[   47.458549] audit: type=1800 audit(1555007146.148:28): pid=5351 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   48.315927] audit: type=1800 audit(1555007147.048:29): pid=5351 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[   48.335480] audit: type=1800 audit(1555007147.048:30): pid=5351 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0
[....] startpar: service(s) returned failure: rsyslog ...[?25l[?1c7[1G[[31mFAIL[39;49m8[?25h[?0c [31mfailed![39;49m

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.49' (ECDSA) to the list of known hosts.
2019/04/11 18:25:57 fuzzer started
2019/04/11 18:26:00 dialing manager at 10.128.0.105:34561
2019/04/11 18:26:00 syscalls: 4
2019/04/11 18:26:00 code coverage: enabled
2019/04/11 18:26:00 comparison tracing: enabled
2019/04/11 18:26:00 extra coverage: enabled
2019/04/11 18:26:00 setuid sandbox: enabled
2019/04/11 18:26:00 namespace sandbox: enabled
2019/04/11 18:26:00 Android sandbox: /sys/fs/selinux/policy does not exist
2019/04/11 18:26:00 fault injection: enabled
2019/04/11 18:26:00 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/04/11 18:26:00 net packet injection: enabled
2019/04/11 18:26:00 net device setup: enabled
18:26:02 executing program 0:
syz_usb_connect(0x4000001006, 0x24, &(0x7f0000001200)={0x12, 0x1, 0x0, 0xa4, 0x36, 0xb7, 0x20, 0xc72, 0xd, 0xb8cc, 0x0, 0x0, 0x0, 0x1, [{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{0x9, 0x4, 0xae, 0x0, 0x0, 0x21, 0xe, 0xe8}]}]}, 0x0)

syzkaller login: [   63.451732] e cgroup1: Unknown subsys name 'hugetlb'
[   63.484210] IPVS: ftp: loaded support on port[0] = 21
18:26:02 executing program 1:
syz_usb_connect(0x6, 0x24, &(0x7f00000001c0)={0x12, 0x1, 0x0, 0x52, 0xc, 0xd1, 0x8, 0x841, 0x1, 0x1787, 0x0, 0x0, 0x0, 0x1, [{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{0x9, 0x4, 0xc7, 0x0, 0x0, 0xa3, 0x85, 0xbf}]}]}, 0x0)

[   63.636724] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.643289] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.650952] device bridge_slave_0 entered promiscuous mode
[   63.660633] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.667034] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.675562] device bridge_slave_1 entered promiscuous mode
[   63.707478] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   63.724063] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   63.734679] e cgroup1: Unknown subsys name 'hugetlb'
[   63.746625] team0: Port device team_slave_0 added
[   63.754286] team0: Port device team_slave_1 added
[   63.783954] IPVS: ftp: loaded support on port[0] = 21
18:26:02 executing program 2:

[   63.852919] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.859478] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.866553] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.872932] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.986566] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.012492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   64.034682] e cgroup1: Unknown subsys name 'hugetlb'
[   64.043710] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.053341] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.062935] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   64.074730] 8021q: adding VLAN 0 to HW filter on device team0
18:26:02 executing program 3:

[   64.090473] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   64.100027] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.106420] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.137074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   64.145385] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.151738] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.167046] IPVS: ftp: loaded support on port[0] = 21
[   64.203046] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   64.211013] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   64.236906] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   64.254943] e cgroup1: Unknown subsys name 'hugetlb'
[   64.261369] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   64.293284] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.299663] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.315224] device bridge_slave_0 entered promiscuous mode
[   64.322716] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.329059] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.338294] device bridge_slave_1 entered promiscuous mode
[   64.345710] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   64.387531] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   64.394349] IPVS: ftp: loaded support on port[0] = 21
[   64.404463] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   64.445323] team0: Port device team_slave_0 added
18:26:03 executing program 4:
syz_usb_connect(0xa000001, 0x24, &(0x7f00000000c0)={0x12, 0x1, 0x0, 0xeb, 0xfb, 0x28, 0x8, 0x979, 0x227, 0x77ef, 0x0, 0x0, 0x0, 0x1, [{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{0x9, 0x4, 0x59, 0x0, 0x0, 0x22, 0x50, 0x4b}]}]}, 0x0)

