[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.108' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.790296][ T95] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 29.029444][ T95] usb 1-1: Using ep0 maxpacket: 16 [ 29.149383][ T95] usb 1-1: config 0 has an invalid interface number: 233 but max is 0 [ 29.157754][ T95] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 29.167899][ T95] usb 1-1: config 0 has no interface number 0 [ 29.174068][ T95] usb 1-1: New USB device found, idVendor=2040, idProduct=0265, bcdDevice=ec.17 [ 29.183256][ T95] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.192975][ T95] usb 1-1: config 0 descriptor?? executing program [ 29.479132][ T95] usb 1-1: string descriptor 0 read error: -71 [ 29.487979][ T95] em28xx 1-1:0.233: New device @ 480 Mbps (2040:0265, interface 233, class 233) [ 29.497329][ T95] em28xx 1-1:0.233: Audio interface 233 found (Vendor Class) [ 29.629546][ T95] em28xx 1-1:0.233: unknown em28xx chip ID (0) [ 29.649023][ T95] em28xx 1-1:0.233: Config register raw data: 0xfffffffb [ 29.668977][ T95] em28xx 1-1:0.233: AC97 chip type couldn't be determined [ 29.676104][ T95] em28xx 1-1:0.233: No AC97 audio processor [ 29.684678][ T95] em28xx 1-1:0.233: We currently don't support analog TV or stream capture on dual tuners. [ 29.818817][ T95] em28xx 1-1:0.233: unknown em28xx chip ID (0) [ 29.838824][ T95] em28xx 1-1:0.233: Config register raw data: 0xfffffffb [ 29.858819][ T95] em28xx 1-1:0.233: AC97 chip type couldn't be determined [ 29.865968][ T95] em28xx 1-1:0.233: No AC97 audio processor [ 30.111216][ T95] usb 1-1: USB disconnect, device number 2 [ 30.121026][ T95] em28xx 1-1:0.233: Disconnecting em28xx #1 [ 30.126929][ T95] em28xx 1-1:0.233: Disconnecting em28xx [ 30.135901][ T95] em28xx 1-1:0.233: Freeing device [ 30.141150][ T95] em28xx 1-1:0.233: Freeing device [ 30.498297][ T95] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 30.738054][ T95] usb 1-1: Using ep0 maxpacket: 16 [ 30.858060][ T95] usb 1-1: config 0 has an invalid interface number: 233 but max is 0 [ 30.866245][ T95] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 30.876369][ T95] usb 1-1: config 0 has no interface number 0 [ 30.882588][ T95] usb 1-1: New USB device found, idVendor=2040, idProduct=0265, bcdDevice=ec.17 [ 30.891676][ T95] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.902833][ T95] usb 1-1: config 0 descriptor?? executing program [ 31.178387][ T95] usb 1-1: string descriptor 0 read error: -71 [ 31.186622][ T95] em28xx 1-1:0.233: New device @ 480 Mbps (2040:0265, interface 233, class 233) [ 31.196021][ T95] em28xx 1-1:0.233: Audio interface 233 found (Vendor Class) [ 31.327672][ T95] em28xx 1-1:0.233: unknown em28xx chip ID (0) [ 31.347618][ T95] em28xx 1-1:0.233: Config register raw data: 0xfffffffb [ 31.367714][ T95] em28xx 1-1:0.233: AC97 chip type couldn't be determined [ 31.374885][ T95] em28xx 1-1:0.233: No AC97 audio processor [ 31.383278][ T95] list_add corruption. prev->next should be next (ffffffff87a79300), but was