Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.76' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 49.990752][ T239] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 50.350855][ T239] usb 1-1: config 0 has an invalid interface number: 108 but max is 0 [ 50.359202][ T239] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 50.370036][ T239] usb 1-1: config 0 has no interface number 0 [ 50.376444][ T239] usb 1-1: config 0 interface 108 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 50.387924][ T239] usb 1-1: New USB device found, idVendor=2040, idProduct=8265, bcdDevice=2f.86 [ 50.397218][ T239] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 50.406433][ T239] usb 1-1: config 0 descriptor?? [ 50.473478][ T239] em28xx 1-1:0.108: New device @ 480 Mbps (2040:8265, interface 108, class 108) [ 50.483175][ T239] em28xx 1-1:0.108: Audio interface 108 found (Vendor Class) executing program [ 50.710893][ T239] em28xx 1-1:0.108: unknown em28xx chip ID (0) [ 50.730795][ T239] em28xx 1-1:0.108: Config register raw data: 0xfffffffb [ 50.750820][ T239] em28xx 1-1:0.108: AC97 chip type couldn't be determined [ 50.757913][ T239] em28xx 1-1:0.108: No AC97 audio processor [ 50.766753][ T239] em28xx 1-1:0.108: We currently don't support analog TV or stream capture on dual tuners. [ 50.920853][ T239] em28xx 1-1:0.108: unknown em28xx chip ID (0) [ 50.940812][ T239] em28xx 1-1:0.108: Config register raw data: 0xfffffffb [ 50.960788][ T239] em28xx 1-1:0.108: AC97 chip type couldn't be determined [ 50.968054][ T239] em28xx 1-1:0.108: No AC97 audio processor [ 51.224512][ T239] usb 1-1: USB disconnect, device number 2 [ 51.233829][ T239] em28xx 1-1:0.108: Disconnecting em28xx #1 [ 51.239740][ T239] em28xx 1-1:0.108: Disconnecting em28xx [ 51.246750][ T239] em28xx 1-1:0.108: Freeing device [ 51.252546][ T239] em28xx 1-1:0.108: Freeing device [ 51.600761][ T239] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 51.960836][ T239] usb 1-1: config 0 has an invalid interface number: 108 but max is 0 [ 51.969531][ T239] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 51.980343][ T239] usb 1-1: config 0 has no interface number 0 [ 51.986788][ T239] usb 1-1: config 0 interface 108 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 51.998142][ T239] usb 1-1: New USB device found, idVendor=2040, idProduct=8265, bcdDevice=2f.86 [ 52.007630][ T239] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.016760][ T239] usb 1-1: config 0 descriptor?? [ 52.073640][ T239] em28xx 1-1:0.108: New device @ 480 Mbps (2040:8265, interface 108, class 108) [ 52.083630][ T239] em28xx 1-1:0.108: Audio interface 108 found (Vendor Class) executing program [ 52.320787][ T239] em28xx 1-1:0.108: unknown em28xx chip ID (0) [ 52.340918][ T239] em28xx 1-1:0.108: Config register raw data: 0xfffffffb [ 52.360901][ T239] em28xx 1-1:0.108: AC97 chip type couldn't be determined [ 52.368362][ T239] em28xx 1-1:0.108: No AC97 audio processor [ 52.374553][ T239] list_add corruption. prev->next should be next (ffffffff8d45a240), but was ffffffff845f4461. (prev=ffff888017f70250). [ 52.387362][ T239] ------------[ cut here ]------------ [ 52.393198][ T239] kernel BUG at lib/list_debug.c:26! [ 