syzkaller
syzkaller login: [ 36.650276][ T1284] can: request_module (can-proto-0) failed.
[ 36.665221][ T1284] can: request_module (can-proto-2) failed.
[ 36.679806][ T1284] can: request_module (can-proto-0) failed.
[ 36.699523][ T1284] can: request_module (can-proto-7) failed.
[ 36.720047][ T1284] can: request_module (can-proto-0) failed.
[ 36.740184][ T1284] can: request_module (can-proto-1) failed.
Warning: Permanently added '10.128.10.27' (ECDSA) to the list of known hosts.
2022/09/05 10:47:33 ignoring optional flag "sandboxArg"="0"
2022/09/05 10:47:33 parsed 1 programs
2022/09/05 10:47:33 executed programs: 0
[ 63.343587][ T36] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 63.583534][ T36] usb 1-1: Using ep0 maxpacket: 8
[ 63.703587][ T36] usb 1-1: config 0 has an invalid interface number: 119 but max is 0
[ 63.711998][ T36] usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[ 63.720833][ T36] usb 1-1: config 0 has no interface number 0
[ 63.727175][ T36] usb 1-1: config 0 interface 119 altsetting 0 bulk endpoint 0xF has invalid maxpacket 8
[ 63.737060][ T36] usb 1-1: config 0 interface 119 altsetting 0 endpoint 0x6 has invalid maxpacket 1024, setting to 64
[ 63.748240][ T36] usb 1-1: config 0 interface 119 altsetting 0 endpoint 0x83 has invalid maxpacket 29939, setting to 1024
[ 63.759954][ T36] usb 1-1: config 0 interface 119 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[ 63.770289][ T36] usb 1-1: config 0 interface 119 altsetting 0 has an invalid endpoint with address 0xBD, skipping
[ 63.781388][ T36] usb 1-1: config 0 interface 119 altsetting 0 has a duplicate endpoint with address 0xF, skipping
[ 63.792474][ T36] usb 1-1: config 0 interface 119 altsetting 0 endpoint 0x8 has an invalid bInterval 244, changing to 11
[ 63.803741][ T36] usb 1-1: config 0 interface 119 altsetting 0 has an invalid endpoint with address 0x0, skipping
[ 63.814731][ T36] usb 1-1: config 0 interface 119 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64
[ 63.826362][ T36] usb 1-1: config 0 interface 119 altsetting 0 endpoint 0x2 has an invalid bInterval 31, changing to 7
[ 63.837443][ T36] usb 1-1: config 0 interface 119 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 63.848979][ T36] usb 1-1: config 0 interface 119 altsetting 0 has a duplicate endpoint with address 0x6, skipping
[ 63.859810][ T36] usb 1-1: config 0 interface 119 altsetting 0 has 14 endpoint descriptors, different from the interface descriptor's value: 13
[ 64.023763][ T36] usb 1-1: New USB device found, idVendor=cace, idProduct=0300, bcdDevice=31.25
[ 64.033081][ T36] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 64.041133][ T36] usb 1-1: Product: syz
[ 64.045345][ T36] usb 1-1: Manufacturer: syz
[ 64.049937][ T36] usb 1-1: SerialNumber: syz
[ 64.057676][ T36] usb 1-1: config 0 descriptor??
[ 64.074005][ T2309] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 64.243591][ T36] usb 1-1: reset high-speed USB device number 2 using dummy_hcd
2022/09/05 10:47:41 executed programs: 1
[ 65.233586][ T36] usb 1-1: device descriptor read/64, error -71
[ 65.593549][ T36] usb 1-1: Using ep0 maxpacket: 8
[ 65.733936][ T2314] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 65.784239][ T36] usb 1-1: driver API: 1.9.9 2016-02-15 [1-1]
[ 65.790564][ T36] usb 1-1: firmware API: 1.9.6 2012-07-07
[ 65.796942][ T36] ------------[ cut here ]------------
[ 65.802570][ T36] usb 1-1: BOGUS urb xfer, pipe 1 != type 3
[ 65.808885][ T36] WARNING: CPU: 1 PID: 36 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x1880
[ 65.818769][ T36] Modules linked in:
[ 65.822691][ T36] CPU: 1 PID: 36 Comm: kworker/1:1 Not tainted 6.0.0-rc4-syzkaller-00050-ga956f91247da #0
[ 65.833012][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[ 65.843413][ T36] Workqueue: events request_firmware_work_func
[ 65.849747][ T36] RIP: 0010:usb_submit_urb+0xed2/0x1880
[ 65.855421][ T36] Code: 7c 24 18 e8 40 2f 8e fd 48 8b 7c 24 18 e8 a6 9d 18 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 c0 ba a9 86 e8 0e a2 0d 02 <0f> 0b e9 58 f8 ff ff e8 12 2f 8e fd 48 81 c5 b8 05 00 00 e9 84 f7
[ 65.875149][ T36] RSP: 0018:ffffc90000477ba0 EFLAGS: 00010282
[ 65.881229][ T36] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
[ 65.889276][ T36] RDX: ffff888100890000 RSI: ffffffff812c9b68 RDI: fffff5200008ef66
