Warning: Permanently added '10.128.0.192' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 36.511762][ T1546] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 36.751633][ T1546] usb 1-1: Using ep0 maxpacket: 32 [ 36.871718][ T1546] usb 1-1: config 8 has an invalid interface number: 40 but max is 2 [ 36.880137][ T1546] usb 1-1: config 8 has an invalid interface number: 150 but max is 2 [ 36.888403][ T1546] usb 1-1: config 8 contains an unexpected descriptor of type 0x2, skipping [ 36.897166][ T1546] usb 1-1: config 8 has an invalid interface number: 21 but max is 2 [ 36.905362][ T1546] usb 1-1: config 8 contains an unexpected descriptor of type 0x2, skipping [ 36.914132][ T1546] usb 1-1: config 8 has no interface number 0 [ 36.920211][ T1546] usb 1-1: config 8 has no interface number 1 [ 36.926348][ T1546] usb 1-1: config 8 has no interface number 2 [ 36.932606][ T1546] usb 1-1: config 8 interface 40 altsetting 0 endpoint 0x8D has invalid maxpacket 512, setting to 64 [ 36.943600][ T1546] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0xD, skipping [ 36.954402][ T1546] usb 1-1: config 8 interface 150 altsetting 5 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 36.965456][ T1546] usb 1-1: config 8 interface 150 altsetting 5 endpoint 0x5 has invalid maxpacket 1023, setting to 64 [ 36.976511][ T1546] usb 1-1: config 8 interface 150 altsetting 5 bulk endpoint 0xB has invalid maxpacket 1024 [ 36.986692][ T1546] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0xB, skipping [ 36.997486][ T1546] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0x6, skipping [ 37.008261][ T1546] usb 1-1: config 8 interface 150 altsetting 5 endpoint 0x7 has an invalid bInterval 128, changing to 7 [ 37.019470][ T1546] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0x8, skipping [ 37.030246][ T1546] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0x7, skipping [ 37.041035][ T1546] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0x5, skipping [ 37.051833][ T1546] usb 1-1: config 8 interface 150 altsetting 5 has an invalid endpoint with address 0x80, skipping [ 37.062641][ T1546] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0xC, skipping [ 37.073410][ T1546] usb 1-1: config 8 interface 21 altsetting 128 bulk endpoint 0x4 has invalid maxpacket 32 [ 37.083543][ T1546] usb 1-1: config 8 interface 21 altsetting 128 has an invalid endpoint with address 0x80, skipping [ 37.094407][ T1546] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0xC, skipping [ 37.105260][ T1546] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0x6, skipping [ 37.116123][ T1546] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0xD, skipping [ 37.126983][ T1546] usb 1-1: config 8 interface 21 altsetting 128 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 37.138122][ T1546] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0x8, skipping [ 37.149022][ T1546] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0xA, skipping [ 37.159891][ T1546] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0x8, skipping [ 37.170764][ T1546] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0xD, skipping [ 37.181676][ T1546] usb 1-1: config 8 interface 150 has no