 5-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[   39.224882][   T17] usb 5-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0
[   39.234005][   T17] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   39.239892][   T12] usb 3-1: USB disconnect, device number 2
[   39.242323][ T1781] usb 4-1: config 0 descriptor??
[   39.260662][  T101] iowarrior 2-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior1
[   39.262562][   T12] iowarrior 3-1:0.236: I/O-Warror #0 now disconnected
[   39.271367][   T22] iowarrior 6-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior0
[   39.275601][ T1780] usb 1-1: config 0 descriptor??
[   39.294591][   T17] usb 5-1: config 0 descriptor??
tun: can't open /dev/net/tun: please enable CONFIG_TUN=y
otherwise fuzzing or reproducing might not work as intended
executing program
[   39.311404][ T1781] iowarrior 4-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior2
[   39.344209][ T1780] iowarrior 1-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior4
[   39.355349][   T17] iowarrior 5-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior3
tun: can't open /dev/net/tun: please enable CONFIG_TUN=y
otherwise fuzzing or reproducing might not work as intended
executing program
[   39.450445][   T17] usb 6-1: USB disconnect, device number 2
[   39.450854][ T1791] usb 2-1: USB disconnect, device number 2
[   39.464444][ T1791] iowarrior 2-1:0.236: I/O-Warror #1 now disconnected
[   39.473381][   T17] iowarrior 6-1:0.236: I/O-Warror #0 now disconnected
tun: can't open /dev/net/tun: please enable CONFIG_TUN=y
otherwise fuzzing or reproducing might not work as intended
executing program
tun: can't open /dev/net/tun: please enable CONFIG_TUN=y
otherwise fuzzing or reproducing might not work as intended
executing program
[   39.510350][ T1780] usb 4-1: USB disconnect, device number 2
[   39.520089][ T1780] iowarrior 4-1:0.236: I/O-Warror #2 now disconnected
[   39.538622][ T1802] usb 5-1: USB disconnect, device number 2
[   39.545150][ T1781] usb 1-1: USB disconnect, device number 2
[   39.553652][ T1781] iowarrior 1-1:0.236: I/O-Warror #4 now disconnected
tun: can't open /dev/net/tun: please enable CONFIG_TUN=y
otherwise fuzzing or reproducing might not work as intended
executing program
[   39.562749][ T1802] iowarrior 5-1:0.236: I/O-Warror #3 now disconnected
tun: can't open /dev/net/tun: please enable CONFIG_TUN=y
otherwise fuzzing or reproducing might not work as intended
executing program
[   39.707187][   T12] usb 3-1: new low-speed USB device number 3 using dummy_hcd
[   39.867181][ T1791] usb 2-1: new low-speed USB device number 3 using dummy_hcd
[   39.947187][   T17] usb 6-1: new low-speed USB device number 3 using dummy_hcd
[   39.954760][ T1780] usb 4-1: new low-speed USB device number 3 using dummy_hcd
[   39.967225][ T1802] usb 5-1: new low-speed USB device number 3 using dummy_hcd
[   40.007461][ T1781] usb 1-1: new low-speed USB device number 3 using dummy_hcd
[   40.077211][   T12] usb 3-1: config 0 has an invalid interface number: 236 but max is 2
[   40.085500][   T12] usb 3-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[   40.095702][   T12] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3
[   40.104608][   T12] usb 3-1: config 0 has no interface number 0
[   40.110995][   T12] usb 3-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[   40.121666][   T12] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0
[   40.131307][   T12] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   40.140295][   T12] usb 3-1: config 0 descriptor??
[   40.180239][   T12] iowarrior 3-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior0
[   40.287315][ T1791] usb 2-1: config 0 has an invalid interface number: 236 but max is 2
[   40.295642][ T1791] usb 2-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[   40.305839][ T1791] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3
[   40.314825][ T1791] usb 2-1: config 0 has no interface number 0
[   40.321195][ T1791] usb 2-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[   40.327381][ T1780] usb 4-1: config 0 has an invalid interface number: 236 but max is 2
[   40.331295][ T1791] usb 2-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0
[   40.339703][ T1780] usb 4-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[   40.348704][ T1791] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   40.358859][ T1780] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 3
[   40.358872][ T1780] usb 4-1: config 0 has no interface number 0
[   40.382148][   T17] usb 6-1: config 0 has an invalid interface number: 236 but max is 2
[   40.382803][   T12] usb 3-1: USB disconnect, device number 3
[   40.390386][   T17] usb 6-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[   40.396842][ T1791] usb 2-1: config 0 descriptor??
