[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Warning: Permanently added '10.128.0.154' (ECDSA) to the list of known hosts. executing program [ 79.985024][ T37] audit: type=1400 audit(1619610435.021:8): avc: denied { execmem } for pid=8368 comm="syz-executor723" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 Debian GNU/Linux 9 syzkaller ttyS0 [ 80.280108][ T3128] usb 1-1: new high-speed USB device number 2 using dummy_hcd syzkaller login: [ 80.519913][ T3128] usb 1-1: Using ep0 maxpacket: 16 [ 80.640111][ T3128] usb 1-1: config 0 has an invalid interface number: 251 but max is 1 [ 80.650101][ T3128] usb 1-1: config 0 contains an unexpected descriptor of type 0x1, skipping [ 80.659085][ T3128] usb 1-1: config 0 has an invalid interface number: 252 but max is 1 [ 80.667934][ T3128] usb 1-1: config 0 has no interface number 0 [ 80.674761][ T3128] usb 1-1: config 0 has no interface number 1 [ 80.681862][ T3128] usb 1-1: config 0 interface 251 altsetting 0 endpoint 0xC has an invalid bInterval 42, changing to 9 [ 80.693769][ T3128] usb 1-1: config 0 interface 251 altsetting 0 endpoint 0x1 has invalid maxpacket 1024, setting to 64 [ 80.705587][ T3128] usb 1-1: config 0 interface 251 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 80.716562][ T3128] usb 1-1: config 0 interface 251 altsetting 0 endpoint 0xE has invalid maxpacket 512, setting to 64 [ 80.727895][ T3128] usb 1-1: config 0 interface 251 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 80.739219][ T3128] usb 1-1: config 0 interface 251 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 80.750292][ T3128] usb 1-1: config 0 interface 251 altsetting 0 has a duplicate endpoint with address 0x5, skipping [ 80.761654][ T3128] usb 1-1: config 0 interface 251 altsetting 0 has a duplicate endpoint with address 0x7, skipping [ 80.773007][ T3128] usb 1-1: config 0 interface 251 altsetting 0 has a duplicate endpoint with address 0xD, skipping [ 80.783798][ T3128] usb 1-1: config 0 interface 251 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 80.794993][ T3128] usb 1-1: config 0 interface 251 altsetting 0 has a duplicate endpoint with address 0x7, skipping [ 80.806000][ T3128] usb 1-1: New USB device found, idVendor=0711, idProduct=0950, bcdDevice=5e.14 [ 80.815546][ T3128] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.828865][ T3128] usb 1-1: config 0 descriptor?? [ 80.883513][ T3128] usb 1-1: USB2VGA dongle found at address 2 [ 80.907893][ T3128] usb 1-1: Allocated 8 output buffers [ 80.914959][ T3128] ------------[ cut here ]------------ [ 80.927035][ T3128] usb 1-1: BOGUS urb xfer, pipe 3 != type 1 [ 80.934233][ T3128] WARNING: CPU: 1 PID: 3128 at drivers/usb/core/urb.c:493 usb_submit_urb+0xd27/0x1540 [ 80.945284][ T3128] Modules linked in: [ 80.950723][ T3128] CPU: 1 PID: 3128 Comm: kworker/1:2 Not tainted 5.12.0-syzkaller #0 [ 80.959130][ T3128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.970790][ T3128] Workqueue: usb_hub_wq hub_event [ 80.976253][ T3128] RIP: 