[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.55' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 37.093459][ T24] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 37.453350][ T24] usb 1-1: config 0 has an invalid interface number: 237 but max is 0 [ 37.461663][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 37.472325][ T24] usb 1-1: config 0 has no interface number 0 [ 37.478725][ T24] usb 1-1: config 0 interface 237 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 37.490115][ T24] usb 1-1: New USB device found, idVendor=2040, idProduct=826d, bcdDevice=98.19 [ 37.499221][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 37.512456][ T24] usb 1-1: config 0 descriptor?? [ 37.556782][ T24] em28xx 1-1:0.237: New device @ 480 Mbps (2040:826d, interface 237, class 237) [ 37.566312][ T24] em28xx 1-1:0.237: Audio interface 237 found (Vendor Class) executing program [ 37.813303][ T24] em28xx 1-1:0.237: unknown em28xx chip ID (0) [ 37.833098][ T24] em28xx 1-1:0.237: Config register raw data: 0xfffffffb [ 37.853080][ T24] em28xx 1-1:0.237: AC97 chip type couldn't be determined [ 37.860360][ T24] em28xx 1-1:0.237: No AC97 audio processor [ 37.871101][ T24] em28xx 1-1:0.237: We currently don't support analog TV or stream capture on dual tuners. [ 38.012976][ T24] em28xx 1-1:0.237: unknown em28xx chip ID (0) [ 38.033004][ T24] em28xx 1-1:0.237: Config register raw data: 0xfffffffb [ 38.052987][ T24] em28xx 1-1:0.237: AC97 chip type couldn't be determined [ 38.060167][ T24] em28xx 1-1:0.237: No AC97 audio processor [ 38.319692][ T24] usb 1-1: USB disconnect, device number 2 [ 38.327854][ T24] em28xx 1-1:0.237: Disconnecting em28xx #1 [ 38.333896][ T24] em28xx 1-1:0.237: Disconnecting em28xx [ 38.344846][ T24] em28xx 1-1:0.237: Freeing device [ 38.350020][ T24] em28xx 1-1:0.237: Freeing device [ 38.712601][ T24] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 39.072545][ T24] usb 1-1: config 0 has an invalid interface number: 237 but max is 0 [ 39.082130][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 39.092427][ T24] usb 1-1: config 0 has no interface number 0 [ 39.098538][ T24] usb 1-1: config 0 interface 237 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 39.109639][ T24] usb 1-1: New USB device found, idVendor=2040, idProduct=826d, bcdDevice=98.19 [ 39.118751][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 39.130671][ T24] usb 1-1: config 0 descriptor?? [ 39.184546][ T24] em28xx 1-1:0.237: New device @ 480 Mbps (2040:826d, interface 237, class 237) [ 39.194158][ T24] em28xx 1-1:0.237: Audio interface 237 found (Vendor Class) executing program [ 39.432345][ T24] em28xx 1-1:0.237: unknown em28xx chip ID (0) [ 39.452479][ T24] em28xx 1-1:0.237: Config register raw data: 0xfffffffb [ 39.472570][ T24] em28xx 1-1:0.237: AC97 chip type couldn't be determined [ 39.479914][ T24] em28xx 1-1:0.237: No AC97 audio processor [ 39.487097][ T24] list_add corruption. prev->next should be next (ffffffff884eb1a0), but was ffffffff82068cd0. (prev=ffff888117568250). [ 39.500125][ T24] ------------[ cut here ]------------ [ 39.505695][ T24] kernel BUG at lib/list_debug.c:26! [ 39.510993][ T24] invalid opcode: 0000 [#1] SMP KASAN [ 39.516350][ T24] CPU: 1 PID: 24 Comm: kworker/1:1 