[   40.406582][   T17] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 3
[   40.406593][   T17] usb 6-1: config 0 has no interface number 0
[   40.407923][   T17] usb 6-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[   40.411697][ T1802] usb 5-1: config 0 has an invalid interface number: 236 but max is 2
[   40.420568][   T17] usb 6-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0
[   40.426557][ T1802] usb 5-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[   40.436616][   T17] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   40.444756][ T1802] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3
[   40.444769][ T1802] usb 5-1: config 0 has no interface number 0
[   40.454004][ T1780] usb 4-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[   40.469969][ T1802] usb 5-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[   40.472152][ T1780] usb 4-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0
[   40.481054][ T1802] usb 5-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0
[   40.487019][ T1780] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   40.497159][ T1802] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   40.507445][ T1781] usb 1-1: config 0 has an invalid interface number: 236 but max is 2
[   40.517014][   T12] iowarrior 3-1:0.236: I/O-Warror #0 now disconnected
[   40.525296][ T1781] usb 1-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[   40.525310][ T1781] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 3
[   40.525321][ T1781] usb 1-1: config 0 has no interface number 0
[   40.526019][ T1781] usb 1-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[   40.541712][ T1791] iowarrior 2-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior0
[   40.549565][ T1781] usb 1-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0
[   40.549584][ T1781] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   40.568087][ T1802] usb 5-1: config 0 descriptor??
[   40.576337][   T17] usb 6-1: config 0 descriptor??
tun: can't open /dev/net/tun: please enable CONFIG_TUN=y
otherwise fuzzing or reproducing might not work as intended
executing program
[   40.629801][ T1802] iowarrior 5-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior1
[   40.637897][ T1780] usb 4-1: config 0 descriptor??
[   40.646224][ T1781] usb 1-1: config 0 descriptor??
[   40.669035][   T17] iowarrior 6-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior2
[   40.684662][ T1780] iowarrior 4-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior3
[   40.699645][ T1781] iowarrior 1-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior4
[   40.737930][ T1802] usb 2-1: USB disconnect, device number 3
[   40.768129][ T1802] iowarrior 2-1:0.236: I/O-Warror #0 now disconnected
tun: can't open /dev/net/tun: please enable CONFIG_TUN=y
otherwise fuzzing or reproducing might not work as intended
executing program
tun: can't open /dev/net/tun: please enable CONFIG_TUN=y
otherwise fuzzing or reproducing might not work as intended
[   40.838062][ T1781] usb 5-1: USB disconnect, device number 3
[   40.844910][ T1781] iowarrior 5-1:0.236: I/O-Warror #1 now disconnected
[   40.868253][ T1780] usb 6-1: USB disconnect, device number 3
[   40.876114][ T1780] iowarrior 6-1:0.236: I/O-Warror #2 now disconnected
executing program
tun: can't open /dev/net/tun: please enable CONFIG_TUN=y
otherwise fuzzing or reproducing might not work as intended
tun: can't open /dev/net/tun: please enable CONFIG_TUN=y
otherwise fuzzing or reproducing might not work as intended
executing program
executing program
tun: can't open /dev/net/tun: please enable CONFIG_TUN=y
otherwise fuzzing or reproducing might not work as intended
executing program
[   40.884482][ T1791] usb 4-1: USB disconnect, device number 3
[   40.894279][ T1791] iowarrior 4-1:0.236: I/O-Warror #3 now disconnected
[   40.899168][   T17] usb 1-1: USB disconnect, device number 3
[   40.918471][   T17] iowarrior 1-1:0.236: I/O-Warror #4 now disconnected
[   41.017177][   T12] usb 3-1: new low-speed USB device number 4 using dummy_hcd
[   41.217184][ T1802] usb 2-1: new low-speed USB device number 4 using dummy_hcd
[   41.267160][ T1781] usb 5-1: new low-speed USB device number 4 using dummy_hcd
[   41.287201][ T1780] usb 6-1: new low-speed USB device number 4 using dummy_hcd
[   41.317199][ T1791] usb 4-1: new low-speed USB device number 4 using dummy_hcd
[   41.347145][   T17] usb 1-1: new low-speed USB device number 4 using dummy_hcd
[   41.377219][   T12] usb 3-1: config 0 has an invalid interface number: 236 but max is 2
[   41.385482][   T12] usb 3-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[   41.395670][   T12] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3
[   41.404535][   T12] usb 3-1: config 0 has no interface number 0
[   41.410718][   T12] usb 3-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[   41.420818][   T12] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0
[   41.429912][   T12] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   41.438876][   T12] usb 3-1: config 0 descriptor??
