Warning: Permanently added '10.128.1.178' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 50.761936][ T25] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 51.001904][ T25] usb 1-1: Using ep0 maxpacket: 32
[ 51.121993][ T25] usb 1-1: config 64 has an invalid interface number: 245 but max is 2
[ 51.130358][ T25] usb 1-1: config 64 has an invalid interface number: 155 but max is 2
[ 51.138646][ T25] usb 1-1: config 64 contains an unexpected descriptor of type 0x2, skipping
[ 51.147453][ T25] usb 1-1: config 64 contains an unexpected descriptor of type 0x1, skipping
[ 51.156249][ T25] usb 1-1: config 64 has an invalid interface number: 243 but max is 2
[ 51.164539][ T25] usb 1-1: config 64 has no interface number 0
[ 51.170680][ T25] usb 1-1: config 64 has no interface number 1
[ 51.176858][ T25] usb 1-1: config 64 has no interface number 2
[ 51.183157][ T25] usb 1-1: config 64 interface 245 altsetting 7 endpoint 0x8 has invalid maxpacket 1024, setting to 64
[ 51.194211][ T25] usb 1-1: config 64 interface 245 altsetting 7 endpoint 0x3 has invalid maxpacket 1023, setting to 64
[ 51.205258][ T25] usb 1-1: config 64 interface 245 altsetting 7 has an invalid endpoint descriptor of length 2, skipping
[ 51.216476][ T25] usb 1-1: config 64 interface 245 altsetting 7 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[ 51.229615][ T25] usb 1-1: config 64 interface 155 altsetting 1 endpoint 0x9 has invalid maxpacket 512, setting to 64
[ 51.240594][ T25] usb 1-1: config 64 interface 155 altsetting 1 has an invalid endpoint with address 0x0, skipping
[ 51.251319][ T25] usb 1-1: config 64 interface 155 altsetting 1 has an invalid endpoint with address 0x0, skipping
[ 51.262050][ T25] usb 1-1: config 64 interface 155 altsetting 1 endpoint 0xA has invalid maxpacket 72, setting to 64
[ 51.272930][ T25] usb 1-1: config 64 interface 155 altsetting 1 endpoint 0x81 has an invalid bInterval 139, changing to 11
[ 51.284324][ T25] usb 1-1: config 64 interface 155 altsetting 1 endpoint 0x81 has invalid maxpacket 18251, setting to 1024
[ 51.295728][ T25] usb 1-1: config 64 interface 155 altsetting 1 has a duplicate endpoint with address 0xA, skipping
[ 51.306522][ T25] usb 1-1: config 64 interface 155 altsetting 1 has an invalid endpoint with address 0x0, skipping
[ 51.317218][ T25] usb 1-1: config 64 interface 155 altsetting 1 has 9 endpoint descriptors, different from the interface descriptor's value: 8
[ 51.330365][ T25] usb 1-1: config 64 interface 243 altsetting 31 endpoint 0xF has invalid maxpacket 512, setting to 64
[ 51.341414][ T25] usb 1-1: config 64 interface 245 has no altsetting 0
[ 51.348304][ T25] usb 1-1: config 64 interface 155 has no altsetting 0
[ 51.355181][ T25] usb 1-1: config 64 interface 243 has no altsetting 0
[ 51.522036][ T25] usb 1-1: New USB device found, idVendor=083a, idProduct=4506, bcdDevice=6d.7d