altsetting 0 [ 37.188458][ T1546] usb 1-1: config 8 interface 21 has no altsetting 0 [ 37.351602][ T1546] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9170, bcdDevice=be.33 [ 37.360692][ T1546] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.368814][ T1546] usb 1-1: Product: syz [ 37.373061][ T1546] usb 1-1: Manufacturer: syz [ 37.377657][ T1546] usb 1-1: SerialNumber: syz executing program [ 38.112620][ T1546] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 38.351196][ T1546] usb 1-1: Using ep0 maxpacket: 32 [ 38.967297][ T7] usb 1-1: Direct firmware load for carl9170-1.fw failed with error -2 [ 38.975830][ T7] usb 1-1: firmware not found. [ 38.981301][ T1546] ------------[ cut here ]------------ [ 38.986885][ T1546] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 38.993175][ T1546] WARNING: CPU: 0 PID: 1546 at drivers/usb/core/urb.c:493 usb_submit_urb+0xd27/0x1540 [ 39.002841][ T1546] Modules linked in: [ 39.006757][ T1546] CPU: 0 PID: 1546 Comm: kworker/0:2 Not tainted 5.11.0-rc1-syzkaller #0 [ 39.015238][ T1546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.025503][ T1546] Workqueue: usb_hub_wq hub_event [ 39.030629][ T1546] RIP: 0010:usb_submit_urb+0xd27/0x1540 [ 39.036284][ T1546] Code: 84 d4 02 00 00 e8 79 5d bb fd 4c 89 ef e8 01 50 1d ff 41 89 d8 44 89 e1 4c 89 f2 48 89 c6 48 c7 c7 e0 6b 61 86 e8 ca 4b f9 01 <0f> 0b e9 81 f8 ff ff e8 4d 5d bb fd 48 81 c5 30 06 00 00 e9 ad f7 [ 39.056036][ T1546] RSP: 0018:ffffc90004b46ef0 EFLAGS: 00010282 [ 39.062203][ T1546] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 39.070207][ T1546] RDX: ffff8881058cd040 RSI: ffffffff812996d3 RDI: fffff52000968dd0 [ 39.078303][ T1546] RBP: ffff888101d91800 R08: 0000000000000001 R09: 0000000000000000 [ 39.086408][ T1546] R10: ffffffff8149b86b R11: 0000000000000000 R12: 0000000000000001 [ 39.094487][ T1546] R13: ffff888113f730a0 R14: ffff8881038dacf8 R15: ffff888103780700 [ 39.102558][ T1546] FS: 0000000000000000(0000) GS:ffff8881f6a00000(0000) knlGS:0000000000000000 [ 39.111578][ T1546] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.118193][ T1546] CR2: 00000000006d1090 CR3: 0000000101d28000 CR4: 00000000001506f0 [ 39.126243][ T1546] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 39.134322][ T1546] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 39.142410][ T1546] Call Trace: [ 39.145717][ T1546] ? _raw_spin_unlock_irqrestore+0x34/0x40 [ 39.151609][ T1546] ? trace_hardirqs_on+0x5b/0x1a0 [ 39.156664][ T1546] carl9170_usb_submit_cmd_urb+0x7e/0x130 [ 39.162488][ T1546] __carl9170_exec_cmd+0x30b/0x5b0 executing program [ 39.167654][ T1546] carl9170_reboot+0xaf/0xf0 [ 39.172377][ T1546] carl9170_usb_disconnect+0x141/0x190 [ 39.177871][ T1546] usb_unbind_interface+0x1d8/0x8d0 [ 39.183189][ T1546] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 39.188941][ T1546] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 39.194634][ T1546] ? usb_unbind_device+0x1a0/0x1a0 [ 39.199770][ T1546] __device_release_driver+0x3bd/0x6f0 [ 39.205399][ T1546] device_release_driver+0x26/0x40 [ 39.210547][ T1546] usb_forced_unbind_intf+0x180/0x220 [ 39.216136][ T1546] usb_reset_device+0x397/0x9a0 [ 39.221101][ T1546] carl9170_usb_probe+0x48/0xd30 [ 39.226078][ T1546] usb_probe_interface+0x315/0x7f0 [ 39.231355][ T1546] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 39.236806][ T1546] really_probe+0x291/0xde0 [ 39.241404][ T1546] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 39.247729][ T1546] driver_probe_device+0x26b/0x3d0 [ 39.252927][ T1546] __device_attach_driver+0x1d1/0x290 [ 39.258373][ T1546] ? driver_allows_async_probing+0x150/0x150 [ 39.264442][ T1546] bus_for_each_drv+0x15f/0x1e0 [ 39.269332][ T1546] ? bus_for_each_dev+0x1d0/0x1d0 [ 39.274470][ T1546] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 39.280493][ T1546] ? trace_hardirqs_on+0x5b/0x1a0 [ 39.285609][ T1546] __device_attach+0x228/0x4a0 [ 39.290423][ T1546] ? __driver_attach_async_helper+0x330/0x330 [ 39.296615][ T1546] ? kobject_uevent_env+0x2bb/0x1680 [ 39.301985][ T1546] bus_probe_device+0x1e4/0x290 [ 39.306954][ T1546] device_add+0xbc4/0x1d90 [ 39.311463][ T1546] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 39.317746][ T1546] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 39.324067][ T1546] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 39.329816][ T1546] ? create_intf_ep_devs.isra.0+0x18d/0x1f0 [ 39.335790][ T1546] usb_set_configuration+0x113c/0x1910 [ 39.341352][ T1546] usb_generic_driver_probe+0xba/0x100 [ 39.346852][ T1546] usb_probe_device+0xd9/0x2c0 [ 39.351689][ T1546] ? usb_driver_release_interface+0x180/0x180 [ 39.357788][ T1546] really_probe+0x291/0xde0 [ 39.362387][ T1546] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 39.368670][ T1546] driver_probe_device+0x26b/0x3d0 [ 39.373883][ T1546] __device_attach_driver+0x1d1/0x290 [ 39.379291][ T1546] ? driver_allows_async_probing+0x150/0x150 [ 39.385347][ T1546] bus_for_each_drv+0x15f/0x1e0 [ 39.390218][ T1546] ? bus_for_each_dev+0x1d0/0x1d0 [ 39.395354][ T1546] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 39.401429][ T1546] ? trace_hardirqs_on+0x5b/0x1a0 [ 39.406473][ T1546] __device_attach+0x228/0x4a0 [ 39.411324][ T1546] ? __driver_attach_async_helper+0x330/0x330 [ 39.417417][ T1546] ? kobject_uevent_env+0x2bb/0x1680 [ 39.422800][ T1546] bus_probe_device+0x1e4/0x290 [ 39.427683][ T1546] device_add+0xbc4/0x1d90 [ 39.432201][ T1546] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 39.438481][ T1546] ? kfree+0xdb/0x390 [ 39.442550][ T1546] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 39.448812][ T1546] usb_new_device.cold+0x725/0x1057 [ 39.454089][ T1546] ? hub_disconnect+0x510/0x510 [ 39.458962][ T1546] ? rwlock_bug.part.0+0x90/0x90 [ 39.463994][ T1546] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 39.470223][ T1546] hub_event+0x2348/0x42d0 [ 39.474751][ T1546] ? hub_port_debounce+0x3b0/0x3b0 [ 39.479912][ T1546] ? lock_acquire+0xf1/0x700 [ 39.484577][ T1546] ? flush_workqueue+0x6d0/0x13e0 [ 39.489646][ T1546] ? lock_release+0x6d0/0x6d0 [ 39.494405][ T1546] ? lock_downgrade+0x6d0/0x6d0 [ 39.499287][ T1546] ? do_raw_spin_lock+0x120/0x2b0 [ 39.504402][ T1546] process_one_work+0x98d/0x1580 [ 39.509410][ T1546] ? pwq_dec_nr_in_flight+0x320/0x320 [ 39.514861][ T1546] ? rwlock_bug.part.0+0x90/0x90 [ 39.519832][ T1546] worker_thread+0x64c/0x1120 [ 39.524587][ T1546] ? __kthread_parkme+0x118/0x1d0 [ 39.529637][ T1546] ? process_one_work+0x1580/0x1580 [ 39.534911][ T1546] kthread+0x38c/0x460 [ 39.539104][ T1546] ? _raw_spin_unlock_irq+0x1f/0x30 [ 39.544375][ T1546] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 39.550304][ T1546] ret_from_fork+0x1f/0x30 [ 39.554807][ T1546] Kernel panic - not syncing: panic_on_warn set ... [ 39.561401][ T1546] CPU: 0 PID: 1546 Comm: kworker/0:2 Not tainted 5.11.0-rc1-syzkaller #0 [ 39.569841][ T1546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.579897][ T1546] Workqueue: usb_hub_wq hub_event [ 39.584928][ T1546] Call Trace: [ 39.588203][ T1546] dump_stack+0x107/0x163 [ 39.592559][ T1546] panic+0x306/0x73d [ 39.596456][ T1546] ? __warn_printk+0xf3/0xf3 [ 39.601040][ T1546] ? __warn.cold+0x1a/0x44 [ 39.605447][ T1546] ? usb_submit_urb+0xd27/0x1540 [ 39.610378][ T1546] __warn.cold+0x35/0x44 [ 39.614617][ T1546] ? irq_work_queue+0x44/0x50 [ 39.619299][ T1546] ? usb_submit_urb+0xd27/0x1540 [ 39.624248][ T1546] report_bug+0x1bd/0x210 [ 39.628577][ T1546] handle_bug+0x3c/0x60 [ 39.632757][ T1546] exc_invalid_op+0x14/0x40 [ 39.637272][ T1546] asm_exc_invalid_op+0x12/0x20 [ 39.642118][ T1546] RIP: 0010:usb_submit_urb+0xd27/0x1540 [ 39.647675][ T1546] Code: 84 d4 02 00 00 e8 79 5d bb fd 4c 89 ef e8 01 50 1d ff 41 89 d8 44 89 e1 4c 89 f2 48 89 c6 48 c7 c7 e0 6b 61 86 e8 ca 4b f9 01 <0f> 0b e9 81 f8 ff ff e8 4d 5d bb fd 48 81 c5 30 06 00 00 e9 ad f7 [ 39.667305][ T1546] RSP: 0018:ffffc90004b46ef0 EFLAGS: 00010282 [ 39.673386][ T1546] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 39.681357][ T1546] RDX: ffff8881058cd040 RSI: ffffffff812996d3 RDI: fffff52000968dd0 [ 39.689332][ T1546] RBP: ffff888101d91800 R08: 0000000000000001 R09: 0000000000000000 [ 39.697309][ T1546] R10: ffffffff8149b86b R11: 0000000000000000 R12: 0000000000000001 [ 39.705284][ T1546] R13: ffff888113f730a0 R14: ffff8881038dacf8 R15: ffff888103780700 [ 39.713271][ T1546] ? __irq_work_queue_local+0xbb/0xf0 [ 39.718659][ T1546] ? vprintk_func+0x93/0x140 [ 39.723246][ T1546] ? _raw_spin_unlock_irqrestore+0x34/0x40 [ 39.729059][ T1546] ? trace_hardirqs_on+0x5b/0x1a0 [ 39.734083][ T1546] carl9170_usb_submit_cmd_urb+0x7e/0x130 [ 39.739801][ T1546] __carl9170_exec_cmd+0x30b/0x5b0 [ 39.744931][ T1546] carl9170_reboot+0xaf/0xf0 [ 39.749553][ T1546] carl9170_usb_disconnect+0x141/0x190 [ 39.755058][ T1546] usb_unbind_interface+0x1d8/0x8d0 [ 39.760254][ T1546] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 39.766020][ T1546] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 39.771570][ T1546] ? usb_unbind_device+0x1a0/0x1a0 [ 39.776715][ T1546] __device_release_driver+0x3bd/0x6f0 [ 39.782172][ T1546] device_release_driver+0x26/0x40 [ 39.787295][ T1546] usb_forced_unbind_intf+0x180/0x220 [ 39.792668][ T1546] usb_reset_device+0x397/0x9a0 [ 39.797545][ T1546] carl9170_usb_probe+0x48/0xd30 [ 39.802518][ T1546] usb_probe_interface+0x315/0x7f0 [ 39.807649][ T1546] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 39.813021][ T1546] really_probe+0x291/0xde0 [ 39.817524][ T1546] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 39.823780][ T1546] driver_probe_device+0x26b/0x3d0 [ 39.828893][ T1546] __device_attach_driver+0x1d1/0x290 [ 