[ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.73' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 66.650949][ T5] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 67.021039][ T5] usb 1-1: config 0 has an invalid interface number: 108 but max is 0 [ 67.029489][ T5] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 67.041732][ T5] usb 1-1: config 0 has no interface number 0 [ 67.047864][ T5] usb 1-1: config 0 interface 108 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 67.059529][ T5] usb 1-1: New USB device found, idVendor=2040, idProduct=8265, bcdDevice=2f.86 [ 67.068802][ T5] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.081436][ T5] usb 1-1: config 0 descriptor?? [ 67.124849][ T5] em28xx 1-1:0.108: New device @ 480 Mbps (2040:8265, interface 108, class 108) [ 67.134455][ T5] em28xx 1-1:0.108: Audio interface 108 found (Vendor Class) executing program [ 67.401541][ T5] em28xx 1-1:0.108: unknown em28xx chip ID (0) [ 67.421120][ T5] em28xx 1-1:0.108: Config register raw data: 0xfffffffb [ 67.440885][ T5] em28xx 1-1:0.108: AC97 chip type couldn't be determined [ 67.448130][ T5] em28xx 1-1:0.108: No AC97 audio processor [ 67.459024][ T5] em28xx 1-1:0.108: We currently don't support analog TV or stream capture on dual tuners. [ 67.610890][ T5] em28xx 1-1:0.108: unknown em28xx chip ID (0) [ 67.631080][ T5] em28xx 1-1:0.108: Config register raw data: 0xfffffffb [ 67.650824][ T5] em28xx 1-1:0.108: AC97 chip type couldn't be determined [ 67.658007][ T5] em28xx 1-1:0.108: No AC97 audio processor [ 67.909987][ T5] usb 1-1: USB disconnect, device number 2 [ 67.918612][ T5] em28xx 1-1:0.108: Disconnecting em28xx #1 [ 67.924657][ T5] em28xx 1-1:0.108: Disconnecting em28xx [ 67.936494][ T5] em28xx 1-1:0.108: Freeing device [ 67.941999][ T5] em28xx 1-1:0.108: Freeing device [ 68.300685][ T5] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 68.660766][ T5] usb 1-1: config 0 has an invalid interface number: 108 but max is 0 [ 68.669003][ T5] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 68.680652][ T5] usb 1-1: config 0 has no interface number 0 [ 68.686769][ T5] usb 1-1: config 0 interface 108 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 68.699092][ T5] usb 1-1: New USB device found, idVendor=2040, idProduct=8265, bcdDevice=2f.86 [ 68.708818][ T5] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 68.723988][ T5] usb 1-1: config 0 descriptor?? [ 68.765609][ T5] em28xx 1-1:0.108: New device @ 480 Mbps (2040:8265, interface 108, class 108) [ 68.775814][ T5] em28xx 1-1:0.108: Audio interface 108 found (Vendor Class) executing program [ 69.031181][ T5] em28xx 1-1:0.108: unknown em28xx chip ID (0) [ 69.050657][ T5] em28xx 1-1:0.108: Config register raw data: 0xfffffffb [ 69.070748][ T5] em28xx 1-1:0.108: AC97 chip type couldn't be determined [ 69.077901][ T5] em28xx 1-1:0.108: No AC97 audio processor [ 69.088810][ T5] list_add corruption. prev->next should be next (ffffffff8d21eaa0), but was ffffffff814a3b5d. (prev=ffff888015580250). [ 69.102433][ T5] ------------[ cut here ]------------ [ 69.107895][ T5] kernel BUG at lib/list_debug.c:26! [ 69.114043][ T5] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 69.120186][ T5] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.12.0-rc1-syzkaller #0 [ 69.128321][ T5] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.138388][ T5] Workqueue: usb_hub_wq hub_event [ 69.143424][ T5] RIP: 0010:__list_add_valid.cold+0x3a/0x3c [ 69.149319][ T5] Code: 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 80 4b bf 89 e8 cd 1c f3 ff 0f 0b 48 89 f1 48 c7 c7 00 4b bf 89 4c 89 e6 e8 b9 1c f3 ff <0f> 0b 48 89 ee 48 c7 c7 a0 4c bf 89 e8 a8 1c f3 ff 0f 0b 4c 89 ea [ 69.168907][ T5] RSP: 0018:ffffc90000ca6fa0 EFLAGS: 00010282 [ 69.174958][ T5] RAX: 0000000000000075 RBX: ffff88801bc8e000 RCX: 0000000000000000 [ 69.182922][ T5] RDX: ffff888011530000 RSI: ffffffff815bd175 RDI: fffff52000194de6 [ 69.190885][ T5] RBP: ffff8880252b0250 R08: 0000000000000075 R09: 0000000000000000 [ 69.198858][ T5] R10: ffffffff815b624e R11: 0000000000000000 R12: ffffffff8d21eaa0 [ 69.206812][ T5] R13: ffff8880252b0000 R14: ffff8880252b013c R15: ffff88801bc8f000 [ 69.214770][ T5] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 69.223707][ T5] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.230456][ T5] CR2: 00007f30c3bf6000 CR3: 0000000025d22000 CR4: 00000000001506f0 [ 69.238429][ T5] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.246393][ T5] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.254351][ T5] Call Trace: [ 69.257617][ T5] em28xx_init_extension+0x44/0x1f0 [ 69.262803][ T5] em28xx_init_dev.constprop.0+0xa8b/0x172f [ 69.268680][ T5] ? __dev_printk+0xcf/0xf5 [ 69.273167][ T5] ? _dev_info+0xd7/0x109 [ 69.277477][ T5] ? em28xx_pre_card_setup+0x5c0/0x5c0 [ 69.282920][ T5] ? lockdep_init_map_type+0x2c3/0x7a0 [ 69.288363][ T5] ? lockdep_init_map_type+0x2c3/0x7a0 [ 69.293803][ T5] ? __raw_spin_lock_init+0x36/0x110 [ 69.299071][ T5] em28xx_usb_probe.cold+0xc23/0x2589 [ 69.304447][ T5] usb_probe_interface+0x315/0x7f0 [ 69.309557][ T5] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 69.314910][ T5] really_probe+0x291/0xe60 [ 69.319400][ T5] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 69.325641][ T5] driver_probe_device+0x26b/0x3d0 [ 69.330743][ T5] __device_attach_driver+0x1d1/0x290 [ 69.336108][ T5] ? driver_allows_async_probing+0x150/0x150 [ 69.342083][ T5] bus_for_each_drv+0x15f/0x1e0 [ 69.346994][ T5] ? bus_for_each_dev+0x1d0/0x1d0 [ 69.352005][ T5] ? _raw_spin_unlock_irqrestore+0x28/0x50 [ 69.357806][ T5] ? lockdep_hardirqs_on+0x79/0x100 [ 69.362988][ T5] ? _raw_spin_unlock_irqrestore+0x33/0x50 [ 69.368780][ T5] __device_attach+0x228/0x4a0 [ 69.373531][ T5] ? __driver_attach_async_helper+0x330/0x330 [ 69.379581][ T5] ? kobject_uevent_env+0x2bb/0x1680 [ 69.384857][ T5] bus_probe_device+0x1e4/0x290 [ 69.389696][ T5] device_add+0xbdb/0x1db0 [ 69.394100][ T5] ? wait_for_completion_io+0x270/0x270 [ 69.399635][ T5] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 69.405862][ T5] ? _raw_spin_unlock_irqrestore+0x28/0x50 [ 69.411658][ T5] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 69.417885][ T5] usb_set_configuration+0x113f/0x1910 [ 69.423340][ T5] usb_generic_driver_probe+0xba/0x100 [ 69.428805][ T5] usb_probe_device+0xd9/0x2c0 [ 69.433555][ T5] ? usb_driver_release_interface+0x180/0x180 [ 69.439607][ T5] really_probe+0x291/0xe60 [ 69.444094][ T5] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 69.450322][ T5] driver_probe_device+0x26b/0x3d0 [ 69.455422][ T5] __device_attach_driver+0x1d1/0x290 [ 69.460794][ T5] ? driver_allows_async_probing+0x150/0x150 [ 69.466756][ T5] bus_for_each_drv+0x15f/0x1e0 [ 69.471592][ T5] ? bus_for_each_dev+0x1d0/0x1d0 [ 69.476599][ T5] ? _raw_spin_unlock_irqrestore+0x28/0x50 [ 69.482494][ T5] ? lockdep_hardirqs_on+0x79/0x100 [ 69.487674][ T5] ? _raw_spin_unlock_irqrestore+0x33/0x50 [ 69.493461][ T5] __device_attach+0x228/0x4a0 [ 69.498240][ T5] ? __driver_attach_async_helper+0x330/0x330 [ 69.504288][ T5] ? kobject_uevent_env+0x2bb/0x1680 [ 69.509554][ T5] bus_probe_device+0x1e4/0x290 [ 69.514386][ T5] device_add+0xbdb/0x1db0 [ 69.518784][ T5] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 69.525007][ T5] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 69.531235][ T5] usb_new_device.cold+0x721/0x1058 [ 69.536440][ T5] ? hub_disconnect+0x510/0x510 [ 69.541288][ T5] ? rwlock_bug.part.0+0x90/0x90 [ 69.546213][ T5] ? _raw_spin_unlock_irq+0x1f/0x40 [ 69.551396][ T5] hub_event+0x2357/0x4320 [ 69.555799][ T5] ? hub_port_debounce+0x3c0/0x3c0 [ 69.560892][ T5] ? lock_acquire+0x1bb/0x730 [ 69.565551][ T5] ? lock_release+0x710/0x710 [ 69.570315][ T5] ? lock_downgrade+0x6d0/0x6d0 [ 69.575179][ T5] ? do_raw_spin_lock+0x120/0x2b0 [ 69.580187][ T5] ? lock_is_held_type+0xd5/0x130 [ 69.585196][ T5] process_one_work+0x98d/0x1600 [ 69.590132][ T5] ? pwq_dec_nr_in_flight+0x320/0x320 [ 69.595499][ T5] ? rwlock_bug.part.0+0x90/0x90 [ 69.600423][ T5] ? _raw_spin_lock_irq+0x41/0x50 [ 69.605441][ T5] worker_thread+0x82b/0x1120 [ 69.610116][ T5] ? process_one_work+0x1600/0x1600 [ 69.615298][ T5] kthread+0x3b1/0x4a0 [ 69.619360][ T5] ? __kthread_bind_mask+0xc0/0xc0 [ 69.624454][ T5] ret_from_fork+0x1f/0x30 [ 69.628861][ T5] Modules linked in: [ 69.640448][ T5] ---[ end trace c4cef255a10bcdd1 ]--- [ 69.645924][ T5] RIP: 0010:__list_add_valid.cold+0x3a/0x3c [ 69.652020][ T5] Code: 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 80 4b bf 89 e8 cd 1c f3 ff 0f 0b 48 89 f1 48 c7 c7 00 4b bf 89 4c 89 e6 e8 b9 1c f3 ff <0f> 0b 48 89 ee 48 c7 c7 a0 4c bf 89 e8 a8 1c f3 ff 0f 0b 4c 89 ea [ 69.671688][ T5] RSP: 0018:ffffc90000ca6fa0 EFLAGS: 00010282 [ 69.677751][ T5] RAX: 0000000000000075 RBX: ffff88801bc8e000 RCX: 0000000000000000 [ 69.685748][ T5] RDX: ffff888011530000 RSI: ffffffff815bd175 RDI: fffff52000194de6 [ 69.693764][ T5] RBP: ffff8880252b0250 R08: 0000000000000075 R09: 0000000000000000 [ 69.701753][ T5] R10: ffffffff815b624e R11: 0000000000000000 R12: ffffffff8d21eaa0 [ 69.709718][ T5] R13: ffff8880252b0000 R14: ffff8880252b013c R15: ffff88801bc8f000 [ 69.717711][ T5] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 69.726668][ T5] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.733294][ T5] CR2: 00007f30c3bfb000 CR3: 0000000025d22000 CR4: 00000000001506f0 [ 69.741310][ T5] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.749292][ T5] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.757548][ T5] Kernel panic - not syncing: Fatal exception [ 69.764342][ T5] Kernel Offset: disabled [ 69.768650][ T5] Rebooting in 86400 seconds..