Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 15.426754][ C1] random: crng init done [ 15.427728][ C1] random: 7 urandom warning(s) missed due to ratelimiting [ 24.543417][ T377] can: request_module (can-proto-0) failed. [ 24.866800][ T377] can: request_module (can-proto-0) failed. [ 24.876856][ T377] can: request_module (can-proto-7) failed. [ 24.886395][ T377] can: request_module (can-proto-0) failed. Warning: Permanently added '10.128.0.232' (ECDSA) to the list of known hosts. 2020/04/03 02:25:43 parsed 1 programs 2020/04/03 02:25:43 executed programs: 0 [ 32.413163][ T528] cgroup: Unknown subsys name 'perf_event' [ 32.424926][ T528] cgroup: Unknown subsys name 'net_cls' [ 32.432290][ T533] cgroup: Unknown subsys name 'perf_event' [ 32.436724][ T534] cgroup: Unknown subsys name 'perf_event' [ 32.443402][ T533] cgroup: Unknown subsys name 'net_cls' [ 32.449335][ T534] cgroup: Unknown subsys name 'net_cls' [ 32.456429][ T539] cgroup: Unknown subsys name 'perf_event' [ 32.461957][ T536] cgroup: Unknown subsys name 'perf_event' [ 32.465815][ T539] cgroup: Unknown subsys name 'net_cls' [ 32.468207][ T536] cgroup: Unknown subsys name 'net_cls' [ 32.479226][ T540] cgroup: Unknown subsys name 'perf_event' [ 32.486157][ T540] cgroup: Unknown subsys name 'net_cls' [ 40.485910][ T12] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 40.515848][ T95] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 40.585857][ T3211] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 40.655822][ T83] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 40.663437][ T22] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 40.696177][ T12] usb 6-1: config 1 has an invalid interface number: 2 but max is 0 [ 40.704250][ T12] usb 6-1: config 1 has no interface number 0 [ 40.711457][ T3217] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 40.725912][ T95] usb 4-1: config 1 has an invalid interface number: 2 but max is 0 [ 40.734037][ T95] usb 4-1: config 1 has no interface number 0 [ 40.796088][ T3211] usb 2-1: config 1 has an invalid interface number: 2 but max is 0 [ 40.804251][ T3211] usb 2-1: config 1 has no interface number 0 [ 40.875899][ T12] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 40.885163][ T12] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 40.893360][ T12] usb 6-1: Product: syz [ 40.897645][ T12] usb 6-1: Manufacturer: syz [ 40.902238][ T12] usb 6-1: SerialNumber: syz [ 40.905860][ T22] usb 5-1: config 1 has an invalid interface number: 2 but max is 0 [ 40.907122][ T95] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 40.915301][ T22] usb 5-1: config 1 has no interface number 0 [ 40.924396][ T95] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 40.933333][ T83] usb 3-1: config 1 has an invalid interface number: 2 but max is 0 [ 40.938657][ T95] usb 4-1: Product: syz [ 40.938669][ T95] usb 4-1: Manufacturer: syz [ 40.938680][ T95] usb 4-1: SerialNumber: syz [ 40.945886][ T3217] usb 1-1: config 1 has an invalid interface number: 2 but max is 0 [ 40.946801][ T83] usb 3-1: config 1 has no interface number 0 [ 40.950910][ T3217] usb 1-1: config 1 has no interface number 0 [ 40.981598][ T12] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 40.991423][ T95] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 41.015816][ T3211] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 41.024914][ T3211] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 41.033737][ T3211] usb 2-1: Product: syz [ 41.037982][ T3211] usb 2-1: Manufacturer: syz [ 41.042568][ T3211] usb 2-1: SerialNumber: syz [ 41.086658][ T3211] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 41.145855][ T83] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 41.155021][ T83] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 41.163151][ T83] usb 3-1: Product: syz [ 41.165779][ T3217] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 41.167349][ T83] usb 3-1: Manufacturer: syz [ 41.167361][ T83] usb 3-1: SerialNumber: syz [ 41.167430][ T22] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 41.176548][ T3217] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 41.181002][ T22] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 41.185691][ T3217] usb 1-1: Product: syz [ 41.194696][ T22] usb 5-1: Product: syz [ 41.202691][ T3217] usb 1-1: Manufacturer: syz [ 41.210664][ T22] usb 5-1: Manufacturer: syz [ 41.210676][ T22] usb 5-1: SerialNumber: syz [ 41.214810][ T3217] usb 1-1: SerialNumber: syz [ 41.276546][ T83] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 41.276569][ T3217] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 41.288473][ T22] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 41.675692][ T95] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 41.684737][ T12] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 41.725628][ T3211] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 41.855577][ T3217] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 41.877486][ T3247] usb 6-1: USB disconnect, device number 2 [ 41.881098][ T3235] usb 4-1: USB disconnect, device number 2 [ 41.885558][ C0] general protection fault, probably for non-canonical address 0xdffffc0000000015: 0000 [#1] SMP KASAN [ 41.900157][ C0] KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af] [ 41.908561][ C0] CPU: 0 PID: 3247 Comm: kworker/0:5 Not tainted 5.6.0-rc7-syzkaller #0 [ 41.917029][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.927517][ C0] Workqueue: usb_hub_wq hub_event [ 41.930240][ T17] usb 2-1: USB disconnect, device number 2 [ 41.932545][ C0] RIP: 0010:ath9k_hif_usb_rx_cb+0x103/0xf70 [ 41.932561][ C0] Code: 83 3c 24 00 48 89 c3 0f 84 19 04 00 00 e8 25 bb 6e fe 48 8d bb a8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 27 0c 00 00 4c 8b a3 a8 00 00 00 4d 85 e4 0f 84 [ 41.964139][ C0] RSP: 0018:ffff8881db209930 EFLAGS: 00010002 [ 41.970221][ C0] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff835ef3fc [ 41.978181][ C0] RDX: 0000000000000015 RSI: ffffffff82d09cfb RDI: 00000000000000a8 [ 41.986251][ C0] RBP: ffff8881c6aa1100 R08: ffff8881bda26200 R09: ffffed103b115045 [ 41.994232][ C0] R10: ffffed103b115044 R11: ffff8881d88a8223 R12: 00000000ffffffb9 [ 42.006272][ C0] R13: ffff8881d4d98000 R14: ffff8881c6aa1100 R15: ffff8881c6aa1100 [ 42.014566][ C0] FS: 0000000000000000(0000) GS:ffff8881db200000(0000) knlGS:0000000000000000 [ 42.023489][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.031313][ C0] CR2: 000000000076c061 CR3: 00000001bdacb000 CR4: 00000000001406f0 [ 42.039300][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 42.047348][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 42.055506][ C0] Call Trace: [ 42.058778][ C0] [ 42.061226][ T3259] usb 1-1: USB disconnect, device number 2 [ 42.061634][ C0] ? find_held_lock+0x2d/0x110 [ 42.072244][ C0] ? usb_unanchor_urb+0x91/0xc0 [ 42.077083][ C0] ? hif_usb_mgmt_cb+0x300/0x300 [ 42.082005][ C0] ? lock_acquire+0x130/0x340 [ 42.086669][ C0] ? usb_unanchor_urb+0x51/0xc0 [ 42.091606][ C0] ? trace_hardirqs_off+0x50/0x200 [ 42.096798][ C0] ? _raw_spin_unlock_irqrestore+0x2a/0x40 [ 42.102596][ C0] __usb_hcd_giveback_urb+0x1f2/0x470 [ 42.108122][ C0] usb_hcd_giveback_urb+0x368/0x420 [ 42.113317][ C0] dummy_timer+0x1258/0x32ae [ 42.118070][ C0] ? __lock_acquire+0x145e/0x3b60 [ 42.123217][ C0] ? __lock_acquire+0x145e/0x3b60 [ 42.128436][ C0] ? debug_object_deactivate+0x1d9/0x320 [ 42.134192][ C0] ? mark_held_locks+0xe0/0xe0 [ 42.139216][ C0] ? dummy_udc_probe+0x930/0x930 [ 42.144308][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 42.149842][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 42.155389][ C0] call_timer_fn+0x195/0x6f0 [ 42.160159][ C0] ? dummy_udc_probe+0x930/0x930 [ 42.165324][ C0] ? msleep_interruptible+0x130/0x130 [ 42.170757][ C0] ? mark_held_locks+0x9f/0xe0 [ 42.175688][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 42.181096][ C0] ? _raw_spin_unlock_irq+0x1f/0x30 [ 42.186458][ C0] ? dummy_udc_probe+0x930/0x930 [ 42.191978][ C0] run_timer_softirq+0x5f9/0x1500 [ 42.197122][ C0] ? add_timer+0x7a0/0x7a0 [ 42.201872][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 