[ 51.531095][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 51.539120][ T25] usb 1-1: Product: syz
[ 51.543319][ T25] usb 1-1: Manufacturer: syz
[ 51.547907][ T25] usb 1-1: SerialNumber: syz
executing program
[ 51.873578][ T25] ------------[ cut here ]------------
[ 51.879095][ T25] usb 1-1: BOGUS urb xfer, pipe 3 != type 1
[ 51.885334][ T25] WARNING: CPU: 1 PID: 25 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880
[ 51.894779][ T25] Modules linked in:
[ 51.898664][ T25] CPU: 1 PID: 25 Comm: kworker/1:1 Not tainted 6.3.0-syzkaller-10620-g33afd4b76393 #0
[ 51.908229][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 51.918347][ T25] Workqueue: usb_hub_wq hub_event
[ 51.923415][ T25] RIP: 0010:usb_submit_urb+0xed6/0x1880
[ 51.928989][ T25] Code: 7c 24 18 e8 7c 00 5b fd 48 8b 7c 24 18 e8 f2 ca 0b ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 e0 22 cc 86 e8 9a 61 26 fd <0f> 0b e9 58 f8 ff ff e8 4e 00 5b fd 48 81 c5 b8 05 00 00 e9 84 f7
[ 51.948637][ T25] RSP: 0018:ffffc900001b6fa8 EFLAGS: 00010282
[ 51.954737][ T25] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
[ 51.962737][ T25] RDX: ffff888105659d00 RSI: ffffffff81164537 RDI: 0000000000000001
[ 51.970718][ T25] RBP: ffff88810cbfd8f0 R08: 0000000000000001 R09: 0000000000000000
[ 51.978727][ T25] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003
[ 51.986735][ T25] R13: ffff88810a7e5a50 R14: 0000000000000003 R15: ffff888109a5ec00
[ 51.994752][ T25] FS: 0000000000000000(0000) GS:ffff8881f6700000(0000) knlGS:0000000000000000
[ 52.003719][ T25] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 52.010294][ T25] CR2: 00007f1b79850e10 CR3: 0000000121248000 CR4: 00000000003506e0
[ 52.018308][ T25] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 52.026314][ T25] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 52.034328][ T25] Call Trace:
[ 52.037615][ T25]
[ 52.040536][ T25] ? __kmalloc+0x23/0x190
[ 52.044899][ T25] ar5523_submit_rx_cmd+0x1f1/0x360
[ 52.050119][ T25] ar5523_probe+0xc0b/0x36a0
[ 52.054746][ T25] ? ar5523_hwconfig+0x130/0x130
[ 52.059709][ T25] ? mark_held_locks+0x9f/0xe0
[ 52.064527][ T25] ? _raw_spin_unlock_irqrestore+0x54/0x70
[ 52.070377][ T25] ? lockdep_hardirqs_on+0x7d/0x100
[ 52.075607][ T25] ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 52.081429][ T25] ? __pm_runtime_set_status+0x442/0xd90
[ 52.087258][ T25] usb_probe_interface+0x30f/0x960
[ 52.092403][ T25] ? usb_match_dynamic_id+0x1a0/0x1a0
[ 52.097769][ T25] really_probe+0x240/0xca0
[ 52.102298][ T25] __driver_probe_device+0x1df/0x4b0
[ 52.107602][ T25] ? usb_match_id.part.0+0x163/0x1b0
[ 52.112913][ T25] driver_probe_device+0x4c/0x1a0
[ 52.117951][ T25] __device_attach_driver+0x1d4/0x2e0
[ 52.123366][ T25] bus_for_each_drv+0x149/0x1d0
