INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.170' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 25.902051][ T95] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 26.142031][ T95] usb 1-1: Using ep0 maxpacket: 32 [ 26.262344][ T95] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 26.432185][ T95] usb 1-1: New USB device found, idVendor=18cd, idProduct=cafe, bcdDevice=99.e3 [ 26.441256][ T95] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 26.449414][ T95] usb 1-1: Product: syz [ 26.453732][ T95] usb 1-1: Manufacturer: syz [ 26.458346][ T95] usb 1-1: SerialNumber: syz [ 26.464382][ T95] usb 1-1: config 0 descriptor?? [ 26.513618][ T95] uvcvideo: Found UVC 0.00 device syz (18cd:cafe) [ 26.521065][ T95] list_add double add: new=ffff8881cdea0010, prev=ffff8881cdea0010, next=ffff8881d718f218. [ 26.531392][ T95] ------------[ cut here ]------------ [ 26.536845][ T95] kernel BUG at lib/list_debug.c:29! [ 26.543168][ T95] invalid opcode: 0000 [#1] SMP KASAN [ 26.548682][ T95] CPU: 0 PID: 95 Comm: kworker/0:2 Not tainted 5.5.0-rc3-syzkaller #0 [ 26.556821][ T95] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.566879][ T95] Workqueue: usb_hub_wq hub_event [ 26.571922][ T95] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 26.577803][ T95] Code: 57 ff ff ff 4c 89 e1 48 c7 c7 c0 fa fb 85 e8 4b 20 40 ff 0f 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 00 fc fb 85 e8 34 20 40 ff <0f> 0b 48 89 f1 48 c7 c7 80 fb fb 85 4c 89 e6 e8 20 20 40 ff 0f 0b [ 26.598769][ T95] RSP: 0018:ffff8881d5d8f080 EFLAGS: 00010286 [ 26.604823][ T95] RAX: 0000000000000058 RBX: ffff8881cdea0010 RCX: 0000000000000000 [ 26.612825][ T95] RDX: 0000000000000000 RSI: ffffffff812959ad RDI: ffffed103abb1e02 [ 26.620836][ T95] RBP: ffff8881cdea0010 R08: 0000000000000058 R09: fffffbfff1269aae [ 26.628834][ T95] R10: fffffbfff1269aad R11: ffffffff8934d56f R12: ffff8881d718f218 [ 26.636782][ T95] R13: ffff8881cdea0000 R14: dffffc0000000000 R15: ffff8881d718f218 [ 26.645316][ T95] FS: 0000000000000000(0000) GS:ffff8881db200000(0000) knlGS:0000000000000000 [ 26.654453][ T95] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.661032][ T95] CR2: 00007f514c22d000 CR3: 00000001c6507000 CR4: 00000000001406f0 [ 26.669130][ T95] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.677329][ T95] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.685296][ T95] Call Trace: [ 26.688584][ T95] uvc_scan_chain_forward.isra.0+0x4df/0x637 [ 26.694545][ T95] uvc_probe.cold+0x1aee/0x29de [ 26.699426][ T95] ? mark_lock+0xbc/0x1160 [ 26.703820][ T95] ? mark_lock+0xbc/0x1160 [ 26.708210][ T95] ? mark_held_locks+0x9f/0xe0 [ 26.712952][ T95] ? usb_probe_interface+0x310/0x800 [ 26.718230][ T95] usb_probe_interface+0x310/0x800 [ 26.723332][ T95] ? usb_probe_device+0x140/0x140 [ 26.728347][ T95] really_probe+0x290/0xad0 [ 26.732850][ T95] driver_probe_device+0x223/0x350 [ 26.737955][ T95] __device_attach_driver+0x1d1/0x290 [ 26.744528][ T95] ? driver_allows_async_probing+0x160/0x160 [ 26.750504][ T95] bus_for_each_drv+0x162/0x1e0 [ 26.755348][ T95] ? bus_rescan_devices+0x20/0x20 [ 26.760348][ T95] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 26.766129][ T95] ? lockdep_hardirqs_on+0x382/0x580 [ 26.771392][ T95] __device_attach+0x217/0x390 [ 26.776128][ T95] ? device_bind_driver+0xd0/0xd0 [ 26.781130][ T95] bus_probe_device+0x1e4/0x290 [ 26.785957][ T95] device_add+0x1459/0x1bf0 [ 26.790455][ T95] ? wait_for_completion+0x3c0/0x3c0 [ 26.795715][ T95] ? device_link_remove+0x110/0x110 [ 26.800908][ T95] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 26.806691][ T95] usb_set_configuration+0xe47/0x17d0 [ 26.812042][ T95] generic_probe+0x9d/0xd5 [ 26.816433][ T95] usb_probe_device+0xaf/0x140 [ 26.821174][ T95] ? usb_suspend+0x5f0/0x5f0 [ 26.825750][ T95] really_probe+0x290/0xad0 [ 26.830285][ T95] driver_probe_device+0x223/0x350 [ 26.835378][ T95] __device_attach_driver+0x1d1/0x290 [ 26.840793][ T95] ? driver_allows_async_probing+0x160/0x160 [ 26.846946][ T95] bus_for_each_drv+0x162/0x1e0 [ 26.851781][ T95] ? bus_rescan_devices+0x20/0x20 [ 26.857335][ T95] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 26.863434][ T95] ? lockdep_hardirqs_on+0x382/0x580 [ 26.868699][ T95] __device_attach+0x217/0x390 [ 26.873445][ T95] ? device_bind_driver+0xd0/0xd0 [ 26.878447][ T95] bus_probe_device+0x1e4/0x290 [ 26.883273][ T95] device_add+0x1459/0x1bf0 [ 26.887764][ T95] ? device_link_remove+0x110/0x110 [ 26.892945][ T95] usb_new_device.cold+0x540/0xcd0 [ 26.898036][ T95] hub_event+0x21cb/0x4300 [ 26.902427][ T95] ? hub_port_debounce+0x350/0x350 [ 26.907510][ T95] ? find_held_lock+0x2d/0x110 [ 26.912261][ T95] ? mark_held_locks+0xe0/0xe0 [ 26.917029][ T95] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 26.922633][ T95] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 26.927953][ T95] process_one_work+0x945/0x15c0 [ 26.932874][ T95] ? pwq_dec_nr_in_flight+0x310/0x310 [ 26.938248][ T95] ? do_raw_spin_lock+0x129/0x290 [ 26.943414][ T95] worker_thread+0x96/0xe20 [ 26.948061][ T95] ? process_one_work+0x15c0/0x15c0 [ 26.953477][ T95] kthread+0x318/0x420 [ 26.957529][ T95] ? kthread_create_on_node+0xf0/0xf0 [ 26.962899][ T95] ret_from_fork+0x24/0x30 [ 26.967319][ T95] Modules linked in: [ 26.971292][ T95] ---[ end trace 8c363b461f6a7f0a ]--- [ 26.976877][ T95] RIP: 0010:__list_add_valid.cold+0x26/0x3c [ 26.976972][ T1792] kobject: 'dummy_udc.0' (00000000b34f4df5): kobject_uevent_env [ 26.982811][ T95] Code: 57 ff ff ff 4c 89 e1 48 c7 c7 c0 fa fb 85 e8 4b 20 40 ff 0f 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 00 fc fb 85 e8 34 20 40 ff <0f> 0b 48 89 f1 48 c7 c7 80 fb fb 85 4c 89 e6 e8 20 20 40 ff 0f 0b [ 26.982817][ T95] RSP: 0018:ffff8881d5d8f080 EFLAGS: 00010286