[   64.472966] team0: Port device team_slave_1 added
[   64.538556] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.719822] e cgroup1: Unknown subsys name 'hugetlb'
[   64.828166] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.834806] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.846838] device bridge_slave_0 entered promiscuous mode
[   64.857217] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.863805] bridge0: port 1(bridge_slave_0) entered disabled state
18:26:03 executing program 5:
r0 = syz_usb_connect(0x4, 0x24, &(0x7f0000000000)={0x12, 0x1, 0x0, 0xfa, 0x4f, 0x9c, 0x8, 0xccd, 0x10b4, 0x3da6, 0x0, 0x0, 0x0, 0x1, [{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x3a, 0x6b}]}]}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000840)={0x54, &(0x7f00000005c0)={0x0, 0x0, 0x6, "7191ef90dcc9"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[   64.875148] device bridge_slave_0 entered promiscuous mode
[   64.884109] IPVS: ftp: loaded support on port[0] = 21
[   64.885345] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.895778] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.913587] device bridge_slave_1 entered promiscuous mode
[   64.934913] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.941490] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.953218] device bridge_slave_1 entered promiscuous mode
[   64.981923] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.003773] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   65.033402] e cgroup1: Unknown subsys name 'hugetlb'
[   65.033658] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   65.055010] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   65.063193] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   65.091417] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   65.100385] IPVS: ftp: loaded support on port[0] = 21
[   65.109933] team0: Port device team_slave_0 added
[   65.117148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   65.124166] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.144337] team0: Port device team_slave_1 added
[   65.154565] 8021q: adding VLAN 0 to HW filter on device team0
[   65.163533] team0: Port device team_slave_0 added
[   65.178931] team0: Port device team_slave_1 added
[   65.186390] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   65.194840] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   65.202510] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.208847] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.216068] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   65.276937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   65.284802] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   65.292450] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.298807] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.302659] usb 1-1: Using ep0 maxpacket: 32
[   65.324179] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   65.332010] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   65.340032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   65.348292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   65.365619] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   65.372865] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   65.380677] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   65.399843] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   65.412996] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   65.423387] usb 1-1: config 0 has an invalid interface number: 174 but max is 0
[   65.430963] usb 1-1: config 0 has no interface number 0
[   65.439270] usb 1-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=b8.cc
[   65.448116] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   65.460862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   65.469248] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   65.470583] usb 1-1: config 0 descriptor??
[   65.632855] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.639254] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.663333] device bridge_slave_0 entered promiscuous mode
[   65.722598] peak_usb 1-1:0.174 can0: unable to request usb[type=0 value=1] err=-71
[   65.725612] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.730508] peak_usb 1-1:0.174: unable to read PCAN-USB Pro firmware info (err -71)
[   65.746919] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.753546] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.764891] device bridge_slave_1 entered promiscuous mode
[   65.859544] peak_usb: probe of 1-1:0.174 failed with error -71
[   65.862466] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.869347] usb 1-1: USB disconnect, device number 2
[   65.975235] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.008107] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   66.023456] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.029795] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.053669] device bridge_slave_0 entered promiscuous mode
[   66.070030] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   66.088178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   66.095845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   66.108896] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.115394] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.128919] device bridge_slave_1 entered promiscuous mode
[   66.151013] team0: Port device team_slave_0 added
[   66.158844] 8021q: adding VLAN 0 to HW filter on device team0
[   66.170306] 8021q: adding VLAN 0 to HW filter on device team0
[   66.181810] team0: Port device team_slave_1 added
[   66.195295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   66.202603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   66.224054] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   66.240000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   66.248067] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   66.256368] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.262755] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.269699] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   66.281159] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   66.288921] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   66.298899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   66.309978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   66.318298] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.324682] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.331809] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   66.340319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   66.348748] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.355113] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.374188] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   66.381299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   66.389916] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   66.397651] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.404030] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.411278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   66.430969] team0: Port device team_slave_0 added
[   66.437371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   66.446110] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   66.460273] team0: Port device team_slave_1 added
[   66.472512] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   66.492918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   66.500704] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   66.508620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   66.522235] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   66.530076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   66.540337] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   66.548565] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   66.553111] usb 2-1: Using ep0 maxpacket: 8
[   66.557849] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   66.567674] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   66.575405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   66.596419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   66.617410] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   66.625768] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   66.652655] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   66.660703] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   66.698680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   66.706557] usb 2-1: config 0 has an invalid interface number: 199 but max is 0
[   66.714142] usb 2-1: config 0 has no interface number 0
[   66.719811] usb 1-1: Using ep0 maxpacket: 32
[   66.725837] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   66.733497] usb 2-1: New USB device found, idVendor=0841, idProduct=0001, bcdDevice=17.87
[   66.741878] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   66.750369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   66.758141] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   66.766589] usb 2-1: config 0 descriptor??
[   66.778615] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.804784] rio500 2-1:0.199: USB Rio found at address 2
[   66.827997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   66.838914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   66.846087] usb 1-1: config 0 has an invalid interface number: 174 but max is 0
[   66.853688] usb 1-1: config 0 has no interface number 0
[   66.859156] usb 1-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=b8.cc
[   66.867618] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   66.878292] 8021q: adding VLAN 0 to HW filter on device team0
[   66.885813] usb 1-1: config 0 descriptor??
[   66.924230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   66.932051] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   66.941389] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.947807] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.961872] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.976342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   67.003372] usb 2-1: USB disconnect, device number 2
[   67.011723] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   67.020415] rio500 2-1:0.199: USB Rio disconnected.
[   67.022545] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   67.047469] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.054017] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.066477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   67.075252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   67.084774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   67.093672] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   67.110638] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.117137] peak_usb 1-1:0.174 can0: unable to request usb[type=0 value=1] err=-71
18:26:05 executing program 0:

