Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts. 1970/01/01 00:00:43 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:43 parsed 1 programs syzkaller login: [ 43.905371][ T3967] cgroup: Unknown subsys name 'net' [ 44.209608][ T3967] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:00:44 executed programs: 0 [ 44.482152][ T3974] chnl_net:caif_netlink_parms(): no params data found [ 44.520305][ T3974] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.522084][ T3974] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.524226][ T3974] device bridge_slave_0 entered promiscuous mode [ 44.528591][ T3974] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.530292][ T3974] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.532397][ T3974] device bridge_slave_1 entered promiscuous mode [ 44.546708][ T3974] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 44.551605][ T3974] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 44.565949][ T3974] team0: Port device team_slave_0 added [ 44.569050][ T3974] team0: Port device team_slave_1 added [ 44.582727][ T3974] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 44.584310][ T3974] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.590562][ T3974] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 44.594922][ T3974] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 44.596961][ T3974] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.602601][ T3974] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 44.677807][ T3974] device hsr_slave_0 entered promiscuous mode [ 44.715913][ T3974] device hsr_slave_1 entered promiscuous mode [ 44.828308][ T3974] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 44.848531][ T3974] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 44.887688][ T3974] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 44.927832][ T3974] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 44.990960][ T3974] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.992665][ T3974] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.994698][ T3974] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.996314][ T3974] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.038154][ T3974] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.045087][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.049995][ T21] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.052846][ T21] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.056239][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 45.063153][ T3974] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.069036][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.070943][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.072518][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.077740][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.080065][ T21] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.081659][ T21] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.094157][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 45.098946][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 45.103840][ T3984] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 45.110644][ T3984] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.116842][ T3975] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.121034][ T3974] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 45.196789][ T3974] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.199584][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 45.201454][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 45.213461][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.225341][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.228927][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.231934][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.236275][ T3974] device veth0_vlan