[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.241' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 36.201415][ T32] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 36.561361][ T32] usb 1-1: config 0 has an invalid interface number: 108 but max is 0 [ 36.569746][ T32] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 36.579985][ T32] usb 1-1: config 0 has no interface number 0 [ 36.586215][ T32] usb 1-1: config 0 interface 108 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 36.597369][ T32] usb 1-1: New USB device found, idVendor=2040, idProduct=8265, bcdDevice=2f.86 [ 36.606504][ T32] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 36.617541][ T32] usb 1-1: config 0 descriptor?? [ 36.664709][ T32] em28xx 1-1:0.108: New device @ 480 Mbps (2040:8265, interface 108, class 108) [ 36.674322][ T32] em28xx 1-1:0.108: Audio interface 108 found (Vendor Class) executing program [ 36.911235][ T32] em28xx 1-1:0.108: unknown em28xx chip ID (0) [ 36.931195][ T32] em28xx 1-1:0.108: Config register raw data: 0xfffffffb [ 36.951221][ T32] em28xx 1-1:0.108: AC97 chip type couldn't be determined [ 36.958510][ T32] em28xx 1-1:0.108: No AC97 audio processor [ 36.964993][ T32] em28xx 1-1:0.108: We currently don't support analog TV or stream capture on dual tuners. [ 37.111121][ T32] em28xx 1-1:0.108: unknown em28xx chip ID (0) [ 37.131141][ T32] em28xx 1-1:0.108: Config register raw data: 0xfffffffb [ 37.151155][ T32] em28xx 1-1:0.108: AC97 chip type couldn't be determined [ 37.158345][ T32] em28xx 1-1:0.108: No AC97 audio processor [ 37.404652][ T32] usb 1-1: USB disconnect, device number 2 [ 37.412664][ T32] em28xx 1-1:0.108: Disconnecting em28xx #1 [ 37.419547][ T32] em28xx 1-1:0.108: Disconnecting em28xx [ 37.430318][ T32] em28xx 1-1:0.108: Freeing device [ 37.435603][ T32] em28xx 1-1:0.108: Freeing device [ 37.790894][ T32] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 38.160916][ T32] usb 1-1: config 0 has an invalid interface number: 108 but max is 0 [ 38.169137][ T32] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 38.179314][ T32] usb 1-1: config 0 has no interface number 0 [ 38.185528][ T32] usb 1-1: config 0 interface 108 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 38.196897][ T32] usb 1-1: New USB device found, idVendor=2040, idProduct=8265, bcdDevice=2f.86 [ 38.206044][ T32] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.218363][ T32] usb 1-1: config 0 descriptor?? [ 38.273079][ T32] em28xx 1-1:0.108: New device @ 480 Mbps (2040:8265, interface 108, class 108) [ 38.282480][ T32] em28xx 1-1:0.108: Audio interface 108 found (Vendor Class) executing program [ 38.540701][ T32] em28xx 1-1:0.108: unknown em28xx chip ID (0) [ 38.560752][ T32] em28xx 1-1:0.108: Config register raw data: 0xfffffffb [ 38.580697][ T32] em28xx 1-1:0.108: AC97 chip type couldn't be determined [ 38.587885][ T32] em28xx 1-1:0.108: No AC97 audio processor [ 38.593925][ T32] list_add corruption. prev->next should be next (ffffffff8815cf00), but was ffffffff81957c7b. (prev=ffff8881023b0250). [ 38.606948][ T32] ------------[ cut here ]------------ [ 38.612499][ T32] kernel BUG at lib/list_debug.c:26! [ 38.617794][ T32] invalid opcode: 0000 [#1] SMP KASAN [ 38.623174][ T32] CPU: 1 PID: 32 Comm: