Warning: Permanently added '10.128.1.168' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 51.767639][ T1053] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 52.007717][ T1053] usb 1-1: Using ep0 maxpacket: 8 [ 52.127928][ T1053] usb 1-1: config 0 has an invalid interface number: 119 but max is 0 [ 52.136327][ T1053] usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 52.146495][ T1053] usb 1-1: config 0 has no interface number 0 [ 52.153494][ T1053] usb 1-1: config 0 interface 119 altsetting 0 bulk endpoint 0xF has invalid maxpacket 8 [ 52.164203][ T1053] usb 1-1: config 0 interface 119 altsetting 0 endpoint 0x6 has invalid maxpacket 1024, setting to 64 [ 52.176105][ T1053] usb 1-1: config 0 interface 119 altsetting 0 endpoint 0x83 has invalid maxpacket 1267, setting to 1024 [ 52.188306][ T1053] usb 1-1: config 0 interface 119 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 52.199499][ T1053] usb 1-1: config 0 interface 119 altsetting 0 has an invalid endpoint with address 0xBD, skipping [ 52.211165][ T1053] usb 1-1: config 0 interface 119 altsetting 0 has a duplicate endpoint with address 0xF, skipping [ 52.222711][ T1053] usb 1-1: config 0 interface 119 altsetting 0 endpoint 0x8 has an invalid bInterval 244, changing to 11 [ 52.235160][ T1053] usb 1-1: config 0 interface 119 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 52.246826][ T1053] usb 1-1: config 0 interface 119 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 52.258630][ T1053] usb 1-1: config 0 interface 119 altsetting 0 endpoint 0x2 has an invalid bInterval 31, changing to 7 [ 52.270628][ T1053] usb 1-1: config 0 interface 119 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 52.283013][ T1053] usb 1-1: config 0 interface 119 altsetting 0 has a duplicate endpoint with address 0x6, skipping [ 52.294682][ T1053] usb 1-1: config 0 interface 119 altsetting 0 has 14 endpoint descriptors, different from the interface descriptor's value: 13 [ 52.467573][ T1053] usb 1-1: New USB device found, idVendor=cace, idProduct=0300, bcdDevice=31.25 [ 52.476747][ T1053] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 52.485095][ T1053] usb 1-1: Product: syz [ 52.489597][ T1053] usb 1-1: Manufacturer: syz [ 52.494298][ T1053] usb 1-1: SerialNumber: syz [ 52.502870][ T1053] usb 1-1: config 0 descriptor?? [ 52.528618][ T6521] raw-gadget gadget: fail, usb_ep_enable returned -22 executing program [ 52.707429][ T1053] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 53.137219][ T1053] usb 1-1: device descriptor read/64, error -71 [ 53.407184][ T1053] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 53.647059][ T1053] usb 1-1: Using ep0 maxpacket: 8 [ 53.787248][ T6530] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 53.848731][ T1053] usb 1-1: driver API: 1.9.9 2016-02-15 [1-1] [ 53.855007][ T1053] usb 1-1: firmware API: 1.9.6 2012-07-07 [ 53.861397][ T1053] ------------[ cut here ]------------ [ 53.866897][ T1053] usb 1-1: BOGUS urb xfer, pipe 1 != type 3 [ 53.873429][ T1053] WARNING: CPU: 0 PID: 1053 at drivers/usb/core/urb.c:503 usb_submit_urb+0xcd2/0x1970 [ 53.883799][ T1053] Modules linked in: [ 53.888138][ T1053] CPU: 0 PID: 1053 Comm: kworker/0:2 Not tainted 5.15.0-rc7-syzkaller #0 [ 53.896701][ T1053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.907555][ T1053] Workqueue: events request_firmware_work_func [ 53.913747][ T1053] RIP: 0010:usb_submit_urb+0xcd2/0x1970 [ 53.919730][ T1053] Code: d8 48 c1 e8 03 42 8a 04 20 84 c0 0f 85 89 09 00 00 44 8b 03 48 c7 c7 c0 2c 04 8b 4c 89 fe 4c 89 f2 89 e9 31 c0 e8 5e c7 6f fb <0f> 0b 4c 8b 7c 24 10 4c 8b 64 24 38 8b 5c 24 28 45 89 e6 4c 89 f7 [ 53.939473][ T1053] RSP: 0018:ffffc900045bfa20 EFLAGS: 00010246 [ 53.945560][ T1053] RAX: c0488d4b2013c100 RBX: ffffffff8b042a08 RCX: ffff88801c0eb900 [ 53.953604][ T1053] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 53.961666][ T1053] RBP: 0000000000000001 R08: ffffffff81695fe2 R09: ffffed10173857a8 [ 53.969711][ T1053] R10: ffffed10173857a8 R11: 0000000000000000 R12: dffffc0000000000 [ 53.977776][ T1053] R13: ffff888014de4400 R14: ffff888012bb16b8 R15: ffffffff8b04cc80 [ 53.985825][ T1053] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 executing program [ 53.995187][ T1053] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.001918][ T1053] CR2: 00007fffa69fe690 CR3: 0000000071447000 CR4: 00000000003506f0 [ 54.009970][ T1053] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.018044][ T1053] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.025684][ T1056] usb 1-1: USB disconnect, device number 2 [ 54.026434][ T1053] Call Trace: [ 54.035244][ T1053] carl9170_usb_init_device+0x243/0x880 [ 54.048238][ T1053] carl9170_usb_firmware_step2+0xa5/0x260 [ 54.054256][ T1053] request_firmware_work_func+0x19b/0x270 [ 54.061764][ T1053] ? carl9170_usb_tasklet+0x280/0x280 [ 54.067992][ T1053] ? request_firmware_nowait+0x460/0x460 [ 54.073726][ T1053] ? _raw_spin_unlock_irq+0x1f/0x40 [ 54.080057][ T1053] process_one_work+0x853/0x1140 [ 54.085083][ T1053] ? worker_detach_from_pool+0x260/0x260 [ 54.091785][ T1053] ? _raw_spin_lock_irqsave+0x120/0x120 [ 54.098299][ T1053] ? kthread_data+0x4d/0xc0 [ 54.102886][ T1053] ? wq_worker_running+0x8b/0x140 [ 54.108984][ T1053] worker_thread+0xac1/0x1320 [ 54.113750][ T1053] ? __kthread_parkme+0x166/0x1c0 [ 54.119771][ T1053] kthread+0x453/0x480 [ 54.123915][ T1053] ? rcu_lock_release+0x20/0x20 [ 54.129764][ T1053] ? kthread_blkcg+0xd0/0xd0 [ 54.134417][ T1053] ret_from_fork+0x1f/0x30 [ 54.139809][ T1053] Kernel panic - not syncing: panic_on_warn set ... [ 54.146396][ T1053] CPU: 0 PID: 1053 Comm: kworker/0:2 Not tainted 5.15.0-rc7-syzkaller #0 [ 54.154789][ T1053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.164829][ T1053] Workqueue: events request_firmware_work_func [ 54.170976][ T1053] Call Trace: [ 54.174240][ T1053] dump_stack_lvl+0x1dc/0x2d8 [ 54.178903][ T1053] ? show_regs_print_info+0x12/0x12 [ 54.184094][ T1053] ? log_buf_vmcoreinfo_setup+0x498/0x498 [ 54.189802][ T1053] panic+0x2d6/0x810 [ 54.193682][ T1053] ? __warn+0x13e/0x270 [ 54.197818][ T1053] ? nmi_panic+0x90/0x90 [ 54.202047][ T1053] ? ret_from_fork+0x1f/0x30 [ 54.206630][ T1053] __warn+0x26a/0x270 [ 54.210590][ T1053] ? usb_submit_urb+0xcd2/0x1970 [ 54.215523][ T1053] ? usb_submit_urb+0xcd2/0x1970 [ 54.220455][ T1053] report_bug+0x1b1/0x2e0 [ 54.224797][ T1053] handle_bug+0x3d/0x70 [ 54.228969][ T1053] exc_invalid_op+0x16/0x40 [ 54.233479][ T1053] asm_exc_invalid_op+0x12/0x20 [ 54.238337][ T1053] RIP: 0010:usb_submit_urb+0xcd2/0x1970 [ 54.243968][ T1053] Code: d8 48 c1 e8 03 42 8a 04 20 84 c0 0f 85 89 09 00 00 44 8b 03 48 c7 c7 c0 2c 04 8b 4c 89 fe 4c 89 f2 89 e9 31 c0 e8 5e c7 6f fb <0f> 0b 4c 8b 7c 24 10 4c 8b 64 24 38 8b 5c 24 28 45 89 e6 4c 89 f7 [ 54.263559][ T1053] RSP: 0018:ffffc900045bfa20 EFLAGS: 00010246 [ 54.269717][ T1053] RAX: c0488d4b2013c100 RBX: ffffffff8b042a08 RCX: ffff88801c0eb900 [ 54.277688][ T1053] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 54.285666][ T1053] RBP: 0000000000000001 R08: ffffffff81695fe2 R09: ffffed10173857a8 [ 54.293630][ T1053] R10: ffffed10173857a8 R11: 0000000000000000 R12: dffffc0000000000 [ 54.301604][ T1053] R13: ffff888014de4400 R14: ffff888012bb16b8 R15: ffffffff8b04cc80 [ 54.309569][ T1053] ? wake_up_klogd+0xb2/0xf0 [ 54.314174][ T1053] carl9170_usb_init_device+0x243/0x880 [ 54.319719][ T1053] carl9170_usb_firmware_step2+0xa5/0x260 [ 54.325444][ T1053] request_firmware_work_func+0x19b/0x270 [ 54.331208][ T1053] ? carl9170_usb_tasklet+0x280/0x280 [ 54.336601][ T1053] ? request_firmware_nowait+0x460/0x460 [ 54.342246][ T1053] ? _raw_spin_unlock_irq+0x1f/0x40 [ 54.347443][ T1053] process_one_work+0x853/0x1140 [ 54.352383][ T1053] ? worker_detach_from_pool+0x260/0x260 [ 54.358022][ T1053] ? _raw_spin_lock_irqsave+0x120/0x120 [ 54.363566][ T1053] ? kthread_data+0x4d/0xc0 [ 54.368058][ T1053] ? wq_worker_running+0x8b/0x140 [ 54.373084][ T1053] worker_thread+0xac1/0x1320 [ 54.377762][ T1053] ? __kthread_parkme+0x166/0x1c0 [ 54.382788][ T1053] kthread+0x453/0x480 [ 54.386847][ T1053] ? rcu_lock_release+0x20/0x20 [ 54.391682][ T1053] ? kthread_blkcg+0xd0/0xd0 [ 54.396263][ T1053] ret_from_fork+0x1f/0x30 [ 54.401080][ T1053] Kernel Offset: disabled [ 54.405594][ T1053] Rebooting in 86400 seconds..