[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.251' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 67.761701][ T19] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 68.131067][ T19] usb 1-1: config 0 has an invalid interface number: 237 but max is 0 [ 68.139574][ T19] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 68.150295][ T19] usb 1-1: config 0 has no interface number 0 [ 68.156485][ T19] usb 1-1: config 0 interface 237 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 68.167638][ T19] usb 1-1: New USB device found, idVendor=2040, idProduct=826d, bcdDevice=98.19 [ 68.176774][ T19] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 68.188788][ T19] usb 1-1: config 0 descriptor?? [ 68.247353][ T19] em28xx 1-1:0.237: New device @ 480 Mbps (2040:826d, interface 237, class 237) [ 68.256861][ T19] em28xx 1-1:0.237: Audio interface 237 found (Vendor Class) executing program [ 68.520998][ T19] em28xx 1-1:0.237: unknown em28xx chip ID (0) [ 68.550962][ T19] em28xx 1-1:0.237: Config register raw data: 0xfffffffb [ 68.581672][ T19] em28xx 1-1:0.237: AC97 chip type couldn't be determined [ 68.588785][ T19] em28xx 1-1:0.237: No AC97 audio processor [ 68.595283][ T19] em28xx 1-1:0.237: We currently don't support analog TV or stream capture on dual tuners. [ 68.730917][ T19] em28xx 1-1:0.237: unknown em28xx chip ID (0) [ 68.760891][ T19] em28xx 1-1:0.237: Config register raw data: 0xfffffffb [ 68.780923][ T19] em28xx 1-1:0.237: AC97 chip type couldn't be determined [ 68.788072][ T19] em28xx 1-1:0.237: No AC97 audio processor [ 69.048759][ T19] usb 1-1: USB disconnect, device number 2 [ 69.057206][ T19] em28xx 1-1:0.237: Disconnecting em28xx #1 [ 69.068614][ T19] em28xx 1-1:0.237: Disconnecting em28xx [ 69.079601][ T19] em28xx 1-1:0.237: Freeing device [ 69.085713][ T19] em28xx 1-1:0.237: Freeing device [ 69.450861][ T19] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 69.810873][ T19] usb 1-1: config 0 has an invalid interface number: 237 but max is 0 [ 69.819115][ T19] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 69.830641][ T19] usb 1-1: config 0 has no interface number 0 [ 69.837612][ T19] usb 1-1: config 0 interface 237 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 69.849592][ T19] usb 1-1: New USB device found, idVendor=2040, idProduct=826d, bcdDevice=98.19 [ 69.859221][ T19] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.869933][ T19] usb 1-1: config 0 descriptor?? [ 69.915538][ T19] em28xx 1-1:0.237: New device @ 480 Mbps (2040:826d, interface 237, class 237) [ 69.924851][ T19] em28xx 1-1:0.237: Audio interface 237 found (Vendor Class) executing program [ 70.170798][ T19] em28xx 1-1:0.237: unknown em28xx chip ID (0) [ 70.190796][ T19] em28xx 1-1:0.237: Config register raw data: 0xfffffffb [ 70.210781][ T19] em28xx 1-1:0.237: AC97 chip type couldn't be determined [ 70.217888][ T19] em28xx 1-1:0.237: No AC97 audio processor [ 70.228629][ T19] list_add corruption. prev->next should be next (ffffffff8d0003a0), but was ffffffff8536b9f7. (prev=ffff88802e1a0250). [ 70.242054][ T19] ------------[ cut here ]------------ [ 70.247500][ T19] kernel BUG at lib/list_debug.c:26! [ 70.253624][ T19] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 