Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 57.742315][ T3166] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 58.012445][ T3166] usb 1-1: Using ep0 maxpacket: 32 [ 58.132315][ T3166] usb 1-1: config 8 has an invalid interface number: 40 but max is 2 [ 58.140733][ T3166] usb 1-1: config 8 has an invalid interface number: 150 but max is 2 [ 58.152074][ T3166] usb 1-1: config 8 contains an unexpected descriptor of type 0x2, skipping [ 58.161771][ T3166] usb 1-1: config 8 has an invalid interface number: 21 but max is 2 [ 58.170349][ T3166] usb 1-1: config 8 contains an unexpected descriptor of type 0x2, skipping [ 58.179605][ T3166] usb 1-1: config 8 has no interface number 0 [ 58.186219][ T3166] usb 1-1: config 8 has no interface number 1 [ 58.192970][ T3166] usb 1-1: config 8 has no interface number 2 [ 58.199142][ T3166] usb 1-1: config 8 interface 40 altsetting 0 endpoint 0x8D has invalid maxpacket 512, setting to 64 [ 58.211042][ T3166] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0xD, skipping [ 58.223385][ T3166] usb 1-1: config 8 interface 150 altsetting 5 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 58.236136][ T3166] usb 1-1: config 8 interface 150 altsetting 5 endpoint 0x5 has invalid maxpacket 1023, setting to 64 [ 58.248422][ T3166] usb 1-1: config 8 interface 150 altsetting 5 bulk endpoint 0xB has invalid maxpacket 1024 [ 58.259303][ T3166] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0xB, skipping [ 58.270753][ T3166] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0x6, skipping [ 58.282026][ T3166] usb 1-1: config 8 interface 150 altsetting 5 endpoint 0x7 has an invalid bInterval 128, changing to 7 [ 58.293753][ T3166] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0x8, skipping [ 58.305074][ T3166] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0x7, skipping [ 58.316343][ T3166] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0x5, skipping [ 58.327831][ T3166] usb 1-1: config 8 interface 150 altsetting 5 has an invalid endpoint with address 0x80, skipping [ 58.339127][ T3166] usb 1-1: config 8 interface 150 altsetting 5 has a duplicate endpoint with address 0xC, skipping [ 58.350581][ T3166] usb 1-1: config 8 interface 21 altsetting 128 bulk endpoint 0x4 has invalid maxpacket 32 [ 58.361125][ T3166] usb 1-1: config 8 interface 21 altsetting 128 has an invalid endpoint with address 0x80, skipping [ 58.372827][ T3166] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0xC, skipping [ 58.384182][ T3166] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0x6, skipping [ 58.395577][ T3166] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0xD, skipping [ 58.407314][ T3166] usb 1-1: config 8 interface 21 altsetting 128 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 58.418912][ T3166] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0x8, skipping [ 58.430263][ T3166] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0xA, skipping [ 58.441634][ T3166] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0x8, skipping [ 58.452991][ T3166] usb 1-1: config 8 interface 21 altsetting 128 has a duplicate endpoint with