Not tainted 5.10.0-syzkaller #0 [ 39.526752][ T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.536984][ T24] Workqueue: usb_hub_wq hub_event [ 39.542441][ T24] RIP: 0010:__list_add_valid.cold+0x3a/0x3c [ 39.548429][ T24] Code: 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 e0 c5 3f 86 e8 49 b0 fb ff 0f 0b 48 89 f1 48 c7 c7 60 c5 3f 86 4c 89 e6 e8 35 b0 fb ff <0f> 0b 48 89 ee 48 c7 c7 00 c7 3f 86 e8 24 b0 fb ff 0f 0b 4c 89 ea [ 39.569291][ T24] RSP: 0018:ffffc900001a6f90 EFLAGS: 00010282 [ 39.576045][ T24] RAX: 0000000000000075 RBX: ffff888103b1b000 RCX: 0000000000000000 [ 39.584015][ T24] RDX: ffff8881003219c0 RSI: ffffffff8129ffe3 RDI: fffff52000034de4 [ 39.591978][ T24] RBP: ffff888101f4c250 R08: 0000000000000075 R09: 0000000000000000 [ 39.601258][ T24] R10: ffffffff814a7b5b R11: 0000000000000000 R12: ffffffff884eb1a0 [ 39.609254][ T24] R13: ffff888101f4c000 R14: ffff888101f4c13c R15: ffff888103b1d000 [ 39.617226][ T24] FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 [ 39.626205][ T24] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.632809][ T24] CR2: 000055a8ef303f38 CR3: 00000001011b7000 CR4: 00000000001506e0 [ 39.641060][ T24] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 39.649406][ T24] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 39.657373][ T24] Call Trace: [ 39.660735][ T24] em28xx_init_extension+0x44/0x1f0 [ 39.665927][ T24] em28xx_init_dev.constprop.0+0xa8b/0x172f [ 39.671898][ T24] ? __dev_printk+0xcf/0xf5 [ 39.676484][ T24] ? _dev_info+0xd7/0x109 [ 39.680938][ T24] ? em28xx_pre_card_setup+0x5c0/0x5c0 [ 39.686408][ T24] ? pm_runtime_enable+0x2a/0x310 [ 39.691551][ T24] ? lockdep_init_map_waits+0x26a/0x700 [ 39.697091][ T24] ? lockdep_init_map_waits+0x26a/0x700 [ 39.702739][ T24] em28xx_usb_probe.cold+0xd76/0x25cf [ 39.708895][ T24] usb_probe_interface+0x315/0x7f0 [ 39.714543][ T24] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 39.719921][ T24] really_probe+0x2b1/0xe40 [ 39.724416][ T24] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 39.730750][ T24] driver_probe_device+0x285/0x3f0 [ 39.737063][ T24] __device_attach_driver+0x216/0x2d0 [ 39.742696][ T24] ? driver_allows_async_probing+0x170/0x170 [ 39.748676][ T24] bus_for_each_drv+0x15f/0x1e0 [ 39.753773][ T24] ? bus_for_each_dev+0x1d0/0x1d0 [ 39.758797][ T24] ? lockdep_hardirqs_on_prepare+0x286/0x3f0 [ 39.764865][ T24] ? trace_hardirqs_on+0x5b/0x1a0 [ 39.771780][ T24] __device_attach+0x228/0x4c0 [ 39.776576][ T24] ? __driver_attach_async_helper+0x380/0x380 [ 39.783075][ T24] ? kobject_uevent_env+0x2bb/0x1680 [ 39.788648][ T24] bus_probe_device+0x1e4/0x290 [ 39.794197][ T24] device_add+0xbc4/0x1d90 [ 39.798616][ T24] ? wait_for_completion_io+0x270/0x270 [ 39.806169][ T24] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 39.812657][ T24] ? lockdep_hardirqs_on_prepare+0x286/0x3f0 [ 39.818706][ T24] ? _raw_spin_unlock_irqrestore+0x34/0x40 [ 39.824554][ T24] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 39.831239][ T24] usb_set_configuration+0x113c/0x1910 [ 39.836687][ T24] usb_generic_driver_probe+0xba/0x100 [ 39.842148][ T24] usb_probe_device+0xd9/0x2c0 [ 39.846928][ T24] ? usb_driver_release_interface+0x180/0x180 [ 39.852979][ T24] really_probe+0x2b1/0xe40 [ 39.857493][ T24] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 39.863911][ T24] driver_probe_device+0x285/0x3f0 [ 39.869039][ T24] __device_attach_driver+0x216/0x2d0 [ 39.874422][ T24] ? driver_allows_async_probing+0x170/0x170 [ 39.880424][ T24] bus_for_each_drv+0x15f/0x1e0 [ 39.885373][ T24] ? bus_for_each_dev+0x1d0/0x1d0 [ 39.890488][ T24] ? lockdep_hardirqs_on_prepare+0x286/0x3f0 [ 39.898717][ T24] ? trace_hardirqs_on+0x5b/0x1a0 [ 39.904645][ T24] __device_attach+0x228/0x4c0 [ 39.909415][ T24] ? __driver_attach_async_helper+0x380/0x380 [ 39.915482][ T24] ? kobject_uevent_env+0x2bb/0x1680 [ 39.920760][ T24] bus_probe_device+0x1e4/0x290 [ 39.925618][ T24] device_add+0xbc4/0x1d90 [ 39.932608][ T24] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 39.938981][ T24] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 39.945238][ T24] usb_new_device.cold+0x725/0x1057 [ 39.950490][ T24] ? hub_disconnect+0x510/0x510 [ 39.955362][ T24] ? rwlock_bug.part.0+0x90/0x90 [ 39.960308][ T24] ? lockdep_hardirqs_on_prepare+0x286/0x3f0 [ 39.966295][ T24] hub_event+0x2348/0x42d0 [ 39.970803][ T24] ? hub_port_debounce+0x3b0/0x3b0 [ 39.975912][ T24] ? __lock_acquire+0x5d1/0x54a0 [ 39.980845][ T24] ? worker_detach_from_pool+0x21/0x310 [ 39.986642][ T24] ? lock_release+0x6e0/0x6e0 [ 39.991419][ T24] ? lock_downgrade+0x6d0/0x6d0 [ 39.997698][ T24] ? do_raw_spin_lock+0x120/0x2b0 [ 40.003252][ T24] process_one_work+0x98d/0x15c0 [ 40.008288][ T24] ? pwq_dec_nr_in_flight+0x320/0x320 [ 40.015407][ T24] ? rwlock_bug.part.0+0x90/0x90 [ 40.020391][ T24] worker_thread+0x82b/0x1120 [ 40.025672][ T24] ? __kthread_parkme+0x118/0x1d0 [ 40.030689][ T24] ? process_one_work+0x15c0/0x15c0 [ 40.035885][ T24] kthread+0x38c/0x460 [ 40.039972][ T24] ? _raw_spin_unlock_irq+0x1f/0x30 [ 40.045529][ T24] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 40.051424][ T24] ret_from_fork+0x1f/0x30 [ 40.056139][ T24] Modules linked in: [ 40.060222][ T24] ---[ end trace 9e7e220c85c48e85 ]--- [ 40.066086][ T24] RIP: 0010:__list_add_valid.cold+0x3a/0x3c [ 40.072237][ T24] Code: 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 e0 c5 3f 86 e8 49 b0 fb ff 0f 0b 48 89 f1 48 c7 c7 60 c5 3f 86 4c 89 e6 e8 35 b0 fb ff <0f> 0b 48 89 ee 48 c7 c7 00 c7 3f 86 e8 24 b0 fb ff 0f 0b 4c 89 ea [ 40.093425][ T24] RSP: 0018:ffffc900001a6f90 EFLAGS: 00010282 [ 40.099693][ T24] RAX: 0000000000000075 RBX: ffff888103b1b000 RCX: 0000000000000000 [ 40.108073][ T24] RDX: ffff8881003219c0 RSI: ffffffff8129ffe3 RDI: fffff52000034de4 [ 40.116334][ T24] RBP: ffff888101f4c250 R08: 0000000000000075 R09: 0000000000000000 [ 40.124793][ T24] R10: ffffffff814a7b5b R11: 0000000000000000 R12: ffffffff884eb1a0 [ 40.136747][ T24] R13: ffff888101f4c000 R14: ffff888101f4c13c R15: ffff888103b1d000 [ 40.145332][ T24] FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 [ 40.155308][ T24] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.163458][ T24] CR2: 000055a8ef303f38 CR3: 00000001011b7000 CR4: 00000000001506e0 [ 40.171528][ T24] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.179550][ T24] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.189572][ T24] Kernel panic - not syncing: Fatal exception [ 40.196405][ T24] Kernel Offset: disabled [ 40.200734][ T24] Rebooting in 86400 seconds..