syzkaller login: [   53.893882][ T9360] sshd (9360) used greatest stack depth: 22496 bytes left
Warning: Permanently added '[localhost]:10054' (ED25519) to the list of known hosts.
executing program
[   67.412721][   T50] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   67.568857][   T50] usb 1-1: config index 0 descriptor too short (expected 1051, got 27)
[   67.571263][   T50] usb 1-1: config 0 has an invalid interface number: 130 but max is 0
[   67.573839][   T50] usb 1-1: config 0 has no interface number 0
[   67.576275][   T50] usb 1-1: config 0 interface 130 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   67.579463][   T50] usb 1-1: New USB device found, idVendor=2040, idProduct=8265, bcdDevice=f3.4a
[   67.581919][   T50] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   67.604266][   T50] usb 1-1: config 0 descriptor??
[   67.626304][   T50] em28xx 1-1:0.130: New device   @ 480 Mbps (2040:8265, interface 130, class 130)
[   67.627836][   T50] em28xx 1-1:0.130: Audio interface 130 found (Vendor Class)
executing program
[   67.892317][   T50] em28xx 1-1:0.130: unknown em28xx chip ID (0)
[   67.893951][   T50] em28xx 1-1:0.130: Config register raw data: 0xfffffffb
[   67.894940][   T50] em28xx 1-1:0.130: AC97 chip type couldn't be determined
[   67.895757][   T50] em28xx 1-1:0.130: No AC97 audio processor
[   67.896417][   T50] em28xx 1-1:0.130: We currently don't support analog TV or stream capture on dual tuners.
[   67.952575][   T50] em28xx 1-1:0.130: unknown em28xx chip ID (0)
[   67.954733][   T50] em28xx 1-1:0.130: Config register raw data: 0xfffffffb
[   67.956982][   T50] em28xx 1-1:0.130: AC97 chip type couldn't be determined
[   67.959023][   T50] em28xx 1-1:0.130: No AC97 audio processor
[   68.172723][   T50] usb 1-1: USB disconnect, device number 2
[   68.174284][   T50] em28xx 1-1:0.130: Disconnecting em28xx #1
[   68.174800][   T50] em28xx 1-1:0.130: Disconnecting em28xx
[   68.183827][   T50] em28xx 1-1:0.130: Freeing device
[   68.184328][   T50] em28xx 1-1:0.130: Freeing device
[   68.482136][   T50] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   68.644426][   T50] usb 1-1: config index 0 descriptor too short (expected 1051, got 27)
[   68.645533][   T50] usb 1-1: config 0 has an invalid interface number: 130 but max is 0
[   68.646557][   T50] usb 1-1: config 0 has no interface number 0
[   68.647353][   T50] usb 1-1: config 0 interface 130 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   68.648723][   T50] usb 1-1: New USB device found, idVendor=2040, idProduct=8265, bcdDevice=f3.4a
[   68.649866][   T50] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   68.653275][   T50] usb 1-1: config 0 descriptor??
[   68.658843][   T50] em28xx 1-1:0.130: New device   @ 480 Mbps (2040:8265, interface 130, class 130)
[   68.660050][   T50] em28xx 1-1:0.130: Audio interface 130 found (Vendor Class)
executing program
[   68.912250][   T50] em28xx 1-1:0.130: unknown em28xx chip ID (0)
[   68.913025][   T50] em28xx 1-1:0.130: Config register raw data: 0xfffffffb
[   68.913792][   T50] em28xx 1-1:0.130: AC97 chip type couldn't be determined
[   68.914354][   T50] em28xx 1-1:0.130: No AC97 audio processor
[   68.914839][   T50]  non-slab/vmalloc memory
[   68.915759][   T50] list_add corruption. prev->next should be next (ffffffff8fbc78e0), but was 0000000000000000. (prev=ffff888048928250).
[   68.917014][   T50] ------------[ cut here ]------------
[   68.917450][   T50] kernel BUG at lib/list_debug.c:32!