[   41.481242][   T12] iowarrior 3-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior0
[   41.587259][ T1802] usb 2-1: config 0 has an invalid interface number: 236 but max is 2
[   41.595447][ T1802] usb 2-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[   41.605680][ T1802] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3
[   41.614593][ T1802] usb 2-1: config 0 has no interface number 0
[   41.620888][ T1802] usb 2-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[   41.631011][ T1802] usb 2-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0
[   41.640093][ T1802] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   41.647251][ T1781] usb 5-1: config 0 has an invalid interface number: 236 but max is 2
[   41.649326][ T1802] usb 2-1: config 0 descriptor??
[   41.656236][ T1781] usb 5-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[   41.656250][ T1781] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3
[   41.656262][ T1781] usb 5-1: config 0 has no interface number 0
[   41.656299][ T1781] usb 5-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[   41.678442][   T12] usb 3-1: USB disconnect, device number 4
[   41.680411][ T1781] usb 5-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0
[   41.697342][ T1791] usb 4-1: config 0 has an invalid interface number: 236 but max is 2
[   41.702314][ T1781] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   41.702361][ T1780] usb 6-1: config 0 has an invalid interface number: 236 but max is 2
[   41.711381][ T1791] usb 4-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[   41.711396][ T1791] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 3
[   41.719540][ T1780] usb 6-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[   41.727524][ T1791] usb 4-1: config 0 has no interface number 0
[   41.735644][ T1780] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 3
[   41.747044][   T12] iowarrior 3-1:0.236: I/O-Warror #0 now disconnected
[   41.754640][ T1780] usb 6-1: config 0 has no interface number 0
[   41.754772][ T1780] usb 6-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[   41.754798][ T1780] usb 6-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0
[   41.771831][ T1802] iowarrior 2-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior0
[   41.780083][ T1780] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   41.793284][ T1781] usb 5-1: config 0 descriptor??
tun: can't open /dev/net/tun: please enable CONFIG_TUN=y
otherwise fuzzing or reproducing might not work as intended
executing program
[   41.812674][ T1791] usb 4-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[   41.822954][   T17] usb 1-1: config 0 has an invalid interface number: 236 but max is 2
[   41.830886][ T1791] usb 4-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0
[   41.830900][ T1791] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   41.836333][   T17] usb 1-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config
[   41.858553][ T1791] usb 4-1: config 0 descriptor??
[   41.863812][   T17] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 3
[   41.863825][   T17] usb 1-1: config 0 has no interface number 0
[   41.864535][ T1780] usb 6-1: config 0 descriptor??
[   41.906983][   T17] usb 1-1: config 0 interface 236 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[   41.917166][   T17] usb 1-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=74.a0
[   41.922457][ T1791] iowarrior 4-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior1
[   41.926200][   T17] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   41.929243][   T17] usb 1-1: config 0 descriptor??