entered promiscuous mode [ 45.242157][ T3974] device veth1_vlan entered promiscuous mode [ 45.257938][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 45.260020][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 45.262438][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.267104][ T3974] device veth0_macvtap entered promiscuous mode [ 45.271069][ T3974] device veth1_macvtap entered promiscuous mode [ 45.282270][ T3974] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 45.284099][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.287345][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 45.293372][ T3974] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 45.298821][ T3974] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.300807][ T3974] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.302872][ T3974] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.304911][ T3974] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.308814][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.351643][ T1654] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.356373][ T1654] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.361475][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 45.367388][ T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.369055][ T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.372715][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 45.469562][ T3994] udc-core: couldn't find an available UDC or it's busy [ 45.471327][ T3994] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 45.736631][ T7] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 45.975538][ T7] usb 1-1: Using ep0 maxpacket: 16 [ 46.095692][ T7] usb 1-1: config 1 has too many interfaces: 163, using maximum allowed: 32 [ 46.097696][ T7] usb 1-1: config 1 has an invalid descriptor of length 7, skipping remainder of the config [ 46.099881][ T7] usb 1-1: config 1 has 3 interfaces, different from the descriptor's value: 163 [ 46.101791][ T7] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 46.104190][ T7] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 46.108185][ T7] usb 1-1: too many endpoints for config 1 interface 2 altsetting 0: 128, using maximum allowed: 30 [ 46.110482][ T7] usb 1-1: config 1 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 128 [ 46.113357][ T7] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 62, changing to 7 [ 46.116452][ T7] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 41992, setting to 1024 [ 46.277598][ T7] usb 1-1: New USB device found, idVendor=15c2, idProduct=0039, bcdDevice=80.f3 [ 46.279658][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 46.281353][ T7] usb 1-1: Product: syz [ 46.282202][ T7] usb 1-1: Manufacturer: syz [ 46.283118][ T7] usb 1-1: SerialNumber: syz [ 46.328841][ T7] imon:imon_find_endpoints: no valid input (IR) endpoint found [ 46.330588][ T7] imon 1-1:1.0: unable to initialize intf0, err -19 [ 46.332075][ T7] imon:imon_probe: failed to initialize context! [ 46.333396][ T7] imon 1-1:1.0: unable to register, err -19 [ 46.437425][ T3975] Bluetooth: hci0: command 0x0409 tx timeout [ 46.595727][ T7] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 46.622628][ T7] ------------[ cut here ]------------ [ 46.623764][ T7] DEBUG_LOCKS_WARN_ON(lock->magic != lock) [ 46.623803][ T7] WARNING: CPU: 0 PID: 7 at kernel/locking/mutex.c:575 __mutex_lock_common+0x1614/0x2154 [ 46.627158][ T7] Modules linked in: [ 46.627971][ T7] CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 5.15.116-syzkaller #0 [ 46.629648][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 46.631783][ T7] Workqueue: usb_hub_wq hub_event [ 46.632895][ T7] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 46.634514][ T7] pc : __mutex_lock_common+0x1614/0x2154 [ 46.635690][ T7] lr : __mutex_lock_common+0x1614/0x2154 [ 