Warning: Permanently added '10.128.0.120' (ECDSA) to the list of known hosts. 2020/08/17 09:27:24 fuzzer started 2020/08/17 09:27:24 dialing manager at 10.128.0.105:33249 2020/08/17 09:27:24 syscalls: 90 2020/08/17 09:27:24 code coverage: enabled 2020/08/17 09:27:24 comparison tracing: enabled 2020/08/17 09:27:24 extra coverage: enabled 2020/08/17 09:27:24 setuid sandbox: enabled 2020/08/17 09:27:24 namespace sandbox: enabled 2020/08/17 09:27:24 Android sandbox: /sys/fs/selinux/policy does not exist 2020/08/17 09:27:24 fault injection: enabled 2020/08/17 09:27:24 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/08/17 09:27:24 net packet injection: /dev/net/tun does not exist 2020/08/17 09:27:24 net device setup: enabled 2020/08/17 09:27:24 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/08/17 09:27:24 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/08/17 09:27:24 USB emulation: enabled 2020/08/17 09:27:24 hci packet injection: /dev/vhci does not exist syzkaller login: [ 19.606312][ C1] random: crng init done [ 19.607618][ C1] random: 7 urandom warning(s) missed due to ratelimiting 09:27:37 executing program 0: r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000500)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582ef1000000001020009050212"], 0x0) syz_usb_control_io$printer(r0, &(0x7f0000000140)={0x14, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4}}}, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000040)={0x2c, &(0x7f0000000300)={0x0, 0x0, 0x2, {0x2}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x8, &(0x7f0000000040)={[{0x1, 0x4e00, "9f"}]}) 09:27:37 executing program 2: r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000180)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582ef1000000001020009050212"], 0x0) syz_usb_control_io$printer(r0, &(0x7f0000000140)={0x14, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4}}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="0200000eff110000501a"]) 09:27:37 executing program 5: syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a1a32a20b00d23683ad40000000109021200010000334a0904"], 0x0) 09:27:37 executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="1201000000000040380705b540000000000109022400010100000009040000010301020009210000000122050009058103"], 0x0) syz_usb_disconnect(r0) syz_usb_disconnect(0xffffffffffffffff) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[], 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000140)={0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="000076000000760015d6020000000000000041a987d8a252a6e06d91c17b84d51e0d134bf277d88e030000000000000052df4e1cc3c04ed5774804c6fca126ddd41c663c3fb5f4113f50ca4447aa6ebd4a11480de7928642853a27aaa46001502b6264672897fedcc2396294021ff25708f2ee4ff94bd4047d548662abe196667427df519e3e403c2e4aed2c51d18cf3c65563619894f3794c06ffdcef2a2e039b0209360a4a748e24c5b1006d5e9a59cfb902e603319f5f3b8406e43b98c1b0fb43d45ad6ddc1720637425ca7f21a48d75c1e0707000000000000"], 0x0}, 0x0) 09:27:37 executing program 4: r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201fe0009003c0800040042ee420000000109021b00017600230009040000010209bd00070581070001"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_disconnect(r0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(0xffffffffffffffff) syz_open_dev$hiddev(&(0x7f0000000040)='/dev/usb/hiddev#\x00', 0xffffffff, 0x60100) write$char_usb(r1, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r0) 09:27:37 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10000000140, 0x926, 0x3333, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000001200)={0x2c, &(0x7f0000000ec0)={0x0, 0x0, 0x2, {0x2}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_connect$hid(0x0, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x2f, &(0x7f0000000380)=@string={0x2f, 0x3, "3d5182b3449174935277ae5b16efd7644f30f6f20ae994b03a2f94cfcf831937133112d85d361bdef6c1ee2158"}}]}) syz_usb_ep_write(r0, 0x0, 0xfffffffffffffcf5, &(0x7f0000000300)="893c8aa1eeea37") syz_usb_disconnect(0xffffffffffffffff) [ 32.184423][ T336] cgroup: Unknown subsys name 'perf_event' [ 32.185521][ T337] cgroup: Unknown subsys name 'perf_event' [ 32.190859][ T336] cgroup: Unknown subsys name 'net_cls' [ 32.197098][ T338] cgroup: Unknown subsys name 'perf_event' [ 32.225370][ T340] cgroup: Unknown subsys name 'perf_event' [ 32.228779][ T341] cgroup: Unknown subsys name 'perf_event' [ 32.231390][ T340] cgroup: Unknown subsys name 'net_cls' [ 32.238952][ T341] cgroup: Unknown subsys name 'net_cls' [ 32.242945][ T337] cgroup: Unknown subsys name 'net_cls' [ 32.252025][ T338] cgroup: Unknown subsys name 'net_cls' [ 32.267835][ T343] cgroup: Unknown subsys name 'perf_event' [ 32.281091][ T343] cgroup: Unknown subsys name 'net_cls' [ 39.531791][ T71] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 39.581693][ T5] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 39.641663][ T73] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 39.681716][ T21] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 39.701691][ T3014] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 39.741894][ T3038] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 39.821638][ T5] usb 3-1: Using ep0 maxpacket: 16 [ 39.891829][ T71] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 39.892359][ T73] usb 5-1: Using ep0 maxpacket: 8 [ 39.902929][ T71] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 39.916943][ T71] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 39.926928][ T71] usb 2-1: config 0 descriptor?? [ 39.961684][ T5] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 39.972060][ T3014] usb 1-1: Using ep0 maxpacket: 16 [ 39.980432][ T5] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 39.991389][ T5] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 40.001148][ T5] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 40.010834][ T5] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 40.032134][ T3038] usb 6-1: Using ep0 maxpacket: 32 [ 40.051810][ T73] usb 5-1: config 118 has an invalid descriptor of length 0, skipping remainder of the config [ 40.062487][ T73] usb 5-1: config 118 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 40.073711][ T73] usb 5-1: New USB device found, idVendor=0400, idProduct=4200, bcdDevice=42.ee [ 40.082775][ T73] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 40.101889][ T3014] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 40.112269][ T5] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 40.121358][ T5] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 40.121805][ T21] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 40.129401][ T5] usb 3-1: Manufacturer: syz [ 40.140294][ T21] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 40.146812][ T3014] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 40.154770][ T21] usb 4-1: New USB device found, idVendor=0738, idProduct=b505, bcdDevice= 0.40 [ 40.165629][ T3014] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 40.174677][ T21] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 40.184294][ T3014] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 40.184314][ T3014] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 40.188838][ T5] usb 3-1: config 0 descriptor?? [ 40.202761][ T73] hub 5-1:118.0: bad descriptor, ignoring hub [ 40.229348][ T73] hub: probe of 5-1:118.0 failed with error -5 [ 40.236717][ T3038] usb 6-1: New USB device found, idVendor=0db0, idProduct=6823, bcdDevice=d4.3a [ 40.245857][ T3038] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 40.258453][ T3038] usb 6-1: config 0 descriptor?? [ 40.264249][ T73] cdc_wdm 5-1:118.0: cdc-wdm0: USB WDM device [ 40.311663][ T3014] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 40.320866][ T3014] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 40.329037][ T3014] usb 1-1: Manufacturer: syz [ 40.342353][ T3014] usb 1-1: config 0 descriptor?? [ 40.368437][ T3038] usb 6-1: Direct firmware load for zd1201.fw failed with error -2 [ 40.376655][ T3038] usb 6-1: Failed to load zd1201.fw firmware file! [ 40.383259][ T3038] usb 6-1: Make sure the hotplug firmware loader is installed. [ 40.390810][ T3038] usb 6-1: Goto http://linux-lc100020.sourceforge.net for more info. [ 40.399076][ T3038] usb 6-1: zd1201 firmware upload failed: -2 [ 40.405862][ T3038] zd1201: probe of 6-1:0.0 failed with error -2 [ 40.413319][ T71] keytouch 0003:0926:3333.0001: fixing up Keytouch IEC report descriptor [ 40.424171][ T71] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0001/input/input5 [ 40.454720][ T71] keytouch 0003:0926:3333.0001: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 40.492107][ T5] Registered IR keymap rc-hauppauge [ 40.529887][ T71] usb 6-1: USB disconnect, device number 2 [ 40.541520][ T5] rc_core: Loaded IR protocol module ir-rc5-decoder, but protocol rc-5 still not available [ 40.552627][ T5] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 40.581629][ T5] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 40.601836][ T3014] Registered IR keymap rc-hauppauge [ 40.612525][ T5] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 40.626204][ T5] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input6 [ 40.641589][ T21] usbhid 4-1:1.0: can't add hid device: -71 [ 40.644031][ T3014] rc_core: Loaded IR protocol module ir-rc5-decoder, but protocol rc-5 still not available [ 40.648160][ T21] usbhid: probe of 4-1:1.0 failed with error -71 [ 40.658710][ T3014] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 40.666846][ T21] usb 4-1: USB disconnect, device number 2 [ 40.676159][ T5] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 40.701846][ T3014] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 40.712834][ T5] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 40.732266][ T3014] rc rc1: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc1 [ 40.745243][ T5] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 40.756511][ T3014] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc1/input7 [ 40.771333][ T3014] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 40.781558][ T5] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 40.801617][ T3014] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 40.813096][ T5] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 40.831503][ T3014] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 40.841688][ T5] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 40.861580][ T3014] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 40.872841][ T5] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 40.891504][ T3014] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 40.902979][ T5] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 40.911484][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 40.921668][ T3014] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 40.931436][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 40.939364][ T5] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 40.951418][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 40.958371][ T3014] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 40.971428][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 40.979290][ T5] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 40.991414][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 41.000794][ T3014] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 41.008390][ C0] mceusb 1-1:0.0: Error: urb status = -71 [ 41.014254][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 41.021399][ C0] mceusb 1-1:0.0: Error: urb status = -71 [ 41.028427][ T5] mceusb 3-1:0.0: Registered with mce emulator interface version 1 [ 41.036515][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 41.042471][ T5] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 41.051446][ C0] mceusb 1-1:0.0: Error: urb status = -71 [ 41.057476][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 41.058603][ T3014] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 41.071397][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 41.071451][ C0] mceusb 1-1:0.0: Error: urb status = -71 [ 41.085479][ T5] usb 3-1: USB disconnect, device number 2 [ 41.091404][ C0] mceusb 1-1:0.0: Error: urb status = -71 [ 41.097212][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 41.103787][ T3014] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 41.111394][ C0] mceusb 1-1:0.0: Error: urb status = -71 [ 41.131401][ C0] mceusb 1-1:0.0: Error: urb status = -71 [ 41.138184][ T3014] mceusb 1-1:0.0: Registered with mce emulator interface version 1 [ 41.146364][ T3014] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 41.154760][ C0] mceusb 1-1:0.0: Error: urb status = -71 [ 41.162649][ T3014] usb 1-1: USB disconnect, device number 2 [ 41.205422][ T21] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 41.311351][ T73] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 41.364327][ T5] usb 5-1: USB disconnect, device number 2 [ 41.571736][ T73] usb 6-1: Using ep0 maxpacket: 32 [ 41.641446][ T21] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 41.652388][ T21] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 41.661548][ T3014] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 41.662197][ T21] usb 4-1: New USB device found, idVendor=0738, idProduct=b505, bcdDevice= 0.40 [ 41.678939][ T21] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.721519][ T73] usb 6-1: New USB device found, idVendor=0db0, idProduct=6823, bcdDevice=d4.3a [ 41.730677][ T73] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.743533][ T73] usb 6-1: config 0 descriptor?? [ 41.792642][ T73] usb 6-1: Direct firmware load for zd1201.fw failed with error -2 [ 41.800605][ T73] usb 6-1: Failed to load zd1201.fw firmware file! [ 41.807315][ T73] usb 6-1: Make sure the hotplug firmware loader is installed. [ 41.814964][ T73] usb 6-1: Goto http://linux-lc100020.sourceforge.net for more info. [ 41.823129][ T73] usb 6-1: zd1201 firmware upload failed: -2 [ 41.830278][ T3049] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 41.838036][ T73] zd1201: probe of 6-1:0.0 failed with error -2 [ 41.901366][ T3014] usb 3-1: Using ep0 maxpacket: 16 09:27:47 executing program 5: syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a1a32a20b00d23683ad40000000109021200010000334a0904"], 0x0) [ 42.001556][ T73] usb 6-1: USB disconnect, device number 3 [ 42.021376][ T3014] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 42.036186][ T3014] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 42.047510][ T3014] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 42.057206][ T3014] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 42.066896][ T3014] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 42.121390][ T3049] usb 1-1: Using ep0 maxpacket: 16 [ 42.161432][ T3014] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 42.161625][ T21] hid (null): invalid report_size 5376 [ 42.170545][ T3014] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 42.180040][ T21] hid-generic 0003:0738:B505.0002: invalid report_size 5376 [ 42.184143][ T3014] usb 3-1: Manufacturer: syz [ 42.193502][ T3014] usb 3-1: config 0 descriptor?? [ 42.196214][ T21] hid-generic 0003:0738:B505.0002: item 0 2 1 7 parsing failed [ 42.203450][ T21] hid-generic: probe of 0003:0738:B505.0002 failed with error -22 [ 42.250472][ T21] usb 2-1: USB disconnect, device number 2 [ 42.256526][ T3049] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 42.269047][ T3049] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 42.280041][ T3049] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 42.289794][ T3049] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 