[   41.949530][ T1791] usb 2-1: USB disconnect, device number 4
[   41.957461][ T1781] iowarrior 5-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior2
[   41.970111][ T1780] sysfs: cannot create duplicate filename '/class/usbmisc/iowarrior0'
[   41.975608][ T1791] iowarrior 2-1:0.236: I/O-Warror #0 now disconnected
[   41.978324][ T1780] CPU: 1 PID: 1780 Comm: kworker/1:3 Not tainted 5.3.0-rc4+ #26
[   41.978330][ T1780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.978345][ T1780] Workqueue: usb_hub_wq hub_event
[   42.007749][ T1780] Call Trace:
[   42.011039][ T1780]  dump_stack+0xca/0x13e
[   42.015261][ T1780]  sysfs_warn_dup.cold+0x1c/0x29
[   42.020179][ T1780]  sysfs_do_create_link_sd.isra.0+0x10f/0x130
[   42.026259][ T1780]  sysfs_create_link+0x61/0xc0
[   42.030999][ T1780]  device_add+0x788/0x16f0
[   42.035392][ T1780]  ? uevent_store+0x50/0x50
[   42.039884][ T1780]  ? rcu_read_lock_sched_held+0x113/0x130
[   42.045642][ T1780]  ? kfree+0x287/0x2f0
[   42.049750][ T1780]  device_create_groups_vargs+0x203/0x280
[   42.055453][ T1780]  device_create+0xdf/0x120
[   42.059932][ T1780]  ? device_create_vargs+0x50/0x50
[   42.065128][ T1780]  ? down_write+0xe0/0x150
[   42.069522][ T1780]  ? __down_timeout+0x2d0/0x2d0
[   42.074346][ T1780]  usb_register_dev+0x279/0x6a0
[   42.079231][ T1780]  ? usb_open+0x270/0x270
[   42.083561][ T1780]  ? kasan_unpoison_shadow+0x30/0x40
[   42.088822][ T1780]  ? usb_string+0x3ab/0x480
[   42.093299][ T1780]  iowarrior_probe+0xaa4/0x10b2
[   42.098129][ T1780]  ? __pm_runtime_resume+0x111/0x180
[   42.103400][ T1780]  usb_probe_interface+0x305/0x7a0
[   42.108496][ T1780]  ? usb_probe_device+0x100/0x100
[   42.113495][ T1780]  really_probe+0x281/0x6d0
[   42.117991][ T1780]  driver_probe_device+0x101/0x1b0
[   42.120326][ T1802] usb 4-1: USB disconnect, device number 4
[   42.123093][ T1780]  __device_attach_driver+0x1c2/0x220
[   42.134262][ T1780]  ? driver_allows_async_probing+0x160/0x160
[   42.134326][ T1802] iowarrior 4-1:0.236: I/O-Warror #1 now disconnected
[   42.140227][ T1780]  bus_for_each_drv+0x162/0x1e0
[   42.140239][ T1780]  ? bus_rescan_devices+0x20/0x20
[   42.140253][ T1780]  ? _raw_spin_unlock_irqrestore+0x3e/0x50
[   42.140267][ T1780]  ? lockdep_hardirqs_on+0x379/0x580
[   42.140278][ T1780]  __device_attach+0x217/0x360
[   42.140288][ T1780]  ? device_bind_driver+0xd0/0xd0
[   42.140300][ T1780]  ? kobject_uevent_env+0x29e/0x1160
[   42.140311][ T1780]  ? kobject_uevent_env+0x2a8/0x1160
[   42.140322][ T1780]  bus_probe_device+0x1e4/0x290
[   42.140332][ T1780]  ? blocking_notifier_call_chain+0x54/0xa0
[   42.140341][ T1780]  device_add+0xae6/0x16f0
[   42.140350][ T1780]  ? uevent_store+0x50/0x50
[   42.140361][ T1780]  ? _raw_spin_unlock_irqrestore+0x3e/0x50
[   42.140375][ T1780]  usb_set_configuration+0xdf6/0x1670
[   42.140388][ T1780]  generic_probe+0x9d/0xd5
[   42.140397][ T1780]  usb_probe_device+0x99/0x100
[   42.140410][ T1780]  ? usb_suspend+0x620/0x620
[   42.232598][ T1780]  really_probe+0x281/0x6d0
[   42.237088][ T1780]  driver_probe_device+0x101/0x1b0
[   42.242184][ T1780]  __device_attach_driver+0x1c2/0x220
[   42.247174][   T12] usb 3-1: new low-speed USB device number 5 using dummy_hcd
[   42.247532][ T1780]  ? driver_allows_async_probing+0x160/0x160
[   42.247544][ T1780]  bus_for_each_drv+0x162/0x1e0
[   42.247555][ T1780]  ? bus_rescan_devices+0x20/0x20
[   42.247568][ T1780]  ? _raw_spin_unlock_irqrestore+0x3e/0x50
[   42.247584][ T1780]  ? lockdep_hardirqs_on+0x379/0x580
[   42.281736][ T1780]  __device_attach+0x217/0x360
[   42.286484][ T1780]  ? device_bind_driver+0xd0/0xd0