[   67.124946] peak_usb 1-1:0.174: unable to read PCAN-USB Pro firmware info (err -71)
[   67.140934] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   67.149241] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   67.166262] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
18:26:05 executing program 0:
syz_usb_connect(0x4, 0x24, &(0x7f0000000080)={0x12, 0x1, 0x0, 0xb9, 0x3c, 0x17, 0x8, 0x13b1, 0x14, 0x513e, 0x0, 0x0, 0x0, 0x1, [{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x2, 0xff}]}]}, 0x0)

[   67.186577] peak_usb: probe of 1-1:0.174 failed with error -71
[   67.194631] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.202864] usb 1-1: USB disconnect, device number 3
[   67.230806] 8021q: adding VLAN 0 to HW filter on device team0
[   67.265410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
18:26:06 executing program 2:
syz_usb_connect(0x1, 0x24, &(0x7f0000000000)={0x12, 0x1, 0x0, 0x10, 0xa6, 0x54, 0x8, 0x4e6, 0x3, 0x4b17, 0x0, 0x0, 0x0, 0x1, [{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{0x9, 0x4, 0x22, 0x0, 0x0, 0x41, 0x6f, 0x67}]}]}, 0x0)

[   67.285539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   67.303427] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   67.311179] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   67.338756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   67.349273] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   67.371861] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.378291] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.394190] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   67.402192] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   67.423033] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.429490] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.436928] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   67.444821] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   67.453636] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   67.481864] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   67.504601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   67.518431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   67.526960] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   67.539963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   67.548732] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   67.562492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   67.570154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   67.602863] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   67.619503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
18:26:06 executing program 3:

[   67.648587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   67.662712] usb 1-1: new high-speed USB device number 4 using dummy_hcd
18:26:06 executing program 3:

18:26:06 executing program 3:

18:26:06 executing program 3:

[   67.816075] usb 3-1: new low-speed USB device number 2 using dummy_hcd
[   67.828830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.870806] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.882916] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   67.912710] usb 1-1: Using ep0 maxpacket: 8
[   68.032533] usb 1-1: New USB device found, idVendor=13b1, idProduct=0014, bcdDevice=51.3e
[   68.040930] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   68.062962] usb 1-1: config 0 descriptor??
[   68.108869] usb 1-1: bad CDC descriptors
[   68.115296] usb 1-1: bad CDC descriptors
[   68.125930] usb 2-1: Using ep0 maxpacket: 8
[   68.202728] usb 3-1: config 0 has an invalid interface number: 34 but max is 0
[   68.210200] usb 3-1: config 0 has no interface number 0
[   68.215824] usb 3-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice=4b.17
[   68.224347] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   68.233385] usb 3-1: config 0 descriptor??
[   68.242645] usb 2-1: config 0 has an invalid interface number: 199 but max is 0
[   68.250144] usb 2-1: config 0 has no interface number 0
[   68.256354] usb 2-1: New USB device found, idVendor=0841, idProduct=0001, bcdDevice=17.87
[   68.265013] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   68.273827] ums-sddr09 3-1:0.34: USB Mass Storage device detected
[   68.283946] usb 2-1: config 0 descriptor??
[   68.288761] usb 1-1: USB disconnect, device number 4
[   68.322634] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   68.331080] rio500 2-1:0.199: USB Rio found at address 3
[   68.347092] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   68.459057] usb 3-1: USB disconnect, device number 2
18:26:07 executing program 3:
syz_usb_connect(0x5, 0xdd, &(0x7f0000000000)={0x12, 0x1, 0x0, 0x58, 0x7e, 0xc7, 0x8, 0x841, 0x1, 0xed74, 0x0, 0x0, 0x0, 0x1, [{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{0x9, 0x4, 0x6e, 0x0, 0x0, 0xe5, 0xb7, 0xff}]}]}, 0x0)