42.207403][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 42.212673][ C0] ? mark_held_locks+0x9f/0xe0 [ 42.217437][ C0] __do_softirq+0x21e/0x950 [ 42.222225][ C0] irq_exit+0x178/0x1a0 [ 42.226550][ C0] smp_apic_timer_interrupt+0x141/0x540 [ 42.232092][ C0] apic_timer_interrupt+0xf/0x20 [ 42.237135][ C0] [ 42.240063][ C0] RIP: 0010:lock_is_held_type+0x1ce/0x240 [ 42.246009][ C0] Code: 89 f9 48 c1 e9 03 0f b6 0c 11 48 89 fa 83 e2 07 83 c2 03 38 ca 7c 04 84 c9 75 6e c7 83 4c 08 00 00 00 00 00 00 ff 74 24 08 9d <48> 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f c3 31 c0 eb a8 48 83 c4 [ 42.265953][ C0] RSP: 0018:ffff8881cc707698 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 42.274573][ C0] RAX: 0000000000000001 RBX: ffff8881bda26200 RCX: 0000000000000000 [ 42.282574][ C0] RDX: 0000000000000007 RSI: ffffffff871e1540 RDI: ffff8881bda26a4c [ 42.290537][ C0] RBP: ffff8881bda26200 R08: ffff8881bda26200 R09: fffffbfff0e3c29d [ 42.298500][ C0] R10: ffff8881cc707830 R11: ffffffff871e14e7 R12: ffff8881bda26a48 [ 42.306746][ C0] R13: ffffed1037b44d49 R14: ffffffff871e1540 R15: ffff8881bda26af0 [ 42.315977][ C0] kernfs_active+0xb3/0xf0 [ 42.320396][ C0] __kernfs_remove+0x173/0x9b0 [ 42.325319][ C0] ? mutex_trylock+0x2c0/0x2c0 [ 42.331586][ C0] ? kernfs_fop_readdir+0x8c0/0x8c0 [ 42.336904][ C0] ? kernfs_name_hash+0xdd/0x100 [ 42.341949][ C0] kernfs_remove_by_name_ns+0x51/0xb0 [ 42.347517][ C0] remove_files.isra.0+0x76/0x190 [ 42.352578][ C0] sysfs_remove_group+0xb3/0x1b0 [ 42.357683][ C0] sysfs_remove_groups+0x5c/0xa0 [ 42.362697][ C0] device_remove_attrs+0xa9/0x150 [ 42.367878][ C0] device_del+0x479/0xd30 [ 42.372199][ C0] ? device_create_with_groups+0x120/0x120 [ 42.378118][ C0] ? kfree+0xd5/0x300 [ 42.382207][ C0] ? dev_attr_show+0x90/0x90 [ 42.386785][ C0] ? kfree_const+0x51/0x60 [ 42.391376][ C0] device_unregister+0x22/0xc0 [ 42.396265][ C0] usb_remove_ep_devs+0x3e/0x80 [ 42.401245][ C0] remove_intf_ep_devs+0x108/0x1d0 [ 42.406538][ C0] usb_disable_device+0x235/0x790 [ 42.411564][ C0] usb_disconnect+0x293/0x900 [ 42.416359][ C0] hub_event+0x1a1d/0x4300 [ 42.420766][ C0] ? hub_port_debounce+0x350/0x350 [ 42.426000][ C0] ? find_held_lock+0x2d/0x110 [ 42.431085][ C0] ? mark_held_locks+0xe0/0xe0 [ 42.436801][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 42.442342][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 42.447611][ C0] process_one_work+0x94b/0x1620 [ 42.452536][ C0] ? pwq_dec_nr_in_flight+0x310/0x310 [ 42.457890][ C0] ? do_raw_spin_lock+0x129/0x290 [ 42.462924][ C0] worker_thread+0x96/0xe20 [ 42.467412][ C0] ? process_one_work+0x1620/0x1620 [ 42.472594][ C0] kthread+0x318/0x420 [ 42.476648][ C0] ? kthread_create_on_node+0xf0/0xf0 [ 42.482244][ C0] ret_from_fork+0x24/0x30 [ 42.486779][ C0] Modules linked in: [ 42.490799][ C0] ---[ end trace 37b88c5796d54927 ]--- [ 42.497341][ C0] RIP: 0010:ath9k_hif_usb_rx_cb+0x103/0xf70 [ 42.503262][ C0] Code: 83 3c 24 00 48 89 c3 0f 84 19 04 00 00 e8 25 bb 6e fe 48 8d bb a8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 27 0c 00 00 4c 8b a3 a8 00 00 00 4d 85 e4 0f 84 [ 42.522861][ C0] RSP: 0018:ffff8881db209930 EFLAGS: 00010002 [ 42.529041][ C0] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff835ef3fc [ 42.537044][ C0] RDX: 0000000000000015 RSI: ffffffff82d09cfb RDI: 00000000000000a8 [ 42.545008][ C0] RBP: ffff8881c6aa1100 R08: ffff8881bda26200 R09: ffffed103b115045 [ 42.553102][ C0] R10: ffffed103b115044 R11: ffff8881d88a8223 R12: 00000000ffffffb9 [ 42.561074][ C0] R13: ffff8881d4d98000 R14: ffff8881c6aa1100 R15: ffff8881c6aa1100 [ 42.569044][ C0] FS: 0000000000000000(0000) GS:ffff8881db200000(0000) knlGS:0000000000000000 [ 42.577970][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.584589][ C0] CR2: 000000000076c061 CR3: 00000001bdacb000 CR4: 00000000001406f0 [ 42.592618][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 42.600578][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 42.608539][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 42.616421][ C0] Kernel Offset: disabled [ 42.620748][ C0] Rebooting in 86400 seconds..