52.398619][ T239] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 52.404727][ T239] CPU: 1 PID: 239 Comm: kworker/1:2 Tainted: G W 5.13.0-syzkaller #0 [ 52.414071][ T239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.424107][ T239] Workqueue: usb_hub_wq hub_event [ 52.429208][ T239] RIP: 0010:__list_add_valid.cold+0x3a/0x3c [ 52.435083][ T239] Code: 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 60 72 e3 89 e8 a6 94 f2 ff 0f 0b 48 89 f1 48 c7 c7 e0 71 e3 89 4c 89 e6 e8 92 94 f2 ff <0f> 0b 48 89 ee 48 c7 c7 80 73 e3 89 e8 81 94 f2 ff 0f 0b 4c 89 ea [ 52.454780][ T239] RSP: 0018:ffffc90000feef98 EFLAGS: 00010286 [ 52.460841][ T239] RAX: 0000000000000075 RBX: ffff888019366000 RCX: 0000000000000000 [ 52.468816][ T239] RDX: ffff888013d8b880 RSI: ffffffff815d7275 RDI: fffff520001fdde5 [ 52.476769][ T239] RBP: ffff88802c544250 R08: 0000000000000075 R09: 0000000000000000 [ 52.484909][ T239] R10: ffffffff815d10de R11: 0000000000000000 R12: ffffffff8d45a240 [ 52.492864][ T239] R13: ffff88802c544000 R14: ffff88802c54413c R15: ffff888019367000 [ 52.500814][ T239] FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 52.509823][ T239] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.516476][ T239] CR2: 000055a3f7f98160 CR3: 0000000020406000 CR4: 0000000000350ee0 [ 52.524514][ T239] Call Trace: [ 52.527862][ T239] em28xx_init_extension+0x44/0x1f0 [ 52.533066][ T239] em28xx_init_dev.constprop.0+0xa8b/0x172f [ 52.538960][ T239] ? __dev_printk+0xcf/0xf5 [ 52.543640][ T239] ? _dev_info+0xd7/0x109 [ 52.548213][ T239] ? em28xx_pre_card_setup+0x5c0/0x5c0 [ 52.553753][ T239] ? lock_acquire+0x442/0x510 [ 52.558605][ T239] ? lockdep_init_map_type+0x2c3/0x7b0 [ 52.564131][ T239] ? lockdep_init_map_type+0x2c3/0x7b0 [ 52.569569][ T239] ? __raw_spin_lock_init+0x36/0x110 [ 52.575003][ T239] em28xx_usb_probe.cold+0xc23/0x2599 [ 52.580362][ T239] usb_probe_interface+0x315/0x7f0 [ 52.585457][ T239] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 52.590814][ T239] really_probe+0x291/0xf60 [ 52.595314][ T239] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 52.601536][ T239] driver_probe_device+0x298/0x410 [ 52.606628][ T239] __device_attach_driver+0x203/0x2c0 [ 52.611984][ T239] ? driver_allows_async_probing+0x150/0x150 [ 52.617944][ T239] bus_for_each_drv+0x15f/0x1e0 [ 52.623078][ T239] ? bus_for_each_dev+0x1d0/0x1d0 [ 52.628197][ T239] ? trace_hardirqs_on+0x5b/0x1c0 [ 52.633211][ T239] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 52.639013][ T239] __device_attach+0x228/0x4a0 [ 52.643795][ T239] ? __driver_attach_async_helper+0x330/0x330 [ 52.649944][ T239] ? kobject_uevent_env+0x2bb/0x1650 [ 52.655226][ T239] bus_probe_device+0x1e4/0x290 [ 52.660261][ T239] device_add+0xbe0/0x2100 [ 52.664668][ T239] ? __mutex_unlock_slowpath+0xe2/0x610 [ 52.670205][ T239] ? wait_for_completion_io+0x280/0x280 [ 52.675740][ T239] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 52.681975][ T239] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 52.687781][ T239] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 52.694034][ T239] usb_set_configuration+0x113f/0x1910 [ 52.699495][ T239] usb_generic_driver_probe+0xba/0x100 [ 52.704947][ T239] usb_probe_device+0xd9/0x2c0 [ 52.709727][ T239] ? usb_driver_release_interface+0x180/0x180 [ 52.715789][ T239] really_probe+0x291/0xf60 [ 52.720288][ T239] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 52.726611][ T239] driver_probe_device+0x298/0x410 [ 52.731718][ T239] __device_attach_driver+0x203/0x2c0 [ 52.737257][ T239] ? driver_allows_async_probing+0x150/0x150 [ 52.743404][ T239] bus_for_each_drv+0x15f/0x1e0 [ 52.748243][ T239] ? bus_for_each_dev+0x1d0/0x1d0 [ 52.753246][ T239] ? trace_hardirqs_on+0x5b/0x1c0 [ 52.758395][ T239] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 52.764184][ T239] __device_attach+0x228/0x4a0 [ 52.768928][ T239] ? __driver_attach_async_helper+0x330/0x330 [ 52.774980][ T239] ? kobject_uevent_env+0x2bb/0x1650 [ 52.780245][ T239] bus_probe_device+0x1e4/0x290 [ 52.785077][ T239] device_add+0xbe0/0x2100 [ 52.789472][ T239] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 52.795692][ T239] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 52.801919][ T239] usb_new_device.cold+0x721/0x1058 [ 52.807107][ T239] ? do_raw_spin_lock+0x120/0x2b0 [ 52.812113][ T239] ? hub_disconnect+0x510/0x510 [ 52.817033][ T239] ? rwlock_bug.part.0+0x90/0x90 [ 52.822129][ T239] hub_event+0x2357/0x4330 [ 52.826630][ T239] ? hub_port_debounce+0x3c0/0x3c0 [ 52.831810][ T239] ? lock_acquire+0x442/0x510 [ 52.836465][ T239] ? lock_release+0x720/0x720 [ 52.841121][ T239] ? lock_downgrade+0x6e0/0x6e0 [ 52.845952][ T239] ? do_raw_spin_lock+0x120/0x2b0 [ 52.851148][ T239] ? read_word_at_a_time+0xe/0x20 [ 52.856155][ T239] ? strscpy+0xa1/0x2b0 [ 52.860382][ T239] process_one_work+0x98d/0x1630 [ 52.865323][ T239] ? pwq_dec_nr_in_flight+0x320/0x320 [ 52.870681][ T239] ? rwlock_bug.part.0+0x90/0x90 [ 52.875599][ T239] worker_thread+0x85c/0x11f0 [ 52.880269][ T239] ? process_one_work+0x1630/0x1630 [ 52.885640][ T239] kthread+0x3e5/0x4d0 [ 52.889694][ T239] ? set_kthread_struct+0x130/0x130 [ 52.894894][ T239] ret_from_fork+0x1f/0x30 [ 52.899309][ T239] Modules linked in: [ 52.903317][ T239] ---[ end trace df0f85168c2ffdb1 ]--- [ 52.908764][ T239] RIP: 0010:__list_add_valid.cold+0x3a/0x3c [ 52.914721][ T239] Code: 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 60 72 e3 89 e8 a6 94 f2 ff 0f 0b 48 89 f1 48 c7 c7 e0 71 e3 89 4c 89 e6 e8 92 94 f2 ff <0f> 0b 48 89 ee 48 c7 c7 80 73 e3 89 e8 81 94 f2 ff 0f 0b 4c 89 ea [ 52.934675][ T239] RSP: 0018:ffffc90000feef98 EFLAGS: 00010286 [ 52.940759][ T239] RAX: 0000000000000075 RBX: ffff888019366000 RCX: 0000000000000000 [ 52.948726][ T239] RDX: ffff888013d8b880 RSI: ffffffff815d7275 RDI: fffff520001fdde5 [ 52.956763][ T239] RBP: ffff88802c544250 R08: 0000000000000075 R09: 0000000000000000 [ 52.964789][ T239] R10: ffffffff815d10de R11: 0000000000000000 R12: ffffffff8d45a240 [ 52.972810][ T239] R13: ffff88802c544000 R14: ffff88802c54413c R15: ffff888019367000 [ 52.980916][ T239] FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 52.989845][ T239] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.996454][ T239] CR2: 000055a3f7f98160 CR3: 0000000020406000 CR4: 0000000000350ee0 [ 53.004449][ T239] Kernel panic - not syncing: Fatal exception [ 53.015848][ T239] Kernel Offset: disabled [ 53.020183][ T239] Rebooting in 86400 seconds..