usb 5-1: SerialNumber: syz usb 5-1: config 0 descriptor?? cm109 5-1:0.8: invalid payload size 0, expected 4 input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input58 list_add double add: new=ffff88801db87b18, prev=ffff88801db87b18, next=ffff88805a270078. ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:37! Oops: invalid opcode: 0000 [#1] SMP KASAN PTI CPU: 1 UID: 0 PID: 5894 Comm: kworker/1:6 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Workqueue: usb_hub_wq hub_event RIP: 0010:__list_add_valid_or_report+0xa5/0x130 lib/list_debug.c:35 Code: 74 12 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 48 c7 c7 e0 da c1 8b 4c 89 fe 4c 89 f2 48 89 d9 e8 2c f5 68 fc 90 <0f> 0b 48 c7 c7 e0 d8 c1 8b e8 1d f5 68 fc 90 0f 0b 48 c7 c7 80 d9 RSP: 0018:ffffc900053b6af8 EFLAGS: 00010046 RAX: 0000000000000058 RBX: ffff88805a270078 RCX: 3b8c51511bae0f00 RDX: ffffc90019619000 RSI: 000000000004323c RDI: 000000000004323d RBP: 1ffff1100b44e010 R08: ffff8880b8923e93 R09: 1ffff110171247d2 R10: dffffc0000000000 R11: ffffed10171247d3 R12: 1ffff11003b70f63 R13: dffffc0000000000 R14: ffff88801db87b18 R15: ffff88801db87b18 FS: 0000000000000000(0000) GS:ffff8881261c7000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000080001680 CR3: 000000007e5a6000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __list_add_valid include/linux/list.h:88 [inline] __list_add include/linux/list.h:150 [inline] list_add_tail include/linux/list.h:183 [inline] usb_hcd_link_urb_to_ep+0x1d2/0x330 drivers/usb/core/hcd.c:1158 dummy_urb_enqueue+0x2a1/0x780 drivers/usb/gadget/udc/dummy_hcd.c:1288 usb_hcd_submit_urb+0x322/0x1aa0 drivers/usb/core/hcd.c:1533 cm109_input_open+0x1fb/0x460 drivers/input/misc/cm109.c:566 input_open_device+0x1c5/0x360 drivers/input/input.c:600 kbd_connect+0xed/0x140 drivers/tty/vt/keyboard.c:1591 input_attach_handler drivers/input/input.c:993 [inline] input_register_device+0xceb/0x10b0 drivers/input/input.c:2412 cm109_usb_probe+0x118c/0x1690 drivers/input/misc/cm109.c:797 usb_probe_interface+0x641/0xbc0 drivers/usb/core/driver.c:396 call_driver_probe drivers/base/dd.c:-1 [inline] really_probe+0x26a/0x9a0 drivers/base/dd.c:657 __driver_probe_device+0x18c/0x2f0 drivers/base/dd.c:799 driver_probe_device+0x4f/0x430 drivers/base/dd.c:829 __device_attach_driver+0x2ce/0x530 drivers/base/dd.c:957 bus_for_each_drv+0x251/0x2e0 drivers/base/bus.c:462 __device_attach+0x2b8/0x400 drivers/base/dd.c:1029 bus_probe_device+0x185/0x260 drivers/base/bus.c:537 device_add+0x7b6/0xb50 drivers/base/core.c:3692 usb_set_configuration+0x1a87/0x20e0 drivers/usb/core/message.c:2210 usb_generic_driver_probe+0x8d/0x150 drivers/usb/core/generic.c:250 usb_probe_device+0x1c4/0x390 drivers/usb/core/driver.c:291 call_driver_probe drivers/base/dd.c:-1 [inline] really_probe+0x26a/0x9a0 drivers/base/dd.c:657 __driver_probe_device+0x18c/0x2f0 drivers/base/dd.c:799 driver_probe_device+0x4f/0x430 drivers/base/dd.c:829 __device_attach_driver+0x2ce/0x530 drivers/base/dd.c:957 bus_for_each_drv+0x251/0x2e0 drivers/base/bus.c:462 __device_attach+0x2b8/0x400 drivers/base/dd.c:1029 bus_probe_device+0x185/0x260 drivers/base/bus.c:537 device_add+0x7b6/0xb50 drivers/base/core.c:3692 usb_new_device+0xa39/0x16c0 drivers/usb/core/hub.c:2663 hub_port_connect drivers/usb/core/hub.c:5531 [inline] hub_port_connect_change drivers/usb/core/hub.c:5671 [inline] port_event drivers/usb/core/hub.c:5831 [inline] hub_event+0x2941/0x4a00 drivers/usb/core/hub.c:5913 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xade/0x17a0 kernel/workqueue.c:3319 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400 kthread+0x711/0x8a0 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:__list_add_valid_or_report+0xa5/0x130 lib/list_debug.c:35 Code: 74 12 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 48 c7 c7 e0 da c1 8b 4c 89 fe 4c 89 f2 48 89 d9 e8 2c f5 68 fc 90 <0f> 0b 48 c7 c7 e0 d8 c1 8b e8 1d f5 68 fc 90 0f 0b 48 c7 c7 80 d9 RSP: 0018:ffffc900053b6af8 EFLAGS: 00010046 RAX: 0000000000000058 RBX: ffff88805a270078 RCX: 3b8c51511bae0f00 RDX: ffffc90019619000 RSI: 000000000004323c RDI: 000000000004323d RBP: 1ffff1100b44e010 R08: ffff8880b8923e93 R09: 1ffff110171247d2 R10: dffffc0000000000 R11: ffffed10171247d3 R12: 1ffff11003b70f63 R13: dffffc0000000000 R14: ffff88801db87b18 R15: ffff88801db87b18 FS: 0000000000000000(0000) GS:ffff8881261c7000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000080001680 CR3: 000000007e5a6000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400