INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.39' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 43.018528][ T94] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 43.228611][ T94] usb 1-1: config 0 has an invalid interface number: 200 but max is 0 [ 43.237081][ T94] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 43.247720][ T94] usb 1-1: config 0 has no interface number 0 [ 43.254037][ T94] usb 1-1: config 0 interface 200 altsetting 3 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 43.265279][ T94] usb 1-1: config 0 interface 200 altsetting 3 endpoint 0x83 has invalid wMaxPacketSize 0 [ 43.275344][ T94] usb 1-1: config 0 interface 200 has no altsetting 0 [ 43.282214][ T94] usb 1-1: New USB device found, idVendor=2040, idProduct=0265, bcdDevice=df.77 [ 43.291819][ T94] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 43.301459][ T94] usb 1-1: config 0 descriptor?? [ 43.350931][ T94] em28xx 1-1:0.200: New device @ 480 Mbps (2040:0265, interface 200, class 200) [ 43.360865][ T94] em28xx 1-1:0.200: Audio interface 200 found (Vendor Class) executing program [ 43.598619][ T94] em28xx 1-1:0.200: unknown em28xx chip ID (0) [ 43.618581][ T94] em28xx 1-1:0.200: Config register raw data: 0xfffffffb [ 43.638604][ T94] em28xx 1-1:0.200: AC97 chip type couldn't be determined [ 43.645752][ T94] em28xx 1-1:0.200: No AC97 audio processor [ 43.652061][ T94] em28xx 1-1:0.200: We currently don't support analog TV or stream capture on dual tuners. [ 43.788507][ T94] em28xx 1-1:0.200: unknown em28xx chip ID (0) [ 43.808537][ T94] em28xx 1-1:0.200: Config register raw data: 0xfffffffb [ 43.828535][ T94] em28xx 1-1:0.200: AC97 chip type couldn't be determined [ 43.835987][ T94] em28xx 1-1:0.200: No AC97 audio processor [ 44.082859][ T94] usb 1-1: USB disconnect, device number 2 [ 44.090381][ T94] em28xx 1-1:0.200: Disconnecting em28xx #1 [ 44.096411][ T94] em28xx 1-1:0.200: Disconnecting em28xx [ 44.104505][ T94] em28xx 1-1:0.200: Freeing device [ 44.110127][ T94] em28xx 1-1:0.200: Freeing device [ 44.468495][ T94] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 44.678573][ T94] usb 1-1: config 0 has an invalid interface number: 200 but max is 0 [ 44.687911][ T94] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 44.699338][ T94] usb 1-1: config 0 has no interface number 0 [ 44.705950][ T94] usb 1-1: config 0 interface 200 altsetting 3 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 44.720387][ T94] usb 1-1: config 0 interface 200 altsetting 3 endpoint 0x83 has invalid wMaxPacketSize 0 [ 44.732363][ T94] usb 1-1: config 0 interface 200 has no altsetting 0 [ 44.740115][ T94] usb 1-1: New USB device found, idVendor=2040, idProduct=0265, bcdDevice=df.77 [ 44.750113][ T94] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.759661][ T94] usb 1-1: config 0 descriptor?? [ 44.810364][ T94] em28xx 1-1:0.200: New device @ 480 Mbps (2040:0265, interface 200, class 200) [ 44.821908][ T94] em28xx 1-1:0.200: Audio interface 200 found (Vendor Class) executing program [ 45.068517][ T94] em28xx 1-1:0.200: unknown em28xx chip ID (0) [ 45.088544][ T94] em28xx 1-1:0.200: Config register raw data: 0xfffffffb [ 45.108524][ T94] em28xx 1-1:0.200: AC97 chip type couldn't be determined [ 45.116187][ T94] em28xx 1-1:0.200: No AC97 audio processor [ 45.122832][ T94] list_add corruption. prev->next should be next (ffffffff87a1a960), but was ffffffff85a00184. (prev=ffff8881cd5e0240). [ 45.137860][ T94] ------------[ cut here ]------------ [ 45.144479][ T94] kernel BUG at lib/list_debug.c:26! [ 45.150471][ T94] invalid opcode: 0000 [#1] SMP KASAN [ 45.157339][ T94] CPU: 1 PID: 94 Comm: kworker/1:2 Not tainted 5.5.0-rc6-syzkaller #0 [ 45.166816][ T94] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.178302][ T94] Workqueue: usb_hub_wq hub_event [ 45.183809][ T94] RIP: 0010:__list_add_valid.cold+0x3a/0x3c [ 45.190012][ T94] Code: 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 a0 fc fb 85 e8 04 17 40 ff 0f 0b 48 89 f1 48 c7 c7 20 fc fb 85 4c 89 e6 e8 f0 16 40 ff <0f> 0b 48 89 ee 48 c7 c7 c0 fd fb 85 e8 df 16 40 ff 0f 0b 4c 89 ea [ 45.210190][ T94] RSP: 0018:ffff8881d5d570c8 EFLAGS: 00010282 [ 45.216261][ T94] RAX: 0000000000000075 RBX: ffff8881cd764120 RCX: 0000000000000000 [ 45.224346][ T94] RDX: 0000000000000000 RSI: ffffffff8129598d RDI: ffffed103abaae0b [ 45.232602][ T94] RBP: ffff8881cd764240 R08: 0000000000000075 R09: ffffed103b666210 [ 45.240574][ T94] R10: ffffed103b66620f R11: ffff8881db33107f R12: ffffffff87a1a960 [ 45.248922][ T94] R13: ffff8881cd764000 R14: ffff8881cd76412c R15: ffff8881cd5a2000 [ 45.257158][ T94] FS: 0000000000000000(0000) GS:ffff8881db300000(0000) knlGS:0000000000000000 [ 45.266927][ T94] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 45.273845][ T94] CR2: 00007f7f37b26000 CR3: 00000001c5fe1000 CR4: 00000000001406e0 [ 45.282000][ T94] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 45.290291][ T94] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 45.298693][ T94] Call Trace: [ 45.302166][ T94] em28xx_init_extension+0x44/0x1f0 [ 45.307381][ T94] em28xx_init_dev.isra.0+0xa7b/0x15d8 [ 45.313005][ T94] ? _dev_info+0xd7/0x109 [ 45.317454][ T94] ? em28xx_usb_disconnect.cold+0x284/0x284 [ 45.323778][ T94] ? lockdep_init_map+0x1b0/0x5e0 [ 45.328795][ T94] ? lockdep_init_map+0x1b0/0x5e0 [ 45.333958][ T94] em28xx_usb_probe.cold+0xcac/0x2515 [ 45.339326][ T94] usb_probe_interface+0x310/0x800 [ 45.344627][ T94] ? usb_probe_device+0x140/0x140 [ 45.350104][ T94] really_probe+0x290/0xad0 [ 45.354808][ T94] driver_probe_device+0x223/0x350 [ 45.360304][ T94] __device_attach_driver+0x1d1/0x290 [ 45.365692][ T94] ? driver_allows_async_probing+0x160/0x160 [ 45.371676][ T94] bus_for_each_drv+0x162/0x1e0 [ 45.376697][ T94] ? bus_rescan_devices+0x20/0x20 [ 45.381722][ T94] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 45.387654][ T94] ? lockdep_hardirqs_on+0x382/0x580 [ 45.392937][ T94] __device_attach+0x217/0x390 [ 45.397861][ T94] ? device_bind_driver+0xd0/0xd0 [ 45.403033][ T94] bus_probe_device+0x1e4/0x290 [ 45.407886][ T94] device_add+0x1459/0x1bf0 [ 45.412531][ T94] ? wait_for_completion+0x3c0/0x3c0 [ 45.417826][ T94] ? device_link_remove+0x110/0x110 [ 