ffffffff82844bc9. (prev=ffff8881cd05c250). [ 31.396163][ T95] ------------[ cut here ]------------ [ 31.401633][ T95] kernel BUG at lib/list_debug.c:26! [ 31.406960][ T95] invalid opcode: 0000 [#1] SMP KASAN [ 31.412322][ T95] CPU: 0 PID: 95 Comm: kworker/0:2 Not tainted 5.7.0-rc6-syzkaller #0 [ 31.420441][ T95] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.430560][ T95] Workqueue: usb_hub_wq hub_event [ 31.435584][ T95] RIP: 0010:__list_add_valid.cold+0x3a/0x3c [ 31.441469][ T95] Code: 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 40 51 fc 85 e8 14 9c 3d ff 0f 0b 48 89 f1 48 c7 c7 c0 50 fc 85 4c 89 e6 e8 00 9c 3d ff <0f> 0b 48 89 ee 48 c7 c7 60 52 fc 85 e8 ef 9b 3d ff 0f 0b 4c 89 ea [ 31.461075][ T95] RSP: 0018:ffff8881d5a46ff0 EFLAGS: 00010282 [ 31.467115][ T95] RAX: 0000000000000075 RBX: ffff8881ccd6c130 RCX: 0000000000000000 [ 31.475075][ T95] RDX: 0000000000000000 RSI: ffffffff812a339d RDI: ffffed103ab48df0 [ 31.483039][ T95] RBP: ffff8881ccd6c250 R08: 0000000000000075 R09: ffffed103b64629a [ 31.490997][ T95] R10: ffff8881db2314cf R11: ffffed103b646299 R12: ffffffff87a79300 [ 31.498945][ T95] R13: ffff8881ccd6c000 R14: ffff8881ccd6c13c R15: ffff8881c58af000 [ 31.506906][ T95] FS: 0000000000000000(0000) GS:ffff8881db200000(0000) knlGS:0000000000000000 [ 31.515811][ T95] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.522368][ T95] CR2: 00007f6000d72000 CR3: 00000001d2263000 CR4: 00000000001406f0 [ 31.530576][ T95] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.538542][ T95] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.546484][ T95] Call Trace: [ 31.549755][ T95] em28xx_init_extension+0x44/0x1f0 [ 31.554949][ T95] em28xx_init_dev.isra.0+0xa80/0x15dd [ 31.560385][ T95] ? _dev_info+0xd7/0x109 [ 31.564702][ T95] ? em28xx_usb_disconnect.cold+0x284/0x284 [ 31.570583][ T95] ? lockdep_init_map_waits+0x26a/0x7c0 [ 31.576119][ T95] ? lockdep_init_map_waits+0x26a/0x7c0 [ 31.581651][ T95] em28xx_usb_probe.cold+0xcac/0x2520 [ 31.587008][ T95] usb_probe_interface+0x310/0x800 [ 31.592122][ T95] ? usb_probe_device+0x230/0x230 [ 31.597122][ T95] really_probe+0x290/0xac0 [ 31.601650][ T95] driver_probe_device+0x223/0x350 [ 31.606740][ T95] __device_attach_driver+0x1d1/0x290 [ 31.612121][ T95] ? driver_allows_async_probing+0x160/0x160 [ 31.618115][ T95] bus_for_each_drv+0x162/0x1e0 [ 31.622941][ T95] ? bus_rescan_devices+0x20/0x20 [ 31.628000][ T95] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 31.633794][ T95] ? lockdep_hardirqs_on+0x3c7/0x5d0 [ 31.639059][ T95] __device_attach+0x21a/0x390 [ 31.643796][ T95] ? device_bind_driver+0xd0/0xd0 [ 31.648794][ T95] bus_probe_device+0x1e4/0x290 [ 31.653617][ T95] device_add+0x1367/0x1c40 [ 31.658094][ T95] ? wait_for_completion+0x280/0x280 [ 31.663359][ T95] ? device_link_remove+0x110/0x110 [ 31.668582][ T95] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 31.674370][ T95] usb_set_configuration+0xed4/0x1850 [ 31.679744][ T95] usb_generic_driver_probe+0x9d/0xe0 [ 31.685106][ T95] usb_probe_device+0xd9/0x230 [ 31.689861][ T95] ? usb_suspend+0x600/0x600 [ 31.694425][ T95] really_probe+0x290/0xac0 [ 31.698915][ T95] driver_probe_device+0x223/0x350 [ 31.704002][ T95] __device_attach_driver+0x1d1/0x290 [ 31.709350][ T95] ? driver_allows_async_probing+0x160/0x160 [ 31.715327][ T95] bus_for_each_drv+0x162/0x1e0 [ 31.720163][ T95] ? bus_rescan_devices+0x20/0x20 [ 31.725163][ T95] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 31.730942][ T95] ? lockdep_hardirqs_on+0x3c7/0x5d0 [ 31.736219][ T95] __device_attach+0x21a/0x390 [ 31.740957][ T95] ? device_bind_driver+0xd0/0xd0 [ 31.745954][ T95] bus_probe_device+0x1e4/0x290 [ 31.750792][ T95] device_add+0x1367/0x1c40 [ 31.755268][ T95] ? device_link_remove+0x110/0x110 [ 31.760442][ T95] usb_new_device.cold+0x552/0xf6e [ 31.765544][ T95] ? hub_disconnect+0x4a0/0x4a0 [ 31.770370][ T95] ? mark_held_locks+0x9f/0xe0 [ 31.775108][ T95] ? _raw_spin_unlock_irq+0x1f/0x30 [ 31.780287][ T95] hub_event+0x226d/0x43c0 [ 31.784692][ T95] ? hub_port_debounce+0x350/0x350 [ 31.789799][ T95] ? __x64_sys_sysinfo+0x31/0x40 [ 31.794717][ T95] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 31.800510][ T95] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 31.805768][ T95] ? _raw_spin_unlock_irq+0x1f/0x30 [ 31.810953][ T95] process_one_work+0x965/0x1630 [ 31.815866][ T95] ? lock_release+0x720/0x720 [ 31.820519][ T95] ? pwq_dec_nr_in_flight+0x310/0x310 [ 31.825865][ T95] ? rwlock_bug.part.0+0x90/0x90 [ 31.830775][ T95] worker_thread+0x7ab/0xe20 [ 31.835363][ T95] ? process_one_work+0x1630/0x1630 [ 31.840536][ T95] kthread+0x326/0x430 [ 31.844591][ T95] ? kthread_create_on_node+0xf0/0xf0 [ 31.849956][ T95] ret_from_fork+0x24/0x30 [ 31.854345][ T95] Modules linked in: [ 31.858292][ T95] ---[ end trace 2cc8921f7392254b ]--- [ 31.863756][ T95] RIP: 0010:__list_add_valid.cold+0x3a/0x3c [ 31.869687][ T95] Code: 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 40 51 fc 85 e8 14 9c 3d ff 0f 0b 48 89 f1 48 c7 c7 c0 50 fc 85 4c 89 e6 e8 00 9c 3d ff <0f> 0b 48 89 ee 48 c7 c7 60 52 fc 85 e8 ef 9b 3d ff 0f 0b 4c 89 ea [ 31.889329][ T95] RSP: 0018:ffff8881d5a46ff0 EFLAGS: 00010282 [ 31.895396][ T95] RAX: 0000000000000075 RBX: ffff8881ccd6c130 RCX: 0000000000000000 [ 31.903381][ T95] RDX: 0000000000000000 RSI: ffffffff812a339d RDI: ffffed103ab48df0 [ 31.911433][ T95] RBP: ffff8881ccd6c250 R08: 0000000000000075 R09: ffffed103b64629a [ 31.919456][ T95] R10: ffff8881db2314cf R11: ffffed103b646299 R12: ffffffff87a79300 [ 31.928161][ T95] R13: ffff8881ccd6c000 R14: ffff8881ccd6c13c R15: ffff8881c58af000 [ 31.936127][ T95] FS: 0000000000000000(0000) GS:ffff8881db200000(0000) knlGS:0000000000000000 [ 31.945070][ T95] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.951677][ T95] CR2: 00007f6000d72000 CR3: 00000001d2263000 CR4: 00000000001406f0 [ 31.959940][ T95] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.967950][ T95] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.975924][ T95] Kernel panic - not syncing: Fatal exception [ 31.982658][ T95] Kernel Offset: disabled [ 31.986974][ T95] Rebooting in 86400 seconds..