0010:usb_submit_urb+0xd27/0x1540 [ 80.983819][ T3128] Code: 84 d4 02 00 00 e8 59 8e 31 fc 4c 89 ef e8 71 4a 10 ff 41 89 d8 44 89 e1 4c 89 f2 48 89 c6 48 c7 c7 40 ad 04 8a e8 01 e3 82 03 <0f> 0b e9 81 f8 ff ff e8 2d 8e 31 fc 48 81 c5 40 06 00 00 e9 ad f7 [ 81.004423][ T3128] RSP: 0018:ffffc90002506db8 EFLAGS: 00010282 [ 81.010815][ T3128] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 81.019164][ T3128] RDX: ffff88801d2e6240 RSI: ffffffff815b73d5 RDI: fffff520004a0da9 [ 81.027774][ T3128] RBP: ffff88801d9c21e0 R08: 0000000000000000 R09: 0000000000000000 [ 81.036062][ T3128] R10: ffffffff815b013e R11: 0000000000000000 R12: 0000000000000003 [ 81.044283][ T3128] R13: ffff8880127900a8 R14: ffff8880176716c0 R15: ffff888011f4d000 [ 81.052754][ T3128] FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 81.061907][ T3128] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.068683][ T3128] CR2: 00007f40e8bc7000 CR3: 000000001cfab000 CR4: 00000000001506e0 [ 81.076751][ T3128] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 executing program [ 81.088159][ T3128] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.096493][ T3128] Call Trace: [ 81.099867][ T3128] sisusb_send_bulk_msg.constprop.0+0x904/0x1240 [ 81.106237][ T3128] ? sisusb_kill_all_busy+0x260/0x260 [ 81.124725][ T3128] ? __device_attach+0x228/0x4b0 [ 81.129937][ T3128] ? bus_probe_device+0x1e4/0x290 [ 81.135133][ T3128] ? device_add+0xbe0/0x2100 [ 81.139857][ T3128] ? usb_set_configuration+0x113a/0x1910 [ 81.145625][ T3128] ? dev_printk_emit+0xba/0xf1 [ 81.150879][ T3128] sisusb_init_gfxdevice+0x87b/0x4000 [ 81.156277][ T3128] ? find_held_lock+0x2d/0x110 [ 81.161211][ T3128] ? __dev_printk+0xcf/0xf5 [ 81.165896][ T3128] ? sisusb_set_default_mode+0xbc0/0xbc0 [ 81.171904][ T3128] ? _dev_info+0xd7/0x109 [ 81.176813][ T3128] ? _dev_notice+0x109/0x109 [ 81.181533][ T3128] ? remove_stable_node+0x80/0x2d0 [ 81.186981][ T3128] ? __kmalloc+0x233/0x480 [ 81.191770][ T3128] ? lockdep_init_map_type+0x2c3/0x7b0 [ 81.197640][ T3128] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 81.204063][ T3128] ? kobject_get+0xbc/0x150 [ 81.208757][ T3128] sisusb_probe+0x9ee/0xc03 [ 81.213407][ T3128] usb_probe_interface+0x315/0x7f0 [ 81.218781][ T3128] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 81.224281][ T3128] really_probe+0x291/0xf60 [ 81.228821][ T3128] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 81.235249][ T3128] driver_probe_device+0x298/0x410 [ 81.240509][ T3128] __device_attach_driver+0x203/0x2c0 [ 81.246240][ T3128] ? driver_allows_async_probing+0x150/0x150 [ 81.252969][ T3128] bus_for_each_drv+0x15f/0x1e0 [ 81.258176][ T3128] ? bus_for_each_dev+0x1d0/0x1d0 [ 81.263323][ T3128] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 81.269679][ T3128] ? lockdep_hardirqs_on+0x79/0x100 [ 81.275751][ T3128] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 81.281923][ T3128] __device_attach+0x228/0x4b0 [ 81.286731][ T3128] ? __driver_attach_async_helper+0x330/0x330 [ 81.293114][ T3128] ? kfree+0x284/0x2b0 [ 