[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.301908][ T2663] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 32.621797][ T2663] usb 1-1: not running at top speed; connect to a high speed hub [ 32.721211][ T2663] usb 1-1: config 102 has an invalid interface number: 87 but max is 1 [ 32.729493][ T2663] usb 1-1: config 102 contains an unexpected descriptor of type 0x1, skipping [ 32.738402][ T2663] usb 1-1: config 102 has an invalid interface number: 113 but max is 1 [ 32.746822][ T2663] usb 1-1: config 102 has an invalid interface association descriptor of length 2, skipping [ 32.756978][ T2663] usb 1-1: config 102 has an invalid interface association descriptor of length 2, skipping [ 32.767107][ T2663] usb 1-1: config 102 has no interface number 0 [ 32.773408][ T2663] usb 1-1: config 102 has no interface number 1 [ 32.780005][ T2663] usb 1-1: config 102 interface 87 altsetting 11 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 32.791338][ T2663] usb 1-1: config 102 interface 87 altsetting 11 has a duplicate endpoint with address 0xC, skipping [ 32.802283][ T2663] usb 1-1: config 102 interface 87 altsetting 11 has a duplicate endpoint with address 0x5, skipping [ 32.813183][ T2663] usb 1-1: config 102 interface 113 altsetting 5 has a duplicate endpoint with address 0xC, skipping [ 32.824101][ T2663] usb 1-1: config 102 interface 113 altsetting 5 has an invalid endpoint with address 0x80, skipping [ 32.834996][ T2663] usb 1-1: config 102 interface 113 altsetting 5 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 32.846102][ T2663] usb 1-1: config 102 interface 113 altsetting 5 endpoint 0xA has invalid maxpacket 1024, setting to 64 [ 32.857266][ T2663] usb 1-1: config 102 interface 113 altsetting 5 has an invalid endpoint with address 0x0, skipping [ 32.868105][ T2663] usb 1-1: config 102 interface 113 altsetting 5 has a duplicate endpoint with address 0x4, skipping [ 32.879021][ T2663] usb 1-1: config 102 interface 113 altsetting 5 has a duplicate endpoint with address 0xD, skipping [ 32.889971][ T2663] usb 1-1: config 102 interface 113 altsetting 5 has a duplicate endpoint with address 0x3, skipping [ 32.900986][ T2663] usb 1-1: config 102 interface 113 altsetting 5 endpoint 0xB has an invalid bInterval 0, changing to 4 [ 32.912162][ T2663] usb 1-1: config 102 interface 113 altsetting 5 has an invalid endpoint with address 0x80, skipping [ 32.923247][ T2663] usb 1-1: config 102 interface 113 altsetting 5 has a duplicate endpoint with address 0xF, skipping [ 32.934153][ T2663] usb 1-1: config 102 interface 113 altsetting 5 endpoint 0xE has an invalid bInterval 255, changing to 4 [ 32.945478][ T2663] usb 1-1: config 102 interface 113 altsetting 5 has a duplicate endpoint with address 0x1, skipping [ 32.956381][ T2663] usb 1-1: config 102 interface 87 has no altsetting 0 [ 32.963304][ T2663] usb 1-1: config 102 interface 113 has no altsetting 0 [ 33.200892][ T2663] usb 1-1: string descriptor 0 read error: -22 [ 33.207160][ T2663] usb 1-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.10 [ 33.216854][ T2663] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.265649][ T2663] ------------[ cut here ]------------ [ 33.271308][ T2663] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 33.277469][ T2663] WARNING: CPU: 0 PID: 2663 at drivers/usb/core/urb.c:493 usb_submit_urb+0xcde/0x14e0 [ 33.287099][ T2663] Modules linked in: [ 33.291089][ T2663] CPU: 0 PID: 2663 Comm: kworker/0:3 Not tainted 5.10.0-rc7-syzkaller #0 [ 33.299506][ T2663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.309652][ T2663] Workqueue: usb_hub_wq hub_event [ 33.314767][ T2663] RIP: 0010:usb_submit_urb+0xcde/0x14e0 [ 33.320326][ T2663] Code: 84 d4 02 00 00 e8 82 31 bd fd 4c 89 ef e8 ea 02 1b ff 41 89 d8 44 89 e1 4c 89 f2 48 89 c6 48 c7 c7 60 64 41 86 e8 ad 12 f3 01 <0f> 0b e9 ca f8 ff ff e8 56 31 bd fd 48 81 c5 40 06 00 00 e9 f6 f7 [ 33.340228][ T2663] RSP: 0018:ffffc90000216ec0 EFLAGS: 00010286 [ 33.346369][ T2663] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 33.354437][ T2663] RDX: ffff88810251e500 RSI: ffffffff8128f483 RDI: fffff52000042dca [ 33.362468][ T2663] RBP: ffff8881015ea050 R08: 0000000000000001 R09: ffff8881f6a1ff5b [ 33.370449][ T2663] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 33.378463][ T2663] R13: ffff88810145b0a0 R14: ffff888102c0a320 R15: ffff888100842000 [ 33.386537][ T2663] FS: 0000000000000000(0000) GS:ffff8881f6a00000(0000) knlGS:0000000000000000 [ 33.395542][ T2663] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.402210][ T2663] CR2: 000055cbffa7c160 CR3: 00000001085c9000 CR4: 00000000001506f0 [ 33.410181][ T2663] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 33.418201][ T2663] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 33.426279][ T2663] Call Trace: [ 33.429615][ T2663] ? lockdep_init_map_waits+0x202/0x700 [ 33.435249][ T2663] usb_start_wait_urb+0x101/0x4c0 [ 33.440286][ T2663] ? string+0x203/0x3d0 [ 33.444500][ T2663] ? usb_api_blocking_completion+0xa0/0xa0 [ 33.450314][ T2663] ? kasan_unpoison_shadow+0x33/0x40 [ 33.455755][ T2663] ? memset+0x20/0x40 [ 33.459769][ T2663] usb_bulk_msg+0x226/0x550 executing program [ 33.464336][ T2663] shark_write_reg+0x1ff/0x2e0 [ 33.469108][ T2663] ? devm_led_classdev_unregister+0x50/0x50 [ 33.475060][ T2663] ? shark_read_reg+0x460/0x460 [ 33.479922][ T2663] ? snprintf+0xbb/0xf0 [ 33.484149][ T2663] ? vsprintf+0x30/0x30 [ 33.488314][ T2663] radio_tea5777_set_freq+0x208/0x4c0 [ 33.493755][ T2663] radio_tea5777_init+0xb7/0x620 [ 33.498695][ T2663] usb_shark_probe+0x5b9/0x7a0 [ 33.503526][ T2663] usb_probe_interface+0x315/0x7f0 [ 33.508650][ T2663] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 33.514121][ T2663] really_probe+0x291/0xde0 [ 33.518636][ T2663] driver_probe_device+0x26b/0x3d0 [ 33.523854][ T2663] __device_attach_driver+0x1d1/0x290 [ 33.529254][ T2663] ? driver_allows_async_probing+0x150/0x150 [ 33.535315][ T2663] bus_for_each_drv+0x15f/0x1e0 [ 33.540177][ T2663] ? bus_for_each_dev+0x1d0/0x1d0 [ 33.545282][ T2663] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 33.551334][ T2663] ? trace_hardirqs_on+0x5b/0x1a0 [ 33.556384][ T2663] __device_attach+0x228/0x4a0 [ 33.561203][ T2663] ? really_probe+0xde0/0xde0 [ 33.565903][ T2663] ? kobject_uevent_env+0x2bb/0x1680 [ 33.571228][ T2663] bus_probe_device+0x1e4/0x290 [ 33.576087][ T2663] device_add+0xbb2/0x1ce0 [ 33.580560][ T2663] ? devlink_add_symlinks+0x450/0x450 [ 33.585932][ T2663] usb_set_configuration+0x113c/0x1910 [ 33.591457][ T2663] usb_generic_driver_probe+0xba/0x100 [ 33.596957][ T2663] usb_probe_device+0xd9/0x2c0 [ 33.601762][ T2663] ? usb_driver_release_interface+0x180/0x180 [ 33.607852][ T2663] really_probe+0x291/0xde0 [ 33.612409][ T2663] driver_probe_device+0x26b/0x3d0 [ 33.617529][ T2663] __device_attach_driver+0x1d1/0x290 [ 33.622956][ T2663] ? driver_allows_async_probing+0x150/0x150 [ 33.628947][ T2663] bus_for_each_drv+0x15f/0x1e0 [ 33.633837][ T2663] ? bus_for_each_dev+0x1d0/0x1d0 [ 33.638899][ T2663] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 