[   42.291490][ T1780]  ? kobject_uevent_env+0x29e/0x1160
[   42.296748][ T1780]  ? kobject_uevent_env+0x2a8/0x1160
[   42.302011][ T1780]  bus_probe_device+0x1e4/0x290
[   42.306837][ T1780]  ? blocking_notifier_call_chain+0x54/0xa0
[   42.312703][ T1780]  device_add+0xae6/0x16f0
[   42.317111][ T1780]  ? uevent_store+0x50/0x50
[   42.321605][ T1780]  usb_new_device.cold+0x6a4/0xe79
[   42.326706][ T1780]  hub_event+0x1b5c/0x3640
[   42.331114][ T1780]  ? hub_port_debounce+0x260/0x260
[   42.336200][ T1780]  process_one_work+0x92b/0x1530
[   42.341118][ T1780]  ? pwq_dec_nr_in_flight+0x310/0x310
[   42.346460][ T1780]  ? do_raw_spin_lock+0x11a/0x280
[   42.351462][ T1780]  worker_thread+0x96/0xe20
[   42.355941][ T1780]  ? process_one_work+0x1530/0x1530
[   42.361130][ T1780]  kthread+0x318/0x420
[   42.365180][ T1780]  ? kthread_create_on_node+0xf0/0xf0
[   42.370542][ T1780]  ret_from_fork+0x24/0x30
[   42.376685][ T1780] iowarrior 6-1:0.236: Not able to get a minor for this device.
[   42.383315][ T1802] usb 5-1: USB disconnect, device number 4
[   42.384443][ T1780] iowarrior: probe of 6-1:0.236 failed with error -17
[   42.390582][ T1824] ==================================================================
[   42.398667][ T1780] usb 6-1: USB disconnect, device number 4
[   42.405050][ T1824] BUG: KASAN: use-after-free in usb_kill_urb+0x24b/0x2c0
[   42.405064][ T1824] Read of size 4 at addr ffff8881d59d9210 by task syz-executor742/1824
[   42.426070][ T1824] 
[   42.428395][ T1824] CPU: 0 PID: 1824 Comm: syz-executor742 Not tainted 5.3.0-rc4+ #26
[   42.436339][ T1824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.446376][ T1824] Call Trace:
[   42.449646][ T1824]  dump_stack+0xca/0x13e
[   42.453863][ T1824]  ? usb_kill_urb+0x24b/0x2c0
[   42.458516][ T1824]  ? usb_kill_urb+0x24b/0x2c0
[   42.463169][ T1824]  print_address_description+0x6a/0x32c
[   42.468706][ T1824]  ? usb_kill_urb+0x24b/0x2c0
[   42.473370][ T1824]  ? usb_kill_urb+0x24b/0x2c0
[   42.478032][ T1824]  __kasan_report.cold+0x1a/0x33
[   42.482944][ T1824]  ? usb_kill_urb+0x24b/0x2c0
[   42.487598][ T1824]  kasan_report+0xe/0x12
[   42.491829][ T1824]  check_memory_region+0x128/0x190
[   42.496918][ T1824]  usb_kill_urb+0x24b/0x2c0
[   42.501395][ T1824]  ? usb_poison_anchored_urbs+0x150/0x150
[   42.507092][ T1824]  ? finish_wait+0x260/0x260
[   42.511661][ T1824]  ? fcntl_setlk+0xc30/0xc30
[   42.516233][ T1824]  ? iowarrior_write+0xeb0/0xeb0
[   42.521154][ T1824]  iowarrior_release+0x1c9/0x280
[   42.526066][ T1824]  __fput+0x2d7/0x840
[   42.530041][ T1824]  task_work_run+0x13f/0x1c0
[   42.534610][ T1824]  exit_to_usermode_loop+0x1d2/0x200
[   42.539881][ T1824]  do_syscall_64+0x45f/0x580
[   42.544451][ T1824]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   42.550320][ T1824] RIP: 0033:0x407421
[   42.554207][ T1824] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 24 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[   42.573960][ T1824] RSP: 002b:00007fff474f76b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   42.582346][ T1824] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000407421
[   42.590294][ T1824] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000004
[   42.598419][ T1824] RBP: 00007fff474f76f0 R08: 00007fff00000015 R09: 00007fff00000015
[   42.606375][ T1824] R10: 00007fff474f76f0 R11: 0000000000000293 R12: 000000000000002d
[   42.614320][ T1824] R13: 000000000000a572 R14: 0000000000000005 R15: 00000000006e4a0c
[   42.622267][ T1824] 
[   42.624569][ T1824] Allocated by task 1780:
[   42.628883][ T1824]  save_stack+0x1b/0x80
