[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.161' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 69.035372][ T3192] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 69.285300][ T3192] usb 1-1: Using ep0 maxpacket: 32 [ 69.425437][ T3192] usb 1-1: config 8 has an invalid interface number: 40 but max is 2 [ 69.433771][ T3192] usb 1-1: config 8 has an invalid interface number: 150 but max is 2 [ 69.443136][ T3192] usb 1-1: config 8 contains an unexpected descriptor of type 0x2, skipping [ 69.452676][ T3192] usb 1-1: config 8 has an invalid interface number: 21 but max is 2 [ 69.460942][ T3192] usb 1-1: config 8 contains an unexpected descriptor of type 0x2, skipping [ 69.469819][ T3192] usb 1-1: config 8 has no interface number 0 [ 69.476131][ T3192] usb 1-1: config 8 has no interface number 1 [ 69.482223][ T3192] usb 1-1: config 8 has no interface number 2 [ 69.488549][ T3192] usb 1-1: config 8 interface 40 altsetting 0 endpoint 0x8D has invalid maxpacket 512, setting to 64 [ 69.499709][ T3192] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0xD, skipping [ 69.510626][ T3192] usb 1-1: config 8 interface 150 altsetting 5 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 69.521863][ T3192] usb 1-1: config 8 interface 150 altsetting 5 endpoint 0x5 has invalid maxpacket 1023, setting to 64 [ 69.533069][ T3192] usb 1-1: config 8 interface 150 altsetting 5 bulk endpoint 0xB has invalid maxpacket 1024 [ 69.543468][ T3192] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0xB, skipping [ 69.554504][ T3192] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0x6, skipping [ 69.565452][ T3192] usb 1-1: config 8 interface 150 altsetting 5 endpoint 0x7 has an invalid bInterval 128, changing to 7 [ 69.576828][ T3192] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0x8, skipping [ 69.587826][ T3192] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0x7, skipping [ 69.598847][ T3192] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0x5, skipping [ 69.609770][ T3192] usb 1-1: config 8 interface 150 altsetting 5 has an invalid endpoint with address 0x80, skipping [ 69.620674][ T3192] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0xC, skipping [ 69.631697][ T3192] usb 1-1: config 8 interface 21 altsetting 128 bulk endpoint 0x4 has invalid maxpacket 32 [ 69.641901][ T3192] usb 1-1: config 8 interface 21 altsetting 128 has an invalid endpoint with address 0x80, skipping [ 69.653022][ T3192] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0xC, skipping [ 69.664037][ T3192] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0x6, skipping [ 69.675230][ T3192] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0xD, skipping [ 69.686332][ T3192] usb 1-1: config 8 interface 21 altsetting 128 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 69.697545][ T3192] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0x8, skipping [ 69.708547][ T3192] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0xA, skipping [ 69.719536][ T3192] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0x8, skipping [ 69.730560][ T3192] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0xD, skipping [ 69.741595][ T3192] usb 1-1: config 8 interface 150 has no altsetting 0 [ 69.748603][ T3192] usb 1-1: config 8 interface 21 has no altsetting 0 [ 69.925422][ T3192] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9170, bcdDevice=be.33 [ 69.934497][ T3192] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.942733][ T3192] usb 1-1: Product: syz [ 69.947106][ T3192] usb 1-1: Manufacturer: syz [ 69.952766][ T3192] usb 1-1: SerialNumber: syz executing program [ 70.707293][ T3192] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 70.965156][ T3192] usb 1-1: Using ep0 maxpacket: 32 [ 71.657991][ T7] usb 1-1: driver API: 1.9.9 2016-02-15 [1-1] [ 71.664534][ T7] usb 1-1: firmware API: 1.9.6 2012-07-07 [ 71.675900][ T3192] ------------[ cut here ]------------ [ 71.681525][ T3192] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 71.688333][ T3192] WARNING: CPU: 0 PID: 3192 at drivers/usb/core/urb.c:493 usb_submit_urb+0xd27/0x1540 [ 71.698083][ T3192] Modules linked in: [ 71.701999][ T3192] CPU: 0 PID: 3192 Comm: kworker/0:3 Not tainted 5.12.0-rc1-syzkaller #0 [ 71.710516][ T3192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.720665][ T3192] Workqueue: usb_hub_wq hub_event [ 71.725810][ T3192] RIP: 0010:usb_submit_urb+0xd27/0x1540 [ 71.732022][ T3192] Code: 84 d4 02 00 00 e8 69 16 37 fc 4c 89 ef e8 41 df 10 ff 41 89 d8 44 89 e1 4c 89 f2 48 89 c6 48 c7 c7 a0 5b 02 8a e8 c5 36 85 03 <0f> 0b e9 81 f8 ff ff e8 3d 16 37 fc 48 81 c5 38 06 00 00 e9 ad f7 [ 71.751833][ T3192] RSP: 0018:ffffc900027b6ef0 EFLAGS: 00010282 executing program [ 71.758049][ T3192] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 71.766138][ T3192] RDX: ffff88801b4d1bc0 RSI: ffffffff815bd175 RDI: fffff520004f6dd0 [ 71.774135][ T3192] RBP: ffff88802ac16000 R08: 0000000000000000 R09: 0000000000000000 [ 71.782682][ T3192] R10: ffffffff815b624e R11: 0000000000000000 R12: 0000000000000001 [ 71.791734][ T3192] R13: ffff88801b7190a0 R14: ffff88801dccf190 R15: ffff888012dcfb00 [ 71.800590][ T3192] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 71.810177][ T3192] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.819154][ T3192] CR2: 00007fd4d744c000 CR3: 000000002646a000 CR4: 00000000001506f0 [ 71.827820][ T3192] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.836517][ T3192] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.844506][ T3192] Call Trace: [ 71.848730][ T3192] carl9170_usb_submit_cmd_urb+0x7e/0x130 [ 71.854476][ T3192] __carl9170_exec_cmd+0x30b/0x5b0 [ 71.860562][ T3192] carl9170_reboot+0xaf/0xf0 [ 71.866274][ T3192] carl9170_usb_disconnect+0x141/0x190 [ 71.871765][ T3192] usb_unbind_interface+0x1d8/0x8d0 [ 71.877873][ T3192] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 71.883606][ T3192] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 71.890043][ T3192] ? usb_unbind_device+0x1a0/0x1a0 [ 71.895816][ T3192] __device_release_driver+0x3bd/0x6f0 [ 71.901314][ T3192] device_release_driver+0x26/0x40 [ 71.909970][ T3192] usb_forced_unbind_intf+0x180/0x220 [ 71.915915][ T3192] usb_reset_device+0x39b/0x9a0 [ 71.920793][ T3192] carl9170_usb_probe+0x48/0xd30 [ 71.926851][ T3192] usb_probe_interface+0x315/0x7f0 [ 71.931983][ T3192] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 71.938269][ T3192] really_probe+0x291/0xe60 [ 71.942779][ T3192] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 71.949945][ T3192] driver_probe_device+0x26b/0x3d0 [ 71.955639][ T3192] __device_attach_driver+0x1d1/0x290 [ 71.961036][ T3192] ? driver_allows_async_probing+0x150/0x150 [ 71.968198][ T3192] bus_for_each_drv+0x15f/0x1e0 [ 71.973074][ T3192] ? bus_for_each_dev+0x1d0/0x1d0 [ 71.979112][ T3192] ? _raw_spin_unlock_irqrestore+0x28/0x50 [ 71.985635][ T3192] ? lockdep_hardirqs_on+0x79/0x100 [ 71.990854][ T3192] ? _raw_spin_unlock_irqrestore+0x33/0x50 [ 71.997555][ T3192] __device_attach+0x228/0x4a0 [ 72.002323][ T3192] ? __driver_attach_async_helper+0x330/0x330 [ 72.009302][ T3192] ? kobject_uevent_env+0x2bb/0x1680 [ 72.014612][ T3192] bus_probe_device+0x1e4/0x290 [ 72.020363][ T3192] device_add+0xbdb/0x1db0 [ 72.024793][ T3192] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 72.031965][ T3192] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 72.038793][ T3192] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 72.044544][ T3192] ? create_intf_ep_devs.isra.0+0x18d/0x1f0 [ 72.051414][ T3192] usb_set_configuration+0x113f/0x1910 [ 72.057459][ T3192] usb_generic_driver_probe+0xba/0x100 [ 72.062948][ T3192] usb_probe_device+0xd9/0x2c0 [ 72.068662][ T3192] ? usb_driver_release_interface+0x180/0x180 [ 72.074764][ T3192] really_probe+0x291/0xe60 [ 72.080135][ T3192] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 72.087148][ T3192] driver_probe_device+0x26b/0x3d0 [ 72.092316][ T3192] __device_attach_driver+0x1d1/0x290 [ 72.098651][ T3192] ? driver_allows_async_probing+0x150/0x150 [ 72.104679][ T3192] bus_for_each_drv+0x15f/0x1e0 [ 72.110408][ T3192] ? bus_for_each_dev+0x1d0/0x1d0 [ 72.115990][ T3192] ? _raw_spin_unlock_irqrestore+0x28/0x50 [ 72.121892][ T3192] ? lockdep_hardirqs_on+0x79/0x100 [ 72.128048][ T3192] ? _raw_spin_unlock_irqrestore+0x33/0x50 [ 72.133883][ T3192] __device_attach+0x228/0x4a0 [ 72.139565][ T3192] ? __driver_attach_async_helper+0x330/0x330 [ 72.146345][ T3192] ? kobject_uevent_env+0x2bb/0x1680 [ 72.151667][ T3192] bus_probe_device+0x1e4/0x290 [ 72.157388][ T3192] device_add+0xbdb/0x1db0 [ 72.161819][ T3192] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 72.169031][ T3192] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.175819][ T3192] usb_new_device.cold+0x721/0x1058 [ 72.181062][ T3192] ? hub_disconnect+0x510/0x510 [ 72.187043][ T3192] ? rwlock_bug.part.0+0x90/0x90 [ 72.191996][ T3192] ? _raw_spin_unlock_irq+0x1f/0x40 [ 72.198257][ T3192] hub_event+0x2357/0x4320 [ 72.202713][ T3192] ? hub_port_debounce+0x3c0/0x3c0 [ 72.208731][ T3192] ? lock_acquire+0x1bb/0x730 [ 72.213620][ T3192] ? lock_release+0x710/0x710 [ 72.219367][ T3192] ? lock_downgrade+0x6d0/0x6d0 [ 72.224225][ T3192] ? do_raw_spin_lock+0x120/0x2b0 [ 72.230188][ T3192] ? lock_is_held_type+0xd5/0x130 [ 72.235767][ T3192] process_one_work+0x98d/0x1600 [ 72.240756][ T3192] ? pwq_dec_nr_in_flight+0x320/0x320 [ 72.247092][ T3192] ? rwlock_bug.part.0+0x90/0x90 [ 72.252051][ T3192] ? _raw_spin_lock_irq+0x41/0x50 [ 72.258874][ T3192] worker_thread+0x64c/0x1120 [ 72.263572][ T3192] ? __kthread_parkme+0x13f/0x1e0 [ 72.269531][ T3192] ? process_one_work+0x1600/0x1600 [ 72.274737][ T3192] kthread+0x3b1/0x4a0 [ 72.279698][ T3192] ? __kthread_bind_mask+0xc0/0xc0 [ 72.284862][ T3192] ret_from_fork+0x1f/0x30 [ 72.290305][ T3192] Kernel panic - not syncing: panic_on_warn set ... [ 72.297003][ T3192] CPU: 0 PID: 3192 Comm: kworker/0:3 Not tainted 5.12.0-rc1-syzkaller #0 [ 72.305438][ T3192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.315491][ T3192] Workqueue: usb_hub_wq hub_event [ 72.320629][ T3192] Call Trace: [ 72.323923][ T3192] dump_stack+0xfa/0x151 [ 72.328164][ T3192] panic+0x306/0x73d [ 72.332059][ T3192] ? __warn_printk+0xf3/0xf3 [ 72.336697][ T3192] ? __warn.cold+0x1a/0x44 [ 72.341108][ T3192] ? usb_submit_urb+0xd27/0x1540 [ 72.346114][ T3192] __warn.cold+0x35/0x44 [ 72.350408][ T3192] ? usb_submit_urb+0xd27/0x1540 [ 72.355350][ T3192] report_bug+0x1bd/0x210 [ 72.359711][ T3192] handle_bug+0x3c/0x60 [ 72.363880][ T3192] exc_invalid_op+0x14/0x40 [ 72.368376][ T3192] asm_exc_invalid_op+0x12/0x20 [ 72.373237][ T3192] RIP: 0010:usb_submit_urb+0xd27/0x1540 [ 72.378823][ T3192] Code: 84 d4 02 00 00 e8 69 16 37 fc 4c 89 ef e8 41 df 10 ff 41 89 d8 44 89 e1 4c 89 f2 48 89 c6 48 c7 c7 a0 5b 02 8a e8 c5 36 85 03 <0f> 0b e9 81 f8 ff ff e8 3d 16 37 fc 48 81 c5 38 06 00 00 e9 ad f7 [ 72.398452][ T3192] RSP: 0018:ffffc900027b6ef0 EFLAGS: 00010282 [ 72.404526][ T3192] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 72.412621][ T3192] RDX: ffff88801b4d1bc0 RSI: ffffffff815bd175 RDI: fffff520004f6dd0 [ 72.420600][ T3192] RBP: ffff88802ac16000 R08: 0000000000000000 R09: 0000000000000000 [ 72.428567][ T3192] R10: ffffffff815b624e R11: 0000000000000000 R12: 0000000000000001 [ 72.436571][ T3192] R13: ffff88801b7190a0 R14: ffff88801dccf190 R15: ffff888012dcfb00 [ 72.444541][ T3192] ? wake_up_klogd.part.0+0x8e/0xd0 [ 72.449913][ T3192] ? vprintk_func+0x95/0x1e0 [ 72.454552][ T3192] carl9170_usb_submit_cmd_urb+0x7e/0x130 [ 72.460295][ T3192] __carl9170_exec_cmd+0x30b/0x5b0 [ 72.465426][ T3192] carl9170_reboot+0xaf/0xf0 [ 72.470008][ T3192] carl9170_usb_disconnect+0x141/0x190 [ 72.475653][ T3192] usb_unbind_interface+0x1d8/0x8d0 [ 72.480843][ T3192] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 72.486568][ T3192] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 72.492118][ T3192] ? usb_unbind_device+0x1a0/0x1a0 [ 72.497311][ T3192] __device_release_driver+0x3bd/0x6f0 [ 72.502781][ T3192] device_release_driver+0x26/0x40 [ 72.507899][ T3192] usb_forced_unbind_intf+0x180/0x220 [ 72.513266][ T3192] usb_reset_device+0x39b/0x9a0 [ 72.518119][ T3192] carl9170_usb_probe+0x48/0xd30 [ 72.523189][ T3192] usb_probe_interface+0x315/0x7f0 [ 72.528321][ T3192] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 72.533683][ T3192] really_probe+0x291/0xe60 [ 72.538181][ T3192] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 72.544447][ T3192] driver_probe_device+0x26b/0x3d0 [ 72.549596][ T3192] __device_attach_driver+0x1d1/0x290 [ 72.554970][ T3192] ? driver_allows_async_probing+0x150/0x150 [ 72.560972][ T3192] bus_for_each_drv+0x15f/0x1e0 [ 72.565821][ T3192] ? bus_for_each_dev+0x1d0/0x1d0 [ 72.570848][ T3192] ? _raw_spin_unlock_irqrestore+0x28/0x50 [ 72.576650][ T3192] ? lockdep_hardirqs_on+0x79/0x100 [ 72.581844][ T3192] ? _raw_spin_unlock_irqrestore+0x33/0x50 [ 72.587647][ T3192] __device_attach+0x228/0x4a0 [ 72.592419][ T3192] ? __driver_attach_async_helper+0x330/0x330 [ 72.598505][ T3192] ? kobject_uevent_env+0x2bb/0x1680 [ 72.603790][ T3192] bus_probe_device+0x1e4/0x290 [ 72.608647][ T3192] device_add+0xbdb/0x1db0 [ 72.613081][ T3192] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 72.622717][ T3192] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 72.628990][ T3192] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 72.634705][ T3192] ? create_intf_ep_devs.isra.0+0x18d/0x1f0 [ 72.640617][ T3192] usb_set_configuration+0x113f/0x1910 [ 72.646130][ T3192] usb_generic_driver_probe+0xba/0x100 [ 72.651593][ T3192] usb_probe_device+0xd9/0x2c0 [ 72.656354][ T3192] ? usb_driver_release_interface+0x180/0x180 [ 72.662428][ T3192] really_probe+0x291/0xe60 [ 72.666934][ T3192] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 72.673185][ T3192] driver_probe_device+0x26b/0x3d0 [ 72.678291][ T3192] __device_attach_driver+0x1d1/0x290 [ 72.683659][ T3192] ? driver_allows_async_probing+0x150/0x150 [ 72.689630][ T3192] bus_for_each_drv+0x15f/0x1e0 [ 72.694492][ T3192] ? bus_for_each_dev+0x1d0/0x1d0 [ 72.699508][ T3192] ? _raw_spin_unlock_irqrestore+0x28/0x50 [ 72.705313][ T3192] ? lockdep_hardirqs_on+0x79/0x100 [ 72.710506][ T3192] ? _raw_spin_unlock_irqrestore+0x33/0x50 [ 72.716315][ T3192] __device_attach+0x228/0x4a0 [ 72.721170][ T3192] ? __driver_attach_async_helper+0x330/0x330 [ 72.727245][ T3192] ? kobject_uevent_env+0x2bb/0x1680 [ 72.732529][ T3192] bus_probe_device+0x1e4/0x290 [ 72.737395][ T3192] device_add+0xbdb/0x1db0 [ 72.741814][ T3192] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 72.748142][ T3192] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.754385][ T3192] usb_new_device.cold+0x721/0x1058 [ 72.759584][ T3192] ? hub_disconnect+0x510/0x510 [ 72.764445][ T3192] ? rwlock_bug.part.0+0x90/0x90 [ 72.769381][ T3192] ? _raw_spin_unlock_irq+0x1f/0x40 [ 72.774577][ T3192] hub_event+0x2357/0x4320 [ 72.779008][ T3192] ? hub_port_debounce+0x3c0/0x3c0 [ 72.784133][ T3192] ? lock_acquire+0x1bb/0x730 [ 72.788806][ T3192] ? lock_release+0x710/0x710 [ 72.793473][ T3192] ? lock_downgrade+0x6d0/0x6d0 [ 72.798316][ T3192] ? do_raw_spin_lock+0x120/0x2b0 [ 72.803373][ T3192] ? lock_is_held_type+0xd5/0x130 [ 72.808429][ T3192] process_one_work+0x98d/0x1600 [ 72.813384][ T3192] ? pwq_dec_nr_in_flight+0x320/0x320 [ 72.818764][ T3192] ? rwlock_bug.part.0+0x90/0x90 [ 72.823710][ T3192] ? _raw_spin_lock_irq+0x41/0x50 [ 72.828745][ T3192] worker_thread+0x64c/0x1120 [ 72.833438][ T3192] ? __kthread_parkme+0x13f/0x1e0 [ 72.838471][ T3192] ? process_one_work+0x1600/0x1600 [ 72.843659][ T3192] kthread+0x3b1/0x4a0 [ 72.847733][ T3192] ? __kthread_bind_mask+0xc0/0xc0 [ 72.852839][ T3192] ret_from_fork+0x1f/0x30 [ 72.857919][ T3192] Kernel Offset: disabled [ 72.862363][ T3192] Rebooting in 86400 seconds..