33.644929][ T2663] ? trace_hardirqs_on+0x5b/0x1a0 [ 33.649986][ T2663] __device_attach+0x228/0x4a0 [ 33.654806][ T2663] ? really_probe+0xde0/0xde0 [ 33.659505][ T2663] ? kobject_uevent_env+0x2bb/0x1680 [ 33.664833][ T2663] bus_probe_device+0x1e4/0x290 [ 33.669693][ T2663] device_add+0xbb2/0x1ce0 [ 33.674151][ T2663] ? devlink_add_symlinks+0x450/0x450 [ 33.679530][ T2663] usb_new_device.cold+0x71d/0xfe9 [ 33.684698][ T2663] ? hub_disconnect+0x510/0x510 [ 33.689555][ T2663] ? rwlock_bug.part.0+0x90/0x90 [ 33.694557][ T2663] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 33.700599][ T2663] hub_event+0x2348/0x42d0 [ 33.705017][ T2663] ? hub_port_debounce+0x3b0/0x3b0 [ 33.710122][ T2663] ? __lock_acquire+0x821/0x54f0 [ 33.715100][ T2663] ? put_pwq+0xb0/0x1b0 [ 33.719262][ T2663] ? lock_release+0x6d0/0x6d0 [ 33.723990][ T2663] ? lock_downgrade+0x6d0/0x6d0 [ 33.728846][ T2663] ? do_raw_spin_lock+0x120/0x2b0 [ 33.733911][ T2663] process_one_work+0x933/0x1520 [ 33.738878][ T2663] ? lock_release+0x6d0/0x6d0 [ 33.743618][ T2663] ? pwq_dec_nr_in_flight+0x320/0x320 [ 33.749001][ T2663] ? rwlock_bug.part.0+0x90/0x90 [ 33.754022][ T2663] worker_thread+0x64c/0x1120 [ 33.758702][ T2663] ? __kthread_parkme+0x118/0x1d0 [ 33.763769][ T2663] ? process_one_work+0x1520/0x1520 [ 33.768974][ T2663] kthread+0x38c/0x460 [ 33.773094][ T2663] ? _raw_spin_unlock_irq+0x1f/0x30 [ 33.778351][ T2663] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 33.784285][ T2663] ret_from_fork+0x1f/0x30 [ 33.788706][ T2663] Kernel panic - not syncing: panic_on_warn set ... [ 33.795288][ T2663] CPU: 0 PID: 2663 Comm: kworker/0:3 Not tainted 5.10.0-rc7-syzkaller #0 [ 33.803685][ T2663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.813736][ T2663] Workqueue: usb_hub_wq hub_event [ 33.818746][ T2663] Call Trace: [ 33.822061][ T2663] dump_stack+0x107/0x163 [ 33.826418][ T2663] panic+0x306/0x73d [ 33.830328][ T2663] ? __warn_printk+0xf3/0xf3 [ 33.834917][ T2663] ? __warn.cold+0x1a/0x44 [ 33.839324][ T2663] ? __warn+0xf1/0x210 [ 33.843382][ T2663] ? usb_submit_urb+0xcde/0x14e0 [ 33.848296][ T2663] __warn.cold+0x35/0x44 [ 33.852524][ T2663] ? irq_work_queue+0x44/0x50 [ 33.857365][ T2663] ? usb_submit_urb+0xcde/0x14e0 [ 33.862283][ T2663] report_bug+0x1bd/0x210 [ 33.866593][ T2663] handle_bug+0x3c/0x60 [ 33.870763][ T2663] exc_invalid_op+0x14/0x40 [ 33.875255][ T2663] asm_exc_invalid_op+0x12/0x20 [ 33.880138][ T2663] RIP: 0010:usb_submit_urb+0xcde/0x14e0 [ 33.885663][ T2663] Code: 84 d4 02 00 00 e8 82 31 bd fd 4c 89 ef e8 ea 02 1b ff 41 89 d8 44 89 e1 4c 89 f2 48 89 c6 48 c7 c7 60 64 41 86 e8 ad 12 f3 01 <0f> 0b e9 ca f8 ff ff e8 56 31 bd fd 48 81 c5 40 06 00 00 e9 f6 f7 [ 33.905253][ T2663] RSP: 0018:ffffc90000216ec0 EFLAGS: 00010286 [ 33.911317][ T2663] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 33.919280][ T2663] RDX: ffff88810251e500 RSI: ffffffff8128f483 RDI: fffff52000042dca [ 33.927244][ T2663] RBP: ffff8881015ea050 R08: 0000000000000001 R09: ffff8881f6a1ff5b [ 33.935215][ T2663] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 33.943167][ T2663] R13: ffff88810145b0a0 R14: ffff888102c0a320 R15: ffff888100842000 [ 33.951140][ T2663] ? vprintk_func+0x93/0x140 [ 33.955712][ T2663] ? lockdep_init_map_waits+0x202/0x700 [ 33.961241][ T2663] usb_start_wait_urb+0x101/0x4c0 [ 33.966246][ T2663] ? string+0x203/0x3d0 [ 33.970395][ T2663] ? usb_api_blocking_completion+0xa0/0xa0 [ 33.976200][ T2663] ? kasan_unpoison_shadow+0x33/0x40 [ 33.981468][ T2663] ? memset+0x20/0x40 [ 33.985431][ T2663] usb_bulk_msg+0x226/0x550 [ 33.989919][ T2663] shark_write_reg+0x1ff/0x2e0 [ 33.994666][ T2663] ? devm_led_classdev_unregister+0x50/0x50 [ 34.000552][ T2663] ? shark_read_reg+0x460/0x460 [ 34.005396][ T2663] ? snprintf+0xbb/0xf0 [ 34.009552][ T2663] ? vsprintf+0x30/0x30 [ 34.013694][ T2663] radio_tea5777_set_freq+0x208/0x4c0 [ 34.019137][ T2663] radio_tea5777_init+0xb7/0x620 [ 34.024055][ T2663] usb_shark_probe+0x5b9/0x7a0 [ 34.028817][ T2663] usb_probe_interface+0x315/0x7f0 [ 34.033925][ T2663] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 34.039332][ T2663] really_probe+0x291/0xde0 [ 34.043814][ T2663] driver_probe_device+0x26b/0x3d0 [ 34.048911][ T2663] __device_attach_driver+0x1d1/0x290 [ 34.054302][ T2663] ? driver_allows_async_probing+0x150/0x150 [ 34.060280][ T2663] bus_for_each_drv+0x15f/0x1e0 [ 34.065126][ T2663] ? bus_for_each_dev+0x1d0/0x1d0 [ 34.070143][ T2663] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 34.076116][ T2663] ? trace_hardirqs_on+0x5b/0x1a0 [ 34.081132][ T2663] __device_attach+0x228/0x4a0 [ 34.085889][ T2663] ? really_probe+0xde0/0xde0 [ 34.090548][ T2663] ? kobject_uevent_env+0x2bb/0x1680 [ 34.095813][ T2663] bus_probe_device+0x1e4/0x290 [ 34.100645][ T2663] device_add+0xbb2/0x1ce0 [ 34.105041][ T2663] ? devlink_add_symlinks+0x450/0x450 [ 34.110406][ T2663] usb_set_configuration+0x113c/0x1910 [ 34.115868][ T2663] usb_generic_driver_probe+0xba/0x100 [ 34.121312][ T2663] usb_probe_device+0xd9/0x2c0 [ 34.126055][ T2663] ? usb_driver_release_interface+0x180/0x180 [ 34.132099][ T2663] really_probe+0x291/0xde0 [ 34.136584][ T2663] driver_probe_device+0x26b/0x3d0 [ 34.141688][ T2663] __device_attach_driver+0x1d1/0x290 [ 34.147054][ T2663] ? driver_allows_async_probing+0x150/0x150 [ 34.153010][ T2663] bus_for_each_drv+0x15f/0x1e0 [ 34.157839][ T2663] ? bus_for_each_dev+0x1d0/0x1d0 [ 34.162856][ T2663] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 34.168826][ T2663] ? trace_hardirqs_on+0x5b/0x1a0 [ 34.173844][ T2663] __device_attach+0x228/0x4a0 [ 34.178589][ T2663] ? really_probe+0xde0/0xde0 [ 34.183247][ T2663] ? kobject_uevent_env+0x2bb/0x1680 [ 34.188509][ T2663] bus_probe_device+0x1e4/0x290 [ 34.193351][ T2663] device_add+0xbb2/0x1ce0 [ 34.197761][ T2663] ? devlink_add_symlinks+0x450/0x450 [ 34.203114][ T2663] usb_new_device.cold+0x71d/0xfe9 [ 34.208219][ T2663] ? hub_disconnect+0x510/0x510 [ 34.213056][ T2663] ? rwlock_bug.part.0+0x90/0x90 [ 34.217988][ T2663] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 34.223946][ T2663] hub_event+0x2348/0x42d0 [ 34.228343][ T2663] ? hub_port_debounce+0x3b0/0x3b0 [ 34.233433][ T2663] ? __lock_acquire+0x821/0x54f0 [ 34.238359][ T2663] ? put_pwq+0xb0/0x1b0 [ 34.242503][ T2663] ? lock_release+0x6d0/0x6d0 [ 34.247162][ T2663] ? lock_downgrade+0x6d0/0x6d0 [ 34.252002][ T2663] ? do_raw_spin_lock+0x120/0x2b0 [ 34.257010][ T2663] process_one_work+0x933/0x1520 [ 34.261941][ T2663] ? lock_release+0x6d0/0x6d0 [ 34.266599][ T2663] ? pwq_dec_nr_in_flight+0x320/0x320 [ 34.271951][ T2663] ? rwlock_bug.part.0+0x90/0x90 [ 34.276881][ T2663] worker_thread+0x64c/0x1120 [ 34.281559][ T2663] ? __kthread_parkme+0x118/0x1d0 [ 34.286565][ T2663] ? process_one_work+0x1520/0x1520 [ 34.291747][ T2663] kthread+0x38c/0x460 [ 34.295815][ T2663] ? _raw_spin_unlock_irq+0x1f/0x30 [ 34.301104][ T2663] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 34.306982][ T2663] ret_from_fork+0x1f/0x30 [ 34.311959][ T2663] Kernel Offset: disabled [ 34.316326][ T2663] Rebooting in 86400 seconds..