[   42.633010][ T1824]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   42.638635][ T1824]  usb_alloc_urb+0x65/0xb0
[   42.643040][ T1824]  iowarrior_probe+0x4b2/0x10b2
[   42.647862][ T1824]  usb_probe_interface+0x305/0x7a0
[   42.652962][ T1824]  really_probe+0x281/0x6d0
[   42.657447][ T1824]  driver_probe_device+0x101/0x1b0
[   42.662547][ T1824]  __device_attach_driver+0x1c2/0x220
[   42.667899][ T1824]  bus_for_each_drv+0x162/0x1e0
[   42.672722][ T1824]  __device_attach+0x217/0x360
[   42.677466][ T1824]  bus_probe_device+0x1e4/0x290
[   42.682297][ T1824]  device_add+0xae6/0x16f0
[   42.686705][ T1824]  usb_set_configuration+0xdf6/0x1670
[   42.692064][ T1824]  generic_probe+0x9d/0xd5
[   42.696454][ T1824]  usb_probe_device+0x99/0x100
[   42.701199][ T1824]  really_probe+0x281/0x6d0
[   42.705680][ T1824]  driver_probe_device+0x101/0x1b0
[   42.710779][ T1824]  __device_attach_driver+0x1c2/0x220
[   42.716125][ T1824]  bus_for_each_drv+0x162/0x1e0
[   42.720948][ T1824]  __device_attach+0x217/0x360
[   42.725702][ T1824]  bus_probe_device+0x1e4/0x290
[   42.730541][ T1824]  device_add+0xae6/0x16f0
[   42.734934][ T1824]  usb_new_device.cold+0x6a4/0xe79
[   42.740019][ T1824]  hub_event+0x1b5c/0x3640
[   42.744430][ T1824]  process_one_work+0x92b/0x1530
[   42.749353][ T1824]  worker_thread+0x96/0xe20
[   42.753842][ T1824]  kthread+0x318/0x420
[   42.757896][ T1824]  ret_from_fork+0x24/0x30
[   42.762344][ T1824] 
[   42.764657][ T1824] Freed by task 1802:
[   42.768624][ T1824]  save_stack+0x1b/0x80
[   42.772752][ T1824]  __kasan_slab_free+0x130/0x180
[   42.777663][ T1824]  kfree+0xe4/0x2f0
[   42.781445][ T1824]  usb_free_urb.part.0+0x7a/0xc0
[   42.786357][ T1824]  usb_free_urb+0x1b/0x30
[   42.790678][ T1824]  usb_hcd_giveback_urb+0x368/0x420
[   42.795849][ T1824]  dummy_timer+0x120f/0x2fa2
[   42.800416][ T1824]  call_timer_fn+0x179/0x650
[   42.804995][ T1824]  run_timer_softirq+0x5cc/0x14b0
[   42.809996][ T1824]  __do_softirq+0x221/0x912
[   42.814469][ T1824] 
[   42.816774][ T1824] The buggy address belongs to the object at ffff8881d59d9200
[   42.816774][ T1824]  which belongs to the cache kmalloc-192 of size 192
[   42.830805][ T1824] The buggy address is located 16 bytes inside of
[   42.830805][ T1824]  192-byte region [ffff8881d59d9200, ffff8881d59d92c0)
[   42.844654][ T1824] The buggy address belongs to the page:
[   42.850353][ T1824] page:ffffea0007567640 refcount:1 mapcount:0 mapping:ffff8881da002a00 index:0x0
[   42.859446][ T1824] flags: 0x200000000000200(slab)
[   42.864362][ T1824] raw: 0200000000000200 0000000000000000 0000000b00000001 ffff8881da002a00
[   42.872933][ T1824] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   42.881501][ T1824] page dumped because: kasan: bad access detected
[   42.887889][ T1824] 
[   42.890200][ T1824] Memory state around the buggy address:
[   42.895802][ T1824]  ffff8881d59d9100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.903849][ T1824]  ffff8881d59d9180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.911885][ T1824] >ffff8881d59d9200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   42.919926][ T1824]                          ^
[   42.924500][ T1824]  ffff8881d59d9280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   42.932537][ T1824]  ffff8881d59d9300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   42.940571][ T1824] ==================================================================
[   42.948602][ T1824] Disabling lock debugging due to kernel taint
[   42.954922][ T1824] Kernel panic - not syncing: panic_on_warn set ...
