[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.74' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 57.138606][ T1264] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 57.388538][ T1264] usb 1-1: Using ep0 maxpacket: 8 [ 57.528654][ T1264] usb 1-1: config 0 has an invalid interface number: 119 but max is 0 [ 57.536925][ T1264] usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 57.546210][ T1264] usb 1-1: config 0 has no interface number 0 [ 57.552454][ T1264] usb 1-1: config 0 interface 119 altsetting 0 bulk endpoint 0xF has invalid maxpacket 8 [ 57.562404][ T1264] usb 1-1: config 0 interface 119 altsetting 0 endpoint 0x6 has invalid maxpacket 1024, setting to 64 [ 57.573469][ T1264] usb 1-1: config 0 interface 119 altsetting 0 endpoint 0x83 has invalid maxpacket 1267, setting to 1024 [ 57.584927][ T1264] usb 1-1: config 0 interface 119 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 57.595600][ T1264] usb 1-1: config 0 interface 119 altsetting 0 has an invalid endpoint with address 0xBD, skipping [ 57.606411][ T1264] usb 1-1: config 0 interface 119 altsetting 0 has a duplicate endpoint with address 0xF, skipping [ 57.617214][ T1264] usb 1-1: config 0 interface 119 altsetting 0 endpoint 0x8 has an invalid bInterval 244, changing to 11 [ 57.628566][ T1264] usb 1-1: config 0 interface 119 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 57.639415][ T1264] usb 1-1: config 0 interface 119 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 57.650496][ T1264] usb 1-1: config 0 interface 119 altsetting 0 endpoint 0x2 has an invalid bInterval 31, changing to 7 [ 57.661709][ T1264] usb 1-1: config 0 interface 119 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 57.673031][ T1264] usb 1-1: config 0 interface 119 altsetting 0 has a duplicate endpoint with address 0x6, skipping [ 57.683844][ T1264] usb 1-1: config 0 interface 119 altsetting 0 has 14 endpoint descriptors, different from the interface descriptor's value: 13 [ 57.868582][ T1264] usb 1-1: New USB device found, idVendor=cace, idProduct=0300, bcdDevice=31.25 [ 57.877997][ T1264] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 57.886331][ T1264] usb 1-1: Product: syz [ 57.890930][ T1264] usb 1-1: Manufacturer: syz [ 57.895709][ T1264] usb 1-1: SerialNumber: syz [ 57.903519][ T1264] usb 1-1: config 0 descriptor?? [ 57.929255][ T6501] raw-gadget gadget: fail, usb_ep_enable returned -22 executing program [ 58.108473][ T1264] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 58.538341][ T1264] usb 1-1: device descriptor read/64, error -71 [ 58.808316][ T1264] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 59.058251][ T1264] usb 1-1: Using ep0 maxpacket: 8 [ 59.198369][ T6511] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 59.268846][ T1264] usb 1-1: driver API: 1.9.9 2016-02-15 [1-1] [ 59.275107][ T1264] usb 1-1: firmware API: 1.9.6 2012-07-07 [ 59.284624][ T1264] ------------[ cut here ]------------ [ 59.290745][ T1264] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 59.296909][ T1264] WARNING: CPU: 0 PID: 1264 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 [ 59.307335][ T1264] Modules linked in: [ 59.311834][ T1264] CPU: 0 PID: 1264 Comm: kworker/0:3 Not tainted 5.15.0-rc4-syzkaller #0 [ 59.321151][ T1264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.331982][ T1264] Workqueue: events request_firmware_work_func [ 59.338620][ T1264] RIP: 0010:usb_submit_urb+0xed2/0x18a0 [ 59.344424][ T1264] Code: 7c 24 18 e8 a0 62 1b fc 48 8b 7c 24 18 e8 76 59 0b ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 20 d0 28 8a e8 aa f5 97 03 <0f> 0b e9 58 f8 ff ff e8 72 62 1b fc 48 81 c5 88 06 00 00 e9 84 f7 [ 59.364821][ T1264] RSP: 0018:ffffc9000598fba0 EFLAGS: 00010282 [ 59.371287][ T1264] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 59.379632][ T1264] RDX: ffff88801ca1d580 RSI: ffffffff815daf18 RDI: fffff52000b31f66 [ 59.387592][ T1264] RBP: ffff8880125ba0a0 