usb 1-1: device descriptor read/all, error 2 usb 1-1: reset high-speed USB device number 3 using dummy_hcd usb 1-1: device descriptor read/64, error -71 usb 1-1: reset high-speed USB device number 3 using dummy_hcd BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 10c5c4067 P4D 10c5c4067 PUD 115a20067 PMD 0 Oops: 0000 [#1] PREEMPT SMP CPU: 1 PID: 3622 Comm: kworker/1:5 Not tainted 6.0.0-rc2-syzkaller-00159-g4c612826bec1-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Workqueue: usb_hub_wq hub_event RIP: 0010:memcmp include/linux/fortify-string.h:420 [inline] RIP: 0010:descriptors_changed.part.0+0x17d/0x2c0 drivers/usb/core/hub.c:5152 Code: 89 de e8 f6 43 60 fe 84 db 0f 84 d1 00 00 00 45 31 f6 31 db eb 58 e8 72 4a 60 fe 48 8b 85 b8 04 00 00 4c 89 ff 0f b7 54 24 06 <48> 8b 34 d8 e8 0a 1c 73 ff 31 ff 41 89 c4 89 c6 e8 fe 43 60 fe 45 RSP: 0018:ffffc9000291b6c8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000012 RSI: ffffffff82d7733e RDI: ffff888115bf30e0 RBP: ffff888115cf9000 R08: 0000000000000004 R09: 0000000000000012 R10: 0000000000000012 R11: 0000000000000001 R12: 0000000000000012 R13: 0000000000000012 R14: 0000000000000000 R15: ffff888115bf30e0 FS: 0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000115e00000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: descriptors_changed drivers/usb/core/hub.c:5108 [inline] usb_reset_and_verify_device+0x273/0x520 drivers/usb/core/hub.c:5944 usb_reset_device+0x1b5/0x350 drivers/usb/core/hub.c:6110 carl9170_usb_probe+0x29/0x4d0 drivers/net/wireless/ath/carl9170/usb.c:1044 usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 call_driver_probe drivers/base/dd.c:530 [inline] really_probe+0x12d/0x390 drivers/base/dd.c:609 __driver_probe_device+0xbf/0x140 drivers/base/dd.c:748 driver_probe_device+0x2a/0x120 drivers/base/dd.c:778 __device_attach_driver+0xf6/0x140 drivers/base/dd.c:901 bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427 __device_attach+0x102/0x2d0 drivers/base/dd.c:973 bus_probe_device+0xc6/0xe0 drivers/base/bus.c:487 device_add+0x642/0xe60 drivers/base/core.c:3517 usb_set_configuration+0x8f2/0xb80 drivers/usb/core/message.c:2172 usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238 usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293 call_driver_probe drivers/base/dd.c:530 [inline] really_probe+0x12d/0x390 drivers/base/dd.c:609 __driver_probe_device+0xbf/0x140 drivers/base/dd.c:748 driver_probe_device+0x2a/0x120 drivers/base/dd.c:778 __device_attach_driver+0xf6/0x140 drivers/base/dd.c:901 bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:427 __device_attach+0x102/0x2d0 drivers/base/dd.c:973 bus_probe_device+0xc6/0xe0 drivers/base/bus.c:487 device_add+0x642/0xe60 drivers/base/core.c:3517 usb_new_device.cold+0x10f/0x58e drivers/usb/core/hub.c:2573 hub_port_connect drivers/usb/core/hub.c:5353 [inline] hub_port_connect_change drivers/usb/core/hub.c:5497 [inline] port_event drivers/usb/core/hub.c:5653 [inline] hub_event+0x1276/0x2170 drivers/usb/core/hub.c:5735 process_one_work+0x2ba/0x5f0 kernel/workqueue.c:2289 worker_thread+0x59/0x5b0 kernel/workqueue.c:2436 kthread+0x125/0x160 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 Modules linked in: CR2: 0000000000000000 ---[ end trace 0000000000000000 ]--- RIP: 0010:memcmp include/linux/fortify-string.h:420 [inline] RIP: 0010:descriptors_changed.part.0+0x17d/0x2c0 drivers/usb/core/hub.c:5152 Code: 89 de e8 f6 43 60 fe 84 db 0f 84 d1 00 00 00 45 31 f6 31 db eb 58 e8 72 4a 60 fe 48 8b 85 b8 04 00 00 4c 89 ff 0f b7 54 24 06 <48> 8b 34 d8 e8 0a 1c 73 ff 31 ff 41 89 c4 89 c6 e8 fe 43 60 fe 45 RSP: 0018:ffffc9000291b6c8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000012 RSI: ffffffff82d7733e RDI: ffff888115bf30e0 RBP: ffff888115cf9000 R08: 0000000000000004 R09: 0000000000000012 R10: 0000000000000012 R11: 0000000000000001 R12: 0000000000000012 R13: 0000000000000012 R14: 0000000000000000 R15: ffff888115bf30e0 FS: 0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000115e00000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 89 de mov %ebx,%esi 2: e8 f6 43 60 fe callq 0xfe6043fd 7: 84 db test %bl,%bl 9: 0f 84 d1 00 00 00 je 0xe0 f: 45 31 f6 xor %r14d,%r14d 12: 31 db xor %ebx,%ebx 14: eb 58 jmp 0x6e 16: e8 72 4a 60 fe callq 0xfe604a8d 1b: 48 8b 85 b8 04 00 00 mov 0x4b8(%rbp),%rax 22: 4c 89 ff mov %r15,%rdi 25: 0f b7 54 24 06 movzwl 0x6(%rsp),%edx * 2a: 48 8b 34 d8 mov (%rax,%rbx,8),%rsi <-- trapping instruction 2e: e8 0a 1c 73 ff callq 0xff731c3d 33: 31 ff xor %edi,%edi 35: 41 89 c4 mov %eax,%r12d 38: 89 c6 mov %eax,%esi 3a: e8 fe 43 60 fe callq 0xfe60443d 3f: 45 rex.RB