kworker/1:1 Not tainted 5.11.0-rc1-syzkaller #0 [ 38.631396][ T32] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.641463][ T32] Workqueue: usb_hub_wq hub_event [ 38.646479][ T32] RIP: 0010:__list_add_valid.cold+0x3a/0x3c [ 38.652381][ T32] Code: 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 c0 62 1f 86 e8 ac 41 fd ff 0f 0b 48 89 f1 48 c7 c7 40 62 1f 86 4c 89 e6 e8 98 41 fd ff <0f> 0b 48 89 ee 48 c7 c7 e0 63 1f 86 e8 87 41 fd ff 0f 0b 4c 89 ea [ 38.672174][ T32] RSP: 0018:ffffc900001a6fa0 EFLAGS: 00010282 [ 38.678236][ T32] RAX: 0000000000000075 RBX: ffff888111612000 RCX: 0000000000000000 [ 38.686202][ T32] RDX: ffff888100888000 RSI: ffffffff812996d3 RDI: fffff52000034de6 [ 38.694166][ T32] RBP: ffff8881025d0250 R08: 0000000000000075 R09: 0000000000000000 [ 38.702132][ T32] R10: ffffffff8149b86b R11: 0000000000000000 R12: ffffffff8815cf00 [ 38.710094][ T32] R13: ffff8881025d0000 R14: ffff8881025d013c R15: ffff888111610000 [ 38.718076][ T32] FS: 0000000000000000(0000) GS:ffff8881f6b00000(0000) knlGS:0000000000000000 [ 38.727011][ T32] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.733588][ T32] CR2: 000056041c309160 CR3: 00000001008d6000 CR4: 00000000001506e0 [ 38.741551][ T32] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 38.749530][ T32] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 38.757508][ T32] Call Trace: [ 38.760797][ T32] em28xx_init_extension+0x44/0x1f0 [ 38.765995][ T32] em28xx_init_dev.constprop.0+0xa8b/0x172f [ 38.771884][ T32] ? __dev_printk+0xcf/0xf5 [ 38.776401][ T32] ? _dev_info+0xd7/0x109 [ 38.780724][ T32] ? em28xx_pre_card_setup+0x5c0/0x5c0 [ 38.786180][ T32] ? lockdep_init_map_waits+0x26a/0x700 [ 38.791743][ T32] ? lockdep_init_map_waits+0x26a/0x700 [ 38.797309][ T32] em28xx_usb_probe.cold+0xc23/0x2586 [ 38.802679][ T32] usb_probe_interface+0x315/0x7f0 [ 38.807792][ T32] ? usb_match_dynamic_id+0x1a0/0x1a0 [ 38.813177][ T32] really_probe+0x291/0xde0 [ 38.817679][ T32] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 38.823921][ T32] driver_probe_device+0x26b/0x3d0 [ 38.829696][ T32] __device_attach_driver+0x1d1/0x290 [ 38.835089][ T32] ? driver_allows_async_probing+0x150/0x150 [ 38.841081][ T32] bus_for_each_drv+0x15f/0x1e0 [ 38.845933][ T32] ? bus_for_each_dev+0x1d0/0x1d0 [ 38.850974][ T32] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 38.856952][ T32] ? trace_hardirqs_on+0x5b/0x1a0 [ 38.861972][ T32] __device_attach+0x228/0x4a0 [ 38.866866][ T32] ? __driver_attach_async_helper+0x330/0x330 [ 38.872943][ T32] ? kobject_uevent_env+0x2bb/0x1680 [ 38.878239][ T32] bus_probe_device+0x1e4/0x290 [ 38.883091][ T32] device_add+0xbc4/0x1d90 [ 38.887507][ T32] ? wait_for_completion_io+0x270/0x270 [ 38.893309][ T32] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 38.899548][ T32] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 38.905547][ T32] ? _raw_spin_unlock_irqrestore+0x34/0x40 [ 38.911346][ T32] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 38.917580][ T32] usb_set_configuration+0x113c/0x1910 [ 38.923040][ T32] usb_generic_driver_probe+0xba/0x100 [ 38.928508][ T32] usb_probe_device+0xd9/0x2c0 [ 38.933283][ T32] ? usb_driver_release_interface+0x180/0x180 [ 38.939359][ T32] really_probe+0x291/0xde0 [ 38.943884][ T32] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 38.950148][ T32] driver_probe_device+0x26b/0x3d0 [ 38.955288][ T32] __device_attach_driver+0x1d1/0x290 [ 38.960747][ T32] ? driver_allows_async_probing+0x150/0x150 [ 38.966752][ T32] bus_for_each_drv+0x15f/0x1e0 [ 38.971609][ T32] ? bus_for_each_dev+0x1d0/0x1d0 [ 38.976642][ T32] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 38.982617][ T32] ? trace_hardirqs_on+0x5b/0x1a0 [ 38.987632][ T32] __device_attach+0x228/0x4a0 [ 38.992403][ T32] ? __driver_attach_async_helper+0x330/0x330 [ 38.998474][ T32] ? kobject_uevent_env+0x2bb/0x1680 [ 39.003774][ T32] bus_probe_device+0x1e4/0x290 [ 39.008626][ T32] device_add+0xbc4/0x1d90 [ 39.013047][ T32] ? __fw_devlink_link_to_suppliers+0x5e0/0x5e0 [ 39.019288][ T32] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 39.025521][ T32] usb_new_device.cold+0x725/0x1057 [ 39.030821][ T32] ? hub_disconnect+0x510/0x510 [ 39.035672][ T32] ? rwlock_bug.part.0+0x90/0x90 [ 39.040615][ T32] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 39.046592][ T32] hub_event+0x2348/0x42d0 [ 39.050999][ T32] ? hub_port_debounce+0x3b0/0x3b0 [ 39.056149][ T32] ? lock_acquire+0xf1/0x700 [ 39.060743][ T32] ? flush_workqueue+0x6d1/0x13e0 [ 39.065787][ T32] ? lock_release+0x6d0/0x6d0 [ 39.070457][ T32] ? lock_downgrade+0x6d0/0x6d0 [ 39.075304][ T32] ? do_raw_spin_lock+0x120/0x2b0 [ 39.080341][ T32] process_one_work+0x98d/0x1580 [ 39.085318][ T32] ? pwq_dec_nr_in_flight+0x320/0x320 [ 39.090686][ T32] ? rwlock_bug.part.0+0x90/0x90 [ 39.095658][ T32] worker_thread+0x82b/0x1120 [ 39.100328][ T32] ? __kthread_parkme+0x118/0x1d0 [ 39.105357][ T32] ? process_one_work+0x1580/0x1580 [ 39.110543][ T32] kthread+0x38c/0x460 [ 39.114614][ T32] ? _raw_spin_unlock_irq+0x1f/0x30 [ 39.119806][ T32] ? kthread_create_worker_on_cpu+0xf0/0xf0 [ 39.125716][ T32] ret_from_fork+0x1f/0x30 [ 39.130153][ T32] Modules linked in: [ 39.134137][ T32] ---[ end trace aadc7ce02dfc78a7 ]--- [ 39.139632][ T32] RIP: 0010:__list_add_valid.cold+0x3a/0x3c [ 39.145598][ T32] Code: 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 c0 62 1f 86 e8 ac 41 fd ff 0f 0b 48 89 f1 48 c7 c7 40 62 1f 86 4c 89 e6 e8 98 41 fd ff <0f> 0b 48 89 ee 48 c7 c7 e0 63 1f 86 e8 87 41 fd ff 0f 0b 4c 89 ea [ 39.165265][ T32] RSP: 0018:ffffc900001a6fa0 EFLAGS: 00010282 [ 39.171387][ T32] RAX: 0000000000000075 RBX: ffff888111612000 RCX: 0000000000000000 [ 39.179371][ T32] RDX: ffff888100888000 RSI: ffffffff812996d3 RDI: fffff52000034de6 [ 39.187674][ T32] RBP: ffff8881025d0250 R08: 0000000000000075 R09: 0000000000000000 [ 39.195718][ T32] R10: ffffffff8149b86b R11: 0000000000000000 R12: ffffffff8815cf00 [ 39.203744][ T32] R13: ffff8881025d0000 R14: ffff8881025d013c R15: ffff888111610000 [ 39.211779][ T32] FS: 0000000000000000(0000) GS:ffff8881f6b00000(0000) knlGS:0000000000000000 [ 39.220769][ T32] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.227396][ T32] CR2: 000056041c309160 CR3: 00000001008d6000 CR4: 00000000001506e0 [ 39.235404][ T32] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 39.243425][ T32] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 39.251465][ T32] Kernel panic - not syncing: Fatal exception [ 39.258069][ T32] Kernel Offset: disabled [ 39.262397][ T32] Rebooting in 86400 seconds..