70.259678][ T19] CPU: 1 PID: 19 Comm: kworker/1:0 Not tainted 5.11.0-rc6-syzkaller #0 [ 70.267892][ T19] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.277926][ T19] Workqueue: usb_hub_wq hub_event [ 70.282944][ T19] RIP: 0010:__list_add_valid.cold+0x3a/0x3c [ 70.288823][ T19] Code: 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 60 e3 9e 89 e8 d3 41 f3 ff 0f 0b 48 89 f1 48 c7 c7 e0 e2 9e 89 4c 89 e6 e8 bf 41 f3 ff <0f> 0b 48 89 ee 48 c7 c7 80 e4 9e 89 e8 ae 41 f3 ff 0f 0b 4c 89 ea [ 70.308409][ T19] RSP: 0018:ffffc90000d96fa0 EFLAGS: 00010282 [ 70.314459][ T19] RAX: 0000000000000075 RBX: ffff888018629000 RCX: 0000000000000000 [ 70.322419][ T19] RDX: ffff8880119a5340 RSI: ffffffff815b73e5 RDI: fffff520001b2de6 [ 70.330369][ T19] RBP: ffff8880185d0250 R08: 0000000000000075 R09: 0000000000000000 [ 70.338385][ T19] R10: ffffffff815b05be R11: 0000000000000000 R12: ffffffff8d0003a0 [ 70.346337][ T19] R13: ffff8880185d0000 R14: ffff8880185d013c R15: ffff888018628000 [ 70.354287][ T19] FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 70.363247][ T19] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.369811][ T19] CR2: 00007f8d51d9f000 CR3: 0000000025b38000 CR4: 00000000001506e0 [ 70.377767][ T19] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.385716][ T19] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.393668][ T19] Call Trace: [ 70.396931][ T19] em28xx_init_extension+0x44/0x1f0 [ 70.402114][ T19] em28xx_init_dev.constprop.0+0xa8b/0x172f [ 70.408051][ T19] ? __dev_printk+0xcf/0xf5 [ 70.412537][ T19] ? _dev_info+0xd7/0x109 [ 70.416848][ T19] ? em28xx_pre_card_setup+0x5c0/0x5c0 [ 70.422288][ T19] ? lockdep_init_map_waits+0x26a/0x720 [ 70.427866][ T19] ? lockdep_init_map_waits+0x26a/0x720 [ 70.433394][ T19] em28xx_usb_probe.cold+0xc23/0x2586 [ 70.438800][ T19] usb_probe_interface+0x315/0x7f0 [ 70.443894][ T19] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 70.449245][ T19] really_probe+0x291/0xe60 [ 70.453729][ T19] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 70.459968][ T19] driver_probe_device+0x26b/0x3d0 [ 70.465060][ T19] __device_attach_driver+0x1d1/0x290 [ 70.470415][ T19] ? driver_allows_async_probing+0x150/0x150 [ 70.476509][ T19] bus_for_each_drv+0x15f/0x1e0 [ 70.481340][ T19] ? bus_for_each_dev+0x1d0/0x1d0 [ 70.486340][ T19] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 70.492141][ T19] ? lockdep_hardirqs_on+0x79/0x100 [ 70.497331][ T19] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 70.503121][ T19] __device_attach+0x228/0x4a0 [ 70.507866][ T19] ? __driver_attach_async_helper+0x330/0x330 [ 70.513912][ T19] ? kobject_uevent_env+0x2bb/0x1680 [ 70.519178][ T19] bus_probe_device+0x1e4/0x290 [ 70.524009][ T19] device_add+0xbc4/0x1d90 [ 70.528408][ T19] ? wait_for_completion_io+0x260/0x260 [ 70.533933][ T19] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 70.540163][ T19] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 70.545951][ T19] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 70.552178][ T19] usb_set_configuration+0x113c/0x1910 [ 70.557620][ T19] usb_generic_driver_probe+0xba/0x100 [ 70.563078][ T19] usb_probe_device+0xd9/0x2c0 [ 70.567822][ T19] ? usb_driver_release_interface+0x180/0x180 [ 70.573868][ T19] really_probe+0x291/0xe60 [ 70.578351][ T19] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 70.584576][ T19] driver_probe_device+0x26b/0x3d0 [ 70.589667][ T19] __device_attach_driver+0x1d1/0x290 [ 70.595020][ T19] ? driver_allows_async_probing+0x150/0x150 [ 70.600994][ T19] bus_for_each_drv+0x15f/0x1e0 [ 70.605826][ T19] ? bus_for_each_dev+0x1d0/0x1d0 [ 70.610827][ T19] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 70.616614][ T19] ? lockdep_hardirqs_on+0x79/0x100 [ 70.621807][ T19] ? _raw_spin_unlock_irqrestore+0x2f/0x50 [ 70.627592][ T19] __device_attach+0x228/0x4a0 [ 70.632335][ T19] ? __driver_attach_async_helper+0x330/0x330 [ 70.638381][ T19] ? kobject_uevent_env+0x2bb/0x1680 [ 70.643650][ T19] bus_probe_device+0x1e4/0x290 [ 70.648481][ T19] device_add+0xbc4/0x1d90 [ 70.652883][ T19] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 70.659108][ T19] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 70.665331][ T19] usb_new_device.cold+0x721/0x1058 [ 70.670512][ T19] ? hub_disconnect+0x510/0x510 [ 70.675340][ T19] ? rwlock_bug.part.0+0x90/0x90 [ 70.680260][ T19] ? _raw_spin_unlock_irq+0x1f/0x40 [ 70.685439][ T19] hub_event+0x2357/0x4320 [ 70.689840][ T19] ? hub_port_debounce+0x3c0/0x3c0 [ 70.694935][ T19] ? lock_release+0x710/0x710 [ 70.699596][ T19] ? lock_downgrade+0x6d0/0x6d0 [ 70.704428][ T19] ? do_raw_spin_lock+0x120/0x2b0 [ 70.709453][ T19] process_one_work+0x98d/0x15f0 [ 70.714374][ T19] ? pwq_dec_nr_in_flight+0x320/0x320 [ 70.719726][ T19] ? rwlock_bug.part.0+0x90/0x90 [ 70.724645][ T19] ? _raw_spin_lock_irq+0x41/0x50 [ 70.729651][ T19] worker_thread+0x82b/0x1120 [ 70.734319][ T19] ? process_one_work+0x15f0/0x15f0 [ 70.739496][ T19] kthread+0x3b1/0x4a0 [ 70.743545][ T19] ? __kthread_bind_mask+0xc0/0xc0 [ 70.748634][ T19] ret_from_fork+0x1f/0x30 [ 70.753036][ T19] Modules linked in: [ 70.770624][ T19] ---[ end trace 3ac91292c8659df3 ]--- [ 70.776082][ T19] RIP: 0010:__list_add_valid.cold+0x3a/0x3c [ 70.782025][ T19] Code: 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 60 e3 9e 89 e8 d3 41 f3 ff 0f 0b 48 89 f1 48 c7 c7 e0 e2 9e 89 4c 89 e6 e8 bf 41 f3 ff <0f> 0b 48 89 ee 48 c7 c7 80 e4 9e 89 e8 ae 41 f3 ff 0f 0b 4c 89 ea [ 70.801857][ T19] RSP: 0018:ffffc90000d96fa0 EFLAGS: 00010282 [ 70.807909][ T19] RAX: 0000000000000075 RBX: ffff888018629000 RCX: 0000000000000000 [ 70.815899][ T19] RDX: ffff8880119a5340 RSI: ffffffff815b73e5 RDI: fffff520001b2de6 [ 70.823909][ T19] RBP: ffff8880185d0250 R08: 0000000000000075 R09: 0000000000000000 [ 70.831935][ T19] R10: ffffffff815b05be R11: 0000000000000000 R12: ffffffff8d0003a0 [ 70.839914][ T19] R13: ffff8880185d0000 R14: ffff8880185d013c R15: ffff888018628000 [ 70.847905][ T19] FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 70.856868][ T19] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.863474][ T19] CR2: 00007f8d51e2a000 CR3: 0000000025b38000 CR4: 00000000001506e0 [ 70.871496][ T19] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.879464][ T19] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.887441][ T19] Kernel panic - not syncing: Fatal exception [ 70.894042][ T19] Kernel Offset: disabled [ 70.898351][ T19] Rebooting in 86400 seconds..