address 0xD, skipping [ 58.464606][ T3166] usb 1-1: config 8 interface 150 has no altsetting 0 [ 58.471360][ T3166] usb 1-1: config 8 interface 21 has no altsetting 0 [ 58.632415][ T3166] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9170, bcdDevice=be.33 [ 58.642775][ T3166] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 58.650779][ T3166] usb 1-1: Product: syz [ 58.656712][ T3166] usb 1-1: Manufacturer: syz [ 58.661330][ T3166] usb 1-1: SerialNumber: syz executing program [ 59.404008][ T3166] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 59.642248][ T3166] usb 1-1: Using ep0 maxpacket: 32 [ 60.321804][ T5] usb 1-1: driver API: 1.9.9 2016-02-15 [1-1] [ 60.329072][ T5] usb 1-1: firmware API: 1.9.6 2012-07-07 [ 60.335663][ T3166] ------------[ cut here ]------------ [ 60.341202][ T3166] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 60.348590][ T3166] WARNING: CPU: 0 PID: 3166 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 [ 60.358690][ T3166] Modules linked in: [ 60.362651][ T3166] CPU: 0 PID: 3166 Comm: kworker/0:3 Not tainted 5.14.0-rc1-syzkaller #0 [ 60.371119][ T3166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.381252][ T3166] Workqueue: usb_hub_wq hub_event [ 60.386366][ T3166] RIP: 0010:usb_submit_urb+0xed2/0x18a0 [ 60.391905][ T3166] Code: 7c 24 18 e8 90 aa 1f fc 48 8b 7c 24 18 e8 a6 cc 0b ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 00 ae 27 8a e8 df 72 91 03 <0f> 0b e9 58 f8 ff ff e8 62 aa 1f fc 48 81 c5 40 06 00 00 e9 84 f7 [ 60.411559][ T3166] RSP: 0018:ffffc90002a6ee88 EFLAGS: 00010282 executing program [ 60.417672][ T3166] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 60.425699][ T3166] RDX: ffff88801fe23880 RSI: ffffffff815d6835 RDI: fffff5200054ddc3 [ 60.433737][ T3166] RBP: ffff888029dce000 R08: 0000000000000000 R09: 0000000000000000 [ 60.441708][ T3166] R10: ffffffff815d066e R11: 0000000000000000 R12: 0000000000000001 [ 60.453539][ T3166] R13: ffff88814429aa00 R14: 0000000000000002 R15: ffff88801759eb00 [ 60.461533][ T3166] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 60.470551][ T3166] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 60.477187][ T3166] CR2: 0000000000474a10 CR3: 0000000036250000 CR4: 0000000000350ef0 [ 60.485224][ T3166] Call Trace: [ 60.488501][ T3166] carl9170_usb_submit_cmd_urb+0x7e/0x130 [ 60.494271][ T3166] __carl9170_exec_cmd+0x30b/0x5b0 [ 60.499388][ T3166] carl9170_reboot+0xaf/0xf0 [ 60.504040][ T3166] carl9170_usb_disconnect+0x141/0x190 [ 60.511045][ T3166] usb_unbind_interface+0x1d8/0x8d0 [ 60.516688][ T3166] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 60.522546][ T3166] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 60.529144][ T3166] ? usb_unbind_device+0x1a0/0x1a0 [ 60.534523][ T3166] __device_release_driver+0x3bd/0x6f0 [ 60.540206][ T3166] device_release_driver+0x26/0x40 [ 60.545970][ T3166] usb_forced_unbind_intf+0x17d/0x220 [ 60.552039][ T3166] usb_reset_device+0x39b/0x9a0 [ 60.556962][ T3166] carl9170_usb_probe+0x48/0xd30 [ 60.561930][ T3166] usb_probe_interface+0x315/0x7f0 [ 60.567578][ T3166] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 60.573181][ T3166] really_probe+0x23c/0xcd0 [ 60.577702][ T3166] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 60.584012][ T3166] __driver_probe_device+0x338/0x4d0 [ 60.589422][ T3166] driver_probe_device+0x4c/0x1a0 [ 60.594705][ T3166] __device_attach_driver+0x20b/0x2f0 [ 60.600317][ T3166] ? driver_allows_async_probing+0x150/0x150 [ 60.606751][ T3166] bus_for_each_drv+0x15f/0x1e0 [ 60.611602][ T3166] ? bus_for_each_dev+0x1d0/0x1d0 [ 60.616894][ T3166] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 60.623373][ T3166] ? lockdep_hardirqs_on+0x79/0x100 [ 60.628795][ T3166] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 60.634642][ T3166] __device_attach+0x228/0x4a0 [ 60.639409][ T3166] ? device_driver_attach+0x210/0x210 [ 60.644869][ T3166] ? kobject_uevent_env+0x2bb/0x1650 [ 60.650161][ T3166] bus_probe_device+0x1e4/0x290 [ 60.655107][ T3166] device_add+0xc2f/0x2180 [ 60.659529][ T3166] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 60.665840][ T3166] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 60.672080][ T3166] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 60.677877][ T3166] ? create_intf_ep_devs.isra.0+0x18d/0x1f0 [ 60.683860][ T3166] usb_set_configuration+0x113f/0x1910 [ 60.689341][ T3166] usb_generic_driver_probe+0xba/0x100 [ 60.694858][ T3166] usb_probe_device+0xd9/0x2c0 [ 60.699622][ T3166] ? usb_driver_release_interface+0x180/0x180 [ 60.705787][ T3166] really_probe+0x23c/0xcd0 [ 60.710303][ T3166] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 60.716608][ T3166] __driver_probe_device+0x338/0x4d0 [ 60.721907][ T3166] driver_probe_device+0x4c/0x1a0 [ 60.727015][ T3166] __device_attach_driver+0x20b/0x2f0 [ 60.732584][ T3166] ? driver_allows_async_probing+0x150/0x150 [ 60.738582][ T3166] bus_for_each_drv+0x15f/0x1e0 [ 60.743489][ T3166] ? bus_for_each_dev+0x1d0/0x1d0 [ 60.748737][ T3166] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 60.755425][ T3166] ? lockdep_hardirqs_on+0x79/0x100 [ 60.760629][ T3166] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 60.766518][ T3166] __device_attach+0x228/0x4a0 [ 60.771285][ T3166] ? device_driver_attach+0x210/0x210 [ 60.776763][ T3166] ? kobject_uevent_env+0x2bb/0x1650 [ 60.782055][ T3166] bus_probe_device+0x1e4/0x290 [ 60.786963][ T3166] device_add+0xc2f/0x2180 [ 60.791382][ T3166] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 60.797679][ T3166] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 60.803992][ T3166] usb_new_device.cold+0x63f/0x108e [ 60.809184][ T3166] ? hub_disconnect+0x510/0x510 [ 60.814131][ T3166] ? rwlock_bug.part.0+0x90/0x90 [ 60.819068][ T3166] ? _raw_spin_unlock_irq+0x1f/0x40 [ 60.824321][ T3166] hub_event+0x2357/0x4330 [ 60.828774][ T3166] ? hub_port_debounce+0x3c0/0x3c0 [ 60.833928][ T3166] ? lock_release+0x720/0x720 [ 60.838602][ T3166] ? lock_downgrade+0x6e0/0x6e0 [ 60.843520][ T3166] ? do_raw_spin_lock+0x120/0x2b0 [ 60.848566][ T3166] process_one_work+0x98d/0x1630 [ 60.853575][ T3166] ? pwq_dec_nr_in_flight+0x320/0x320 [ 60.858958][ T3166] ? rwlock_bug.part.0+0x90/0x90 [ 60.863970][ T3166] ? _raw_spin_lock_irq+0x41/0x50 [ 60.869000][ T3166] worker_thread+0x658/0x11f0 [ 