18:26:07 executing program 1:
syz_usb_connect(0x6, 0x24, &(0x7f00000001c0)={0x12, 0x1, 0x0, 0x52, 0xc, 0xd1, 0x8, 0x841, 0x1, 0x1787, 0x0, 0x0, 0x0, 0x1, [{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{0x9, 0x4, 0xc7, 0x0, 0x0, 0xa3, 0x85, 0xbf}]}]}, 0x0)

[   68.513325] usb 2-1: USB disconnect, device number 3
[   68.520777] rio500 2-1:0.199: USB Rio disconnected.
[   68.562661] usb 6-1: Using ep0 maxpacket: 8
[   68.642365] usb 5-1: Using ep0 maxpacket: 8
[   68.682538] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10b4, bcdDevice=3d.a6
[   68.690965] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   68.702196] usb 6-1: config 0 descriptor??
[   68.772498] usb 5-1: config 0 has an invalid interface number: 89 but max is 0
[   68.780042] usb 5-1: config 0 has no interface number 0
[   68.785860] usb 5-1: New USB device found, idVendor=0979, idProduct=0227, bcdDevice=77.ef
[   68.794375] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   68.802581] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   68.804480] usb 5-1: config 0 descriptor??
[   68.856787] gspca_main: jl2005bcd-2.14.0 probing 0979:0227
[   68.867212] command write [95] error -22
[   68.942563] usb 6-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[   68.949190] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   69.036418] usb 5-1: USB disconnect, device number 2
[   69.052406] usb 4-1: Using ep0 maxpacket: 8
[   69.073401] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   69.143308] usb write operation failed. (-71)
[   69.152869] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[   69.163487] dvbdev: DVB: registering new adapter (Terratec H7)
[   69.182787] usb 4-1: config 0 has an invalid interface number: 110 but max is 0
[   69.190481] usb 4-1: config 0 has no interface number 0
[   69.196127] usb 2-1: Using ep0 maxpacket: 8
[   69.200845] usb read operation failed. (-71)
[   69.208749] usb 4-1: New USB device found, idVendor=0841, idProduct=0001, bcdDevice=ed.74
[   69.217239] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   69.225316] usb write operation failed. (-71)
[   69.244304] dvb_usb_az6007: probe of 6-1:0.0 failed with error -5
[   69.256014] usb 4-1: config 0 descriptor??
[   69.260576] usb 6-1: USB disconnect, device number 2
[   69.268881] usb 3-1: new low-speed USB device number 3 using dummy_hcd
[   69.297062] rio500 4-1:0.110: USB Rio found at address 2
[   69.325005] usb 1-1: Using ep0 maxpacket: 8
[   69.342587] usb 2-1: config 0 has an invalid interface number: 199 but max is 0
[   69.350176] usb 2-1: config 0 has no interface number 0
[   69.356366] usb 2-1: New USB device found, idVendor=0841, idProduct=0001, bcdDevice=17.87
[   69.364839] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   69.373908] usb 2-1: config 0 descriptor??
[   69.418430] rio500 2-1:0.199: USB Rio found at address 4
[   69.452777] usb 1-1: New USB device found, idVendor=13b1, idProduct=0014, bcdDevice=51.3e
[   69.461250] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   69.470674] usb 1-1: config 0 descriptor??
[   69.480125] usb 4-1: USB disconnect, device number 2
[   69.486361] rio500 4-1:0.110: USB Rio disconnected.
[   69.519072] usb 1-1: bad CDC descriptors
[   69.525612] usb 1-1: bad CDC descriptors
[   69.607425] usb 2-1: USB disconnect, device number 4
[   69.614800] ==================================================================
[   69.622336] BUG: KASAN: double-free or invalid-free in kfree+0xce/0x290
[   69.629082] 
[   69.630708] CPU: 1 PID: 585 Comm: kworker/1:4 Not tainted 5.1.0-rc4-319354-g9a33b36 #3