09:27:47 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000083a09018000000000000109022400010000000009040000090300000009211300000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="00222200000007040eccf5a201100720001720a00b00000000c3f76e2b8707ec6bef33c3"], 0x0}, 0x0) [ 42.299489][ T3049] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 42.313102][ T3038] usb 5-1: new high-speed USB device number 3 using dummy_hcd 09:27:47 executing program 2: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000960a41400a115112237b000000010902120001a70000000904"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) [ 42.363971][ T17] usb 4-1: USB disconnect, device number 3 09:27:47 executing program 0: r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000500)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582ef1000000001020009050212"], 0x0) syz_usb_control_io$printer(r0, &(0x7f0000000140)={0x14, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4}}}, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000040)={0x2c, &(0x7f0000000300)={0x0, 0x0, 0x2, {0x2}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x8, &(0x7f0000000040)={[{0x1, 0x4e00, "9f"}]}) [ 42.421365][ T3049] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 42.430483][ T3049] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 42.431379][ T3014] Registered IR keymap rc-hauppauge [ 42.438531][ T3049] usb 1-1: Manufacturer: syz [ 42.460283][ T3049] usb 1-1: config 0 descriptor?? [ 42.471310][ T73] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 42.511553][ T3049] usb 1-1: can't set config #0, error -71 [ 42.518501][ T3049] usb 1-1: USB disconnect, device number 3 [ 42.521289][ T3014] rc_core: Loaded IR protocol module ir-rc5-decoder, but protocol rc-5 still not available [ 42.536075][ T3014] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 42.571245][ T3038] usb 5-1: Using ep0 maxpacket: 8 [ 42.571285][ T3014] mceusb 3-1:0.0: Error: mce write submit urb error = -90 09:27:47 executing program 4: r0 = syz_open_dev$hidraw(&(0x7f0000000100)='/dev/hidraw#\x00', 0x0, 0x641) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105804135000000000000109022400010000000009040000490300000009210000000122dc0109058103", @ANYRESDEC=r0], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_open_dev$hidraw(&(0x7f0000000100)='/dev/hidraw#\x00', 0x0, 0x641) r2 = syz_open_dev$hidraw(&(0x7f0000000100)='/dev/hidraw#\x00', 0x0, 0x641) write$hidraw(r2, &(0x7f0000000000)='4', 0x20000001) r3 = syz_open_dev$hidraw(&(0x7f0000000100)='/dev/hidraw#\x00', 0xfffffffffffffffe, 0x641) write$hidraw(r3, &(0x7f0000000000)='4', 0x20000001) r4 = syz_open_dev$hidraw(&(0x7f0000000100)='/dev/hidraw#\x00', 0x0, 0x641) write$hidraw(r4, &(0x7f0000000000)='4', 0x20000001) r5 = syz_open_dev$hidraw(&(0x7f0000000100)='/dev/hidraw#\x00', 0x0, 0x641) write$hidraw(r5, &(0x7f0000000000)='4', 0x20000001) ioctl$EVIOCGABS0(0xffffffffffffffff, 0x80184540, &(0x7f0000000300)=""/250) [ 42.611815][ T3014] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 42.635109][ T3014] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input8 [ 42.660779][ T3014] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 42.671137][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 42.671368][ T3038] usb 5-1: device descriptor read/all, error -71 [ 42.691135][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 42.697474][ T3014] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 42.711146][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 42.711223][ T21] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 42.731143][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 42.737122][ T3014] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 42.751149][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 42.751200][ T73] usb 6-1: Using ep0 maxpacket: 32 [ 42.771152][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 42.777129][ T3014] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 42.791137][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 42.811127][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 42.817170][ T3014] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 42.831131][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 42.851117][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 42.857036][ T3014] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 42.871118][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 42.891112][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 42.891883][ T3049] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 42.897107][ T3014] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 42.911682][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 42.921311][ T73] usb 6-1: New USB device found, idVendor=0db0, idProduct=6823, bcdDevice=d4.3a [ 42.930403][ T73] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 42.931089][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 42.943834][ T73] usb 6-1: config 0 descriptor?? [ 42.945756][ T3014] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 42.956214][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 42.971110][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 