Warning: Permanently added '[localhost]:13150' (ED25519) to the list of known hosts. executing program [ 70.052028][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 70.202006][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 70.207420][ T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 70.212274][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 56, changing to 7 [ 70.216356][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 57832, setting to 1024 [ 70.223364][ T9] usb 5-1: New USB device found, idVendor=2040, idProduct=0265, bcdDevice=4e.d1 [ 70.226773][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.229835][ T9] usb 5-1: Product: syz [ 70.231370][ T9] usb 5-1: Manufacturer: syz [ 70.233280][ T9] usb 5-1: SerialNumber: syz [ 70.242598][ T9] usb 5-1: config 0 descriptor?? [ 70.253260][ T9] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0265, interface 0, class 0) [ 70.259619][ T9] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) executing program [ 70.532955][ T9] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 70.535353][ T9] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 70.537933][ T9] em28xx 5-1:0.0: AC97 chip type couldn't be determined [ 70.540185][ T9] em28xx 5-1:0.0: No AC97 audio processor [ 70.543493][ T9] em28xx 5-1:0.0: We currently don't support analog TV or stream capture on dual tuners. [ 70.602535][ T9] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 70.604928][ T9] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 70.607456][ T9] em28xx 5-1:0.0: AC97 chip type couldn't be determined [ 70.609902][ T9] em28xx 5-1:0.0: No AC97 audio processor [ 70.962795][ T9] usb 5-1: USB disconnect, device number 2 [ 70.974828][ T9] em28xx 5-1:0.0: Disconnecting em28xx #1 [ 70.979742][ T9] em28xx 5-1:0.0: Disconnecting em28xx [ 70.988460][ T9] em28xx 5-1:0.0: Freeing device [ 70.990556][ T9] em28xx 5-1:0.0: Freeing device [ 71.293716][ T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 71.442172][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 71.447647][ T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 71.451559][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 56, changing to 7 [ 71.489261][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 57832, setting to 1024 [ 71.501476][ T9] usb 5-1: New USB device found, idVendor=2040, idProduct=0265, bcdDevice=4e.d1 [ 71.506002][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 71.509619][ T9] usb 5-1: Product: syz [ 71.511296][ T9] usb 5-1: Manufacturer: syz [ 71.513471][ T9] usb 5-1: SerialNumber: syz [ 71.519758][ T9] usb 5-1: config 0 descriptor?? [ 71.529075][ T9] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0265, interface 0, class 0) [ 71.533268][ T9] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) executing program [ 71.802462][ T9] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 71.805296][ T9] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 71.808298][ T9] em28xx 5-1:0.0: AC97 chip type couldn't be determined [ 71.810705][ T9] em28xx 5-1:0.0: No AC97 audio processor [ 71.813336][ T9] list_add corruption. prev->next should be next (ffffffff8f9043c0), but was ffffffff81fddcc9. (prev=ffff88801ab28250). [ 71.818493][ T9] ------------[ cut here ]------------ [ 71.820436][ T9] kernel BUG at lib/list_debug.c:34! [ 71.822917][ T9] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 71.826356][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 71.830014][ T9] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.833772][ T9] Workqueue: usb_hub_wq hub_event [ 71.835880][ T9] RIP: 0010:__list_add_valid_or_report+0xeb/0xf0 [ 71.838346][ T9] Code: 0f 0b 48 c7 c7 00 d2 60 8c 4c 89 e6 4c 89 f1 e8 eb eb fe 06 90 0f 0b 48 c7 c7 80 d2 60 8c 4c 89 f6 4c 89 e1 e8 d6 eb fe 06 