[   69.638747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   69.648094] Workqueue: usb_hub_wq hub_event
[   69.652406] Call Trace:
[   69.654992]  dump_stack+0xe8/0x16e
[   69.658524]  print_address_description+0x6c/0x236
[   69.663360]  ? kfree+0xce/0x290
[   69.666663]  kasan_report_invalid_free+0x66/0xa0
[   69.671411]  ? kfree+0xce/0x290
[   69.674708]  __kasan_slab_free+0x162/0x180
[   69.679033]  slab_free_freelist_hook+0x5e/0x140
[   69.683713]  ? disconnect_rio+0x13b/0x200
[   69.688084]  ? disconnect_rio+0x13b/0x200
[   69.692243]  kfree+0xce/0x290
[   69.695345]  disconnect_rio+0x13b/0x200
[   69.699308]  usb_unbind_interface+0x1c9/0x980
[   69.703795]  ? usb_autoresume_device+0x60/0x60
[   69.708557]  device_release_driver_internal+0x436/0x4f0
[   69.713919]  bus_remove_device+0x302/0x5c0
[   69.718144]  device_del+0x467/0xb90
[   69.721768]  ? mark_held_locks+0x9f/0xe0
[   69.725820]  ? __device_links_no_driver+0x240/0x240
[   69.730838]  ? lockdep_hardirqs_on+0x37e/0x580
[   69.735430]  ? remove_intf_ep_devs+0x144/0x1d0
[   69.740012]  usb_disable_device+0x242/0x790
[   69.744336]  usb_disconnect+0x298/0x870
[   69.748304]  hub_event+0xcd2/0x3b00
[   69.751945]  ? mark_held_locks+0xe0/0xe0
[   69.756063]  ? hub_port_debounce+0x350/0x350
[   69.760475]  ? _raw_spin_unlock_irq+0x29/0x40
[   69.765026]  process_one_work+0x90f/0x1580
[   69.769282]  ? wq_pool_ids_show+0x300/0x300
[   69.773593]  ? do_raw_spin_lock+0x11f/0x290
[   69.777932]  worker_thread+0x9b/0xe20
[   69.781750]  ? process_one_work+0x1580/0x1580
[   69.786248]  kthread+0x313/0x420
[   69.789600]  ? kthread_park+0x1a0/0x1a0
[   69.793586]  ret_from_fork+0x3a/0x50
[   69.797303] 
[   69.798911] Allocated by task 5667:
[   69.802551]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   69.807498]  probe_rio+0x188/0x268
[   69.811062]  usb_probe_interface+0x31d/0x820
[   69.815485]  really_probe+0x2da/0xb10
[   69.819281]  driver_probe_device+0x21d/0x350
[   69.823682]  __device_attach_driver+0x1d8/0x290
[   69.828346]  bus_for_each_drv+0x163/0x1e0
[   69.832489]  __device_attach+0x223/0x3a0
[   69.836558]  bus_probe_device+0x1f1/0x2a0
[   69.840689]  device_add+0xad2/0x16e0
[   69.844386]  usb_set_configuration+0xdf7/0x1740
[   69.849051]  generic_probe+0xa2/0xda
[   69.852757]  usb_probe_device+0xc0/0x150
[   69.856815]  really_probe+0x2da/0xb10
[   69.860612]  driver_probe_device+0x21d/0x350
[   69.865013]  __device_attach_driver+0x1d8/0x290
[   69.869675]  bus_for_each_drv+0x163/0x1e0
[   69.873817]  __device_attach+0x223/0x3a0
[   69.877875]  bus_probe_device+0x1f1/0x2a0
[   69.882012]  device_add+0xad2/0x16e0
[   69.885737]  usb_new_device.cold+0x537/0xccf
[   69.890129]  hub_event+0x138e/0x3b00
[   69.893848]  process_one_work+0x90f/0x1580
[   69.898100]  worker_thread+0x9b/0xe20
[   69.901893]  kthread+0x313/0x420
[   69.905270]  ret_from_fork+0x3a/0x50
[   69.908977] 
[   69.910593] Freed by task 584:
[   69.913784]  __kasan_slab_free+0x130/0x180
[   69.918034]  slab_free_freelist_hook+0x5e/0x140
[   69.922689]  kfree+0xce/0x290
[   69.925795]  disconnect_rio+0x13b/0x200
[   69.929757]  usb_unbind_interface+0x1c9/0x980
[   69.934258]  device_release_driver_internal+0x436/0x4f0
[   69.939637]  bus_remove_device+0x302/0x5c0
[   69.943869]  device_del+0x467/0xb90
[   69.947504]  usb_disable_device+0x242/0x790
[   69.951817]  usb_disconnect+0x298/0x870
[   69.955791]  hub_event+0xcd2/0x3b00
[   69.959406]  process_one_work+0x90f/0x1580
[   69.963628]  worker_thread+0x9b/0xe20
