[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 27.594549][ T4381] bash (4381) used greatest stack depth: 22336 bytes left Warning: Permanently added '10.128.0.247' (ECDSA) to the list of known hosts. executing program [ 34.375971][ T24] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 34.615843][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 34.735898][ T24] usb 1-1: config 0 has an invalid interface number: 138 but max is 1 [ 34.744161][ T24] usb 1-1: config 0 has no interface number 1 [ 34.750455][ T24] usb 1-1: config 0 interface 138 altsetting 9 has an invalid endpoint with address 0x0, skipping [ 34.761111][ T24] usb 1-1: config 0 interface 138 has no altsetting 0 [ 34.925912][ T24] usb 1-1: New USB device found, idVendor=11ba, idProduct=1003, bcdDevice=3b.05 [ 34.934944][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 34.942958][ T24] usb 1-1: Product: syz [ 34.947167][ T24] usb 1-1: Manufacturer: syz [ 34.951754][ T24] usb 1-1: SerialNumber: syz [ 34.965864][ T24] usb 1-1: config 0 descriptor?? [ 35.008847][ T24] pvrusb2: Hardware description: OnAir Creator Hybrid USB tuner [ 35.017228][ T24] usb 1-1: selecting invalid altsetting 0 [ 35.030204][ T24] pvrusb2: Hardware description: OnAir Creator Hybrid USB tuner [ 35.252743][ T4412] modprobe (4412) used greatest stack depth: 22240 bytes left [ 35.254030][ T2391] pvrusb2: Invalid read control endpoint [ 35.269325][ T2391] ------------[ cut here ]------------ [ 35.274793][ T2391] URB 00000000b3505d0d submitted while active [ 35.281465][ T2391] WARNING: CPU: 0 PID: 2391 at drivers/usb/core/urb.c:378 usb_submit_urb+0x14e2/0x18a0 [ 35.291374][ T2391] Modules linked in: [ 35.295266][ T2391] CPU: 0 PID: 2391 Comm: pvrusb2-context Not tainted 5.14.0-syzkaller #0 [ 35.303705][ T2391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.313805][ T2391] RIP: 0010:usb_submit_urb+0x14e2/0x18a0 [ 35.319541][ T2391] Code: 89 de e8 31 c0 ab fd 84 db 0f 85 a9 f3 ff ff e8 f4 b8 ab fd 4c 89 fe 48 c7 c7 20 26 84 86 c6 05 d8 3c ef 04 01 e8 11 8c 00 02 <0f> 0b e9 87 f3 ff ff 41 be ed ff ff ff e9 7c f3 ff ff e8 c7 b8 ab [ 35.339201][ T2391] RSP: 0018:ffffc90006996f78 EFLAGS: 00010282 [ 35.345273][ T2391] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 35.353273][ T2391] RDX: ffff88810fc89b40 RSI: ffffffff812aca53 RDI: fffff52000d32de1 [ 35.361327][ T2391] RBP: 00000000c0008200 R08: 0000000000000001 R09: 0000000000000000 [ 35.369338][ T2391] R10: ffffffff814c6d1b R11: 0000000000000000 R12: ffff888119e0a000 [ 35.377363][ T2391] R13: 0000000000000005 R14: 00000000fffffff0 R15: ffff888110825600 [ 35.385335][ T2391] FS: 0000000000000000(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 [ 35.394291][ T2391] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 executing program [ 35.401059][ T2391] CR2: 000055e769882928 CR3: 0000000100fbe000 CR4: 00000000001506f0 [ 35.409135][ T2391] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 35.417152][ T2391] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 35.425133][ T2391] Call Trace: [ 35.428474][ T2391] ? lockdep_init_map_type+0x2c3/0x790 [ 35.433953][ T2391] ? init_timer_on_stack_key+0xd8/0x110 [ 35.437519][ T24] usb 1-1: USB disconnect, device number 2 [ 35.439549][ T2391] pvr2_send_request_ex+0x7c2/0x20e0 [ 35.450646][ T2391] ? pvr2_hdw_render_useless.part.0+0x280/0x280 [ 35.456952][ T2391] ? pvr2_ctl_write_complete+0xe0/0xe0 [ 35.462431][ T2391] ? stack_depot_save+0x239/0x4e0 [ 35.467540][ T2391] pvr2_send_request+0x35/0x40 [ 35.472321][ T2391] pvr2_i2c_basic_op+0x4af/0x900 [ 35.477318][ T2391] pvr2_i2c_xfer+0x375/0xb90 [ 35.481924][ T2391] ? pvr2_i2c_xfer+0xb90/0xb90 [ 35.486754][ T2391] ? mark_lock+0xf61/0x17b0 [ 35.491262][ T2391] __i2c_transfer+0x52b/0x16e0 [ 35.496084][ T2391] i2c_smbus_xfer_emulated+0x1b5/0xfe0 [ 35.501553][ T2391] ? rt_mutex_slowlock_block.constprop.0+0x2b0/0x570 [ 35.508267][ T2391] ? i2c_smbus_msg_pec.isra.0+0x140/0x140 [ 35.513996][ T2391] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 35.520082][ T2391] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 35.525943][ T2391] ? trace_hardirqs_on+0x5b/0x1a0 [ 35.531021][ T2391] ? rt_mutex_slowlock.constprop.0+0x1f9/0x3a0 [ 35.537212][ T2391] ? task_blocks_on_rt_mutex.constprop.0.isra.0+0xf90/0xf90 [ 35.544507][ T2391] __i2c_smbus_xfer+0x4b9/0xfb0 [ 35.549402][ T2391] i2c_smbus_xfer+0x100/0x380 [ 35.554092][ T2391] i2c_smbus_read_byte_data+0x107/0x1b0 [ 35.559721][ T2391] ? i2c_smbus_write_byte+0xe0/0xe0 [ 35.564929][ T2391] ? lock_acquire+0x19d/0x4d0 [ 35.569638][ T2391] ? find_held_lock+0x2d/0x110 [ 35.574407][ T2391] saa711x_probe+0x1e8/0x940 [ 35.579031][ T2391] ? saa711x_s_std+0x60/0x60 [ 35.583638][ T2391] ? rcu_read_lock_sched_held+0x3a/0x70 [ 35.589220][ T2391] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 35.595209][ T2391] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 35.601050][ T2391] ? trace_hardirqs_on+0x5b/0x1a0 [ 35.606135][ T2391] i2c_device_probe+0xacc/0xc90 [ 35.610987][ T2391] ? saa711x_s_std+0x60/0x60 [ 35.615606][ T2391] ? __unregister_client+0xa0/0xa0 [ 35.620773][ T2391] really_probe+0x245/0xcc0 [ 35.625307][ T2391] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 35.631583][ T2391] __driver_probe_device+0x338/0x4d0 [ 35.636926][ T2391] driver_probe_device+0x4c/0x1a0 [ 35.641961][ T2391] __device_attach_driver+0x20b/0x2f0 [ 35.647364][ T2391] ? driver_allows_async_probing+0x150/0x150 [ 35.653356][ T2391] bus_for_each_drv+0x15f/0x1e0 [ 35.658241][ T2391] ? bus_for_each_dev+0x1d0/0x1d0 [ 35.663272][ T2391] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 35.669293][ T2391] ? trace_hardirqs_on+0x5b/0x1a0 [ 35.674321][ T2391] __device_attach+0x228/0x4a0 [ 35.679118][ T2391] ? device_driver_attach+0x210/0x210 [ 35.684545][ T2391] ? kobject_uevent_env+0x2bb/0x1650 [ 35.689864][ T2391] bus_probe_device+0x1e4/0x290 [ 35.694721][ T2391] device_add+0xc35/0x21b0 [ 35.699169][ T2391] ? lockdep_init_map_type+0x2c3/0x790 [ 35.704632][ T2391] ? lockdep_init_map_type+0x2c3/0x790 [ 35.710133][ T2391] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 35.716428][ T2391] ? __raw_spin_lock_init+0x36/0x110 [ 35.721715][ T2391] i2c_new_client_device+0x613/0xaf0 [ 35.727052][ T2391] v4l2_i2c_new_subdev_board+0xaf/0x2c0 [ 35.732608][ T2391] v4l2_i2c_new_subdev+0x102/0x170 [ 35.737753][ T2391] ? v4l2_i2c_new_subdev_board+0x2c0/0x2c0 [ 35.743567][ T2391] ? find_held_lock+0x2d/0x110 [ 35.748796][ T2391] pvr2_hdw_initialize+0xc97/0x37d0 [ 35.754006][ T2391] ? pvr2_hdw_gpio_chg_dir+0x1e0/0x1e0 [ 35.759516][ T2391] ? __mutex_unlock_slowpath+0x157/0x5e0 [ 35.765153][ T2391] ? wait_for_completion_io+0x280/0x280 [ 35.770728][ T2391] ? lock_downgrade+0x6e0/0x6e0 [ 35.775634][ T2391] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 35.781623][ T2391] pvr2_context_thread_func+0x250/0x850 [ 35.787211][ T2391] ? pvr2_context_destroy+0x230/0x230 [ 35.792590][ T2391] ? finish_wait+0x270/0x270 [ 35.797226][ T2391] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 35.803475][ T2391] ? __kthread_parkme+0x126/0x1f0 [ 35.808600][ T2391] ? pvr2_context_destroy+0x230/0x230 [ 35.814000][ T2391] kthread+0x3c2/0x4a0 [ 35.818101][ T2391] ? _raw_spin_unlock_irq+0x1f/0x30 [ 35.823307][ T2391] ? set_kthread_struct+0x130/0x130 [ 35.828537][ T2391] ret_from_fork+0x1f/0x30 [ 35.832969][ T2391] Kernel panic - not syncing: panic_on_warn set ... [ 35.839532][ T2391] CPU: 0 PID: 2391 Comm: pvrusb2-context Not tainted 5.14.0-syzkaller #0 [ 35.847932][ T2391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.858315][ T2391] Call Trace: [ 35.861579][ T2391] dump_stack_lvl+0xcd/0x134 [ 35.866154][ T2391] panic+0x306/0x73d [ 35.870033][ T2391] ? __warn_printk+0xf3/0xf3 [ 35.874603][ T2391] ? __warn.cold+0x1a/0x44 [ 35.879002][ T2391] ? usb_submit_urb+0x14e2/0x18a0 [ 35.884016][ T2391] __warn.cold+0x35/0x44 [ 35.888271][ T2391] ? usb_submit_urb+0x14e2/0x18a0 [ 35.893285][ T2391] report_bug+0x1bd/0x210 [ 35.897598][ T2391] handle_bug+0x3c/0x60 [ 35.901742][ T2391] exc_invalid_op+0x14/0x40 [ 35.906229][ T2391] asm_exc_invalid_op+0x12/0x20 [ 35.911066][ T2391] RIP: 0010:usb_submit_urb+0x14e2/0x18a0 [ 35.916708][ T2391] Code: 89 de e8 31 c0 ab fd 84 db 0f 85 a9 f3 ff ff e8 f4 b8 ab fd 4c 89 fe 48 c7 c7 20 26 84 86 c6 05 d8 3c ef 04 01 e8 11 8c 00 02 <0f> 0b e9 87 f3 ff ff 41 be ed ff ff ff e9 7c f3 ff ff e8 c7 b8 ab [ 35.936304][ T2391] RSP: 0018:ffffc90006996f78 EFLAGS: 00010282 [ 35.942370][ T2391] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 35.950322][ T2391] RDX: ffff88810fc89b40 RSI: ffffffff812aca53 RDI: fffff52000d32de1 [ 35.958277][ T2391] RBP: 00000000c0008200 R08: 0000000000000001 R09: 0000000000000000 [ 35.966240][ T2391] R10: ffffffff814c6d1b R11: 0000000000000000 R12: ffff888119e0a000 [ 35.974195][ T2391] R13: 0000000000000005 R14: 00000000fffffff0 R15: ffff888110825600 [ 35.982153][ T2391] ? __irq_work_queue_local+0xbb/0xf0 [ 35.987512][ T2391] ? vprintk+0x93/0x1c0 [ 35.991655][ T2391] ? usb_submit_urb+0x14e2/0x18a0 [ 35.996667][ T2391] ? lockdep_init_map_type+0x2c3/0x790 [ 36.002126][ T2391] ? init_timer_on_stack_key+0xd8/0x110 [ 36.007679][ T2391] pvr2_send_request_ex+0x7c2/0x20e0 [ 36.012950][ T2391] ? pvr2_hdw_render_useless.part.0+0x280/0x280 [ 36.019176][ T2391] ? pvr2_ctl_write_complete+0xe0/0xe0 [ 36.024621][ T2391] ? stack_depot_save+0x239/0x4e0 [ 36.029640][ T2391] pvr2_send_request+0x35/0x40 [ 36.034389][ T2391] pvr2_i2c_basic_op+0x4af/0x900 [ 36.039311][ T2391] pvr2_i2c_xfer+0x375/0xb90 [ 36.043883][ T2391] ? pvr2_i2c_xfer+0xb90/0xb90 [ 36.048628][ T2391] ? mark_lock+0xf61/0x17b0 [ 36.053113][ T2391] __i2c_transfer+0x52b/0x16e0 [ 36.057864][ T2391] i2c_smbus_xfer_emulated+0x1b5/0xfe0 [ 36.063307][ T2391] ? rt_mutex_slowlock_block.constprop.0+0x2b0/0x570 [ 36.069985][ T2391] ? i2c_smbus_msg_pec.isra.0+0x140/0x140 [ 36.075690][ T2391] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 36.081740][ T2391] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 