46.636908][ T7] sp : ffff8000188d6880 [ 46.637765][ T7] x29: ffff8000188d6a10 x28: dfff800000000000 x27: 1ffff0000307c1a4 [ 46.639516][ T7] x26: ffff8000183e0000 x25: ffff70000311ad2c x24: 0000000000000000 [ 46.641343][ T7] x23: 0000000000000000 x22: ffff80000e1cfc54 x21: 0000000000000000 [ 46.643133][ T7] x20: 0000000000000000 x19: ffff0000cbea4fc0 x18: 0000000000000001 [ 46.645002][ T7] x17: ff80800008335ea8 x16: ffff80001195028c x15: ffff800008335ea8 [ 46.646724][ T7] x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000000000 [ 46.648479][ T7] x11: ff8080000832d950 x10: 0000000000000000 x9 : 83ab217c45751600 [ 46.650220][ T7] x8 : 83ab217c45751600 x7 : 0000000000000001 x6 : 0000000000000001 [ 46.651900][ T7] x5 : ffff8000188d5ff8 x4 : ffff8000149cfca0 x3 : ffff80000854dc88 [ 46.653719][ T7] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000028 [ 46.655619][ T7] Call trace: [ 46.656275][ T7] __mutex_lock_common+0x1614/0x2154 [ 46.657400][ T7] mutex_lock_nested+0xa4/0xf8 [ 46.658360][ T7] imon_probe+0x1f4/0x2820 [ 46.659295][ T7] usb_probe_interface+0x500/0x984 [ 46.660424][ T7] really_probe+0x26c/0xaec [ 46.661424][ T7] __driver_probe_device+0x194/0x3b4 [ 46.662620][ T7] driver_probe_device+0x78/0x34c [ 46.663738][ T7] __device_attach_driver+0x28c/0x4d8 [ 46.664879][ T7] bus_for_each_drv+0x158/0x1e0 [ 46.665909][ T7] __device_attach+0x2f0/0x480 [ 46.666935][ T7] device_initial_probe+0x24/0x34 [ 46.668022][ T7] bus_probe_device+0xbc/0x1c8 [ 46.669006][ T7] device_add+0xae0/0xef4 [ 46.669942][ T7] usb_set_configuration+0x15e0/0x1b60 [ 46.671127][ T7] usb_generic_driver_probe+0x8c/0x148 [ 46.672375][ T7] usb_probe_device+0x120/0x25c [ 46.673438][ T7] really_probe+0x26c/0xaec [ 46.674557][ T7] __driver_probe_device+0x194/0x3b4 [ 46.675640][ T7] driver_probe_device+0x78/0x34c [ 46.676758][ T7] __device_attach_driver+0x28c/0x4d8 [ 46.677959][ T7] bus_for_each_drv+0x158/0x1e0 [ 46.679086][ T7] __device_attach+0x2f0/0x480 [ 46.680211][ T7] device_initial_probe+0x24/0x34 [ 46.681301][ T7] bus_probe_device+0xbc/0x1c8 [ 46.682295][ T7] device_add+0xae0/0xef4 [ 46.683213][ T7] usb_new_device+0x8fc/0x1448 [ 46.684257][ T7] hub_event+0x22e4/0x48c4 [ 46.685292][ T7] process_one_work+0x790/0x11b8 [ 46.686357][ T7] worker_thread+0x910/0x1034 [ 46.687402][ T7] kthread+0x37c/0x45c [ 46.688306][ T7] ret_from_fork+0x10/0x20 [ 46.689204][ T7] irq event stamp: 15455 [ 46.690123][ T7] hardirqs last enabled at (15455): [] _raw_spin_unlock_irqrestore+0xac/0x158 [ 46.692347][ T7] hardirqs last disabled at (15454): [] _raw_spin_lock_irqsave+0xfc/0x14c [ 46.694606][ T7] softirqs last enabled at (14072): [] __do_softirq+0xb5c/0xe20 [ 46.696782][ T7] softirqs last disabled at (14063): [] __irq_exit_rcu+0x28c/0x534 [ 46.698934][ T7] ---[ end trace 2dedc611c7d858df ]--- [ 46.700529][ T7] ================================================================== [ 46.702333][ T7] BUG: KASAN: slab-out-of-bounds in imon_probe+0x1fd0/0x2820 [ 46.703842][ T7] Read of size 1 at addr ffff0000cbea51e9 by task kworker/0:0/7 [ 46.705453][ T7] [ 46.705985][ T7] CPU: 0 PID: 7 Comm: kworker/0:0 Tainted: G W 5.15.116-syzkaller #0 [ 46.708170][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 46.710344][ T7] Workqueue: usb_hub_wq hub_event [ 46.711452][ T7] Call trace: [ 46.712139][ T7] dump_backtrace+0x0/0x530 [ 46.713173][ T7] show_stack+0x2c/0x3c [ 46.714084][ T7] dump_stack_lvl+0x108/0x170 [ 46.715107][ T7] print_address_description+0x7c/0x3f0 [ 46.716350][ T7] kasan_report+0x174/0x1e4 [ 46.717305][ T7] __asan_report_load1_noabort+0x44/0x50 [ 46.718450][ T7] imon_probe+0x1fd0/0x2820 [ 46.719383][ T7] usb_probe_interface+0x500/0x984 [ 46.720518][ T7] really_probe+0x26c/0xaec [ 46.721529][ T7] __driver_probe_device+0x194/0x3b4 [ 46.722676][ T7] driver_probe_device+0x78/0x34c [ 46.723776][ T7] __device_attach_driver+0x28c/0x4d8 [ 46.724951][ T7] bus_for_each_drv+0x158/0x1e0 [ 46.725968][ T7] __device_attach+0x2f0/0x480 [ 46.727032][ T7] device_initial_probe+0x24/0x34 [ 46.728116][ T7] bus_probe_device+0xbc/0x1c8 [ 46.729153][ T7] device_add+0xae0/0xef4 [ 46.730152][ T7] usb_set_configuration+0x15e0/0x1b60 [ 46.731354][ T7] usb_generic_driver_probe+0x8c/0x148 [ 46.732562][ T7] usb_probe_device+0x120/0x25c [ 46.733581][ T7] really_probe+0x26c/0xaec [ 46.734601][ T7] __driver_probe_device+0x194/0x3b4 [ 46.735767][ T7] driver_probe_device+0x78/0x34c [ 46.736883][ T7] __device_attach_driver+0x28c/0x4d8 [ 46.738076][ T7] bus_for_each_drv+0x158/0x1e0 [ 46.739080][ T7] __device_attach+0x2f0/0x480 [ 46.740079][ T7] device_initial_probe+0x24/0x34 [ 46.741162][ T7] bus_probe_device+0xbc/0x1c8 [ 46.742203][ T7] device_add+0xae0/0xef4 [ 46.743139][ T7] usb_new_device+0x8fc/0x1448 [ 46.744251][ T7] hub_event+0x22e4/0x48c4 [ 46.745198][ T7] process_one_work+0x790/0x11b8 [ 46.746278][ T7] worker_thread+0x910/0x1034 [ 46.747345][ T7] kthread+0x37c/0x45c [ 46.748246][ T7] ret_from_fork+0x10/0x20 [ 46.749185][ T7] [ 46.749698][ T7] Allocated by task 7: [ 46.750636][ T7] ____kasan_kmalloc+0xbc/0xfc [ 46.751670][ T7] __kasan_kmalloc+0x10/0x1c [ 46.752776][ T7] __kmalloc+0x29c/0x4c8 [ 46.753691][ T7] snd_card_new+0x74/0x10c [ 46.754701][ T7] snd_usb_audio_create+0x1a8/0xff4 [ 46.755894][ T7] usb_audio_probe+0x1100/0x1cdc [ 46.756895][ T7] usb_probe_interface+0x500/0x984 [ 46.758001][ T7] really_probe+0x26c/0xaec [ 46.759039][ T7] __driver_probe_device+0x194/0x3b4 [ 46.760207][ T7] driver_probe_device+0x78/0x34c [ 46.761282][ T7] __device_attach_driver+0x28c/0x4d8 [ 46.762426][ T7] bus_for_each_drv+0x158/0x1e0 [ 46.763483][ T7] __device_attach+0x2f0/0x480 [ 46.764470][ T7] device_initial_probe+0x24/0x34 [ 46.765584][ T7] bus_probe_device+0xbc/0x1c8 [ 46.766568][ T7] device_add+0xae0/0xef4 [ 46.767499][ T7] usb_set_configuration+0x15e0/0x1b60 [ 46.768666][ T7] usb_generic_driver_probe+0x8c/0x148 [ 46.769858][ T7] usb_probe_device+0x120/0x25c [ 46.770996][ T7] really_probe+0x26c/0xaec [ 46.771944][ T7] __driver_probe_device+0x194/0x3b4 [ 46.773113][ T7] driver_probe_device+0x78/0x34c [ 46.774202][ T7] __device_attach_driver+0x28c/0x4d8 [ 46.775334][ T7] bus_for_each_drv+0x158/0x1e0 [ 46.776478][ T7] __device_attach+0x2f0/0x480 [ 46.777515][ T7] device_initial_probe+0x24/0x34 [ 46.778587][ T7] bus_probe_device+0xbc/0x1c8 [ 46.779606][ T7] device_add+0xae0/0xef4 [ 46.780599][ T7] usb_new_device+0x8fc/0x1448 [ 46.781655][ T7] hub_event+0x22e4/0x48c4 [ 46.782624][ T7] process_one_work+0x790/0x11b8 [ 46.783700][ T7] worker_thread+0x910/0x1034 [ 46.784759][ T7] kthread+0x37c/0x45c [ 46.785714][ T7] ret_from_fork+0x10/0x20 [ 46.786624][ T7] [ 46.787102][ T7] The buggy address belongs to the object at ffff0000cbea4000 [ 46.787102][ T7] which belongs to the cache kmalloc-8k of size 8192 [ 46.790270][ T7] The buggy address is located 4585 bytes inside of [ 46.790270][ T7] 8192-byte region [ffff0000cbea4000, ffff0000cbea6000) [ 46.793102][ T7] The buggy address belongs to the page: [ 46.794336][ T7] page:000000001f90873c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10bea0 [ 46.796484][ T7] head:000000001f90873c order:3 compound_mapcount:0 compound_pincount:0 [ 46.798347][ T7] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 46.800150][ T7] raw: 05ffc00000010200 fffffc00032c6c00 0000000200000002 ffff0000c0002c00 [ 46.801982][ T7] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 46.803918][ T7] page dumped because: kasan: bad access detected [ 46.805400][ T7] [ 46.805848][ T7] Memory state around the buggy address: [ 46.807096][ T7] ffff0000cbea5080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.808857][ T7] ffff0000cbea5100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.810687][ T7] >ffff0000cbea5180: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 