[ 65.897500][ T36] RBP: ffff888109f090a0 R08: 0000000000000005 R09: 0000000000000000
[ 65.905622][ T36] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
[ 65.913953][ T36] R13: ffff88811929fe60 R14: 0000000000000002 R15: ffff888109fa3900
[ 65.921953][ T36] FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000
[ 65.931236][ T36] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 65.937892][ T36] CR2: 000056544e399058 CR3: 00000001102ab000 CR4: 00000000003506e0
[ 65.946028][ T36] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 65.954156][ T36] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 65.959541][ T71] usb 1-1: USB disconnect, device number 2
[ 65.962125][ T36] Call Trace:
[ 65.962137][ T36]
[ 65.974549][ T36] ? _raw_spin_unlock_irqrestore+0x2/0x70
[ 65.980452][ T36] carl9170_usb_send_rx_irq_urb+0x273/0x340
[ 65.986560][ T36] carl9170_usb_firmware_step2+0x171/0x240
[ 65.992432][ T36] ? carl9170_usb_resume+0x170/0x170
[ 65.997991][ T36] request_firmware_work_func+0x12c/0x230
[ 66.003813][ T36] ? request_partial_firmware_into_buf+0xa0/0xa0
[ 66.010269][ T36] process_one_work+0x991/0x1610
[ 66.015474][ T36] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 66.020993][ T36] ? rwlock_bug.part.0+0x90/0x90
[ 66.026624][ T36] ? _raw_spin_lock_irq+0x41/0x50
[ 66.031695][ T36] worker_thread+0x665/0x1080
[ 66.036708][ T36] ? __kthread_parkme+0x15f/0x220
[ 66.041859][ T36] ? process_one_work+0x1610/0x1610
[ 66.047143][ T36] kthread+0x2ea/0x3a0
[ 66.051358][ T36] ? kthread_complete_and_exit+0x40/0x40
[ 66.057160][ T36] ret_from_fork+0x1f/0x30
[ 66.061688][ T36]
[ 66.064760][ T36] Kernel panic - not syncing: panic_on_warn set ...
[ 66.071494][ T36] CPU: 1 PID: 36 Comm: kworker/1:1 Not tainted 6.0.0-rc4-syzkaller-00050-ga956f91247da #0
[ 66.081390][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[ 66.096969][ T36] Workqueue: events request_firmware_work_func
[ 66.103317][ T36] Call Trace:
[ 66.106629][ T36]
[ 66.109574][ T36] dump_stack_lvl+0xcd/0x134
[ 66.114262][ T36] panic+0x2c8/0x627
[ 66.118246][ T36] ? panic_print_sys_info.part.0+0x10b/0x10b
[ 66.124332][ T36] ? __warn.cold+0x248/0x2c4
[ 66.129036][ T36] ? usb_submit_urb+0xed2/0x1880
[ 66.134058][ T36] __warn.cold+0x259/0x2c4
[ 66.138561][ T36] ? __wake_up_klogd.part.0+0xc6/0xf0
[ 66.144020][ T36] ? usb_submit_urb+0xed2/0x1880
[ 66.148989][ T36] report_bug+0x1bc/0x210
[ 66.153339][ T36] handle_bug+0x3c/0x60
[ 66.158117][ T36] exc_invalid_op+0x14/0x40
[ 66.162631][ T36] asm_exc_invalid_op+0x16/0x20
[ 66.167487][ T36] RIP: 0010:usb_submit_urb+0xed2/0x1880
[ 66.173141][ T36] Code: 7c 24 18 e8 40 2f 8e fd 48 8b 7c 24 18 e8 a6 9d 18 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 c0 ba a9 86 e8 0e a2 0d 02 <0f> 0b e9 58 f8 ff ff e8 12 2f 8e fd 48 81 c5 b8 05 00 00 e9 84 f7
[ 66.195051][ T36] RSP: 0018:ffffc90000477ba0 EFLAGS: 00010282
[ 66.201383][ T36] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
[ 66.209361][ T36] RDX: ffff888100890000 RSI: ffffffff812c9b68 RDI: fffff5200008ef66
[ 66.217518][ T36] RBP: ffff888109f090a0 R08: 0000000000000005 R09: 0000000000000000
[ 66.225540][ T36] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
[ 66.233533][ T36] R13: ffff88811929fe60 R14: 0000000000000002 R15: ffff888109fa3900
[ 66.241528][ T36] ? vprintk+0x88/0x90
[ 66.245625][ T36] ? _raw_spin_unlock_irqrestore+0x2/0x70
[ 66.251385][ T36] carl9170_usb_send_rx_irq_urb+0x273/0x340
[ 66.257562][ T36] carl9170_usb_firmware_step2+0x171/0x240
[ 66.263501][ T36] ? carl9170_usb_resume+0x170/0x170
[ 66.268913][ T36] request_firmware_work_func+0x12c/0x230
[ 66.274940][ T36] ? request_partial_firmware_into_buf+0xa0/0xa0
[ 66.281563][ T36] process_one_work+0x991/0x1610
[ 66.286545][ T36] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 66.292078][ T36] ? rwlock_bug.part.0+0x90/0x90
[ 66.297172][ T36] ? _raw_spin_lock_irq+0x41/0x50
[ 66.302306][ T36] worker_thread+0x665/0x1080
[ 66.307034][ T36] ? __kthread_parkme+0x15f/0x220
[ 66.312239][ T36] ? process_one_work+0x1610/0x1610
[ 66.317647][ T36] kthread+0x2ea/0x3a0
[ 66.322264][ T36] ? kthread_complete_and_exit+0x40/0x40
[ 66.327943][ T36] ret_from_fork+0x1f/0x30
[ 66.332434][ T36]
[ 66.335827][ T36] Kernel Offset: disabled
[ 66.340271][ T36] Rebooting in 86400 seconds..