[   68.917885][   T50] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
[   68.918437][   T50] CPU: 1 UID: 0 PID: 50 Comm: kworker/1:1 Not tainted 6.14.0-rc4 #1
[   68.919091][   T50] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[   68.919836][   T50] Workqueue: usb_hub_wq hub_event
[   68.922440][   T50] RIP: 0010:__list_add_valid_or_report+0x13b/0x1a0
[   68.923312][   T50] Code: 00 00 00 00 fc ff df 48 89 f2 48 c1 ea 03 80 3c 02 00 75 5a 48 8b 16 48 89 f1 48 c7 c7 20 1c f2 8b 4c 89 e6 e8 16 68 d3 fc 90 <0f> 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 a0 1c f2 8b e8 fe 67 d3
[   68.924794][   T50] RSP: 0018:ffffc9000066ee78 EFLAGS: 00010246
[   68.925277][   T50] RAX: 0000000000000075 RBX: 0000000000000008 RCX: 0000000000000000
[   68.925894][   T50] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   68.926511][   T50] RBP: ffff888048928250 R08: 0000000000000000 R09: 0000000000000000
[   68.927147][   T50] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff8fbc78e0
[   68.927811][   T50] R13: ffff888046c68250 R14: ffffffff8fbc78e8 R15: 00000000fffffffb
[   68.928462][   T50] FS:  0000000000000000(0000) GS:ffff88807ee00000(0000) knlGS:0000000000000000
[   68.929200][   T50] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.929746][   T50] CR2: 0000555560babd68 CR3: 000000004a302000 CR4: 00000000000006f0
[   68.930409][   T50] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.931040][   T50] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   68.931676][   T50] Call Trace:
[   68.931955][   T50]  <TASK>
[   68.932207][   T50]  ? die+0x32/0x90
[   68.932551][   T50]  ? do_trap+0x1fd/0x260
[   68.932923][   T50]  ? __list_add_valid_or_report+0x13b/0x1a0
[   68.933436][   T50]  ? do_error_trap+0x107/0x240
[   68.933838][   T50]  ? __list_add_valid_or_report+0x13b/0x1a0
[   68.934315][   T50]  ? __list_add_valid_or_report+0x13b/0x1a0
[   68.934799][   T50]  ? handle_invalid_op+0x34/0x50
[   68.935205][   T50]  ? __list_add_valid_or_report+0x13b/0x1a0
[   68.935722][   T50]  ? exc_invalid_op+0x5d/0x80
[   68.936756][   T50]  ? asm_exc_invalid_op+0x1a/0x20
[   68.937186][   T50]  ? __list_add_valid_or_report+0x13b/0x1a0
[   68.937690][   T50]  ? __list_add_valid_or_report+0x13a/0x1a0
[   68.938180][   T50]  em28xx_init_extension+0x48/0x200
[   68.938631][   T50]  em28xx_init_dev.constprop.0+0xe40/0x12f0
[   68.939125][   T50]  em28xx_usb_probe+0x114c/0x3690
[   68.939556][   T50]  usb_probe_interface+0x30b/0x9e0
[   68.939993][   T50]  ? __pfx_usb_probe_interface+0x10/0x10
[   68.940468][   T50]  really_probe+0x252/0xaa0
[   68.940853][   T50]  __driver_probe_device+0x1df/0x460
[   68.941303][   T50]  ? parse_option_str+0x1a2/0x1f0
[   68.941733][   T50]  driver_probe_device+0x49/0x120
[   68.942157][   T50]  __device_attach_driver+0x1e3/0x2f0
[   68.942597][   T50]  bus_for_each_drv+0x14c/0x1e0
[   68.943026][   T50]  ? __pfx___device_attach_driver+0x10/0x10
[   68.943516][   T50]  ? __pfx_bus_for_each_drv+0x10/0x10
[   68.943976][   T50]  ? _raw_spin_unlock_irqrestore+0x5e/0x80
[   68.944464][   T50]  ? lockdep_hardirqs_on+0x7c/0x120
[   68.944921][   T50]  ? _raw_spin_unlock_irqrestore+0x41/0x80