[ 52.128243][ T25] ? driver_probe_device+0x1a0/0x1a0
[ 52.133577][ T25] ? bus_for_each_dev+0x1c0/0x1c0
[ 52.138625][ T25] ? _raw_spin_unlock_irqrestore+0x54/0x70
[ 52.144460][ T25] ? lockdep_hardirqs_on+0x7d/0x100
[ 52.149674][ T25] ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 52.155511][ T25] __device_attach+0x1e4/0x4b0
[ 52.160291][ T25] ? device_driver_attach+0x210/0x210
[ 52.165699][ T25] ? do_raw_spin_unlock+0x175/0x230
[ 52.170920][ T25] bus_probe_device+0x17c/0x1c0
[ 52.175795][ T25] device_add+0x112d/0x1a40
[ 52.180325][ T25] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270
[ 52.187222][ T25] ? usb_cache_string+0x106/0x160
[ 52.192285][ T25] ? __kmem_cache_free+0x99/0x320
[ 52.197305][ T25] ? __phys_addr+0xc8/0x140
[ 52.201844][ T25] usb_set_configuration+0x1196/0x1bc0
[ 52.207366][ T25] usb_generic_driver_probe+0xcf/0x130
[ 52.212897][ T25] usb_probe_device+0xd8/0x2c0
[ 52.217672][ T25] ? usb_driver_release_interface+0x190/0x190
[ 52.223793][ T25] really_probe+0x240/0xca0
[ 52.228309][ T25] __driver_probe_device+0x1df/0x4b0
[ 52.233626][ T25] driver_probe_device+0x4c/0x1a0
[ 52.238662][ T25] __device_attach_driver+0x1d4/0x2e0
[ 52.244099][ T25] bus_for_each_drv+0x149/0x1d0
[ 52.248978][ T25] ? driver_probe_device+0x1a0/0x1a0
[ 52.254298][ T25] ? bus_for_each_dev+0x1c0/0x1c0
[ 52.259352][ T25] ? _raw_spin_unlock_irqrestore+0x54/0x70
[ 52.265186][ T25] ? lockdep_hardirqs_on+0x7d/0x100
[ 52.270404][ T25] ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 52.276239][ T25] __device_attach+0x1e4/0x4b0
[ 52.281061][ T25] ? device_driver_attach+0x210/0x210
[ 52.286469][ T25] ? do_raw_spin_unlock+0x175/0x230
[ 52.291710][ T25] bus_probe_device+0x17c/0x1c0
[ 52.296590][ T25] device_add+0x112d/0x1a40
[ 52.301118][ T25] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270
[ 52.308014][ T25] ? add_device_randomness+0xb8/0xe0
[ 52.313336][ T25] ? __phys_addr+0xc8/0x140
[ 52.317853][ T25] usb_new_device+0xcb2/0x19d0
[ 52.322673][ T25] ? hub_disconnect+0x520/0x520
[ 52.327540][ T25] ? _raw_spin_unlock_irq+0x23/0x50
[ 52.332797][ T25] hub_event+0x2e3d/0x4ed0
[ 52.337256][ T25] ? hub_port_debounce+0x3b0/0x3b0
[ 52.342397][ T25] ? lock_sync+0x190/0x190
[ 52.346832][ T25] ? lock_downgrade+0x690/0x690
[ 52.351676][ T25] ? do_raw_spin_lock+0x124/0x2b0
[ 52.356750][ T25] ? _raw_spin_unlock_irq+0x23/0x50
[ 52.361982][ T25] process_one_work+0x991/0x15c0
[ 52.366915][ T25] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 52.372314][ T25] ? spin_bug+0x1c0/0x1c0
[ 52.376666][ T25] ? _raw_spin_lock_irq+0x45/0x50
[ 52.381682][ T25] worker_thread+0x669/0x1090
[ 52.386390][ T25] ? __kthread_parkme+0x163/0x220
[ 52.391452][ T25] ? process_one_work+0x15c0/0x15c0
[ 52.396686][ T25] kthread+0x344/0x440
[ 52.400781][ T25] ? kthread_complete_and_exit+0x40/0x40
[ 52.406449][ T25] ret_from_fork+0x1f/0x30
