Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. [ 12.543685][ C1] random: crng init done [ 12.544707][ C1] random: 7 urandom warning(s) missed due to ratelimiting Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.186' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 19.754966][ T68] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 20.154595][ T68] usb 1-1: unable to get BOS descriptor or descriptor too short [ 20.234573][ T68] usb 1-1: config 0 has an invalid interface number: 125 but max is 0 [ 20.242786][ T68] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 20.252911][ T68] usb 1-1: config 0 has no interface number 0 [ 20.259074][ T68] usb 1-1: config 0 interface 125 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 20.270180][ T68] usb 1-1: New USB device found, idVendor=2040, idProduct=8265, bcdDevice= 0.8c [ 20.279268][ T68] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 20.289239][ T68] usb 1-1: config 0 descriptor?? [ 20.338632][ T68] em28xx 1-1:0.125: New device @ 480 Mbps (2040:8265, interface 125, class 125) [ 20.348026][ T68] em28xx 1-1:0.125: Audio interface 125 found (Vendor Class) executing program [ 20.594316][ T68] em28xx 1-1:0.125: unknown em28xx chip ID (0) [ 20.614226][ T68] em28xx 1-1:0.125: Config register raw data: 0xfffffffb [ 20.634173][ T68] em28xx 1-1:0.125: AC97 chip type couldn't be determined [ 20.641301][ T68] em28xx 1-1:0.125: No AC97 audio processor [ 20.649500][ T68] em28xx 1-1:0.125: We currently don't support analog TV or stream capture on dual tuners. [ 20.784055][ T68] em28xx 1-1:0.125: unknown em28xx chip ID (0) [ 20.814023][ T68] em28xx 1-1:0.125: Config register raw data: 0xfffffffb [ 20.843975][ T68] em28xx 1-1:0.125: AC97 chip type couldn't be determined [ 20.851125][ T68] em28xx 1-1:0.125: No AC97 audio processor [ 21.106155][ T68] usb 1-1: USB disconnect, device number 2 [ 21.114271][ T68] em28xx 1-1:0.125: Disconnecting em28xx #1 [ 21.120179][ T68] em28xx 1-1:0.125: Disconnecting em28xx [ 21.127655][ T68] em28xx 1-1:0.125: Freeing device [ 21.132781][ T68] em28xx 1-1:0.125: Freeing device [ 21.503396][ T68] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 21.903085][ T68] usb 1-1: unable to get BOS descriptor or descriptor too short [ 21.983101][ T68] usb 1-1: config 0 has an invalid interface number: 125 but max is 0 [ 21.991271][ T68] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 22.001559][ T68] usb 1-1: config 0 has no interface number 0 [ 22.007717][ T68] usb 1-1: config 0 interface 125 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 22.018801][ T68] usb 1-1: New USB device found, idVendor=2040, idProduct=8265, bcdDevice= 0.8c [ 22.027872][ T68] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 22.039363][ T68] usb 1-1: config 0 descriptor?? [ 22.085140][ T68] em28xx 1-1:0.125: New device @ 480 Mbps (2040:8265, interface 125, class 125) [ 22.094439][ T68] em28xx 1-1:0.125: Audio interface 125 found (Vendor Class) executing program [ 22.322992][ T68] em28xx 1-1:0.125: unknown em28xx chip ID (0) [ 22.342910][ T68] em28xx 1-1:0.125: Config register raw data: 0xfffffffb [ 22.362757][ T68] em28xx 1-1:0.125: AC97 chip type couldn't be determined [ 22.369866][ T68] em28xx 1-1:0.125: No AC97 audio processor [ 22.376038][ T68] list_add corruption. prev->next should be next (ffffffff87c96740), but was ffffffff83747638. (prev=ffff8881cdeb4250). [ 22.388808][ T68] ------------[ cut here ]------------ [ 22.394334][ T68] kernel BUG at lib/list_debug.c:26! [ 22.399616][ T68] invalid opcode: 0000 [#1] SMP KASAN [ 22.404964][ T68] CPU: 1 PID: 68 Comm: kworker/1:2 Not tainted 5.8.0-rc3-syzkaller #0 [ 22.413085][ T68] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.423148][ T68] Workqueue: usb_hub_wq hub_event [ 22.428161][ T68] RIP: 0010:__list_add_valid.cold+0x3a/0x3c [ 22.434026][ T68] Code: 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 c0 96 1c 86 e8 6a 2d 3c ff 0f 0b 48 89 f1 48 c7 c7 40 96 1c 86 4c 89 e6 e8 56 2d 3c ff <0f> 0b 48 89 ee 48 c7 c7 e0 97 1c 86 e8 45 2d 3c ff 0f 0b 4c 89 ea [ 22.453597][ T68] RSP: 0018:ffff8881d58b7000 EFLAGS: 00010282 [ 22.459634][ T68] RAX: 0000000000000075 RBX: ffff8881cd208130 RCX: 0000000000000000 [ 22.467576][ T68] RDX: ffff8881d6eae400 RSI: ffffffff8129b4e3 RDI: ffffed103ab16df2 [ 22.475521][ T68] RBP: ffff8881cd208250 R08: 0000000000000075 R09: ffff8881db32f50f [ 22.483464][ T68] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff87c96740 [ 22.491418][ T68] R13: ffff8881cd208000 R14: ffff8881cd20813c R15: ffff8881cdafc000 [ 22.499362][ T68] FS: 0000000000000000(0000) GS:ffff8881db300000(0000) knlGS:0000000000000000 [ 22.508294][ T68] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.514869][ T68] CR2: 000055a4160c9ff0 CR3: 00000001c7053000 CR4: 00000000001406e0 [ 22.522827][ T68] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.530783][ T68] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.538721][ T68] Call Trace: [ 22.542001][ T68] em28xx_init_extension+0x44/0x1f0 [ 22.547169][ T68] em28xx_init_dev.constprop.0+0xa80/0x15cb [ 22.553035][ T68] ? _dev_info+0xd7/0x109 [ 22.557365][ T68] ? em28xx_pre_card_setup+0x5c0/0x5c0 [ 22.562810][ T68] ? lockdep_init_map_waits+0x26a/0x7c0 [ 22.568337][ T68] ? lockdep_init_map_waits+0x26a/0x7c0 [ 22.573859][ T68] em28xx_usb_probe.cold+0xcb6/0x252f [ 22.579202][ T68] usb_probe_interface+0x315/0x7f0 [ 22.584282][ T68] ? usb_device_match+0x300/0x300 [ 22.589280][ T68] really_probe+0x291/0xc90 [ 22.593804][ T68] driver_probe_device+0x26b/0x3d0 [ 22.598886][ T68] __device_attach_driver+0x1d1/0x290 [ 22.604228][ T68] ? driver_allows_async_probing+0x150/0x150 [ 22.610184][ T68] bus_for_each_drv+0x15f/0x1e0 [ 22.615020][ T68] ? bus_for_each_dev+0x1d0/0x1d0 [ 22.620021][ T68] __device_attach+0x28d/0x430 [ 22.624823][ T68] ? device_bind_driver+0xd0/0xd0 [ 22.629826][ T68] ? kobject_uevent_env+0x2b4/0x1540 [ 22.635079][ T68] bus_probe_device+0x1e4/0x290 [ 22.639899][ T68] device_add+0xb09/0x1b40 [ 22.644286][ T68] ? device_check_offline+0x280/0x280 [ 22.649636][ T68] ? trace_hardirqs_on+0x5f/0x200 [ 22.654640][ T68] usb_set_configuration+0xf05/0x18a0 [ 22.662586][ T68] usb_generic_driver_probe+0xba/0xf2 [ 22.667927][ T68] usb_probe_device+0xd9/0x250 [ 22.672662][ T68] ? usb_driver_release_interface+0x180/0x180 [ 22.678699][ T68] really_probe+0x291/0xc90 [ 22.683186][ T68] driver_probe_device+0x26b/0x3d0 [ 22.688267][ T68] __device_attach_driver+0x1d1/0x290 [ 22.693611][ T68] ? driver_allows_async_probing+0x150/0x150 [ 22.699570][ T68] bus_for_each_drv+0x15f/0x1e0 [ 22.704396][ T68] ? bus_for_each_dev+0x1d0/0x1d0 [ 22.709390][ T68] __device_attach+0x28d/0x430 [ 22.714130][ T68] ? device_bind_driver+0xd0/0xd0 [ 22.719151][ T68] ? kobject_uevent_env+0x2b4/0x1540 [ 22.724404][ T68] bus_probe_device+0x1e4/0x290 [ 22.729226][ T68] device_add+0xb09/0x1b40 [ 22.733624][ T68] ? device_check_offline+0x280/0x280 [ 22.738972][ T68] ? _raw_spin_unlock_irq+0x1f/0x30 [ 22.744152][ T68] usb_new_device.cold+0x71d/0xfd4 [ 22.749264][ T68] ? hub_disconnect+0x510/0x510 [ 22.754089][ T68] ? lockdep_hardirqs_on_prepare+0x370/0x550 [ 22.760046][ T68] ? trace_hardirqs_on+0x5f/0x200 [ 22.765054][ T68] hub_event+0x2361/0x4390 [ 22.769440][ T68] ? hub_port_debounce+0x3b0/0x3b0 [ 22.774535][ T68] ? perf_trace_workqueue_execute_start+0x161/0x390 [ 22.781091][ T68] ? lock_release+0x7e0/0x7e0 [ 22.785749][ T68] ? lock_downgrade+0x730/0x730 [ 22.790571][ T68] ? do_raw_spin_lock+0x120/0x260 [ 22.795565][ T68] ? _raw_spin_unlock_irq+0x1f/0x30 [ 22.800743][ T68] ? lockdep_hardirqs_on_prepare+0x370/0x550 [ 22.806691][ T68] process_one_work+0x94c/0x15f0 [ 22.811614][ T68] ? lock_release+0x7e0/0x7e0 [ 22.816261][ T68] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 22.821604][ T68] ? rwlock_bug.part.0+0x90/0x90 [ 22.826507][ T68] worker_thread+0x82b/0x1120 [ 22.831175][ T68] ? __kthread_parkme+0x118/0x1d0 [ 22.836193][ T68] ? process_one_work+0x15f0/0x15f0 [ 22.841364][ T68] kthread+0x392/0x470 [ 22.845414][ T68] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 22.851294][ T68] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 22.857158][ T68] ret_from_fork+0x1f/0x30 [ 22.861542][ T68] Modules linked in: [ 22.865516][ T68] ---[ end trace 856b9505d16e1586 ]--- [ 22.870993][ T68] RIP: 0010:__list_add_valid.cold+0x3a/0x3c [ 22.876944][ T68] Code: 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 c0 96 1c 86 e8 6a 2d 3c ff 0f 0b 48 89 f1 48 c7 c7 40 96 1c 86 4c 89 e6 e8 56 2d 3c ff <0f> 0b 48 89 ee 48 c7 c7 e0 97 1c 86 e8 45 2d 3c ff 0f 0b 4c 89 ea [ 22.896592][ T68] RSP: 0018:ffff8881d58b7000 EFLAGS: 00010282 [ 22.902716][ T68] RAX: 0000000000000075 RBX: ffff8881cd208130 RCX: 0000000000000000 [ 22.910675][ T68] RDX: ffff8881d6eae400 RSI: ffffffff8129b4e3 RDI: ffffed103ab16df2 [ 22.918651][ T68] RBP: ffff8881cd208250 R08: 0000000000000075 R09: ffff8881db32f50f [ 22.926642][ T68] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff87c96740 [ 22.934647][ T68] R13: ffff8881cd208000 R14: ffff8881cd20813c R15: ffff8881cdafc000 [ 22.942637][ T68] FS: 0000000000000000(0000) GS:ffff8881db300000(0000) knlGS:0000000000000000 [ 22.951549][ T68] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.958158][ T68] CR2: 000055a4160c9ff0 CR3: 00000001c7053000 CR4: 00000000001406e0 [ 22.966181][ T68] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.974183][ T68] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.982138][ T68] Kernel panic - not syncing: Fatal exception [ 22.988517][ T68] Kernel Offset: disabled [ 22.992828][ T68] Rebooting in 86400 seconds..