[   68.945406][   T50]  __device_attach+0x1f2/0x4d0
[   68.945809][   T50]  ? __pfx___device_attach+0x10/0x10
[   68.946236][   T50]  ? do_raw_spin_unlock+0x54/0x240
[   68.946652][   T50]  bus_probe_device+0x17f/0x1c0
[   68.947053][   T50]  device_add+0xc5e/0x1490
[   68.947440][   T50]  ? mark_held_locks+0x9f/0xf0
[   68.947854][   T50]  ? __pfx_device_add+0x10/0x10
[   68.948250][   T50]  ? _raw_spin_unlock_irqrestore+0x5e/0x80
[   68.948720][   T50]  usb_set_configuration+0x11a5/0x1c50
[   68.949158][   T50]  ? __pfx_usb_generic_driver_probe+0x10/0x10
[   68.949647][   T50]  usb_generic_driver_probe+0xbf/0x120
[   68.950081][   T50]  usb_probe_device+0xed/0x3e0
[   68.950491][   T50]  ? __pfx_usb_probe_device+0x10/0x10
[   68.950929][   T50]  really_probe+0x252/0xaa0
[   68.951306][   T50]  __driver_probe_device+0x1df/0x460
[   68.951757][   T50]  ? parse_option_str+0x1a2/0x1f0
[   68.952175][   T50]  driver_probe_device+0x49/0x120
[   68.952618][   T50]  __device_attach_driver+0x1e3/0x2f0
[   68.953065][   T50]  bus_for_each_drv+0x14c/0x1e0
[   68.953455][   T50]  ? __pfx___device_attach_driver+0x10/0x10
[   68.953939][   T50]  ? __pfx_bus_for_each_drv+0x10/0x10
[   68.954380][   T50]  ? _raw_spin_unlock_irqrestore+0x5e/0x80
[   68.954854][   T50]  ? lockdep_hardirqs_on+0x7c/0x120
[   68.955274][   T50]  ? _raw_spin_unlock_irqrestore+0x41/0x80
[   68.955745][   T50]  __device_attach+0x1f2/0x4d0
[   68.956130][   T50]  ? __pfx___device_attach+0x10/0x10
[   68.956555][   T50]  ? do_raw_spin_unlock+0x54/0x240
[   68.956968][   T50]  bus_probe_device+0x17f/0x1c0
[   68.957359][   T50]  device_add+0xc5e/0x1490
[   68.957757][   T50]  ? __pfx_device_add+0x10/0x10
[   68.958153][   T50]  usb_new_device+0x8f4/0x1430
[   68.958539][   T50]  hub_port_connect+0x1122/0x2730
[   68.958952][   T50]  ? __pfx_hub_port_connect+0x10/0x10
[   68.959380][   T50]  ? usb_control_msg+0x39c/0x4b0
[   68.959790][   T50]  hub_port_connect_change+0x27c/0x7f0
[   68.960226][   T50]  port_event+0xe3d/0x1220
[   68.960588][   T50]  ? __pfx_port_event+0x10/0x10
[   68.960990][   T50]  ? hlock_class+0x4e/0x140
[   68.961356][   T50]  ? mark_held_locks+0x9f/0xf0
[   68.961752][   T50]  ? _raw_spin_unlock_irq+0x23/0x60
[   68.962168][   T50]  ? lockdep_hardirqs_on+0x7c/0x120
[   68.962588][   T50]  hub_event+0x517/0xca0
[   68.962947][   T50]  ? __pfx_hub_event+0x10/0x10
[   68.963333][   T50]  ? process_one_work+0x7e2/0x18c0
[   68.963762][   T50]  ? rcu_is_watching+0x12/0xd0
[   68.964155][   T50]  process_one_work+0x109d/0x18c0
[   68.964562][   T50]  ? __pfx_lock_acquire+0x10/0x10
[   68.964986][   T50]  ? __pfx_process_one_work+0x10/0x10
[   68.965427][   T50]  ? assign_work+0x194/0x250
[   68.965808][   T50]  worker_thread+0x677/0xe90
[   68.966185][   T50]  ? __pfx_worker_thread+0x10/0x10
[   68.966598][   T50]  kthread+0x3b3/0x760
[   68.966944][   T50]  ? __pfx_kthread+0x10/0x10
[   68.967316][   T50]  ? _raw_spin_unlock_irq+0x23/0x60
[   68.967737][   T50]  ? __pfx_kthread+0x10/0x10
[   68.968108][   T50]  ret_from_fork+0x48/0x80
[   68.968476][   T50]  ? __pfx_kthread+0x10/0x10
[   68.968857][   T50]  ret_from_fork_asm+0x1a/0x30
