[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.175' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 59.568057][ T4912] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 59.958430][ T4912] usb 1-1: config 0 has an invalid interface number: 237 but max is 0 [ 59.968233][ T4912] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 59.979582][ T4912] usb 1-1: config 0 has no interface number 0 [ 59.986120][ T4912] usb 1-1: config 0 interface 237 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 59.998888][ T4912] usb 1-1: New USB device found, idVendor=2040, idProduct=826d, bcdDevice=98.19 [ 60.009892][ T4912] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.028654][ T4912] usb 1-1: config 0 descriptor?? [ 60.082037][ T4912] em28xx 1-1:0.237: New device @ 480 Mbps (2040:826d, interface 237, class 237) [ 60.093504][ T4912] em28xx 1-1:0.237: Audio interface 237 found (Vendor Class) executing program [ 60.338485][ T4912] em28xx 1-1:0.237: unknown em28xx chip ID (0) [ 60.368152][ T4912] em28xx 1-1:0.237: Config register raw data: 0xfffffffb [ 60.397985][ T4912] em28xx 1-1:0.237: AC97 chip type couldn't be determined [ 60.410208][ T4912] em28xx 1-1:0.237: No AC97 audio processor [ 60.418422][ T4912] em28xx 1-1:0.237: We currently don't support analog TV or stream capture on dual tuners. [ 60.558465][ T4912] em28xx 1-1:0.237: unknown em28xx chip ID (0) [ 60.588312][ T4912] em28xx 1-1:0.237: Config register raw data: 0xfffffffb [ 60.608791][ T4912] em28xx 1-1:0.237: AC97 chip type couldn't be determined [ 60.617807][ T4912] em28xx 1-1:0.237: No AC97 audio processor [ 60.874794][ T4912] usb 1-1: USB disconnect, device number 2 [ 60.885075][ T4912] em28xx 1-1:0.237: Disconnecting em28xx #1 [ 60.892138][ T4912] em28xx 1-1:0.237: Disconnecting em28xx [ 60.909919][ T4912] em28xx 1-1:0.237: Freeing device [ 60.915721][ T4912] em28xx 1-1:0.237: Freeing device [ 61.287945][ T4912] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 61.668029][ T4912] usb 1-1: config 0 has an invalid interface number: 237 but max is 0 [ 61.677204][ T4912] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 61.689885][ T4912] usb 1-1: config 0 has no interface number 0 [ 61.697025][ T4912] usb 1-1: config 0 interface 237 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 61.711173][ T4912] usb 1-1: New USB device found, idVendor=2040, idProduct=826d, bcdDevice=98.19 [ 61.721975][ T4912] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.737556][ T4912] usb 1-1: config 0 descriptor?? [ 61.784302][ T4912] em28xx 1-1:0.237: New device @ 480 Mbps (2040:826d, interface 237, class 237) [ 61.795875][ T4912] em28xx 1-1:0.237: Audio interface 237 found (Vendor Class) executing program [ 62.088079][ T4912] em28xx 1-1:0.237: unknown em28xx chip ID (0) [ 62.107900][ T4912] em28xx 1-1:0.237: Config register raw data: 0xfffffffb [ 62.138001][ T4912] em28xx 1-1:0.237: AC97 chip type couldn't be determined [ 62.145488][ T4912] em28xx 1-1:0.237: No AC97 audio processor [ 62.158593][ T4912] list_add corruption. prev->next should be next (ffffffff8dc1eb40), but was ffffffff84a23308. (prev=ffff888019a9c250). [ 62.173976][ T4912] ------------[ cut here ]------------ [ 62.180797][ T4912] kernel BUG at lib/list_debug.c:28! [ 62.186638][ T4912] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 62.192978][ T4912] CPU: 