46.812482][ T7] ^ [ 46.814178][ T7] ffff0000cbea5200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.815861][ T7] ffff0000cbea5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.817638][ T7] ================================================================== [ 46.819743][ T7] imon:imon_find_endpoints: no valid input (IR) endpoint found [ 46.821335][ T7] (NULL device *): unable to initialize intf1, err -19 [ 46.822770][ T7] imon:imon_probe: failed to attach to context! [ 46.824132][ T7] imon 1-1:1.1: unable to register, err -19 [ 46.827071][ T7] usb 1-1: USB disconnect, device number 2 [ 46.828530][ T7] Unable to handle kernel paging request at virtual address ffffffffffffffe0 [ 46.830382][ T7] Mem abort info: [ 46.831159][ T7] ESR = 0x0000000096000004 [ 46.832145][ T7] EC = 0x25: DABT (current EL), IL = 32 bits [ 46.833711][ T7] SET = 0, FnV = 0 [ 46.834523][ T7] EA = 0, S1PTW = 0 [ 46.835323][ T7] FSC = 0x04: level 0 translation fault [ 46.836603][ T7] Data abort info: [ 46.837427][ T7] ISV = 0, ISS = 0x00000004 [ 46.838455][ T7] CM = 0, WnR = 0 [ 46.839266][ T7] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001b4920000 [ 46.840810][ T7] [ffffffffffffffe0] pgd=0000000000000000, p4d=0000000000000000 [ 46.842453][ T7] Internal error: Oops: 96000004 [#1] PREEMPT SMP [ 46.843800][ T7] Modules linked in: [ 46.844589][ T7] CPU: 0 PID: 7 Comm: kworker/0:0 Tainted: G B W 5.15.116-syzkaller #0 [ 46.846688][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 46.848933][ T7] Workqueue: usb_hub_wq hub_event [ 46.850058][ T7] pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 46.851732][ T7] pc : snd_card_disconnect+0x144/0x728 [ 46.852905][ T7] lr : snd_card_disconnect+0x108/0x728 [ 46.854094][ T7] sp : ffff8000188d7160 [ 46.855036][ T7] x29: ffff8000188d7220 x28: ffff800013195a40 x27: dfff800000000000 [ 46.856788][ T7] x26: ffff70000311ae50 x25: ffffffffffffffe0 x24: ffff0000ca85b000 [ 46.858538][ T7] x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000ca85b818 [ 46.860317][ T7] x20: ffff8000167f5bc0 x19: 1ffffffffffffffc x18: 0000000000000001 [ 46.861979][ T7] x17: ff8080000bfa79f4 x16: ffff80000830309c x15: ffff80000bfa79f4 [ 46.863716][ T7] x14: 0000000000000003 x13: ffffffffffffffff x12: 0000000000000000 [ 46.865449][ T7] x11: ff8080000f877958 x10: 0000000000000000 x9 : ffff80001843f390 [ 46.867133][ T7] x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffff80000f877938 [ 46.869007][ T7] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80000f8779a4 [ 46.870722][ T7] x2 : 0000000000000000 x1 : 0000000000000008 x0 : 0000000000000000 [ 46.872398][ T7] Call trace: [ 46.873153][ T7] snd_card_disconnect+0x144/0x728 [ 46.874238][ T7] usb_audio_disconnect+0x240/0x6a4 [ 46.875389][ T7] usb_unbind_interface+0x1a4/0x758 [ 46.876461][ T7] device_release_driver_internal+0x464/0x6ac [ 46.877785][ T7] device_release_driver+0x28/0x38 [ 46.878905][ T7] bus_remove_device+0x298/0x38c [ 46.879915][ T7] device_del+0x57c/0x9b4 [ 46.880809][ T7] usb_disable_device+0x354/0x760 [ 46.881884][ T7] usb_disconnect+0x290/0x7e8 [ 46.882963][ T7] hub_event+0x167c/0x48c4 [ 46.883943][ T7] process_one_work+0x790/0x11b8 [ 46.884982][ T7] worker_thread+0xb88/0x1034 [ 46.885999][ T7] kthread+0x37c/0x45c [ 46.886828][ T7] ret_from_fork+0x10/0x20 [ 46.887880][ T7] Code: 38776a68 34000068 aa1903e0 96413fe4 (f9400328) [ 46.889391][ T7] ---[ end trace 2dedc611c7d858e0 ]--- [ 47.060204][ T3998] udc-core: couldn't find an available UDC or it's busy [ 47.061814][ T3998] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 47.241897][ T7] Kernel panic - not syncing: Oops: Fatal exception [ 47.243449][ T7] SMP: stopping secondary CPUs [ 47.244479][ T7] Kernel Offset: disabled [ 47.245466][ T7] CPU features: 0x000081c1,21302e40 [ 47.246614][ T7] Memory Limit: none [ 47.563501][ T7] Rebooting in 86400 seconds..