[   42.961511][ T1824] CPU: 0 PID: 1824 Comm: syz-executor742 Tainted: G    B             5.3.0-rc4+ #26
[   42.961698][   T17] iowarrior 1-1:0.236: IOWarrior product=0x1501, serial= interface=236 now attached to iowarrior0
[   42.970960][ T1824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
tun: can't open /dev/net/tun: please enable CONFIG_TUN=y
otherwise fuzzing or reproducing might not work as intended
executing program
[   42.970963][ T1824] Call Trace:
[   42.970980][ T1824]  dump_stack+0xca/0x13e
[   42.970990][ T1824]  panic+0x2a3/0x6da
[   42.971003][ T1824]  ? add_taint.cold+0x16/0x16
[   43.007607][ T1824]  ? usb_kill_urb+0x24b/0x2c0
[   43.012260][ T1824]  ? trace_hardirqs_on+0x55/0x1e0
[   43.017254][ T1824]  ? usb_kill_urb+0x24b/0x2c0
[   43.021907][ T1824]  end_report+0x43/0x49
[   43.026054][ T1824]  ? usb_kill_urb+0x24b/0x2c0
[   43.030708][ T1824]  __kasan_report.cold+0xd/0x33
[   43.035529][ T1824]  ? usb_kill_urb+0x24b/0x2c0
[   43.040175][ T1824]  kasan_report+0xe/0x12
[   43.044392][ T1824]  check_memory_region+0x128/0x190
[   43.049493][ T1824]  usb_kill_urb+0x24b/0x2c0
[   43.053983][ T1824]  ? usb_poison_anchored_urbs+0x150/0x150
[   43.059683][ T1824]  ? finish_wait+0x260/0x260
[   43.064245][ T1824]  ? fcntl_setlk+0xc30/0xc30
[   43.069345][ T1824]  ? iowarrior_write+0xeb0/0xeb0
[   43.074275][ T1824]  iowarrior_release+0x1c9/0x280
[   43.079194][ T1824]  __fput+0x2d7/0x840
[   43.083158][ T1824]  task_work_run+0x13f/0x1c0
[   43.087721][ T1824]  exit_to_usermode_loop+0x1d2/0x200
[   43.092977][ T1824]  do_syscall_64+0x45f/0x580
[   43.097540][ T1824]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   43.103420][ T1824] RIP: 0033:0x407421
[   43.107297][ T1824] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 24 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[   43.118049][ T1781] usb 1-1: USB disconnect, device number 4
[   43.126898][ T1824] RSP: 002b:00007fff474f76b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   43.141065][ T1824] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000407421
[   43.149017][ T1824] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000004
[   43.156963][ T1824] RBP: 00007fff474f76f0 R08: 00007fff00000015 R09: 00007fff00000015
[   43.164920][ T1824] R10: 00007fff474f76f0 R11: 0000000000000293 R12: 000000000000002d
[   43.172869][ T1824] R13: 000000000000a572 R14: 0000000000000005 R15: 00000000006e4a0c
[   43.181324][ T1824] Kernel Offset: disabled
[   43.185633][ T1824] Rebooting in 86400 seconds..