[   69.967410]  kthread+0x313/0x420
[   69.970791]  ret_from_fork+0x3a/0x50
[   69.974502] 
[   69.976115] The buggy address belongs to the object at ffff888091e82200
[   69.976115]  which belongs to the cache kmalloc-4k of size 4096
[   69.988757] The buggy address is located 0 bytes inside of
[   69.988757]  4096-byte region [ffff888091e82200, ffff888091e83200)
[   70.000633] The buggy address belongs to the page:
[   70.005561] page:ffffea000247a000 count:1 mapcount:0 mapping:ffff88812c3f4600 index:0x0 compound_mapcount: 0
[   70.015545] flags: 0xfff00000010200(slab|head)
[   70.020147] raw: 00fff00000010200 dead000000000100 dead000000000200 ffff88812c3f4600
[   70.028047] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000
[   70.035917] page dumped because: kasan: bad access detected
[   70.041615] 
[   70.043224] Memory state around the buggy address:
[   70.048138]  ffff888091e82100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   70.055573]  ffff888091e82180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   70.062920] >ffff888091e82200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.070267]                    ^
[   70.073633]  ffff888091e82280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.081007]  ffff888091e82300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.088368] ==================================================================
[   70.095714] Disabling lock debugging due to kernel taint
[   70.102994] Kernel panic - not syncing: panic_on_warn set ...
[   70.109095] CPU: 1 PID: 585 Comm: kworker/1:4 Tainted: G    B             5.1.0-rc4-319354-g9a33b36 #3
[   70.115661] usb 1-1: USB disconnect, device number 5
[   70.118529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.118545] Workqueue: usb_hub_wq hub_event
[   70.137317] Call Trace:
[   70.139902]  dump_stack+0xe8/0x16e
[   70.143448]  panic+0x29d/0x5f2
[   70.146641]  ? __warn_printk+0xf8/0xf8
[   70.150527]  ? kfree+0xce/0x290
[   70.153813]  ? trace_hardirqs_on+0x55/0x1c0
[   70.158135]  ? kfree+0xce/0x290
[   70.161412]  end_report+0x48/0x4e
[   70.164876]  kasan_report_invalid_free+0x82/0xa0
[   70.169649]  ? kfree+0xce/0x290
[   70.172930]  __kasan_slab_free+0x162/0x180
[   70.177189]  slab_free_freelist_hook+0x5e/0x140
[   70.181935]  ? disconnect_rio+0x13b/0x200
[   70.186079]  ? disconnect_rio+0x13b/0x200
[   70.190233]  kfree+0xce/0x290
[   70.193337]  disconnect_rio+0x13b/0x200
[   70.197307]  usb_unbind_interface+0x1c9/0x980
[   70.201798]  ? usb_autoresume_device+0x60/0x60
[   70.206380]  device_release_driver_internal+0x436/0x4f0
[   70.211761]  bus_remove_device+0x302/0x5c0
[   70.215996]  device_del+0x467/0xb90
[   70.219719]  ? mark_held_locks+0x9f/0xe0
[   70.223778]  ? __device_links_no_driver+0x240/0x240
[   70.228794]  ? lockdep_hardirqs_on+0x37e/0x580
[   70.233376]  ? remove_intf_ep_devs+0x144/0x1d0
[   70.237953]  usb_disable_device+0x242/0x790
[   70.242273]  usb_disconnect+0x298/0x870
[   70.246254]  hub_event+0xcd2/0x3b00
[   70.249887]  ? mark_held_locks+0xe0/0xe0
[   70.253948]  ? hub_port_debounce+0x350/0x350
[   70.258361]  ? _raw_spin_unlock_irq+0x29/0x40
[   70.262858]  process_one_work+0x90f/0x1580
[   70.267187]  ? wq_pool_ids_show+0x300/0x300
[   70.271507]  ? do_raw_spin_lock+0x11f/0x290
[   70.276527]  worker_thread+0x9b/0xe20
[   70.280337]  ? process_one_work+0x1580/0x1580
[   70.284835]  kthread+0x313/0x420
[   70.288195]  ? kthread_park+0x1a0/0x1a0
[   70.292170]  ret_from_fork+0x3a/0x50
[   70.296576] Kernel Offset: disabled
[   70.300196] Rebooting in 86400 seconds..