36.087532][ T2391] ? trace_hardirqs_on+0x5b/0x1a0 [ 36.092540][ T2391] ? rt_mutex_slowlock.constprop.0+0x1f9/0x3a0 [ 36.098687][ T2391] ? task_blocks_on_rt_mutex.constprop.0.isra.0+0xf90/0xf90 [ 36.105970][ T2391] __i2c_smbus_xfer+0x4b9/0xfb0 [ 36.110814][ T2391] i2c_smbus_xfer+0x100/0x380 [ 36.115474][ T2391] i2c_smbus_read_byte_data+0x107/0x1b0 [ 36.121008][ T2391] ? i2c_smbus_write_byte+0xe0/0xe0 [ 36.126197][ T2391] ? lock_acquire+0x19d/0x4d0 [ 36.130868][ T2391] ? find_held_lock+0x2d/0x110 [ 36.135615][ T2391] saa711x_probe+0x1e8/0x940 [ 36.140192][ T2391] ? saa711x_s_std+0x60/0x60 [ 36.144772][ T2391] ? rcu_read_lock_sched_held+0x3a/0x70 [ 36.150328][ T2391] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 36.156292][ T2391] ? _raw_spin_unlock_irqrestore+0x42/0x50 [ 36.162083][ T2391] ? trace_hardirqs_on+0x5b/0x1a0 [ 36.167091][ T2391] i2c_device_probe+0xacc/0xc90 [ 36.171929][ T2391] ? saa711x_s_std+0x60/0x60 [ 36.176506][ T2391] ? __unregister_client+0xa0/0xa0 [ 36.181601][ T2391] really_probe+0x245/0xcc0 [ 36.186092][ T2391] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 36.192322][ T2391] __driver_probe_device+0x338/0x4d0 [ 36.197592][ T2391] driver_probe_device+0x4c/0x1a0 [ 36.202617][ T2391] __device_attach_driver+0x20b/0x2f0 [ 36.207973][ T2391] ? driver_allows_async_probing+0x150/0x150 [ 36.213958][ T2391] bus_for_each_drv+0x15f/0x1e0 [ 36.218805][ T2391] ? bus_for_each_dev+0x1d0/0x1d0 [ 36.223814][ T2391] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 36.229799][ T2391] ? trace_hardirqs_on+0x5b/0x1a0 [ 36.234811][ T2391] __device_attach+0x228/0x4a0 [ 36.239573][ T2391] ? device_driver_attach+0x210/0x210 [ 36.244929][ T2391] ? kobject_uevent_env+0x2bb/0x1650 [ 36.250201][ T2391] bus_probe_device+0x1e4/0x290 [ 36.255036][ T2391] device_add+0xc35/0x21b0 [ 36.259437][ T2391] ? lockdep_init_map_type+0x2c3/0x790 [ 36.264879][ T2391] ? lockdep_init_map_type+0x2c3/0x790 [ 36.270337][ T2391] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 36.276563][ T2391] ? __raw_spin_lock_init+0x36/0x110 [ 36.281834][ T2391] i2c_new_client_device+0x613/0xaf0 [ 36.287119][ T2391] v4l2_i2c_new_subdev_board+0xaf/0x2c0 [ 36.292653][ T2391] v4l2_i2c_new_subdev+0x102/0x170 [ 36.297749][ T2391] ? v4l2_i2c_new_subdev_board+0x2c0/0x2c0 [ 36.303540][ T2391] ? find_held_lock+0x2d/0x110 [ 36.308290][ T2391] pvr2_hdw_initialize+0xc97/0x37d0 [ 36.313491][ T2391] ? pvr2_hdw_gpio_chg_dir+0x1e0/0x1e0 [ 36.318933][ T2391] ? __mutex_unlock_slowpath+0x157/0x5e0 [ 36.324553][ T2391] ? wait_for_completion_io+0x280/0x280 [ 36.330082][ T2391] ? lock_downgrade+0x6e0/0x6e0 [ 36.334914][ T2391] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 36.340877][ T2391] pvr2_context_thread_func+0x250/0x850 [ 36.346410][ T2391] ? pvr2_context_destroy+0x230/0x230 [ 36.351767][ T2391] ? finish_wait+0x270/0x270 [ 36.356342][ T2391] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 36.362653][ T2391] ? __kthread_parkme+0x126/0x1f0 [ 36.367665][ T2391] ? pvr2_context_destroy+0x230/0x230 [ 36.373024][ T2391] kthread+0x3c2/0x4a0 [ 36.377082][ T2391] ? _raw_spin_unlock_irq+0x1f/0x30 [ 36.382278][ T2391] ? set_kthread_struct+0x130/0x130 [ 36.387458][ T2391] ret_from_fork+0x1f/0x30 [ 36.393137][ T2391] Kernel Offset: disabled [ 36.397511][ T2391] Rebooting in 86400 seconds..