60.873744][ T3166] ? process_one_work+0x1630/0x1630 [ 60.878951][ T3166] kthread+0x3e5/0x4d0 [ 60.883276][ T3166] ? set_kthread_struct+0x130/0x130 [ 60.888657][ T3166] ret_from_fork+0x1f/0x30 [ 60.893144][ T3166] Kernel panic - not syncing: panic_on_warn set ... [ 60.899716][ T3166] CPU: 0 PID: 3166 Comm: kworker/0:3 Not tainted 5.14.0-rc1-syzkaller #0 [ 60.908109][ T3166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.918149][ T3166] Workqueue: usb_hub_wq hub_event [ 60.923171][ T3166] Call Trace: [ 60.926435][ T3166] dump_stack_lvl+0xcd/0x134 [ 60.931011][ T3166] panic+0x306/0x73d [ 60.934890][ T3166] ? __warn_printk+0xf3/0xf3 [ 60.939469][ T3166] ? __warn.cold+0x1a/0x44 [ 60.943869][ T3166] ? usb_submit_urb+0xed2/0x18a0 [ 60.948880][ T3166] __warn.cold+0x35/0x44 [ 60.953105][ T3166] ? wake_up_klogd.part.0+0x8e/0xd0 [ 60.958284][ T3166] ? usb_submit_urb+0xed2/0x18a0 [ 60.963210][ T3166] report_bug+0x1bd/0x210 [ 60.967525][ T3166] handle_bug+0x3c/0x60 [ 60.971689][ T3166] exc_invalid_op+0x14/0x40 [ 60.976174][ T3166] asm_exc_invalid_op+0x12/0x20 [ 60.981026][ T3166] RIP: 0010:usb_submit_urb+0xed2/0x18a0 [ 60.986579][ T3166] Code: 7c 24 18 e8 90 aa 1f fc 48 8b 7c 24 18 e8 a6 cc 0b ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 00 ae 27 8a e8 df 72 91 03 <0f> 0b e9 58 f8 ff ff e8 62 aa 1f fc 48 81 c5 40 06 00 00 e9 84 f7 [ 61.006172][ T3166] RSP: 0018:ffffc90002a6ee88 EFLAGS: 00010282 [ 61.012234][ T3166] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 61.020187][ T3166] RDX: ffff88801fe23880 RSI: ffffffff815d6835 RDI: fffff5200054ddc3 [ 61.028139][ T3166] RBP: ffff888029dce000 R08: 0000000000000000 R09: 0000000000000000 [ 61.036098][ T3166] R10: ffffffff815d066e R11: 0000000000000000 R12: 0000000000000001 [ 61.044053][ T3166] R13: ffff88814429aa00 R14: 0000000000000002 R15: ffff88801759eb00 [ 61.052011][ T3166] ? wake_up_klogd.part.0+0x8e/0xd0 [ 61.057213][ T3166] ? vprintk+0x95/0x260 [ 61.061359][ T3166] ? usb_submit_urb+0xed2/0x18a0 [ 61.066286][ T3166] carl9170_usb_submit_cmd_urb+0x7e/0x130 [ 61.071993][ T3166] __carl9170_exec_cmd+0x30b/0x5b0 [ 61.077090][ T3166] carl9170_reboot+0xaf/0xf0 [ 61.081669][ T3166] carl9170_usb_disconnect+0x141/0x190 [ 61.087114][ T3166] usb_unbind_interface+0x1d8/0x8d0 [ 61.092296][ T3166] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 61.098002][ T3166] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 61.103550][ T3166] ? usb_unbind_device+0x1a0/0x1a0 [ 61.108647][ T3166] __device_release_driver+0x3bd/0x6f0 [ 61.114117][ T3166] device_release_driver+0x26/0x40 [ 61.119231][ T3166] usb_forced_unbind_intf+0x17d/0x220 [ 61.124608][ T3166] usb_reset_device+0x39b/0x9a0 [ 61.129448][ T3166] carl9170_usb_probe+0x48/0xd30 [ 61.134379][ T3166] usb_probe_interface+0x315/0x7f0 [ 61.139476][ T3166] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 61.144833][ T3166] really_probe+0x23c/0xcd0 [ 61.149513][ T3166] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 61.155740][ T3166] __driver_probe_device+0x338/0x4d0 [ 61.161014][ T3166] driver_probe_device+0x4c/0x1a0 [ 61.166026][ T3166] __device_attach_driver+0x20b/0x2f0 [ 61.171408][ T3166] ? driver_allows_async_probing+0x150/0x150 [ 61.177375][ T3166] bus_for_each_drv+0x15f/0x1e0 [ 61.182215][ T3166] ? bus_for_each_dev+0x1d0/0x1d0 [ 61.187237][ T3166] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 61.193035][ T3166] ? lockdep_hardirqs_on+0x79/0x100 [ 61.198245][ T3166] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 61.204047][ T3166] __device_attach+0x228/0x4a0 [ 61.208803][ T3166] ? device_driver_attach+0x210/0x210 [ 61.214161][ T3166] ? kobject_uevent_env+0x2bb/0x1650 [ 61.220294][ T3166] bus_probe_device+0x1e4/0x290 [ 61.225918][ T3166] device_add+0xc2f/0x2180 [ 61.230821][ T3166] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 61.238173][ T3166] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 61.245224][ T3166] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 61.252270][ T3166] ? create_intf_ep_devs.isra.0+0x18d/0x1f0 [ 61.258589][ T3166] usb_set_configuration+0x113f/0x1910 [ 61.264042][ T3166] usb_generic_driver_probe+0xba/0x100 [ 61.269585][ T3166] usb_probe_device+0xd9/0x2c0 [ 61.274335][ T3166] ? usb_driver_release_interface+0x180/0x180 [ 61.280389][ T3166] really_probe+0x23c/0xcd0 [ 61.284890][ T3166] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 61.291116][ T3166] __driver_probe_device+0x338/0x4d0 [ 61.296390][ T3166] driver_probe_device+0x4c/0x1a0 [ 61.301401][ T3166] __device_attach_driver+0x20b/0x2f0 [ 61.306764][ T3166] ? driver_allows_async_probing+0x150/0x150 [ 61.312743][ T3166] bus_for_each_drv+0x15f/0x1e0 [ 61.317581][ T3166] ? bus_for_each_dev+0x1d0/0x1d0 [ 61.322590][ T3166] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 61.328384][ T3166] ? lockdep_hardirqs_on+0x79/0x100 [ 61.333565][ T3166] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 61.339362][ T3166] __device_attach+0x228/0x4a0 [ 61.344116][ T3166] ? device_driver_attach+0x210/0x210 [ 61.349485][ T3166] ? kobject_uevent_env+0x2bb/0x1650 [ 61.354759][ T3166] bus_probe_device+0x1e4/0x290 [ 61.359601][ T3166] device_add+0xc2f/0x2180 [ 61.364005][ T3166] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 61.370230][ T3166] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 61.376474][ T3166] usb_new_device.cold+0x63f/0x108e [ 61.381662][ T3166] ? hub_disconnect+0x510/0x510 [ 61.386498][ T3166] ? rwlock_bug.part.0+0x90/0x90 [ 61.391424][ T3166] ? _raw_spin_unlock_irq+0x1f/0x40 [ 61.396611][ T3166] hub_event+0x2357/0x4330 [ 61.401028][ T3166] ? hub_port_debounce+0x3c0/0x3c0 [ 61.406126][ T3166] ? lock_release+0x720/0x720 [ 61.410793][ T3166] ? lock_downgrade+0x6e0/0x6e0 [ 61.415626][ T3166] ? do_raw_spin_lock+0x120/0x2b0 [ 61.420639][ T3166] process_one_work+0x98d/0x1630 [ 61.425569][ T3166] ? pwq_dec_nr_in_flight+0x320/0x320 [ 61.430934][ T3166] ? rwlock_bug.part.0+0x90/0x90 [ 61.435863][ T3166] ? _raw_spin_lock_irq+0x41/0x50 [ 61.441051][ T3166] worker_thread+0x658/0x11f0 [ 61.445719][ T3166] ? process_one_work+0x1630/0x1630 [ 61.450921][ T3166] kthread+0x3e5/0x4d0 [ 61.454972][ T3166] ? set_kthread_struct+0x130/0x130 [ 61.460156][ T3166] ret_from_fork+0x1f/0x30 [ 61.470770][ T3166] Kernel Offset: disabled [ 61.475238][ T3166] Rebooting in 86400 seconds..