45.423180][ T94] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 45.428992][ T94] usb_set_configuration+0xe47/0x17d0 [ 45.434602][ T94] generic_probe+0x9d/0xd5 [ 45.439039][ T94] usb_probe_device+0xaf/0x140 [ 45.443966][ T94] ? usb_suspend+0x5f0/0x5f0 [ 45.448699][ T94] really_probe+0x290/0xad0 [ 45.453518][ T94] driver_probe_device+0x223/0x350 [ 45.458816][ T94] __device_attach_driver+0x1d1/0x290 [ 45.464355][ T94] ? driver_allows_async_probing+0x160/0x160 [ 45.470481][ T94] bus_for_each_drv+0x162/0x1e0 [ 45.475751][ T94] ? bus_rescan_devices+0x20/0x20 [ 45.480899][ T94] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 45.486828][ T94] ? lockdep_hardirqs_on+0x382/0x580 [ 45.492458][ T94] __device_attach+0x217/0x390 [ 45.497345][ T94] ? device_bind_driver+0xd0/0xd0 [ 45.502526][ T94] bus_probe_device+0x1e4/0x290 [ 45.507551][ T94] device_add+0x1459/0x1bf0 [ 45.512319][ T94] ? device_link_remove+0x110/0x110 [ 45.517634][ T94] usb_new_device.cold+0x540/0xcd0 [ 45.522912][ T94] hub_event+0x21cb/0x4300 [ 45.527413][ T94] ? hub_port_debounce+0x350/0x350 [ 45.532529][ T94] ? find_held_lock+0x2d/0x110 [ 45.537297][ T94] ? mark_held_locks+0xe0/0xe0 [ 45.542310][ T94] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 45.548003][ T94] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 45.553437][ T94] process_one_work+0x945/0x15c0 [ 45.558383][ T94] ? pwq_dec_nr_in_flight+0x310/0x310 [ 45.563948][ T94] ? do_raw_spin_lock+0x129/0x290 [ 45.569188][ T94] worker_thread+0x7ab/0xe20 [ 45.573779][ T94] ? process_one_work+0x15c0/0x15c0 [ 45.579172][ T94] kthread+0x318/0x420 [ 45.583246][ T94] ? kthread_create_on_node+0xf0/0xf0 [ 45.588843][ T94] ret_from_fork+0x24/0x30 [ 45.593401][ T94] Modules linked in: [ 45.597504][ T94] ---[ end trace 8bae0db31a929c42 ]--- [ 45.603137][ T94] RIP: 0010:__list_add_valid.cold+0x3a/0x3c [ 45.609368][ T94] Code: 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 a0 fc fb 85 e8 04 17 40 ff 0f 0b 48 89 f1 48 c7 c7 20 fc fb 85 4c 89 e6 e8 f0 16 40 ff <0f> 0b 48 89 ee 48 c7 c7 c0 fd fb 85 e8 df 16 40 ff 0f 0b 4c 89 ea [ 45.629444][ T94] RSP: 0018:ffff8881d5d570c8 EFLAGS: 00010282 [ 45.635504][ T94] RAX: 0000000000000075 RBX: ffff8881cd764120 RCX: 0000000000000000 [ 45.643700][ T94] RDX: 0000000000000000 RSI: ffffffff8129598d RDI: ffffed103abaae0b [ 45.651712][ T94] RBP: ffff8881cd764240 R08: 0000000000000075 R09: ffffed103b666210 [ 45.659983][ T94] R10: ffffed103b66620f R11: ffff8881db33107f R12: ffffffff87a1a960 [ 45.667977][ T94] R13: ffff8881cd764000 R14: ffff8881cd76412c R15: ffff8881cd5a2000 [ 45.676282][ T94] FS: 0000000000000000(0000) GS:ffff8881db300000(0000) knlGS:0000000000000000 [ 45.685437][ T94] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 45.692204][ T94] CR2: 00007f7f37b26000 CR3: 00000001c5fe1000 CR4: 00000000001406e0 [ 45.701392][ T94] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 45.709529][ T94] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 45.717951][ T94] Kernel panic - not syncing: Fatal exception [ 45.725099][ T94] Kernel Offset: disabled [ 45.729716][ T94] Rebooting in 86400 seconds..