81.297358][ T3128] ? kobject_uevent_env+0x2bb/0x1650 [ 81.302773][ T3128] bus_probe_device+0x1e4/0x290 [ 81.307794][ T3128] device_add+0xbe0/0x2100 [ 81.312496][ T3128] ? wait_for_completion_io+0x270/0x270 [ 81.318715][ T3128] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 81.325051][ T3128] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 81.331237][ T3128] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 81.337504][ T3128] usb_set_configuration+0x113a/0x1910 [ 81.343232][ T3128] usb_generic_driver_probe+0xba/0x100 [ 81.348873][ T3128] usb_probe_device+0xd9/0x2c0 [ 81.353730][ T3128] ? usb_driver_release_interface+0x180/0x180 [ 81.359913][ T3128] really_probe+0x291/0xf60 [ 81.364449][ T3128] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 81.370898][ T3128] driver_probe_device+0x298/0x410 [ 81.376250][ T3128] __device_attach_driver+0x203/0x2c0 [ 81.382333][ T3128] ? driver_allows_async_probing+0x150/0x150 [ 81.388712][ T3128] bus_for_each_drv+0x15f/0x1e0 [ 81.393875][ T3128] ? bus_for_each_dev+0x1d0/0x1d0 [ 81.399025][ T3128] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 81.405584][ T3128] ? lockdep_hardirqs_on+0x79/0x100 [ 81.411784][ T3128] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 81.417760][ T3128] __device_attach+0x228/0x4b0 [ 81.424621][ T3128] ? __driver_attach_async_helper+0x330/0x330 [ 81.430994][ T3128] ? kfree+0x284/0x2b0 [ 81.436803][ T3128] ? kobject_uevent_env+0x2bb/0x1650 [ 81.443052][ T3128] bus_probe_device+0x1e4/0x290 [ 81.448459][ T3128] device_add+0xbe0/0x2100 [ 81.454525][ T3128] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 81.461832][ T3128] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 81.468115][ T3128] usb_new_device.cold+0x721/0x1058 [ 81.473408][ T3128] ? hub_disconnect+0x510/0x510 [ 81.478817][ T3128] ? rwlock_bug.part.0+0x90/0x90 [ 81.484075][ T3128] ? _raw_spin_unlock_irq+0x1f/0x40 [ 81.489412][ T3128] hub_event+0x2357/0x4320 [ 81.494370][ T3128] ? hub_port_debounce+0x3c0/0x3c0 [ 81.499954][ T3128] ? lock_release+0x720/0x720 [ 81.504895][ T3128] ? lock_downgrade+0x6e0/0x6e0 [ 81.509866][ T3128] ? do_raw_spin_lock+0x120/0x2b0 [ 81.515190][ T3128] process_one_work+0x98d/0x1600 [ 81.521396][ T3128] ? pwq_dec_nr_in_flight+0x320/0x320 [ 81.527882][ T3128] ? rwlock_bug.part.0+0x90/0x90 [ 81.533146][ T3128] ? _raw_spin_lock_irq+0x41/0x50 [ 81.538460][ T3128] worker_thread+0x64c/0x1120 [ 81.543264][ T3128] ? __kthread_parkme+0x13f/0x1e0 [ 81.548443][ T3128] ? process_one_work+0x1600/0x1600 [ 81.553898][ T3128] kthread+0x3b1/0x4a0 [ 81.558124][ T3128] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 81.564726][ T3128] ret_from_fork+0x1f/0x30 [ 81.569410][ T3128] Kernel panic - not syncing: panic_on_warn set ... [ 81.576446][ T3128] CPU: 1 PID: 3128 Comm: kworker/1:2 Not tainted 5.12.0-syzkaller #0 [ 81.584696][ T3128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.595058][ T3128] Workqueue: usb_hub_wq hub_event [ 81.600269][ T3128] Call Trace: [ 81.603663][ T3128] dump_stack+0x141/0x1d7 [ 81.608137][ T3128] panic+0x306/0x73d [ 81.612046][ T3128] ? __warn_printk+0xf3/0xf3 [ 81.616649][ T3128] ? __warn.cold+0x1a/0x44 [ 81.621075][ T3128] ? usb_submit_urb+0xd27/0x1540 [ 81.626488][ T3128] __warn.cold+0x35/0x44 [ 81.630760][ T3128] ? wake_up_klogd.part.0+0x8e/0xd0 [ 81.636152][ T3128] ? usb_submit_urb+0xd27/0x1540 [ 81.641214][ T3128] report_bug+0x1bd/0x210 [ 81.645776][ T3128] handle_bug+0x3c/0x60 [ 81.650033][ T3128] exc_invalid_op+0x14/0x40 [ 81.654655][ T3128] asm_exc_invalid_op+0x12/0x20 [ 81.659619][ T3128] RIP: 0010:usb_submit_urb+0xd27/0x1540 [ 81.665299][ T3128] Code: 84 d4 02 00 00 e8 59 8e 31 fc 4c 89 ef e8 71 4a 10 ff 41 89 d8 44 89 e1 4c 89 f2 48 89 c6 48 c7 c7 40 ad 04 8a e8 01 e3 82 03 <0f> 0b e9 81 f8 ff ff e8 2d 8e 31 fc 48 81 c5 40 06 00 00 e9 ad f7 [ 81.685628][ T3128] RSP: 0018:ffffc90002506db8 EFLAGS: 00010282 [ 81.692119][ T3128] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 81.700115][ T3128] RDX: ffff88801d2e6240 RSI: ffffffff815b73d5 RDI: fffff520004a0da9 [ 81.708510][ T3128] RBP: ffff88801d9c21e0 R08: 0000000000000000 R09: 0000000000000000 [ 81.717014][ T3128] R10: ffffffff815b013e R11: 0000000000000000 R12: 0000000000000003 [ 81.725215][ T3128] R13: ffff8880127900a8 R14: ffff8880176716c0 R15: ffff888011f4d000 [ 81.733551][ T3128] ? wake_up_klogd.part.0+0x8e/0xd0 [ 81.738867][ T3128] ? vprintk_func+0x95/0x1e0 [ 81.743464][ T3128] ? usb_submit_urb+0xd27/0x1540 [ 81.748402][ T3128] sisusb_send_bulk_msg.constprop.0+0x904/0x1240 [ 81.754839][ T3128] ? sisusb_kill_all_busy+0x260/0x260 [ 81.760521][ T3128] ? __device_attach+0x228/0x4b0 [ 81.765490][ T3128] ? bus_probe_device+0x1e4/0x290 [ 81.770626][ T3128] ? device_add+0xbe0/0x2100 [ 81.775502][ T3128] ? usb_set_configuration+0x113a/0x1910 [ 81.781397][ T3128] ? dev_printk_emit+0xba/0xf1 [ 81.786348][ T3128] sisusb_init_gfxdevice+0x87b/0x4000 [ 81.792408][ T3128] ? find_held_lock+0x2d/0x110 [ 81.797609][ T3128] ? __dev_printk+0xcf/0xf5 [ 81.802151][ T3128] ? sisusb_set_default_mode+0xbc0/0xbc0 [ 81.808123][ T3128] ? _dev_info+0xd7/0x109 [ 81.812463][ T3128] ? _dev_notice+0x109/0x109 [ 81.817191][ T3128] ? remove_stable_node+0x80/0x2d0 [ 81.822403][ T3128] ? __kmalloc+0x233/0x480 [ 81.827020][ T3128] ? lockdep_init_map_type+0x2c3/0x7b0 [ 81.832767][ T3128] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 81.839054][ T3128] ? kobject_get+0xbc/0x150 [ 81.843785][ T3128] sisusb_probe+0x9ee/0xc03 [ 81.848501][ T3128] usb_probe_interface+0x315/0x7f0 [ 81.854530][ T3128] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 81.860312][ T3128] really_probe+0x291/0xf60 [ 81.864923][ T3128] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 81.871174][ T3128] driver_probe_device+0x298/0x410 [ 81.876475][ T3128] __device_attach_driver+0x203/0x2c0 [ 81.882421][ T3128] ? driver_allows_async_probing+0x150/0x150 [ 81.888757][ T3128] bus_for_each_drv+0x15f/0x1e0 [ 81.894208][ T3128] ? bus_for_each_dev+0x1d0/0x1d0 [ 81.899937][ T3128] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 81.905976][ T3128] ? lockdep_hardirqs_on+0x79/0x100 [ 81.911857][ T3128] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 81.918223][ T3128] __device_attach+0x228/0x4b0 [ 81.923694][ T3128] ? __driver_attach_async_helper+0x330/0x330 [ 81.930227][ T3128] ? kfree+0x284/0x2b0 [ 81.934449][ T3128] ? kobject_uevent_env+0x2bb/0x1650 [ 81.940365][ T3128] bus_probe_device+0x1e4/0x290 [ 81.946103][ T3128] device_add+0xbe0/0x2100 [ 81.950727][ T3128] ? wait_for_completion_io+0x270/0x270 [ 81.956573][ T3128] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 81.963156][ T3128] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 81.968993][ T3128] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 81.975595][ T3128] usb_set_configuration+0x113a/0x1910 [ 81.981181][ T3128] usb_generic_driver_probe+0xba/0x100 [ 81.986734][ T3128] usb_probe_device+0xd9/0x2c0 [ 81.991514][ T3128] ? usb_driver_release_interface+0x180/0x180 [ 81.997593][ T3128] really_probe+0x291/0xf60 [ 82.002204][ T3128] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 82.008879][ T3128] driver_probe_device+0x298/0x410 [ 82.014269][ T3128] __device_attach_driver+0x203/0x2c0 [ 82.019739][ T3128] ? driver_allows_async_probing+0x150/0x150 [ 82.025997][ T3128] bus_for_each_drv+0x15f/0x1e0 [ 82.030876][ T3128] ? bus_for_each_dev+0x1d0/0x1d0 [ 82.036022][ T3128] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 82.042238][ T3128] ? lockdep_hardirqs_on+0x79/0x100 [ 82.047742][ T3128] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 82.053671][ T3128] __device_attach+0x228/0x4b0 [ 82.058903][ T3128] ? __driver_attach_async_helper+0x330/0x330 [ 82.065319][ T3128] ? kfree+0x284/0x2b0 [ 82.069757][ T3128] ? kobject_uevent_env+0x2bb/0x1650 [ 82.075388][ T3128] bus_probe_device+0x1e4/0x290 [ 82.080524][ T3128] device_add+0xbe0/0x2100 [ 82.085238][ T3128] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 82.091590][ T3128] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 82.097846][ T3128] usb_new_device.cold+0x721/0x1058 [ 82.103292][ T3128] ? hub_disconnect+0x510/0x510 [ 82.108336][ T3128] ? rwlock_bug.part.0+0x90/0x90 [ 82.113424][ T3128] ? _raw_spin_unlock_irq+0x1f/0x40 [ 82.118945][ T3128] hub_event+0x2357/0x4320 [ 82.123916][ T3128] ? hub_port_debounce+0x3c0/0x3c0 [ 82.129547][ T3128] ? lock_release+0x720/0x720 [ 82.134241][ T3128] ? lock_downgrade+0x6e0/0x6e0 [ 82.139111][ T3128] ? do_raw_spin_lock+0x120/0x2b0 [ 82.144138][ T3128] process_one_work+0x98d/0x1600 [ 82.149165][ T3128] ? pwq_dec_nr_in_flight+0x320/0x320 [ 82.154783][ T3128] ? rwlock_bug.part.0+0x90/0x90 [ 82.159989][ T3128] ? _raw_spin_lock_irq+0x41/0x50 [ 82.165436][ T3128] worker_thread+0x64c/0x1120 [ 82.170132][ T3128] ? __kthread_parkme+0x13f/0x1e0 [ 82.175295][ T3128] ? process_one_work+0x1600/0x1600 [ 82.180518][ T3128] kthread+0x3b1/0x4a0 [ 82.184594][ T3128] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 82.190496][ T3128] ret_from_fork+0x1f/0x30 [ 82.196331][ T3128] Kernel Offset: disabled [ 82.200781][ T3128] Rebooting in 86400 seconds..