39.834273][ T1546] ? driver_allows_async_probing+0x150/0x150 [ 39.840262][ T1546] bus_for_each_drv+0x15f/0x1e0 [ 39.845126][ T1546] ? bus_for_each_dev+0x1d0/0x1d0 [ 39.850148][ T1546] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 39.856130][ T1546] ? trace_hardirqs_on+0x5b/0x1a0 [ 39.861150][ T1546] __device_attach+0x228/0x4a0 [ 39.865925][ T1546] ? __driver_attach_async_helper+0x330/0x330 [ 39.871998][ T1546] ? kobject_uevent_env+0x2bb/0x1680 [ 39.877283][ T1546] bus_probe_device+0x1e4/0x290 [ 39.882133][ T1546] device_add+0xbc4/0x1d90 [ 39.886549][ T1546] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 39.892786][ T1546] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 39.899029][ T1546] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 39.904760][ T1546] ? create_intf_ep_devs.isra.0+0x18d/0x1f0 [ 39.910669][ T1546] usb_set_configuration+0x113c/0x1910 [ 39.916155][ T1546] usb_generic_driver_probe+0xba/0x100 [ 39.921616][ T1546] usb_probe_device+0xd9/0x2c0 [ 39.926392][ T1546] ? usb_driver_release_interface+0x180/0x180 [ 39.932461][ T1546] really_probe+0x291/0xde0 [ 39.936976][ T1546] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 39.943217][ T1546] driver_probe_device+0x26b/0x3d0 [ 39.948319][ T1546] __device_attach_driver+0x1d1/0x290 [ 39.953691][ T1546] ? driver_allows_async_probing+0x150/0x150 [ 39.959678][ T1546] bus_for_each_drv+0x15f/0x1e0 [ 39.964527][ T1546] ? bus_for_each_dev+0x1d0/0x1d0 [ 39.969563][ T1546] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 39.975542][ T1546] ? trace_hardirqs_on+0x5b/0x1a0 [ 39.980579][ T1546] __device_attach+0x228/0x4a0 [ 39.985343][ T1546] ? __driver_attach_async_helper+0x330/0x330 [ 39.991428][ T1546] ? kobject_uevent_env+0x2bb/0x1680 [ 39.996722][ T1546] bus_probe_device+0x1e4/0x290 [ 40.001581][ T1546] device_add+0xbc4/0x1d90 [ 40.006010][ T1546] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 40.012252][ T1546] ? kfree+0xdb/0x390 [ 40.016246][ T1546] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 40.022503][ T1546] usb_new_device.cold+0x725/0x1057 [ 40.027704][ T1546] ? hub_disconnect+0x510/0x510 [ 40.032553][ T1546] ? rwlock_bug.part.0+0x90/0x90 [ 40.037499][ T1546] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 40.043507][ T1546] hub_event+0x2348/0x42d0 [ 40.047932][ T1546] ? hub_port_debounce+0x3b0/0x3b0 [ 40.053044][ T1546] ? lock_acquire+0xf1/0x700 [ 40.057632][ T1546] ? flush_workqueue+0x6d0/0x13e0 [ 40.062683][ T1546] ? lock_release+0x6d0/0x6d0 [ 40.067366][ T1546] ? lock_downgrade+0x6d0/0x6d0 [ 40.072233][ T1546] ? do_raw_spin_lock+0x120/0x2b0 [ 40.077270][ T1546] process_one_work+0x98d/0x1580 [ 40.082205][ T1546] ? pwq_dec_nr_in_flight+0x320/0x320 [ 40.087606][ T1546] ? rwlock_bug.part.0+0x90/0x90 [ 40.092550][ T1546] worker_thread+0x64c/0x1120 [ 40.097227][ T1546] ? __kthread_parkme+0x118/0x1d0 [ 40.102246][ T1546] ? process_one_work+0x1580/0x1580 [ 40.107447][ T1546] kthread+0x38c/0x460 [ 40.111523][ T1546] ? _raw_spin_unlock_irq+0x1f/0x30 [ 40.116734][ T1546] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 40.122648][ T1546] ret_from_fork+0x1f/0x30 [ 40.127648][ T1546] Kernel Offset: disabled [ 40.132074][ T1546] Rebooting in 86400 seconds..