[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 17.378146][ C1] random: crng init done [ 17.382833][ C1] random: 7 urandom warning(s) missed due to ratelimiting Warning: Permanently added '10.128.0.48' (ECDSA) to the list of known hosts. [ 24.587046][ T158] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 24.677162][ T158] usb 1-1: Using ep0 maxpacket: 8 [ 24.796824][ T158] usb 1-1: config 0 has an invalid interface number: 44 but max is 0 [ 24.804991][ T158] usb 1-1: config 0 has no interface number 0 [ 24.811550][ T158] usb 1-1: config 0 interface 44 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 24.821366][ T158] usb 1-1: config 0 interface 44 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 24.831198][ T158] usb 1-1: config 0 interface 44 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 24.841100][ T158] usb 1-1: config 0 interface 44 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 0 [ 24.851022][ T158] usb 1-1: New USB device found, idVendor=10cf, idProduct=5501, bcdDevice=67.87 [ 24.860135][ T158] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.870014][ T158] usb 1-1: config 0 descriptor?? [ 24.910108][ T158] general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN [ 24.921144][ T158] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] [ 24.929547][ T158] CPU: 0 PID: 158 Comm: kworker/0:3 Not tainted 5.7.0-rc1-syzkaller #0 [ 24.937772][ T158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.947822][ T158] Workqueue: usb_hub_wq hub_event [ 24.952844][ T158] RIP: 0010:vmk80xx_write_packet+0x75/0x260 [ 24.958720][ T158] Code: 48 8d 7b 70 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 d3 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 6b 70 4c 89 ea 48 c1 ea 03 <0f> b6 04 02 4c 89 ea 83 e2 07 38 d0 7f 08 84 c0 0f 85 84 01 00 00 [ 24.979527][ T158] RSP: 0018:ffff8881cec0f128 EFLAGS: 00010202 [ 24.985596][ T158] RAX: dffffc0000000000 RBX: ffff8881cff53300 RCX: 0000000000000000 [ 24.993562][ T158] RDX: 0000000000000002 RSI: ffffffff8498d493 RDI: ffff8881cff53370 [ 25.001570][ T158] RBP: ffff8881c257f000 R08: ffff8881cf93b180 R09: 0000000000000010 [ 25.011279][ T158] R10: ffffffff893646f7 R11: fffffbfff126c8de R12: ffff8881cd0ec000 [ 25.019234][ T158] R13: 0000000000000010 R14: 0000000000000000 R15: ffff8881cfee2088 [ 25.027189][ T158] FS: 0000000000000000(0000) GS:ffff8881db200000(0000) knlGS:0000000000000000 [ 25.036102][ T158] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.042681][ T158] CR2: 000055ab70eaa160 CR3: 00000001d0f7d000 CR4: 00000000001406f0 [ 25.050659][ T158] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.058616][ T158] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.066571][ T158] Call Trace: [ 25.069848][ T158] vmk80xx_auto_attach+0x13ee/0x1800 [ 25.075179][ T158] comedi_auto_config+0x16e/0x250 [ 25.080192][ T158] usb_probe_interface+0x310/0x800 [ 25.085379][ T158] ? usb_probe_device+0x230/0x230 [ 25.090391][ T158] really_probe+0x290/0xac0 [ 25.094883][ T158] driver_probe_device+0x223/0x350 [ 25.099980][ T158] __device_attach_driver+0x1d1/0x290 [ 25.105331][ T158] ? driver_allows_async_probing+0x160/0x160 [ 25.111287][ T158] bus_for_each_drv+0x162/0x1e0 [ 25.116112][ T158] ? bus_rescan_devices+0x20/0x20 [ 25.121115][ T158] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 25.126896][ T158] ? lockdep_hardirqs_on+0x3c7/0x5d0 [ 25.132173][ T158] __device_attach+0x21a/0x390 [ 25.136919][ T158] ? device_bind_driver+0xd0/0xd0 [ 25.141928][ T158] bus_probe_device+0x1e4/0x290 [ 25.146779][ T158] device_add+0x1367/0x1c20 [ 25.151259][ T158] ? wait_for_completion+0x280/0x280 [ 25.156525][ T158] ? device_link_remove+0x110/0x110 [ 25.161875][ T158] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 25.167671][ T158] usb_set_configuration+0xed4/0x1850 [ 25.173023][ T158] usb_generic_driver_probe+0x9d/0xe0 [ 25.178382][ T158] usb_probe_device+0xd9/0x230 [ 25.183300][ T158] ? usb_suspend+0x600/0x600 [ 25.187881][ T158] really_probe+0x290/0xac0 [ 25.192367][ T158] driver_probe_device+0x223/0x350 [ 25.197611][ T158] __device_attach_driver+0x1d1/0x290 [ 25.202969][ T158] ? driver_allows_async_probing+0x160/0x160 [ 25.208936][ T158] bus_for_each_drv+0x162/0x1e0 [ 25.213796][ T158] ? bus_rescan_devices+0x20/0x20 [ 25.218814][ T158] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 25.224613][ T158] ? lockdep_hardirqs_on+0x3c7/0x5d0 [ 25.229890][ T158] __device_attach+0x21a/0x390 [ 25.234636][ T158] ? device_bind_driver+0xd0/0xd0 [ 25.239652][ T158] bus_probe_device+0x1e4/0x290 [ 25.244485][ T158] device_add+0x1367/0x1c20 [ 25.248972][ T158] ? device_link_remove+0x110/0x110 [ 25.254157][ T158] usb_new_device.cold+0x552/0xf6e [ 25.259264][ T158] ? hub_disconnect+0x4a0/0x4a0 [ 25.264097][ T158] ? mark_held_locks+0x9f/0xe0 [ 25.268844][ T158] ? _raw_spin_unlock_irq+0x1f/0x30 [ 25.274045][ T158] hub_event+0x226d/0x43c0 [ 25.278468][ T158] ? hub_port_debounce+0x350/0x350 [ 25.283563][ T158] ? umh_clean_and_save_pid+0x1/0xd0 [ 25.288833][ T158] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 25.294357][ T158] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 25.299635][ T158] ? _raw_spin_unlock_irq+0x1f/0x30 [ 25.304818][ T158] process_one_work+0x965/0x1630 [ 25.309759][ T158] ? lock_release+0x720/0x720 [ 25.314420][ T158] ? pwq_dec_nr_in_flight+0x310/0x310 [ 25.319881][ T158] ? rwlock_bug.part.0+0x90/0x90 [ 25.324817][ T158] worker_thread+0x96/0xe20 [ 25.329398][ T158] ? process_one_work+0x1630/0x1630 [ 25.334692][ T158] kthread+0x326/0x430 [ 25.338757][ T158] ? kthread_create_on_node+0xf0/0xf0 [ 25.344122][ T158] ret_from_fork+0x24/0x30 [ 25.348517][ T158] Modules linked in: [ 25.352539][ T158] ---[ end trace f72ff8b628a85001 ]--- [ 25.358155][ T158] RIP: 0010:vmk80xx_write_packet+