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 [ 71.846729][ T9] RSP: 0018:ffffc900003b6b08 EFLAGS: 00010246 [ 71.849103][ T9] RAX: 0000000000000075 RBX: ffffffff8f9043c8 RCX: 7e9375f49d078e00 [ 71.852220][ T9] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 71.855314][ T9] RBP: dffffc0000000000 R08: ffffffff8174727c R09: 1ffff11003f8519a [ 71.858277][ T9] R10: dffffc0000000000 R11: ffffed1003f8519b R12: ffff88801ab28250 [ 71.861039][ T9] R13: dffffc0000000000 R14: ffffffff8f9043c0 R15: ffff88801df40250 [ 71.863697][ T9] FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 71.866559][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.868970][ T9] CR2: 0000561873a9f980 CR3: 0000000011d44000 CR4: 0000000000350ef0 [ 71.871898][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.874834][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.877812][ T9] Call Trace: [ 71.879083][ T9] [ 71.880249][ T9] ? __die_body+0x5f/0xb0 [ 71.881917][ T9] ? die+0x9e/0xc0 [ 71.883383][ T9] ? do_trap+0x15a/0x3a0 [ 71.884895][ T9] ? __list_add_valid_or_report+0xeb/0xf0 [ 71.886925][ T9] ? do_error_trap+0x1dc/0x2c0 [ 71.888708][ T9] ? __list_add_valid_or_report+0xeb/0xf0 [ 71.890932][ T9] ? __pfx_do_error_trap+0x10/0x10 [ 71.892930][ T9] ? report_bug+0x3e8/0x500 [ 71.894690][ T9] ? handle_invalid_op+0x34/0x40 [ 71.896581][ T9] ? __list_add_valid_or_report+0xeb/0xf0 [ 71.898873][ T9] ? exc_invalid_op+0x38/0x50 [ 71.900381][ T9] ? asm_exc_invalid_op+0x1a/0x20 [ 71.902345][ T9] ? __wake_up_klogd+0xcc/0x110 [ 71.904277][ T9] ? __list_add_valid_or_report+0xeb/0xf0 [ 71.906518][ T9] ? __list_add_valid_or_report+0xea/0xf0 [ 71.908732][ T9] em28xx_init_extension+0x56/0x1c0 [ 71.910609][ T9] em28xx_init_dev+0x907/0x1cd0 [ 71.912463][ T9] ? __pfx_em28xx_init_dev+0x10/0x10 [ 71.914573][ T9] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 71.916915][ T9] ? __raw_spin_lock_init+0x45/0x100 [ 71.919128][ T9] em28xx_usb_probe+0x1572/0x2b80 [ 71.921108][ T9] usb_probe_interface+0x645/0xbb0 [ 71.923230][ T9] ? __pfx_usb_probe_interface+0x10/0x10 [ 71.925449][ T9] really_probe+0x2b8/0xad0 [ 71.927318][ T9] __driver_probe_device+0x1a2/0x390 [ 71.929311][ T9] driver_probe_device+0x50/0x430 [ 71.931242][ T9] __device_attach_driver+0x2d6/0x530 [ 71.933303][ T9] bus_for_each_drv+0x24e/0x2e0 [ 71.935154][ T9] ? __pfx___device_attach_driver+0x10/0x10 [ 71.936938][ T9] ? __pfx_bus_for_each_drv+0x10/0x10 [ 71.938730][ T9] __device_attach+0x333/0x520 [ 71.940318][ T9] ? __pfx_lock_release+0x10/0x10 [ 71.941958][ T9] ? __pfx___device_attach+0x10/0x10 [ 71.943922][ T9] ? do_raw_spin_unlock+0x58/0x8b0 [ 71.945728][ T9] bus_probe_device+0x189/0x260 [ 71.947458][ T9] device_add+0x856/0xbf0 [ 71.949001][ T9] usb_set_configuration+0x1976/0x1fb0 [ 71.950921][ T9] usb_generic_driver_probe+0x88/0x140 [ 71.952871][ T9] usb_probe_device+0x1b8/0x380 [ 71.954823][ T9] ? __pfx_usb_probe_device+0x10/0x10 [ 71.956690][ T9] really_probe+0x2b8/0xad0 [ 71.958270][ T9] __driver_probe_device+0x1a2/0x390 [ 71.960368][ T9] driver_probe_device+0x50/0x430 [ 71.962351][ T9] __device_attach_driver+0x2d6/0x530 [ 71.964410][ T9] bus_for_each_drv+0x24e/0x2e0 [ 71.966353][ T9] ? __pfx___device_attach_driver+0x10/0x10 [ 71.968590][ T9] ? __pfx_bus_for_each_drv+0x10/0x10 [ 71.970630][ T9] __device_attach+0x333/0x520 [ 71.972397][ T9] ? __pfx___device_attach+0x10/0x10 [ 71.974430][ T9] bus_probe_device+0x189/0x260 [ 71.976379][ T9] device_add+0x856/0xbf0 [ 71.978106][ T9] usb_new_device+0x104a/0x19a0 [ 71.979984][ T9] ? __pfx_usb_new_device+0x10/0x10 [ 71.981880][ T9] ? _raw_spin_unlock_irq+0x23/0x50 [ 71.983893][ T9] ? lockdep_hardirqs_on+0x99/0x150 [ 71.985867][ T9] hub_event+0x2d6d/0x5150 [ 71.987572][ T9] ? __pfx_hub_event+0x10/0x10 [ 71.989381][ T9] ? __pfx_lock_acquire+0x10/0x10 [ 71.991342][ T9] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 71.993669][ T9] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 71.996092][ T9] ? process_scheduled_works+0x976/0x1850 [ 71.998267][ T9] process_scheduled_works+0xa63/0x1850 [ 72.000408][ T9] ? __pfx_process_scheduled_works+0x10/0x10 [ 72.002757][ T9] ? assign_work+0x364/0x3d0 [ 72.004611][ T9] worker_thread+0x870/0xd30 [ 72.006425][ T9] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 72.008687][ T9] ? __kthread_parkme+0x169/0x1d0 [ 72.010622][ T9] ? __pfx_worker_thread+0x10/0x10 [ 72.012467][ T9] kthread+0x2f0/0x390 [ 72.013909][ T9] ? __pfx_worker_thread+0x10/0x10 [ 72.015680][ T9] ? __pfx_kthread+0x10/0x10 [ 72.017242][ T9] ret_from_fork+0x4b/0x80 [ 72.018783][ T9] ? __pfx_kthread+0x10/0x10 [ 72.020360][ T9] ret_from_fork_asm+0x1a/0x30 [ 72.022052][ T9] [ 72.023183][ T9] Modules linked in: [ 72.024823][ T9] ---[ end trace 0000000000000000 ]--- [ 72.032483][ T9] RIP: 0010:__list_add_valid_or_report+0xeb/0xf0 [ 72.035001][ T9] Code: 0f 0b 48 c7 c7 00 d2 60 8c 4c 89 e6 4c 89 f1 e8 eb eb fe 06 90 0f 0b 48 c7 c7 80 d2 60 8c 4c 89 f6 4c 89 e1 e8 d6 eb fe 06 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 [ 72.043067][ T9] RSP: 0018:ffffc900003b6b08 EFLAGS: 00010246 [ 72.045301][ T9] RAX: 0000000000000075 RBX: ffffffff8f9043c8 RCX: 7e9375f49d078e00 [ 72.048342][ T9] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 72.051279][ T9] RBP: dffffc0000000000 R08: ffffffff8174727c R09: 1ffff11003f8519a [ 72.054787][ T9] R10: dffffc0000000000 R11: ffffed1003f8519b R12: ffff88801ab28250 [ 72.057762][ T9] R13: dffffc0000000000 R14: ffffffff8f9043c0 R15: ffff88801df40250 [ 72.060833][ T9] FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 72.064790][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.067226][ T9] CR2: 0000561873a9f980 CR3: 000000001aaae000 CR4: 0000000000350ef0 [ 72.070289][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.073594][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.076914][ T9] Kernel panic - not syncing: Fatal exception [ 72.079358][ T9] Kernel Offset: disabled [ 72.080969][ T9] Rebooting in 86400 seconds.. VM DIAGNOSIS: 09:32:08 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000065 RBX=ffffffff9a6f4ce0 RCX=0000000000000000 RDX=00000000000003f8 RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc900003b61b0 R8 =ffffffff8546758b R9 =1ffff11003dac046 R10=dffffc0000000000 R11=ffffffff85467540 R12=dffffc0000000000 R13=ffffffff9a3eff0b R14=0000000000000065 R15=00000000000003f8 RIP=ffffffff854675be RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88801fc00000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000561873a9f980 CR3=0000000011d44000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000006000001 Opmask01=0000000000001000 Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=00000000ffffefff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc68d00f90 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffff0000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 35206c6176000072 6f737365636f7270 206f696475612037 394341206f4e2000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3520666176000072 6573736563657270 2065636475612037 3343412065442000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 205b5d2030353239 352e343220202020 3e363c002e67696c 20414d4920656572 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2045462030203239 3520343220202020 3e363c002e434644 2041203020206563 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2a4f46484b5e4255 4f46484b59434e55 4b4743554d434c44 45492a306f786569 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2a64632a6e6f6e78 65696f782a6f682a 7e65642a6666637d 2a797e646f676f78 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000