0 PID: 4912 Comm: kworker/0:4 Not tainted 5.13.0-rc7-syzkaller #0 [ 62.201632][ T4912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.212609][ T4912] Workqueue: usb_hub_wq hub_event [ 62.217891][ T4912] RIP: 0010:__list_add_valid+0xb6/0xc0 [ 62.225230][ T4912] Code: 48 c7 c7 60 a0 92 8a 4c 89 e6 4c 89 f1 31 c0 e8 48 58 64 fd 0f 0b 48 c7 c7 20 a1 92 8a 4c 89 f6 4c 89 e1 31 c0 e8 32 58 64 fd <0f> 0b 0f 1f 84 00 00 00 00 00 41 57 41 56 41 54 53 49 89 fe 49 bc [ 62.246898][ T4912] RSP: 0018:ffffc900019ee828 EFLAGS: 00010246 [ 62.253714][ T4912] RAX: 0000000000000075 RBX: ffffffff8dc1eb48 RCX: 1693815070d2fc00 [ 62.262792][ T4912] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 62.271728][ T4912] RBP: dffffc0000000000 R08: ffffffff816564b2 R09: ffffed1017345f90 [ 62.280376][ T4912] R10: ffffed1017345f90 R11: 0000000000000000 R12: ffff888019a9c250 [ 62.288790][ T4912] R13: dffffc0000000000 R14: ffffffff8dc1eb40 R15: ffff88802ac50250 [ 62.297396][ T4912] FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 62.306880][ T4912] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 62.313933][ T4912] CR2: 00007f372b61b028 CR3: 0000000016b84000 CR4: 00000000001506f0 [ 62.322500][ T4912] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 62.330831][ T4912] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 62.339415][ T4912] Call Trace: [ 62.343268][ T4912] em28xx_init_extension+0x52/0x1d0 [ 62.348631][ T4912] em28xx_init_dev+0x8e9/0x2b40 [ 62.353830][ T4912] ? lockdep_unregister_key+0x570/0x570 [ 62.359706][ T4912] ? em28xx_usb_resume+0x50/0x50 [ 62.365070][ T4912] ? lockdep_softirqs_off+0x410/0x410 [ 62.370452][ T4912] ? __raw_spin_lock_init+0x44/0x100 [ 62.375913][ T4912] em28xx_usb_probe+0x15b1/0x2fc0 [ 62.381664][ T4912] usb_probe_interface+0x633/0xb40 [ 62.386892][ T4912] really_probe+0x3cb/0x1020 [ 62.391578][ T4912] driver_probe_device+0x178/0x350 [ 62.397705][ T4912] ? __device_attach_driver+0x1cf/0x390 [ 62.403719][ T4912] ? deferred_probe_work_func+0x240/0x240 [ 62.409528][ T4912] bus_for_each_drv+0x16a/0x1f0 [ 62.414568][ T4912] ? _raw_spin_lock+0x40/0x40 [ 62.419967][ T4912] ? subsys_find_device_by_id+0x320/0x320 [ 62.426576][ T4912] __device_attach+0x301/0x560 [ 62.431614][ T4912] ? kobject_uevent_env+0x335/0x1700 [ 62.437905][ T4912] ? device_attach+0x20/0x20 [ 62.443394][ T4912] ? kobject_uevent_env+0x335/0x1700 [ 62.449638][ T4912] bus_probe_device+0xb8/0x1f0 [ 62.454527][ T4912] ? device_add+0x1078/0x1670 [ 62.459904][ T4912] device_add+0x11fc/0x1670 [ 62.464888][ T4912] ? virtual_device_parent+0x50/0x50 [ 62.471257][ T4912] usb_set_configuration+0x1a86/0x2100 [ 62.477449][ T4912] usb_generic_driver_probe+0x83/0x140 [ 62.483110][ T4912] usb_probe_device+0x13a/0x260 [ 62.488289][ T4912] really_probe+0x3cb/0x1020 [ 62.493326][ T4912] driver_probe_device+0x178/0x350 [ 62.498764][ T4912] ? __device_attach_driver+0x1cf/0x390 [ 62.504644][ T4912] ? deferred_probe_work_func+0x240/0x240 [ 62.511254][ T4912] bus_for_each_drv+0x16a/0x1f0 [ 62.516283][ T4912] ? _raw_spin_lock+0x40/0x40 [ 62.521044][ T4912] ? subsys_find_device_by_id+0x320/0x320 [ 62.527221][ T4912] __device_attach+0x301/0x560 [ 62.532673][ T4912] ? kobject_uevent_env+0x335/0x1700 [ 62.538267][ T4912] ? device_attach+0x20/0x20 [ 62.542943][ T4912] ? kobject_uevent_env+0x335/0x1700 [ 62.548218][ T4912] bus_probe_device+0xb8/0x1f0 [ 62.554064][ T4912] ? device_add+0x1078/0x1670 [ 62.559550][ T4912] device_add+0x11fc/0x1670 [ 62.564722][ T4912] ? virtual_device_parent+0x50/0x50 [ 62.570338][ T4912] usb_new_device+0xd45/0x1790 [ 62.575117][ T4912] ? usb_disconnect+0x8a0/0x8a0 [ 62.580074][ T4912] ? _raw_spin_unlock_irq+0x1f/0x40 [ 62.585376][ T4912] ? lockdep_hardirqs_on+0x8d/0x130 [ 62.591110][ T4912] hub_port_connect+0x1055/0x27a0 [ 62.597576][ T4912] ? descriptors_changed+0x9f0/0x9f0 [ 62.603656][ T4912] ? slab_free_freelist_hook+0x1d8/0x290 [ 62.610054][ T4912] hub_port_connect_change+0x5d0/0xbf0 [ 62.617095][ T4912] ? hub_port_reset+0x11b0/0x11b0 [ 62.622843][ T4912] ? hub_ext_port_status+0x470/0x670 [ 62.628519][ T4912] ? hub_handle_remote_wakeup+0x18d/0x3f0 [ 62.634538][ T4912] port_event+0xaee/0x1140 [ 62.639610][ T4912] ? hub_event+0x47f/0xd90 [ 62.644215][ T4912] ? mutex_lock_io_nested+0x60/0x60 [ 62.650276][ T4912] ? lockdep_hardirqs_on_prepare+0x3e2/0x750 [ 62.656472][ T4912] ? hub_quiesce+0x330/0x330 [ 62.661606][ T4912] ? rwsem_down_read_slowpath+0x781/0x9f0 [ 62.667604][ T4912] ? lockdep_hardirqs_on+0x8d/0x130 [ 62.673302][ T4912] hub_event+0x48d/0xd90 [ 62.678380][ T4912] ? led_work+0x710/0x710 [ 62.683024][ T4912] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 62.689259][ T4912] ? _raw_spin_unlock_irq+0x1f/0x40 [ 62.695478][ T4912] process_one_work+0x833/0x10c0 [ 62.700773][ T4912] ? worker_detach_from_pool+0x260/0x260 [ 62.707007][ T4912] ? _raw_spin_lock_irqsave+0x100/0x100 [ 62.712665][ T4912] ? kthread_data+0x4d/0xc0 [ 62.717387][ T4912] ? wq_worker_running+0x8b/0x140 [ 62.723291][ T4912] worker_thread+0xe28/0x1300 [ 62.728184][ T4912] ? __kthread_parkme+0x148/0x190 [ 62.733368][ T4912] ? rcu_lock_release+0x20/0x20 [ 62.739489][ T4912] kthread+0x39a/0x3c0 [ 62.745085][ T4912] ? rcu_lock_release+0x20/0x20 [ 62.751534][ T4912] ? kthread_blkcg+0xd0/0xd0 [ 62.756724][ T4912] ret_from_fork+0x1f/0x30 [ 62.761329][ T4912] Modules linked in: [ 62.777707][ T4912] ---[ end trace 380ef681f90bd4f2 ]--- [ 62.783846][ T4912] RIP: 0010:__list_add_valid+0xb6/0xc0 [ 62.797697][ T4912] Code: 48 c7 c7 60 a0 92 8a 4c 89 e6 4c 89 f1 31 c0 e8 48 58 64 fd 0f 0b 48 c7 c7 20 a1 92 8a 4c 89 f6 4c 89 e1 31 c0 e8 32 58 64 fd <0f> 0b 0f 1f 84 00 00 00 00 00 41 57 41 56 41 54 53 49 89 fe 49 bc [ 62.817959][ T4912] RSP: 0018:ffffc900019ee828 EFLAGS: 00010246 [ 62.824327][ T4912] RAX: 0000000000000075 RBX: ffffffff8dc1eb48 RCX: 1693815070d2fc00 [ 62.835216][ T4912] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 62.844272][ T4912] RBP: dffffc0000000000 R08: ffffffff816564b2 R09: ffffed1017345f90 [ 62.852991][ T4912] R10: ffffed1017345f90 R11: 0000000000000000 R12: ffff888019a9c250 [ 62.861821][ T4912] R13: dffffc0000000000 R14: ffffffff8dc1eb40 R15: ffff88802ac50250 [ 62.870682][ T4912] FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 62.880537][ T4912] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 62.887510][ T4912] CR2: 00007f372b624000 CR3: 0000000018e63000 CR4: 00000000001506f0 [ 62.898666][ T4912] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 62.907492][ T4912] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 62.916342][ T4912] Kernel panic - not syncing: Fatal exception [ 62.924906][ T4912] Kernel Offset: disabled [ 62.929658][ T4912] Rebooting in 86400 seconds..