[ 52.410927][ T25]
[ 52.413973][ T25] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 52.421250][ T25] CPU: 1 PID: 25 Comm: kworker/1:1 Not tainted 6.3.0-syzkaller-10620-g33afd4b76393 #0
[ 52.430800][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 52.440845][ T25] Workqueue: usb_hub_wq hub_event
[ 52.445877][ T25] Call Trace:
[ 52.449146][ T25]
[ 52.452074][ T25] dump_stack_lvl+0xd9/0x150
[ 52.456659][ T25] panic+0x688/0x730
[ 52.460543][ T25] ? panic_smp_self_stop+0x90/0x90
[ 52.465646][ T25] ? show_trace_log_lvl+0x285/0x390
[ 52.470859][ T25] ? usb_submit_urb+0xed6/0x1880
[ 52.475792][ T25] check_panic_on_warn+0xb1/0xc0
[ 52.480721][ T25] __warn+0xf2/0x390
[ 52.484609][ T25] ? __wake_up_klogd.part.0+0x99/0xf0
[ 52.489997][ T25] ? usb_submit_urb+0xed6/0x1880
[ 52.494937][ T25] report_bug+0x2da/0x500
[ 52.499262][ T25] handle_bug+0x3c/0x70
[ 52.503445][ T25] exc_invalid_op+0x18/0x50
[ 52.507944][ T25] asm_exc_invalid_op+0x1a/0x20
[ 52.512789][ T25] RIP: 0010:usb_submit_urb+0xed6/0x1880
[ 52.518335][ T25] Code: 7c 24 18 e8 7c 00 5b fd 48 8b 7c 24 18 e8 f2 ca 0b ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 e0 22 cc 86 e8 9a 61 26 fd <0f> 0b e9 58 f8 ff ff e8 4e 00 5b fd 48 81 c5 b8 05 00 00 e9 84 f7
[ 52.537936][ T25] RSP: 0018:ffffc900001b6fa8 EFLAGS: 00010282
[ 52.543991][ T25] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
[ 52.551951][ T25] RDX: ffff888105659d00 RSI: ffffffff81164537 RDI: 0000000000000001
[ 52.559913][ T25] RBP: ffff88810cbfd8f0 R08: 0000000000000001 R09: 0000000000000000
[ 52.567896][ T25] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003
[ 52.575856][ T25] R13: ffff88810a7e5a50 R14: 0000000000000003 R15: ffff888109a5ec00
[ 52.583832][ T25] ? __warn_printk+0x187/0x310
[ 52.588662][ T25] ? usb_submit_urb+0xed6/0x1880
[ 52.593606][ T25] ? __kmalloc+0x23/0x190
[ 52.597933][ T25] ar5523_submit_rx_cmd+0x1f1/0x360
[ 52.603132][ T25] ar5523_probe+0xc0b/0x36a0
[ 52.607720][ T25] ? ar5523_hwconfig+0x130/0x130
[ 52.612654][ T25] ? mark_held_locks+0x9f/0xe0
[ 52.617417][ T25] ? _raw_spin_unlock_irqrestore+0x54/0x70
[ 52.623216][ T25] ? lockdep_hardirqs_on+0x7d/0x100
[ 52.628406][ T25] ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 52.634211][ T25] ? __pm_runtime_set_status+0x442/0xd90
[ 52.639835][ T25] usb_probe_interface+0x30f/0x960
[ 52.644935][ T25] ? usb_match_dynamic_id+0x1a0/0x1a0
[ 52.650295][ T25] really_probe+0x240/0xca0
[ 52.654790][ T25] __driver_probe_device+0x1df/0x4b0
[ 52.660066][ T25] ? usb_match_id.part.0+0x163/0x1b0
[ 52.665342][ T25] driver_probe_device+0x4c/0x1a0
[ 52.670359][ T25] __device_attach_driver+0x1d4/0x2e0
[ 52.675721][ T25] bus_for_each_drv+0x149/0x1d0
[ 52.680585][ T25] ? driver_probe_device+0x1a0/0x1a0
[ 52.685863][ T25] ? bus_for_each_dev+0x1c0/0x1c0
[ 52.690882][ T25] ? _raw_spin_unlock_irqrestore+0x54/0x70
