Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. [ 13.202532][ C1] random: crng init done [ 13.202561][ C1] random: 7 urandom warning(s) missed due to ratelimiting Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.116' (ECDSA) to the list of known hosts. syzkaller login: [ 50.638138][ T21] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 51.007602][ T21] usb 1-1: config 0 has an invalid interface number: 130 but max is 0 [ 51.016085][ T21] usb 1-1: config 0 has no interface number 0 [ 51.022610][ T21] usb 1-1: config 0 interface 130 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 51.033766][ T21] usb 1-1: New USB device found, idVendor=2040, idProduct=8265, bcdDevice=f3.4a [ 51.043589][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.053541][ T21] usb 1-1: config 0 descriptor?? [ 51.110191][ T21] em28xx 1-1:0.130: New device @ 480 Mbps (2040:8265, interface 130, class 130) [ 51.119571][ T21] em28xx 1-1:0.130: Audio interface 130 found (Vendor Class) [ 51.307816][ T356] udc-core: couldn't find an available UDC or it's busy [ 51.315270][ T356] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 51.357562][ T21] em28xx 1-1:0.130: unknown em28xx chip ID (0) [ 51.377586][ T21] em28xx 1-1:0.130: Config register raw data: 0xfffffffb [ 51.397444][ T21] em28xx 1-1:0.130: AC97 chip type couldn't be determined [ 51.404587][ T21] em28xx 1-1:0.130: No AC97 audio processor [ 51.413061][ T21] em28xx 1-1:0.130: We currently don't support analog TV or stream capture on dual tuners. [ 51.547409][ T21] em28xx 1-1:0.130: unknown em28xx chip ID (0) [ 51.567425][ T21] em28xx 1-1:0.130: Config register raw data: 0xfffffffb [ 51.587408][ T21] em28xx 1-1:0.130: AC97 chip type couldn't be determined [ 51.594549][ T21] em28xx 1-1:0.130: No AC97 audio processor [ 51.842494][ T21] usb 1-1: USB disconnect, device number 2 [ 51.849579][ T21] em28xx 1-1:0.130: Disconnecting em28xx #1 [ 51.855482][ T21] em28xx 1-1:0.130: Disconnecting em28xx [ 51.864706][ T21] em28xx 1-1:0.130: Freeing device [ 51.870023][ T21] em28xx 1-1:0.130: Freeing device [ 52.227224][ T21] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 52.587187][ T21] usb 1-1: config 0 has an invalid interface number: 130 but max is 0 [ 52.595410][ T21] usb 1-1: config 0 has no interface number 0 [ 52.602584][ T21] usb 1-1: config 0 interface 130 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 52.613780][ T21] usb 1-1: New USB device found, idVendor=2040, idProduct=8265, bcdDevice=f3.4a [ 52.622915][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.632326][ T21] usb 1-1: config 0 descriptor?? [ 52.701279][ T21] em28xx 1-1:0.130: New device @ 480 Mbps (2040:8265, interface 130, class 130) [ 52.710616][ T21] em28xx 1-1:0.130: Audio interface 130 found (Vendor Class) [ 52.897731][ T362] udc-core: couldn't find an available UDC or it's busy [ 52.905032][ T362] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 52.957233][ T21] em28xx 1-1:0.130: unknown em28xx chip ID (0) [ 52.977421][ T21] em28xx 1-1:0.130: Config register raw data: 0xfffffffb [ 52.997103][ T21] em28xx 1-1:0.130: AC97 chip type couldn't be determined [ 53.004237][ T21] em28xx 1-1:0.130: No AC97 audio processor [ 53.012758][ T21] list_add corruption. prev->next should be next (ffffffff87a852a0), but was ffffffff8284f851. (prev=ffff8881cdb88250). [ 53.025695][ C1] ------------[ cut here ]------------ [ 53.025701][ C1] kernel BUG at lib/list_debug.c:26! [ 53.036527][ T21] invalid opcode: 0000 [#1] SMP KASAN [ 53.041892][ T21] CPU: 1 PID: 21 Comm: kworker/1:1 Not tainted 5.8.0-rc1-syzkaller #0 [ 53.050026][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.060195][ T21] Workqueue: usb_hub_wq hub_event [ 53.065270][ T21] RIP: 0010:__list_add_valid.cold+0x3a/0x3c [ 53.071145][ T21] Code: 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 80 88 fc 85 e8 fa 74 3d ff 0f 0b 48 89 f1 48 c7 c7 00 88 fc 85 4c 89 e6 e8 e6 74 3d ff <0f> 0b 48 89 ee 48 c7 c7 a0 89 fc 85 e8 d5 74 3d ff 0f 0b 4c 89 ea [ 53.091035][ T21] RSP: 0018:ffff8881da317020 EFLAGS: 00010286 [ 53.097098][ T21] RAX: 0000000000000075 RBX: ffff8881cd374130 RCX: 0000000000000000 [ 53.105048][ T21] RDX: 0000000000000000 RSI: ffffffff81298423 RDI: ffffed103b462df6 [ 53.113004][ T21] RBP: ffff8881cd374250 R08: 0000000000000075 R09: ffffed103b665ea2 [ 53.120959][ T21] R10: ffff8881db32f50f R11: ffffed103b665ea1 R12: ffffffff87a852a0 [ 53.128914][ T21] R13: ffff8881cd374000 R14: ffff8881cd37413c R15: ffff8881cd308000 [ 53.136875][ T21] FS: 0000000000000000(0000) GS:ffff8881db300000(0000) knlGS:0000000000000000 [ 53.145805][ T21] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 53.152382][ T21] CR2: 00007f7e57219008 CR3: 00000001d1d60000 CR4: 00000000001406e0 [ 53.160370][ T21] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 53.168441][ T21] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 53.176404][ T21] Call Trace: [ 53.179730][ T21] em28xx_init_extension+0x44/0x1f0 [ 53.184926][ T21] em28xx_init_dev.isra.0+0xa80/0x15dd [ 53.190396][ T21] ? _dev_info+0xd7/0x109 [ 53.194721][ T21] ? em28xx_usb_disconnect.cold+0x284/0x284 [ 53.200603][ T21] ? lockdep_init_map_waits+0x26a/0x7c0 [ 53.206158][ T21] ? lockdep_init_map_waits+0x26a/0x7c0 [ 53.211698][ T21] em28xx_usb_probe.cold+0xcac/0x2520 [ 53.217071][ T21] usb_probe_interface+0x310/0x800 [ 53.222179][ T21] ? usb_probe_device+0x230/0x230 [ 53.227193][ T21] really_probe+0x290/0xac0 [ 53.231693][ T21] driver_probe_device+0x26b/0x3d0 [ 53.236793][ T21] __device_attach_driver+0x1d1/0x290 [ 53.242158][ T21] ? driver_allows_async_probing+0x160/0x160 [ 53.248126][ T21] bus_for_each_drv+0x162/0x1e0 [ 53.252973][ T21] ? bus_rescan_devices+0x20/0x20 [ 53.258066][ T21] __device_attach+0x21a/0x390 [ 53.262830][ T21] ? device_bind_driver+0xd0/0xd0 [ 53.267915][ T21] ? kobject_uevent_env+0x2b4/0x1560 [ 53.273188][ T21] bus_probe_device+0x1e4/0x290 [ 53.278026][ T21] device_add+0xb2b/0x1940 [ 53.282445][ T21] ? device_link_add_missing_supplier_links+0x370/0x370 [ 53.289426][ T21] usb_set_configuration+0xed4/0x1850 [ 53.294789][ T21] usb_generic_driver_probe+0x9d/0xe0 [ 53.300339][ T21] usb_probe_device+0xd9/0x230 [ 53.305119][ T21] ? usb_suspend+0x600/0x600 [ 53.309703][ T21] really_probe+0x290/0xac0 [ 53.314203][ T21] driver_probe_device+0x26b/0x3d0 [ 53.319297][ T21] __device_attach_driver+0x1d1/0x290 [ 53.324665][ T21] ? driver_allows_async_probing+0x160/0x160 [ 53.330623][ T21] bus_for_each_drv+0x162/0x1e0 [ 53.335454][ T21] ? bus_rescan_devices+0x20/0x20 [ 53.340454][ T21] __device_attach+0x21a/0x390 [ 53.345195][ T21] ? device_bind_driver+0xd0/0xd0 [ 53.350198][ T21] ? kobject_uevent_env+0x2b4/0x1560 [ 53.355467][ T21] bus_probe_device+0x1e4/0x290 [ 53.360291][ T21] device_add+0xb2b/0x1940 [ 53.364682][ T21] ? device_link_add_missing_supplier_links+0x370/0x370 [ 53.371610][ T21] ? _raw_spin_unlock_irq+0x1f/0x30 [ 53.376787][ T21] usb_new_device.cold+0x5a2/0xfd9 [ 53.381883][ T21] ? hub_disconnect+0x4a0/0x4a0 [ 53.386729][ T21] ? lockdep_hardirqs_on_prepare+0x370/0x550 [ 53.392703][ T21] hub_event+0x226d/0x43c0 [ 53.397097][ T21] ? hub_port_debounce+0x350/0x350 [ 53.402198][ T21] ? put_unbound_pool+0x171/0x760 [ 53.407207][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 53.412731][ T21] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 53.418012][ T21] process_one_work+0x965/0x1620 [ 53.422938][ T21] ? lock_release+0x710/0x710 [ 53.427594][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 53.432960][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 53.437897][ T21] worker_thread+0x7ab/0xe10 [ 53.442473][ T21] ? process_one_work+0x1620/0x1620 [ 53.447791][ T21] kthread+0x352/0x460 [ 53.451902][ T21] ? kthread_create_on_node+0xf0/0xf0 [ 53.457431][ T21] ? kthread_create_on_node+0xf0/0xf0 [ 53.462796][ T21] ret_from_fork+0x1f/0x30 [ 53.467188][ T21] Modules linked in: [ 53.471150][ T21] ---[ end trace df1a1d702c541237 ]--- [ 53.476625][ T21] RIP: 0010:__list_add_valid.cold+0x3a/0x3c [ 53.482599][ T21] Code: 0b 48 89 f2 4c 89 e1 48 89 ee 48 c7 c7 80 88 fc 85 e8 fa 74 3d ff 0f 0b 48 89 f1 48 c7 c7 00 88 fc 85 4c 89 e6 e8 e6 74 3d ff <0f> 0b 48 89 ee 48 c7 c7 a0 89 fc 85 e8 d5 74 3d ff 0f 0b 4c 89 ea [ 53.502272][ T21] RSP: 0018:ffff8881da317020 EFLAGS: 00010286 [ 53.508372][ T21] RAX: 0000000000000075 RBX: ffff8881cd374130 RCX: 0000000000000000 [ 53.516365][ T21] RDX: 0000000000000000 RSI: ffffffff81298423 RDI: ffffed103b462df6 [ 53.524387][ T21] RBP: ffff8881cd374250 R08: 0000000000000075 R09: ffffed103b665ea2 [ 53.532427][ T21] R10: ffff8881db32f50f R11: ffffed103b665ea1 R12: ffffffff87a852a0 [ 53.540435][ T21] R13: ffff8881cd374000 R14: ffff8881cd37413c R15: ffff8881cd308000 [ 53.548450][ T21] FS: 0000000000000000(0000) GS:ffff8881db300000(0000) knlGS:0000000000000000 [ 53.557423][ T21] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 53.564004][ T21] CR2: 00007f7e57219008 CR3: 00000001d1d60000 CR4: 00000000001406e0 [ 53.572119][ T21] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 53.580147][ T21] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 53.588149][ T21] Kernel panic - not syncing: Fatal exception [ 53.594789][ T21] Kernel Offset: disabled [ 53.599131][ T21] Rebooting in 86400 seconds..