Warning: Permanently added '10.128.1.52' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 38.216588][ T95] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 38.426676][ T95] usb 1-1: config 158 has an invalid interface number: 22 but max is 2 [ 38.435030][ T95] usb 1-1: config 158 has an invalid interface number: 50 but max is 2 [ 38.443358][ T95] usb 1-1: config 158 has an invalid interface number: 255 but max is 2 [ 38.451723][ T95] usb 1-1: config 158 has an invalid interface descriptor of length 2, skipping [ 38.460840][ T95] usb 1-1: config 158 has no interface number 0 [ 38.467103][ T95] usb 1-1: config 158 has no interface number 1 [ 38.473335][ T95] usb 1-1: config 158 has no interface number 2 [ 38.479686][ T95] usb 1-1: config 158 interface 22 altsetting 127 endpoint 0x1 has an invalid bInterval 129, changing to 11 [ 38.491279][ T95] usb 1-1: config 158 interface 22 altsetting 127 endpoint 0x4 has an invalid bInterval 255, changing to 7 [ 38.502739][ T95] usb 1-1: config 158 interface 22 altsetting 127 bulk endpoint 0xB has invalid maxpacket 1023 [ 38.513296][ T95] usb 1-1: config 158 interface 22 altsetting 127 endpoint 0xE has an invalid bInterval 46, changing to 9 [ 38.524666][ T95] usb 1-1: config 158 interface 255 altsetting 255 has a duplicate endpoint with address 0x7, skipping [ 38.535746][ T95] usb 1-1: config 158 interface 255 altsetting 255 has a duplicate endpoint with address 0x3, skipping [ 38.546967][ T95] usb 1-1: config 158 interface 255 altsetting 255 has an invalid endpoint descriptor of length 2, skipping [ 38.558572][ T95] usb 1-1: config 158 interface 255 altsetting 255 endpoint 0x81 has invalid maxpacket 1811, setting to 1024 [ 38.570194][ T95] usb 1-1: config 158 interface 255 altsetting 255 bulk endpoint 0x81 has invalid maxpacket 1024 [ 38.580845][ T95] usb 1-1: config 158 interface 255 altsetting 255 endpoint 0x2 has an invalid bInterval 127, changing to 10 [ 38.592422][ T95] usb 1-1: config 158 interface 255 altsetting 255 has a duplicate endpoint with address 0x7, skipping [ 38.603481][ T95] usb 1-1: config 158 interface 255 altsetting 255 has a duplicate endpoint with address 0xB, skipping [ 38.614602][ T95] usb 1-1: config 158 interface 22 has no altsetting 0 [ 38.621500][ T95] usb 1-1: config 158 interface 50 has no altsetting 0 [ 38.628444][ T95] usb 1-1: config 158 interface 255 has no altsetting 0 [ 38.786660][ T95] usb 1-1: New USB device found, idVendor=0cf3, idProduct=0003, bcdDevice=d1.c9 [ 38.795712][ T95] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 38.803747][ T95] usb 1-1: Product: syz [ 38.807942][ T95] usb 1-1: Manufacturer: syz [ 38.812537][ T95] usb 1-1: SerialNumber: syz executing program [ 39.138640][ T95] ------------[ cut here ]------------ [ 39.144194][ T95] usb 1-1: BOGUS urb xfer, pipe 3 != type 1 [ 39.150387][ T95] WARNING: CPU: 0 PID: 95 at drivers/usb/core/urb.c:478 usb_submit_urb+0x1188/0x1460 [ 39.159995][ T95] Kernel panic - not syncing: panic_on_warn set ... [ 39.166584][ T95] CPU: 0 PID: 95 Comm: kworker/0:2 Not tainted 5.5.0-rc7-syzkaller #0 [ 39.174713][ T95] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.184760][ T95] Workqueue: usb_hub_wq hub_event [ 39.189806][ T95] Call Trace: [ 39.193086][ T95] dump_stack+0xef/0x16e [ 39.197349][ T95] ? usb_submit_urb+0x1100/0x1460 [ 39.202361][ T95] panic+0x2aa/0x6e1 [ 39.206247][ T95] ? add_taint.cold+0x16/0x16 [ 39.210911][ T95] ? __probe_kernel_read+0x188/0x1d0 [ 39.216173][ T95] ? __warn.cold+0x14/0x30 [ 39.220693][ T95] ? __warn+0xd5/0x1c8 [ 39.224752][ T95] ? usb_submit_urb+0x1188/0x1460 [ 39.229821][ T95] __warn.cold+0x2f/0x30 [ 39.234179][ T95] ? usb_submit_urb+0x1188/0x1460 [ 39.239197][ T95] report_bug+0x27b/0x2f0 [ 39.243522][ T95] do_error_trap+0x12b/0x1e0 [ 39.248109][ T95] ? usb_submit_urb+0x1188/0x1460 [ 39.253122][ T95] do_invalid_op+0x32/0x40 [ 39.257523][ T95] ? usb_submit_urb+0x1188/0x1460 [ 39.263031][ T95] invalid_op+0x23/0x30 [ 39.267176][ T95] RIP: 0010:usb_submit_urb+0x1188/0x1460 [ 39.272791][ T95] Code: 4d 85 ed 74 46 e8 28 2d e1 fd 4c 89 f7 e8 d0 87 17 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 2b 3b 86 e8 20 13 b6 fd <0f> 0b e9 20 f4 ff ff e8 fc 2c e1 fd 0f 1f 44 00 00 e8 f2 2c e1 fd [ 39.292390][ T95] RSP: 0018:ffff8881d58cf0d8 EFLAGS: 00010286 [ 39.298493][ T95] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 39.306710][ T95] RDX: 0000000000000000 RSI: ffffffff81295a0d RDI: ffffed103ab19e0d [ 39.314682][ T95] RBP: ffff8881cd478050 R08: ffff8881d71ac980 R09: fffffbfff1269cae [ 39.322770][ T95] R10: fffffbfff1269cad R11: ffffffff8934e56f R12: 0000000000000003 [ 39.330732][ T95] R13: ffff8881d098eee8 R14: ffff8881cda730a0 R15: ffff8881d5583b00 [ 39.338706][ T95] ? vprintk_func+0x7d/0x113 [ 39.343288][ T95] ? usb_submit_urb+0x1188/0x1460 [ 39.348325][ T95] ar5523_cmd+0x438/0x7a0 [ 39.352681][ T95] ar5523_probe+0xc11/0x1ad0 [ 39.357265][ T95] ? ar5523_data_rx_cb+0x10d0/0x10d0 [ 39.362540][ T95] ? __pm_runtime_set_status+0x5d5/0xa10 [ 39.368208][ T95] ? rpm_callback+0x230/0x230 [ 39.372866][ T95] ? lockdep_hardirqs_on+0x382/0x580 [ 39.378143][ T95] ? __pm_runtime_resume+0x111/0x180 [ 39.383415][ T95] usb_probe_interface+0x310/0x800 [ 39.388516][ T95] ? usb_probe_device+0x140/0x140 [ 39.393529][ T95] really_probe+0x290/0xad0 [ 39.398122][ T95] driver_probe_device+0x223/0x350 [ 39.403223][ T95] __device_attach_driver+0x1d1/0x290 [ 39.408655][ T95] ? driver_allows_async_probing+0x160/0x160 [ 39.414665][ T95] bus_for_each_drv+0x162/0x1e0 [ 39.419561][ T95] ? bus_rescan_devices+0x20/0x20 [ 39.424603][ T95] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 39.430409][ T95] ? lockdep_hardirqs_on+0x382/0x580 [ 39.435699][ T95] __device_attach+0x217/0x390 [ 39.440452][ T95] ? device_bind_driver+0xd0/0xd0 [ 39.445567][ T95] bus_probe_device+0x1e4/0x290 [ 39.450452][ T95] device_add+0x1459/0x1bf0 [ 39.454970][ T95] ? wait_for_completion+0x3c0/0x3c0 [ 39.460258][ T95] ? device_link_remove+0x110/0x110 [ 39.465620][ T95] usb_set_configuration+0xe47/0x17d0 [ 39.471030][ T95] generic_probe+0x9d/0xd5 [ 39.475445][ T95] usb_probe_device+0xaf/0x140 [ 39.480240][ T95] ? usb_suspend+0x5f0/0x5f0 [ 39.484819][ T95] really_probe+0x290/0xad0 [ 39.489307][ T95] driver_probe_device+0x223/0x350 [ 39.494417][ T95] __device_attach_driver+0x1d1/0x290 [ 39.499893][ T95] ? driver_allows_async_probing+0x160/0x160 [ 39.505856][ T95] bus_for_each_drv+0x162/0x1e0 [ 39.510721][ T95] ? bus_rescan_devices+0x20/0x20 [ 39.515849][ T95] ? _raw_spin_unlock_irqrestore+0x39/0x40 [ 39.521677][ T95] ? lockdep_hardirqs_on+0x382/0x580 [ 39.527156][ T95] __device_attach+0x217/0x390 [ 39.532976][ T95] ? device_bind_driver+0xd0/0xd0 [ 39.538262][ T95] bus_probe_device+0x1e4/0x290 [ 39.543303][ T95] device_add+0x1459/0x1bf0 [ 39.547829][ T95] ? device_link_remove+0x110/0x110 [ 39.553106][ T95] usb_new_device.cold+0x540/0xcd0 [ 39.558370][ T95] hub_event+0x21cb/0x4300 [ 39.562941][ T95] ? hub_port_debounce+0x350/0x350 [ 39.568056][ T95] ? find_held_lock+0x2d/0x110 [ 39.572824][ T95] ? mark_held_locks+0xe0/0xe0 [ 39.577654][ T95] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 39.583241][ T95] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 39.588622][ T95] process_one_work+0x945/0x15c0 [ 39.593564][ T95] ? pwq_dec_nr_in_flight+0x310/0x310 [ 39.598933][ T95] ? do_raw_spin_lock+0x129/0x290 [ 39.603991][ T95] worker_thread+0x96/0xe20 [ 39.608521][ T95] ? process_one_work+0x15c0/0x15c0 [ 39.613832][ T95] kthread+0x318/0x420 [ 39.617904][ T95] ? kthread_create_on_node+0xf0/0xf0 [ 39.623369][ T95] ret_from_fork+0x24/0x30 [ 39.628859][ T95] Kernel Offset: disabled [ 39.633272][ T95] Rebooting in 86400 seconds..