42.991084][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 42.991135][ T21] usb 2-1: Using ep0 maxpacket: 8 [ 42.997448][ T3014] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 43.003328][ T73] usb 6-1: Direct firmware load for zd1201.fw failed with error -2 [ 43.011076][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 43.023295][ T73] usb 6-1: Failed to load zd1201.fw firmware file! [ 43.029824][ T73] usb 6-1: Make sure the hotplug firmware loader is installed. [ 43.031068][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 43.037468][ T73] usb 6-1: Goto http://linux-lc100020.sourceforge.net for more info. [ 43.043282][ T3014] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 43.051216][ T73] usb 6-1: zd1201 firmware upload failed: -2 [ 43.058334][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 43.064958][ T73] zd1201: probe of 6-1:0.0 failed with error -2 [ 43.077299][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 43.084807][ T3014] mceusb 3-1:0.0: Registered with mce emulator interface version 1 [ 43.091183][ T3038] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 43.092901][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 43.106219][ T3014] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 43.114729][ C0] mceusb 3-1:0.0: Error: urb status = -71 [ 43.122289][ T3014] usb 3-1: USB disconnect, device number 3 [ 43.171188][ T21] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 43.181186][ T5] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 43.182312][ T21] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 43.199365][ T21] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 43.212208][ T21] usb 2-1: New USB device found, idVendor=093a, idProduct=8001, bcdDevice= 0.00 [ 43.217865][ T71] usb 6-1: USB disconnect, device number 4 [ 43.221394][ T21] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 43.221430][ T3049] usb 1-1: Using ep0 maxpacket: 16 [ 43.237297][ T21] usb 2-1: config 0 descriptor?? [ 43.361664][ T3049] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 43.371951][ T3038] usb 5-1: Using ep0 maxpacket: 16 [ 43.377122][ T3049] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 43.388037][ T3049] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 43.397786][ T3049] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 43.407492][ T3049] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 43.481057][ T3014] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 43.521296][ T3038] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 73, using maximum allowed: 30 [ 43.532256][ T3049] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 43.541361][ T3049] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 43.549335][ T3049] usb 1-1: Manufacturer: syz [ 43.551312][ T5] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 43.554266][ T3038] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9 [ 43.564801][ T5] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 43.575762][ T3038] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 73 [ 43.585477][ T5] usb 4-1: New USB device found, idVendor=0738, idProduct=b505, bcdDevice= 0.40 [ 43.598312][ T3038] usb 5-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 09:27:48 executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da070000000000010902240001000000000904000009030000000921000000012222000905810308"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0022220000009623137502091fefad4ac2c206e53f070c0000082a6868170900be808376"], 0x0}, 0x0) syz_usb_ep_write(r0, 0x0, 0x8f, &(0x7f00000000c0)="a2aeb69aa0dc8eda684ad0980efae69622b2524ffb726002d9f2bc561027d83c24e586c43593877356c965bdb09ea717914cc469a93f9b04c7698a6608e8f9e1a7067ddf342c00299e9be8ab95a307da771d5c70a9357ee70e73be0fc4f614d67b25067fc8ccb44a1a66a7e3204ef9bc034437f99abf2ab5a9cf6d54b62a3f2480c044573669d6629f79f98511385d") [ 43.607351][ T5] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 43.616388][ T3038] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 43.640344][ T3049] usb 1-1: config 0 descriptor?? [ 43.649106][ T3038] usb 5-1: config 0 descriptor?? 09:27:49 executing program 5: syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a1a32a20b00d23683ad40000000109021200010000334a0904"], 0x0) [ 43.761310][ T5] usbhid 4-1:1.0: can't add hid device: -71 [ 43.767302][ T5] usbhid: probe of 4-1:1.0 failed with error -71 [ 43.775426][ T5] usb 4-1: USB disconnect, device number 4 [ 43.861040][ T3014] usb 3-1: New USB device found, idVendor=110a, idProduct=1251, bcdDevice=7b.23 [ 43.870125][ T3014] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 43.911225][ T3049] Registered IR keymap rc-hauppauge [ 43.933069][ T21] usb 2-1: USB disconnect, device number 3 [ 43.940769][ T21] ================================================================== [ 43.948986][ T21] BUG: KASAN: double-free or invalid-free in kfree+0xbe/0x470 [ 43.956429][ T21] [ 43.958744][ T21] CPU: 1 PID: 21 Comm: kworker/1:1 Not tainted 5.9.0-rc1-syzkaller #0 [ 43.966869][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.976983][ T21] Workqueue: usb_hub_wq hub_event [ 43.982006][ T21] Call Trace: [ 43.985278][ T21] dump_stack+0xf6/0x16e [ 43.989522][ T21] print_address_description.constprop.0+0x1c/0x210 [ 43.996098][ T21] ? vprintk_func+0x93/0x133 [ 44.000679][ T21] ? kfree+0xbe/0x470 [ 44.004651][ T21] kasan_report_invalid_free+0x51/0x80 [ 44.010085][ T21] ? kfree+0xbe/0x470 [ 44.014044][ T21] __kasan_slab_free+0x122/0x130 [ 44.018958][ T21] slab_free_freelist_hook+0x53/0x140 [ 44.024311][ T21] ? platform_device_release+0x64/0xf0 [ 44.029747][ T21] ? platform_device_release+0x64/0xf0 [ 44.035182][ T21] kfree+0xbe/0x470 [ 44.038980][ T21] platform_device_release+0x64/0xf0 [ 44.044246][ T21] ? platform_device_put+0x40/0x40 [ 44.049346][ T21] device_release+0x71/0x200 [ 44.050949][ T71] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 44.053935][ T21] kobject_put+0x1c8/0x540 [ 44.053962][ T21] ? __device_link_free_srcu+0x120/0x120 [ 44.053977][ T21] klist_children_put+0x41/0x50 [ 44.053989][ T21] klist_prev+0x2a2/0x510 [ 44.054007][ T21] ? mfd_cell_disable+0xc0/0xc0 [ 44.085513][ T21] device_for_each_child_reverse+0xc0/0x180 [ 44.091393][ T21] ? device_find_child_by_name+0x1e0/0x1e0 [ 44.097189][ T21] ? mark_lock+0xbc/0x1590 [ 44.101583][ T21] mfd_remove_devices+0x75/0xa0 [ 44.106411][ T21] ? mfd_remove_devices_late+0xa0/0xa0 [ 44.111849][ T21] ? trace_hardirqs_on+0x5f/0x200 [ 44.116886][ T21] sensor_hub_remove+0x1d6/0x270 [ 44.121829][ T21] hid_device_remove+0xed/0x240 [ 44.126683][ T21] ? sensor_hub_raw_event+0xe00/0xe00 [ 44.130969][ T5] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 44.132052][ T21] ? hid_register_report+0x3b0/0x3b0 [ 44.132068][ T21] __device_release_driver+0x3c6/0x6f0 [ 44.132082][ T21] device_release_driver+0x26/0x40 [ 44.132099][ T21] bus_remove_device+0x2eb/0x5a0 [ 44.132122][ T21] device_del+0x481/0xd90 [ 44.164589][ T21] ? device_link_add_missing_supplier_links+0x370/0x370 [ 44.171527][ T21] ? mark_held_locks+0x9f/0xe0 [ 44.176291][ T21] ? _raw_spin_unlock_irq+0x1f/0x30 [ 44.181489][ T21] hid_destroy_device+0xe1/0x150 [ 44.186426][ T21] usbhid_disconnect+0x9f/0xe0 [ 44.191188][ T21] usb_unbind_interface+0x1d8/0x8d0 [ 44.196386][ T21] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 44.201933][ T21] ? usb_unbind_device+0x1a0/0x1a0 [ 44.207044][ T21] __device_release_driver+0x3c6/0x6f0 [ 44.212499][ T21] device_release_driver+0x26/0x40 [ 44.217616][ T21] bus_remove_device+0x2eb/0x5a0 [ 44.222570][ T21] device_del+0x481/0xd90 [ 44.226902][ T21] ? device_link_add_missing_supplier_links+0x370/0x370 [ 44.233837][ T21] ? kobject_put+0x1f3/0x540 [ 44.238429][ T21] usb_disable_device+0x387/0x930 [ 44.243452][ T21] usb_disconnect.cold+0x27d/0x780 [ 44.248562][ T21] hub_event+0x1c93/0x4390 [ 44.252979][ T21] ? hub_port_debounce+0x3b0/0x3b0 [ 44.258087][ T21] ? init_pwq+0x210/0x350 [ 44.262425][ T21] ? lock_release+0x7f0/0x7f0 [ 44.267100][ T21] ? lock_downgrade+0x740/0x740 [ 44.271955][ T21] ? do_raw_spin_lock+0x120/0x260 [ 44.276986][ T21] ? _raw_spin_unlock_irq+0x1f/0x30 [ 44.282195][ T21] ? lockdep_hardirqs_on_prepare+0x322/0x4f0 [ 44.288174][ T21] process_one_work+0x94c/0x15f0 [ 44.293118][ T21] ? lock_release+0x7f0/0x7f0 [ 44.297791][ T21] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 44.300978][ T71] usb 6-1: Using ep0 maxpacket: 32 [ 44.303156][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 44.303171][ T21] worker_thread+0x64c/0x1120 [ 44.303188][ T21] ? __kthread_parkme+0x118/0x1d0 [ 44.303201][ T21] ? process_one_work+0x15f0/0x15f0 [ 44.303213][ T21] kthread+0x392/0x470 [ 44.303234][ T21] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 44.338023][ T21] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 44.344011][ T21] ret_from_fork+0x1f/0x30 [ 44.348417][ T21] [ 44.350741][ T21] Allocated by task 21: [ 44.354901][ T21] kasan_save_stack+0x1b/0x40 [ 44.359581][ T21] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 44.365908][ T21] __kmalloc_track_caller+0xf6/0x270 [ 44.371194][ T21] kmemdup+0x23/0x50 [ 44.375111][ T21] mfd_add_device+0x112/0x1190 [ 44.379872][ T21] mfd_add_devices+0xdb/0x170 [ 44.384547][ T21] sensor_hub_probe+0xa93/0xdc0 [ 44.389395][ T21] hid_device_probe+0x2bd/0x3f0 [ 44.391641][ T5] usb 4-1: Using ep0 maxpacket: 16 [ 44.394245][ T21] really_probe+0x291/0xde0 [ 44.394263][ T21] driver_probe_device+0x26b/0x3d0 [ 44.408941][ T21] __device_attach_driver+0x1d1/0x290 [ 44.414317][ T21] bus_for_each_drv+0x15f/0x1e0 [ 44.419170][ T21] __device_attach+0x228/0x4a0 [ 44.421021][ T3014] mxuport 3-1:167.0: mxuport_recv_ctrl_urb - usb_control_msg failed (-71) [ 44.423933][ T21] bus_probe_device+0x1e4/0x290 [ 44.423948][ T21] device_add+0xb51/0x1c70 [ 44.423963][ T21] hid_add_device+0x344/0x9b0 [ 44.423977][ T21] usbhid_probe+0xaae/0xfc0 [ 44.423991][ T21] usb_probe_interface+0x315/0x7f0 [ 44.424007][ T21] really_probe+0x291/0xde0 [ 44.432707][ T71] usb 6-1: New USB device found, idVendor=0db0, idProduct=6823, bcdDevice=d4.3a [ 44.437305][ T21] driver_probe_device+0x26b/0x3d0 [ 44.437320][ T21] __device_attach_driver+0x1d1/0x290 [ 44.441780][ T71] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.446376][ T21] bus_for_each_drv+0x15f/0x1e0 [ 44.446391][ T21] __device_attach+0x228/0x4a0 [ 44.468838][ T3014] mxuport: probe of 3-1:167.0 failed with error -5 [ 44.469441][ T21] bus_probe_device+0x1e4/0x290 [ 44.482058][ T3014] usb 3-1: USB disconnect, device number 4 [ 44.487834][ T21] device_add+0xb51/0x1c70 [ 44.487849][ T21] usb_set_configuration+0xf05/0x18a0 [ 44.487863][ T21] usb_generic_driver_probe+0xba/0xf2 [ 44.487876][ T21] usb_probe_device+0xd9/0x250 [ 44.487886][ T21] really_probe+0x291/0xde0 [ 44.487902][ T21] driver_probe_device+0x26b/0x3d0 [ 44.493158][ T71] usb 6-1: config 0 descriptor?? [ 44.497474][ T21] __device_attach_driver+0x1d1/0x290 [ 44.497490][ T21] bus_for_each_drv+0x15f/0x1e0 [ 44.497502][ T21] __device_attach+0x228/0x4a0 [ 44.497517][ T21] bus_probe_device+0x1e4/0x290 [ 44.497528][ T21] device_add+0xb51/0x1c70 [ 44.497547][ T21] usb_new_device.cold+0x71d/0xfd4 [ 44.531108][ T5] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 44.534592][ T21] hub_event+0x2361/0x4390 [ 44.534606][ T21] process_one_work+0x94c/0x15f0 [ 44.534616][ T21] worker_thread+0x64c/0x1120 [ 44.534634][ T21] kthread+0x392/0x470 [ 44.539122][ T5] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 44.544198][ T21] ret_from_fork+0x1f/0x30 [ 44.544203][ T21] [ 44.544209][ T21] Freed by task 21: [ 44.544225][ T21] kasan_save_stack+0x1b/0x40 [ 44.544238][ T21] kasan_set_track+0x1c/0x30 [ 44.544249][ T21] kasan_set_free_info+0x1b/0x30 [ 44.544267][ T21] __kasan_slab_free+0xf3/0x130 [ 44.549196][ T5] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 44.554519][ T21] slab_free_freelist_hook+0x53/0x140 [ 44.554530][ T21] kfree+0xbe/0x470 [ 44.554544][ T21] mfd_remove_devices_fn+0xf9/0x140 [ 44.554559][ T21] device_for_each_child_reverse+0x110/0x180 [ 44.554570][ T21] mfd_remove_devices+0x75/0xa0 [ 44.554584][ T21] sensor_hub_remove+0x1d6/0x270 [ 44.554597][ T21] hid_device_remove+0xed/0x240 [ 44.554608][ T21] __device_release_driver+0x3c6/0x6f0 [ 44.554619][ T21] device_release_driver+0x26/0x40 [ 44.554638][ T21] bus_remove_device+0x2eb/0x5a0 [ 44.559461][ T5] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.564193][ T21] device_del+0x481/0xd90 [ 44.564207][ T21] hid_destroy_device+0xe1/0x150 [ 44.564219][ T21] usbhid_disconnect+0x9f/0xe0 [ 44.564232][ T21] usb_unbind_interface+0x1d8/0x8d0 [ 44.564248][ T21] __device_release_driver+0x3c6/0x6f0 [ 44.579004][ T71] usb 6-1: Direct firmware load for zd1201.fw failed with error -2 [ 44.589386][ T21] device_release_driver+0x26/0x40 [ 44.589400][ T21] bus_remove_device+0x2eb/0x5a0 [ 44.589412][ T21] device_del+0x481/0xd90 [ 44.589429][ T21] usb_disable_device+0x387/0x930 [ 44.604793][ T71] usb 6-1: Failed to load zd1201.fw firmware file! [ 44.607449][ T21] usb_disconnect.cold+0x27d/0x780 [ 44.607463][ T21] hub_event+0x1c93/0x4390 [ 44.607477][ T21] process_one_work+0x94c/0x15f0 [ 44.607489][ T21] worker_thread+0x64c/0x1120 [ 44.607501][ T21] kthread+0x392/0x470 [ 44.607518][ T21] ret_from_fork+0x1f/0x30 [ 44.620303][ T71] usb 6-1: Make sure the hotplug firmware loader is installed. [ 44.624625][ T21] [ 44.624637][ T21] The buggy address belongs to the object at ffff8881d9bd1500 [ 44.624637][ T21] which belongs to the cache kmalloc-192 of size 192 [ 44.624650][ T21] The buggy address is located 0 bytes inside of [ 44.624650][ T21] 192-byte region [ffff8881d9bd1500, ffff8881d9bd15c0) [ 44.624655][ T21] The buggy address belongs to the page: [ 44.624671][ T21] page:0000000013630a22 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1d9bd1 [ 44.624681][ T21] flags: 0x200000000000200(slab) 09:27:50 executing program 0: r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000500)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582ef1000000001020009050212"], 0x0) syz_usb_control_io$printer(r0, &(0x7f0000000140)={0x14, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4}}}, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000040)={0x2c, &(0x7f0000000300)={0x0, 0x0, 0x2, {0x2}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x8, &(0x7f0000000040)={[{0x1, 0x4e00, "9f"}]}) [ 44.624700][ T21] raw: 0200000000000200 ffffea00075978c0 0000000700000007 ffff8881da041500 [ 44.627006][ T71] usb 6-1: Goto http://linux-lc100020.sourceforge.net for more info. [ 44.630794][ T21] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 44.630801][ T21] page dumped because: kasan: bad access detected [ 44.630811][ T21] [ 44.635465][ T71] usb 6-1: zd1201 firmware upload failed: -2 [ 44.640018][ T21] Memory state around the buggy address: [ 44.640031][ T21] ffff8881d9bd1400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.660226][ T5] usb 4-1: config 0 descriptor?? [ 44.664141][ T21] ffff8881d9bd1480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 44.664153][ T21] >ffff8881d9bd1500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.664160][ T21] ^ [ 44.664172][ T21] ffff8881d9bd1580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 44.664183][ T21] ffff8881d9bd1600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 44.664189][ T21] ================================================================== [ 44.664194][ T21] Disabling lock debugging due to kernel taint [ 44.664348][ T21] Kernel panic - not syncing: panic_on_warn set ... [ 44.672174][ T71] zd1201: probe of 6-1:0.0 failed with error -2 [ 44.673213][ T21] CPU: 1 PID: 21 Comm: kworker/1:1 Tainted: G B 5.9.0-rc1-syzkaller #0 [ 44.673226][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.808526][ T3014] usb 6-1: USB