[   68.969247][   T50]  </TASK>
[   68.969496][   T50] Modules linked in:
[   68.969936][   T50] ---[ end trace 0000000000000000 ]---
[   68.970544][   T50] RIP: 0010:__list_add_valid_or_report+0x13b/0x1a0
[   68.971085][   T50] Code: 00 00 00 00 fc ff df 48 89 f2 48 c1 ea 03 80 3c 02 00 75 5a 48 8b 16 48 89 f1 48 c7 c7 20 1c f2 8b 4c 89 e6 e8 16 68 d3 fc 90 <0f> 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 a0 1c f2 8b e8 fe 67 d3
[   68.972715][   T50] RSP: 0018:ffffc9000066ee78 EFLAGS: 00010246
[   68.973216][   T50] RAX: 0000000000000075 RBX: 0000000000000008 RCX: 0000000000000000
[   68.973839][   T50] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   68.974477][   T50] RBP: ffff888048928250 R08: 0000000000000000 R09: 0000000000000000
[   68.975127][   T50] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff8fbc78e0
[   68.975789][   T50] R13: ffff888046c68250 R14: ffffffff8fbc78e8 R15: 00000000fffffffb
[   68.976417][   T50] FS:  0000000000000000(0000) GS:ffff88807ee00000(0000) knlGS:0000000000000000
[   68.977120][   T50] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.977648][   T50] CR2: 0000555560babd68 CR3: 000000000e180000 CR4: 00000000000006f0
[   68.978300][   T50] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.978950][   T50] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   68.979619][   T50] Kernel panic - not syncing: Fatal exception
[   68.980314][   T50] Kernel Offset: disabled
[   68.980672][   T50] Rebooting in 86400 seconds..

VM DIAGNOSIS:
14:55:21  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=1ffffffff1c00fc3 RCX=0000000000000000 RDX=0000000000000000
RSI=0000000000000000 RDI=0000000000000000 RBP=0000000000000000 RSP=ffffffff8e007e08
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=ffffffff8e097740 R14=dffffc0000000000 R15=0000000000013c10
RIP=ffffffff8b63aafe RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f5d68804b90 CR3=0000000028d0a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff00000003 000055f0f0ddcd70
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=ffffffffffffffff ff00000000000000 XMM05=5342555300302e74 65676461672d7761
XMM06=722f737265766972 642f746567646167 XMM07=2f7375622f3d4854 4150564544006464
XMM08=0000000000000000 00000002020100ff XMM09=ffff000000000000 000000ffff00ffff
XMM10=0000000000000000 0000000000000000 XMM11=ffff000000ffffff ffff000000ffffff
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1
RAX=0000000000000070 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=ffffffff9b037a00 RBP=ffffffff9b0379c0 RSP=ffffc9000066e718
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000070 R14=ffffffff9b0379c0 R15=0000000000000000
RIP=ffffffff8540d9bf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88807ee00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000555560babd68 CR3=000000004a302000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000989680 0000000000000000 XMM01=0000000000000000 0000000000989680
XMM02=00007fae8e9c5b60 00007fae8e9c5b60 XMM03=00000000ff000000 000000000000ff00
XMM04=0000ff0000000000 0000000000000000 XMM05=000000ff00000000 00ff000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000