[ 52.696682][ T25] ? lockdep_hardirqs_on+0x7d/0x100
[ 52.701884][ T25] ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 52.707691][ T25] __device_attach+0x1e4/0x4b0
[ 52.712446][ T25] ? device_driver_attach+0x210/0x210
[ 52.717811][ T25] ? do_raw_spin_unlock+0x175/0x230
[ 52.723027][ T25] bus_probe_device+0x17c/0x1c0
[ 52.727866][ T25] device_add+0x112d/0x1a40
[ 52.732363][ T25] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270
[ 52.739206][ T25] ? usb_cache_string+0x106/0x160
[ 52.744224][ T25] ? __kmem_cache_free+0x99/0x320
[ 52.749260][ T25] ? __phys_addr+0xc8/0x140
[ 52.753755][ T25] usb_set_configuration+0x1196/0x1bc0
[ 52.759214][ T25] usb_generic_driver_probe+0xcf/0x130
[ 52.764670][ T25] usb_probe_device+0xd8/0x2c0
[ 52.769429][ T25] ? usb_driver_release_interface+0x190/0x190
[ 52.775513][ T25] really_probe+0x240/0xca0
[ 52.780018][ T25] __driver_probe_device+0x1df/0x4b0
[ 52.785294][ T25] driver_probe_device+0x4c/0x1a0
[ 52.790307][ T25] __device_attach_driver+0x1d4/0x2e0
[ 52.795707][ T25] bus_for_each_drv+0x149/0x1d0
[ 52.800577][ T25] ? driver_probe_device+0x1a0/0x1a0
[ 52.805851][ T25] ? bus_for_each_dev+0x1c0/0x1c0
[ 52.810870][ T25] ? _raw_spin_unlock_irqrestore+0x54/0x70
[ 52.816668][ T25] ? lockdep_hardirqs_on+0x7d/0x100
[ 52.821866][ T25] ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 52.827680][ T25] __device_attach+0x1e4/0x4b0
[ 52.832436][ T25] ? device_driver_attach+0x210/0x210
[ 52.837797][ T25] ? do_raw_spin_unlock+0x175/0x230
[ 52.843010][ T25] bus_probe_device+0x17c/0x1c0
[ 52.847877][ T25] device_add+0x112d/0x1a40
[ 52.852383][ T25] ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270
[ 52.859235][ T25] ? add_device_randomness+0xb8/0xe0
[ 52.864514][ T25] ? __phys_addr+0xc8/0x140
[ 52.869014][ T25] usb_new_device+0xcb2/0x19d0
[ 52.873772][ T25] ? hub_disconnect+0x520/0x520
[ 52.878613][ T25] ? _raw_spin_unlock_irq+0x23/0x50
[ 52.883810][ T25] hub_event+0x2e3d/0x4ed0
[ 52.888221][ T25] ? hub_port_debounce+0x3b0/0x3b0
[ 52.893345][ T25] ? lock_sync+0x190/0x190
[ 52.897756][ T25] ? lock_downgrade+0x690/0x690
[ 52.902610][ T25] ? do_raw_spin_lock+0x124/0x2b0
[ 52.907637][ T25] ? _raw_spin_unlock_irq+0x23/0x50
[ 52.912838][ T25] process_one_work+0x991/0x15c0
[ 52.917775][ T25] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 52.923139][ T25] ? spin_bug+0x1c0/0x1c0
[ 52.927462][ T25] ? _raw_spin_lock_irq+0x45/0x50
[ 52.932477][ T25] worker_thread+0x669/0x1090
[ 52.937146][ T25] ? __kthread_parkme+0x163/0x220
[ 52.942164][ T25] ? process_one_work+0x15c0/0x15c0
[ 52.947361][ T25] kthread+0x344/0x440
[ 52.951446][ T25] ? kthread_complete_and_exit+0x40/0x40
[ 52.957076][ T25] ret_from_fork+0x1f/0x30
[ 52.961486][ T25]
[ 52.964669][ T25] Kernel Offset: disabled
[ 52.969039][ T25] Rebooting in 86400 seconds..