dhcpcd-9.4.0 starting dev: loaded udev DUID 00:04:60:53:42:71:88:b7:f6:77:35:a2:41:23:0b:7b:f3:52 forked to background, child pid 1218 Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.79' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 29.976165][ T582] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 30.336196][ T582] usb 1-1: config 0 has an invalid interface number: 120 but max is 0 [ 30.336215][ T582] usb 1-1: config 0 contains an unexpected descriptor of type 0x1, skipping [ 30.336227][ T582] usb 1-1: config 0 has no interface number 0 [ 30.336268][ T582] usb 1-1: config 0 interface 120 altsetting 6 has an invalid endpoint with address 0x80, skipping [ 30.336284][ T582] usb 1-1: config 0 interface 120 altsetting 6 has a duplicate endpoint with address 0xF, skipping [ 30.336316][ T582] usb 1-1: config 0 interface 120 altsetting 6 has a duplicate endpoint with address 0xD, skipping [ 30.336330][ T582] usb 1-1: config 0 interface 120 has no altsetting 0 [ 30.496220][ T582] usb 1-1: New USB device found, idVendor=182d, idProduct=021c, bcdDevice=bd.3f [ 30.496264][ T582] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 30.496277][ T582] usb 1-1: Product: syz [ 30.496286][ T582] usb 1-1: Manufacturer: syz [ 30.496295][ T582] usb 1-1: SerialNumber: syz [ 30.498043][ T582] usb 1-1: config 0 descriptor?? executing program [ 30.817601][ T582] usb 1-1: USB2VGA dongle found at address 2 [ 30.820392][ T582] usb 1-1: Allocated 8 output buffers [ 30.820413][ T582] ------------[ cut here ]------------ [ 30.820419][ T582] usb 1-1: BOGUS urb xfer, pipe 3 != type 1 [ 30.820663][ T582] WARNING: CPU: 1 PID: 582 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 [ 30.852994][ T582] Modules linked in: [ 30.856947][ T582] CPU: 1 PID: 582 Comm: kworker/1:2 Not tainted 5.19.0-rc1-syzkaller-00044-g477122a1eec3 #0 [ 30.867110][ T582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.877253][ T582] Workqueue: usb_hub_wq hub_event [ 30.882303][ T582] RIP: 0010:usb_submit_urb+0xed2/0x18a0 [ 30.887937][ T582] Code: 7c 24 18 e8 b0 42 8f fd 48 8b 7c 24 18 e8 46 41 18 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 80 17 a9 86 e8 06 f1 09 02 <0f> 0b e9 58 f8 ff ff e8 82 42 8f fd 48 81 c5 b8 05 00 00 e9 84 f7 [ 30.907645][ T582] RSP: 0018:ffffc9000263ed30 EFLAGS: 00010282 [ 30.913727][ T582] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 30.921759][ T582] RDX: ffff88810f755580 RSI: ffffffff812c1fc8 RDI: fffff520004c7d98 [ 30.929834][ T582] RBP: ffff888109133940 R08: 0000000000000005 R09: 0000000000000000 [ 30.937888][ T582] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000003 [ 30.945874][ T582] R13: ffff88811b08bf50 R14: 0000000000000003 R15: ffff8881009e9f00 [ 30.954188][ T582] FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 [ 30.963180][ T582] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.969844][ T582] CR2: 00007ffc99c114a8 CR3: 000000010d1cd000 CR4: 00000000003506e0 [ 30.977904][ T582] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.977904][ T582] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.977940][ T582] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.977960][ T582] Call Trace: [ 30.977971][ T582] [ 30.977985][ T582] sisusb_send_bulk_msg.constprop.0+0x904/0x1230 [ 30.978031][ T582] ? sisusb_recv_bulk_msg.constprop.0+0x850/0x850 [ 30.978065][ T582] ? kasan_save_stack+0x2e/0x40 [ 30.978095][ T582] ? kasan_save_stack+0x1e/0x40 [ 30.978125][ T582] ? __kasan_kmalloc+0x81/0xa0 [ 30.978154][ T582] ? usb_alloc_urb+0xa5/0xb0 [ 30.978179][ T582] ? dev_printk_emit+0xba/0xf1 [ 30.978209][ T582] sisusb_init_gfxdevice+0x87b/0x4000 [ 30.978236][ T582] ? device_add+0xbda/0x1ea0 [ 30.978261][ T582] ? usb_new_device.cold+0x641/0x1091 [ 30.978292][ T582] ? hub_event+0x25d5/0x4690 [ 30.978322][ T582] ? worker_thread+0x665/0x1080 [ 30.978351][ T582] ? ret_from_fork+0x1f/0x30 [ 30.978379][ T582] ? __dev_printk+0xcf/0xf5 [ 30.978405][ T582] ? sisusb_set_default_mode+0xbc0/0xbc0 [ 30.978432][ T582] ? _dev_info+0xd7/0x109 [ 30.978457][ T582] ? _dev_notice+0x109/0x109 [ 30.978485][ T582] ? perf_trace_irq_matrix_global+0x2c0/0x610 [ 30.978519][ T582] ? lockdep_init_map_type+0x21a/0x7f0 [ 30.978549][ T582] ? kobject_get+0xbc/0x150 [ 30.978575][ T582] sisusb_probe+0x9ce/0xbe3 [ 30.978607][ T582] usb_probe_interface+0x315/0x7f0 [ 30.978637][ T582] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 30.978666][ T582] really_probe+0x23e/0xb90 [ 30.978694][ T582] __driver_probe_device+0x338/0x4d0 [ 30.978721][ T582] ? usb_match_id.part.0+0x15d/0x1b0 [ 30.978750][ T582] driver_probe_device+0x4c/0x1a0 [ 30.978778][ T582] __device_attach_driver+0x20b/0x2f0 [ 30.978814][ T582] ? driver_allows_async_probing+0x170/0x170 [ 30.978844][ T582] bus_for_each_drv+0x15f/0x1e0 [ 30.978870][ T582] ? bus_for_each_dev+0x1d0/0x1d0 [ 30.978895][ T582] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 30.978929][ T582] ? lockdep_hardirqs_on+0x79/0x100 [ 30.978956][ T582] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 30.978989][ T582] __device_attach+0x1e4/0x530 [ 30.979017][ T582] ? device_driver_attach+0x210/0x210 [ 30.979046][ T582] ? kobject_uevent_env+0x2ac/0x1660 [ 30.979073][ T582] bus_probe_device+0x1e4/0x290 [ 30.979101][ T582] device_add+0xbda/0x1ea0 [ 30.979126][ T582] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 30.979154][ T582] ? usb_cache_string+0x102/0x140 [ 30.979180][ T582] ? usb_string+0x3d4/0x530 [ 30.979206][ T582] usb_set_configuration+0x101e/0x1900 [ 30.979238][ T582] usb_generic_driver_probe+0xba/0x100 [ 30.979266][ T582] usb_probe_device+0xd9/0x2c0 [ 30.979293][ T582] ? usb_driver_release_interface+0x180/0x180 [ 30.979324][ T582] really_probe+0x23e/0xb90 [ 30.979351][ T582] __driver_probe_device+0x338/0x4d0 [ 30.979380][ T582] driver_probe_device+0x4c/0x1a0 [ 30.979408][ T582] __device_attach_driver+0x20b/0x2f0 [ 30.979438][ T582] ? driver_allows_async_probing+0x170/0x170 [ 30.979467][ T582] bus_for_each_drv+0x15f/0x1e0 [ 30.979494][ T582] ? bus_for_each_dev+0x1d0/0x1d0 [ 30.979519][ T582] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 30.979552][ T582] ? lockdep_hardirqs_on+0x79/0x100 [ 30.979579][ T582] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 30.979613][ T582] __device_attach+0x1e4/0x530 [ 30.979640][ T582] ? device_driver_attach+0x210/0x210 [ 30.979669][ T582] ? kobject_uevent_env+0x2ac/0x1660 [ 30.979697][ T582] bus_probe_device+0x1e4/0x290 [ 30.979725][ T582] device_add+0xbda/0x1ea0 [ 30.979750][ T582] ? lockdep_hardirqs_on+0x79/0x100 [ 30.979776][ T582] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 30.979813][ T582] ? add_device_randomness+0xb4/0xe0 [ 30.979848][ T582] usb_new_device.cold+0x641/0x1091 [ 30.979880][ T582] ? hub_disconnect+0x510/0x510 [ 30.979910][ T582] ? rwlock_bug.part.0+0x90/0x90 [ 30.979939][ T582] ? _raw_spin_unlock_irq+0x1f/0x40 [ 30.979971][ T582] ? _raw_spin_unlock_irq+0x1f/0x40 [ 30.980004][ T582] hub_event+0x25d5/0x4690 [ 30.980039][ T582] ? hub_port_debounce+0x3c0/0x3c0 [ 30.980071][ T582] ? lock_release+0x780/0x780 [ 30.980098][ T582] ? lock_downgrade+0x6e0/0x6e0 [ 30.980126][ T582] ? do_raw_spin_lock+0x120/0x2a0 [ 30.980158][ T582] process_one_work+0x996/0x1610 [ 30.980188][ T582] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 30.980218][ T582] ? rwlock_bug.part.0+0x90/0x90 [ 30.980247][ T582] ? _raw_spin_lock_irq+0x41/0x50 [ 30.980280][ T582] worker_thread+0x665/0x1080 [ 30.980310][ T582] ? __kthread_parkme+0x15f/0x220 [ 30.980335][ T582] ? process_one_work+0x1610/0x1610 [ 30.980364][ T582] kthread+0x2ef/0x3a0 [ 30.980389][ T582] ? kthread_complete_and_exit+0x40/0x40 [ 30.980417][ T582] ret_from_fork+0x1f/0x30 [ 30.980446][ T582] [ 30.980460][ T582] Kernel panic - not syncing: panic_on_warn set ... [ 30.980472][ T582] CPU: 1 PID: 582 Comm: kworker/1:2 Not tainted 5.19.0-rc1-syzkaller-00044-g477122a1eec3 #0 [ 30.980499][ T582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.980517][ T582] Workqueue: usb_hub_wq hub_event [ 30.980546][ T582] Call Trace: [ 30.980555][ T582] [ 30.980563][ T582] dump_stack_lvl+0xcd/0x134 [ 30.980588][ T582] panic+0x2d7/0x636 [ 30.980613][ T582] ? panic_print_sys_info.part.0+0x10b/0x10b [ 30.980642][ T582] ? __warn.cold+0x1d9/0x2cd [ 30.980668][ T582] ? usb_submit_urb+0xed2/0x18a0 [ 30.980692][ T582] __warn.cold+0x1ea/0x2cd [ 30.980717][ T582] ? __wake_up_klogd.part.0+0x99/0xf0 [ 30.980744][ T582] ? usb_submit_urb+0xed2/0x18a0 [ 30.980768][ T582] report_bug+0x1bc/0x210 [ 30.980800][ T582] handle_bug+0x3c/0x60 [ 30.980828][ T582] exc_invalid_op+0x14/0x40 [ 30.980856][ T582] asm_exc_invalid_op+0x1b/0x20 [ 30.980880][ T582] RIP: 0010:usb_submit_urb+0xed2/0x18a0 [ 30.980906][ T582] Code: 7c 24 18 e8 b0 42 8f fd 48 8b 7c 24 18 e8 46 41 18 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 80 17 a9 86 e8 06 f1 09 02 <0f> 0b e9 58 f8 ff ff e8 82 42 8f fd 48 81 c5 b8 05 00 00 e9 84 f7 [ 30.980929][ T582] RSP: 0018:ffffc9000263ed30 EFLAGS: 00010282 [ 30.980951][ T582] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 30.980967][ T582] RDX: ffff88810f755580 RSI: ffffffff812c1fc8 RDI: fffff520004c7d98 [ 30.980985][ T582] RBP: ffff888109133940 R08: 0000000000000005 R09: 0000000000000000 [ 30.981002][ T582] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000003 [ 30.981017][ T582] R13: ffff88811b08bf50 R14: 0000000000000003 R15: ffff8881009e9f00 [ 30.981036][ T582] ? vprintk+0x88/0x90 [ 30.981064][ T582] sisusb_send_bulk_msg.constprop.0+0x904/0x1230 [ 30.981099][ T582] ? sisusb_recv_bulk_msg.constprop.0+0x850/0x850 [ 30.981131][ T582] ? kasan_save_stack+0x2e/0x40 [ 30.981158][ T582] ? kasan_save_stack+0x1e/0x40 [ 30.981184][ T582] ? __kasan_kmalloc+0x81/0xa0 [ 30.981211][ T582] ? usb_alloc_urb+0xa5/0xb0 [ 30.981233][ T582] ? dev_printk_emit+0xba/0xf1 [ 30.981258][ T582] sisusb_init_gfxdevice+0x87b/0x4000 [ 30.981282][ T582] ? device_add+0xbda/0x1ea0 [ 30.981303][ T582] ? usb_new_device.cold+0x641/0x1091 [ 30.981331][ T582] ? hub_event+0x25d5/0x4690 [ 30.981358][ T582] ? worker_thread+0x665/0x1080 [ 30.981383][ T582] ? ret_from_fork+0x1f/0x30 [ 30.981408][ T582] ? __dev_printk+0xcf/0xf5 [ 30.981432][ T582] ? sisusb_set_default_mode+0xbc0/0xbc0 [ 30.981456][ T582] ? _dev_info+0xd7/0x109 [ 30.981480][ T582] ? _dev_notice+0x109/0x109 [ 30.981505][ T582] ? perf_trace_irq_matrix_global+0x2c0/0x610 [ 30.981536][ T582] ? lockdep_init_map_type+0x21a/0x7f0 [ 30.981564][ T582] ? kobject_get+0xbc/0x150 [ 30.981586][ T582] sisusb_probe+0x9ce/0xbe3 [ 30.981616][ T582] usb_probe_interface+0x315/0x7f0 [ 30.981643][ T582] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 30.981669][ T582] really_probe+0x23e/0xb90 [ 30.981694][ T582] __driver_probe_device+0x338/0x4d0 [ 30.981719][ T582] ? usb_match_id.part.0+0x15d/0x1b0 [ 30.981746][ T582] driver_probe_device+0x4c/0x1a0 [ 30.981772][ T582] __device_attach_driver+0x20b/0x2f0 [ 30.981804][ T582] ? driver_allows_async_probing+0x170/0x170 [ 30.981831][ T582] bus_for_each_drv+0x15f/0x1e0 [ 30.981854][ T582] ? bus_for_each_dev+0x1d0/0x1d0 [ 30.981877][ T582] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 30.981908][ T582] ? lockdep_hardirqs_on+0x79/0x100 [ 30.981932][ T582] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 30.981964][ T582] __device_attach+0x1e4/0x530 [ 30.981989][ T582] ? device_driver_attach+0x210/0x210 [ 30.982015][ T582] ? kobject_uevent_env+0x2ac/0x1660 [ 30.982040][ T582] bus_probe_device+0x1e4/0x290 [ 30.982065][ T582] device_add+0xbda/0x1ea0 [ 30.982088][ T582] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 30.982113][ T582] ? usb_cache_string+0x102/0x140 [ 30.982137][ T582] ? usb_string+0x3d4/0x530 [ 30.982162][ T582] usb_set_configuration+0x101e/0x1900 [ 30.982191][ T582] usb_generic_driver_probe+0xba/0x100 [ 30.982216][ T582] usb_probe_device+0xd9/0x2c0 [ 30.982242][ T582] ? usb_driver_release_interface+0x180/0x180 [ 30.982269][ T582] really_probe+0x23e/0xb90 [ 30.982294][ T582] __driver_probe_device+0x338/0x4d0 [ 30.982320][ T582] driver_probe_device+0x4c/0x1a0 [ 30.982345][ T582] __device_attach_driver+0x20b/0x2f0 [ 30.982372][ T582] ? driver_allows_async_probing+0x170/0x170 [ 30.982399][ T582] bus_for_each_drv+0x15f/0x1e0 [ 30.982422][ T582] ? bus_for_each_dev+0x1d0/0x1d0 [ 30.982445][ T582] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 30.982476][ T582] ? lockdep_hardirqs_on+0x79/0x100 [ 30.982499][ T582] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 30.982530][ T582] __device_attach+0x1e4/0x530 [ 30.982555][ T582] ? device_driver_attach+0x210/0x210 [ 30.982581][ T582] ? kobject_uevent_env+0x2ac/0x1660 [ 30.982606][ T582] bus_probe_device+0x1e4/0x290 [ 30.982631][ T582] device_add+0xbda/0x1ea0 [ 30.982653][ T582] ? lockdep_hardirqs_on+0x79/0x100 [ 30.982677][ T582] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0 [ 30.982702][ T582] ? add_device_randomness+0xb4/0xe0 [ 30.982734][ T582] usb_new_device.cold+0x641/0x1091 [ 30.982763][ T582] ? hub_disconnect+0x510/0x510 [ 30.982795][ T582] ? rwlock_bug.part.0+0x90/0x90 [ 30.982822][ T582] ? _raw_spin_unlock_irq+0x1f/0x40 [ 30.982851][ T582] ? _raw_spin_unlock_irq+0x1f/0x40 [ 30.982881][ T582] hub_event+0x25d5/0x4690 [ 30.982912][ T582] ? hub_port_debounce+0x3c0/0x3c0 [ 30.982942][ T582] ? lock_release+0x780/0x780 [ 30.982966][ T582] ? lock_downgrade+0x6e0/0x6e0 [ 30.982991][ T582] ? do_raw_spin_lock+0x120/0x2a0 [ 30.983020][ T582] process_one_work+0x996/0x1610 [ 30.983047][ T582] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 30.983075][ T582] ? rwlock_bug.part.0+0x90/0x90 [ 30.983101][ T582] ? _raw_spin_lock_irq+0x41/0x50 [ 30.983130][ T582] worker_thread+0x665/0x1080 [ 30.983158][ T582] ? __kthread_parkme+0x15f/0x220 [ 30.983180][ T582] ? process_one_work+0x1610/0x1610 [ 30.983207][ T582] kthread+0x2ef/0x3a0 [ 30.983229][ T582] ? kthread_complete_and_exit+0x40/0x40 [ 30.983255][ T582] ret_from_fork+0x1f/0x30 [ 30.983280][ T582] [ 30.986027][ T582] Kernel Offset: disabled