disconnect, device number 5 [ 44.810347][ T21] Workqueue: usb_hub_wq hub_event [ 44.810354][ T21] Call Trace: 09:27:50 executing program 4: r0 = syz_open_dev$hidraw(&(0x7f0000000100)='/dev/hidraw#\x00', 0x0, 0x641) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105804135000000000000109022400010000000009040000490300000009210000000122dc0109058103", @ANYRESDEC=r0], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_open_dev$hidraw(&(0x7f0000000100)='/dev/hidraw#\x00', 0x0, 0x641) r2 = syz_open_dev$hidraw(&(0x7f0000000100)='/dev/hidraw#\x00', 0x0, 0x641) write$hidraw(r2, &(0x7f0000000000)='4', 0x20000001) r3 = syz_open_dev$hidraw(&(0x7f0000000100)='/dev/hidraw#\x00', 0xfffffffffffffffe, 0x641) write$hidraw(r3, &(0x7f0000000000)='4', 0x20000001) r4 = syz_open_dev$hidraw(&(0x7f0000000100)='/dev/hidraw#\x00', 0x0, 0x641) write$hidraw(r4, &(0x7f0000000000)='4', 0x20000001) r5 = syz_open_dev$hidraw(&(0x7f0000000100)='/dev/hidraw#\x00', 0x0, 0x641) write$hidraw(r5, &(0x7f0000000000)='4', 0x20000001) ioctl$EVIOCGABS0(0xffffffffffffffff, 0x80184540, &(0x7f0000000300)=""/250) [ 44.810368][ T21] dump_stack+0xf6/0x16e [ 44.810386][ T21] panic+0x2aa/0x6e1 [ 45.024142][ T21] ? __warn_printk+0xf3/0xf3 [ 45.028730][ T21] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 45.034880][ T21] ? kfree+0xbe/0x470 [ 45.038855][ T21] ? trace_hardirqs_on+0x55/0x200 [ 45.043870][ T21] ? kfree+0xbe/0x470 [ 45.047854][ T21] end_report+0x4d/0x53 [ 45.052013][ T21] kasan_report_invalid_free+0x6d/0x80 [ 45.057467][ T21] ? kfree+0xbe/0x470 [ 45.061449][ T21] __kasan_slab_free+0x122/0x130 [ 45.066385][ T21] slab_free_freelist_hook+0x53/0x140 [ 45.071751][ T21] ? platform_device_release+0x64/0xf0 [ 45.077202][ T21] ? platform_device_release+0x64/0xf0 [ 45.082647][ T21] kfree+0xbe/0x470 [ 45.086432][ T21] platform_device_release+0x64/0xf0 [ 45.091692][ T21] ? platform_device_put+0x40/0x40 [ 45.096784][ T21] device_release+0x71/0x200 [ 45.101364][ T21] kobject_put+0x1c8/0x540 [ 45.105780][ T21] ? __device_link_free_srcu+0x120/0x120 [ 45.111398][ T21] klist_children_put+0x41/0x50 [ 45.116222][ T21] klist_prev+0x2a2/0x510 [ 45.120531][ T21] ? mfd_cell_disable+0xc0/0xc0 [ 45.125363][ T21] device_for_each_child_reverse+0xc0/0x180 [ 45.131226][ T21] ? device_find_child_by_name+0x1e0/0x1e0 [ 45.137005][ T21] ? mark_lock+0xbc/0x1590 [ 45.141395][ T21] mfd_remove_devices+0x75/0xa0 [ 45.146225][ T21] ? mfd_remove_devices_late+0xa0/0xa0 [ 45.151655][ T21] ? trace_hardirqs_on+0x5f/0x200 [ 45.156651][ T21] sensor_hub_remove+0x1d6/0x270 [ 45.161564][ T21] hid_device_remove+0xed/0x240 [ 45.166389][ T21] ? sensor_hub_raw_event+0xe00/0xe00 [ 45.171898][ T21] ? hid_register_report+0x3b0/0x3b0 [ 45.177156][ T21] __device_release_driver+0x3c6/0x6f0 [ 45.182709][ T21] device_release_driver+0x26/0x40 [ 45.187802][ T21] bus_remove_device+0x2eb/0x5a0 [ 45.192724][ T21] device_del+0x481/0xd90 [ 45.197127][ T21] ? device_link_add_missing_supplier_links+0x370/0x370 [ 45.204036][ T21] ? mark_held_locks+0x9f/0xe0 [ 45.208774][ T21] ? _raw_spin_unlock_irq+0x1f/0x30 [ 45.210768][ T71] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 45.213951][ T21] hid_destroy_device+0xe1/0x150 [ 45.213963][ T21] usbhid_disconnect+0x9f/0xe0 [ 45.213982][ T21] usb_unbind_interface+0x1d8/0x8d0 [ 45.236259][ T21] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 45.241852][ T21] ? usb_unbind_device+0x1a0/0x1a0 [ 45.246938][ T21] __device_release_driver+0x3c6/0x6f0 [ 45.252370][ T21] device_release_driver+0x26/0x40 [ 45.257455][ T21] bus_remove_device+0x2eb/0x5a0 [ 45.262367][ T21] device_del+0x481/0xd90 [ 45.266672][ T21] ? device_link_add_missing_supplier_links+0x370/0x370 [ 45.271669][ T5] microsoft 0003:045E:07DA.0004: ignoring exceeding usage max [ 45.273592][ T21] ? kobject_put+0x1f3/0x540 [ 45.285592][ T21] usb_disable_device+0x387/0x930 [ 45.288546][ T5] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 45.290608][ T21] usb_disconnect.cold+0x27d/0x780 [ 45.290622][ T21] hub_event+0x1c93/0x4390 [ 45.290639][ T21] ? hub_port_debounce+0x3b0/0x3b0 [ 45.312468][ T21] ? init_pwq+0x210/0x350 [ 45.316791][ T21] ? lock_release+0x7f0/0x7f0 [ 45.321458][ T21] ? lock_downgrade+0x740/0x740 [ 45.326303][ T21] ? do_raw_spin_lock+0x120/0x260 [ 45.331328][ T21] ? _raw_spin_unlock_irq+0x1f/0x30 [ 45.336530][ T21] ? lockdep_hardirqs_on_prepare+0x322/0x4f0 [ 45.342598][ T21] process_one_work+0x94c/0x15f0 [ 45.347230][ T5] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0004/input/input10 [ 45.347531][ T21] ? lock_release+0x7f0/0x7f0 [ 45.363537][ T21] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 45.368906][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 45.373842][ T21] worker_thread+0x64c/0x1120 [ 45.377362][ T5] microsoft 0003:045E:07DA.0004: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 45.378516][ T21] ? __kthread_parkme+0x118/0x1d0 [ 45.378528][ T21] ? process_one_work+0x15f0/0x15f0 [ 45.378538][ T21] kthread+0x392/0x470 [ 45.378558][ T21] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 45.410519][ T21] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 45.416410][ T21] ret_from_fork+0x1f/0x30 [ 45.421385][ T21] Kernel Offset: disabled [ 45.425826][ T21] Rebooting in 86400 seconds..