R08: 0000000000000000 R09: 0000000000000000 [ 59.396209][ T1264] R10: ffffffff815d4cbe R11: 0000000000000000 R12: 0000000000000001 [ 59.404976][ T1264] R13: ffff8880125f8848 R14: 0000000000000002 R15: ffff8880149fe400 executing program [ 59.413462][ T1264] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 59.422902][ T1264] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.429947][ T1264] CR2: 00007f7622512000 CR3: 000000001a158000 CR4: 0000000000350ef0 [ 59.434301][ T1050] usb 1-1: USB disconnect, device number 2 [ 59.437918][ T1264] Call Trace: [ 59.449221][ T1264] carl9170_usb_send_rx_irq_urb+0x273/0x340 [ 59.455137][ T1264] carl9170_usb_firmware_step2+0x1b9/0x290 [ 59.464421][ T1264] ? carl9170_usb_resume+0x170/0x170 [ 59.469919][ T1264] request_firmware_work_func+0x12c/0x230 [ 59.475730][ T1264] ? request_partial_firmware_into_buf+0xa0/0xa0 [ 59.482405][ T1264] process_one_work+0x9bf/0x16b0 [ 59.487363][ T1264] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 59.492801][ T1264] ? rwlock_bug.part.0+0x90/0x90 [ 59.497742][ T1264] ? _raw_spin_lock_irq+0x41/0x50 [ 59.503208][ T1264] worker_thread+0x658/0x11f0 [ 59.508160][ T1264] ? process_one_work+0x16b0/0x16b0 [ 59.513367][ T1264] kthread+0x3e5/0x4d0 [ 59.517630][ T1264] ? set_kthread_struct+0x130/0x130 [ 59.522885][ T1264] ret_from_fork+0x1f/0x30 [ 59.527363][ T1264] Kernel panic - not syncing: panic_on_warn set ... [ 59.534022][ T1264] CPU: 0 PID: 1264 Comm: kworker/0:3 Not tainted 5.15.0-rc4-syzkaller #0 [ 59.542422][ T1264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.552468][ T1264] Workqueue: events request_firmware_work_func [ 59.558615][ T1264] Call Trace: [ 59.561878][ T1264] dump_stack_lvl+0xcd/0x134 [ 59.566454][ T1264] panic+0x2b0/0x6dd [ 59.570341][ T1264] ? __warn_printk+0xf3/0xf3 [ 59.574923][ T1264] ? __warn.cold+0x1a/0x44 [ 59.579325][ T1264] ? usb_submit_urb+0xed2/0x18a0 [ 59.584250][ T1264] __warn.cold+0x35/0x44 [ 59.588478][ T1264] ? wake_up_klogd.part.0+0x8e/0xd0 [ 59.593749][ T1264] ? usb_submit_urb+0xed2/0x18a0 [ 59.598670][ T1264] report_bug+0x1bd/0x210 [ 59.602992][ T1264] handle_bug+0x3c/0x60 [ 59.607140][ T1264] exc_invalid_op+0x14/0x40 [ 59.611629][ T1264] asm_exc_invalid_op+0x12/0x20 [ 59.616465][ T1264] RIP: 0010:usb_submit_urb+0xed2/0x18a0 [ 59.621994][ T1264] Code: 7c 24 18 e8 a0 62 1b fc 48 8b 7c 24 18 e8 76 59 0b ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 20 d0 28 8a e8 aa f5 97 03 <0f> 0b e9 58 f8 ff ff e8 72 62 1b fc 48 81 c5 88 06 00 00 e9 84 f7 [ 59.641587][ T1264] RSP: 0018:ffffc9000598fba0 EFLAGS: 00010282 [ 59.647637][ T1264] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 59.655589][ T1264] RDX: ffff88801ca1d580 RSI: ffffffff815daf18 RDI: fffff52000b31f66 [ 59.663654][ T1264] RBP: ffff8880125ba0a0 R08: 0000000000000000 R09: 0000000000000000 [ 59.671607][ T1264] R10: ffffffff815d4cbe R11: 0000000000000000 R12: 0000000000000001 [ 59.679560][ T1264] R13: ffff8880125f8848 R14: 0000000000000002 R15: ffff8880149fe400 [ 59.687518][ T1264] ? wake_up_klogd.part.0+0x8e/0xd0 [ 59.692707][ T1264] ? vprintk+0x88/0x90 [ 59.697033][ T1264] carl9170_usb_send_rx_irq_urb+0x273/0x340 [ 59.702922][ T1264] carl9170_usb_firmware_step2+0x1b9/0x290 [ 59.708719][ T1264] ? carl9170_usb_resume+0x170/0x170 [ 59.713992][ T1264] request_firmware_work_func+0x12c/0x230 [ 59.719700][ T1264] ? request_partial_firmware_into_buf+0xa0/0xa0 [ 59.726108][ T1264] process_one_work+0x9bf/0x16b0 [ 59.731048][ T1264] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 59.736412][ T1264] ? rwlock_bug.part.0+0x90/0x90 [ 59.741333][ T1264] ? _raw_spin_lock_irq+0x41/0x50 [ 59.746353][ T1264] worker_thread+0x658/0x11f0 [ 59.751020][ T1264] ? process_one_work+0x16b0/0x16b0 [ 59.756213][ T1264] kthread+0x3e5/0x4d0 [ 59.760272][ T1264] ? set_kthread_struct+0x130/0x130 [ 59.765632][ T1264] ret_from_fork+0x1f/0x30 [ 59.771081][ T1264] Kernel Offset: disabled [ 59.775467][ T1264] Rebooting in 86400 seconds..