Warning: Permanently added '10.128.0.241' (ECDSA) to the list of known hosts.
syzkaller login: [ 51.950202][ T3605] chnl_net:caif_netlink_parms(): no params data found
[ 52.011858][ T3605] bridge0: port 1(bridge_slave_0) entered blocking state
[ 52.019443][ T3605] bridge0: port 1(bridge_slave_0) entered disabled state
[ 52.027736][ T3605] device bridge_slave_0 entered promiscuous mode
[ 52.036891][ T3605] bridge0: port 2(bridge_slave_1) entered blocking state
[ 52.044008][ T3605] bridge0: port 2(bridge_slave_1) entered disabled state
[ 52.052604][ T3605] device bridge_slave_1 entered promiscuous mode
[ 52.074827][ T3605] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 52.086684][ T3605] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 52.109245][ T3605] team0: Port device team_slave_0 added
[ 52.117043][ T3605] team0: Port device team_slave_1 added
[ 52.134865][ T3605] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 52.141916][ T3605] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 52.167941][ T3605] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 52.180421][ T3605] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 52.187607][ T3605] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 52.213741][ T3605] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 52.239697][ T3605] device hsr_slave_0 entered promiscuous mode
[ 52.246882][ T3605] device hsr_slave_1 entered promiscuous mode
[ 52.330872][ T3605] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 52.341587][ T3605] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 52.350464][ T3605] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 52.359865][ T3605] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 52.380442][ T3605] bridge0: port 2(bridge_slave_1) entered blocking state
[ 52.387644][ T3605] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 52.395425][ T3605] bridge0: port 1(bridge_slave_0) entered blocking state
[ 52.402679][ T3605] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 52.448316][ T3605] 8021q: adding VLAN 0 to HW filter on device bond0
[ 52.461515][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 52.472809][ T5] bridge0: port 1(bridge_slave_0) entered disabled state
[ 52.481827][ T5] bridge0: port 2(bridge_slave_1) entered disabled state
[ 52.489687][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 52.501884][ T3605] 8021q: adding VLAN 0 to HW filter on device team0
[ 52.513309][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 52.522235][ T3611] bridge0: port 1(bridge_slave_0) entered blocking state
[ 52.529503][ T3611] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 52.540216][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 52.549431][ T5] bridge0: port 2(bridge_slave_1) entered blocking state
[ 52.556552][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 52.577023][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 52.585851][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 52.597833][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 52.610091][ T141] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 52.622715][ T3605] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 52.634777][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 52.643425][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 52.664449][ T3605] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 52.672768][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 52.680757][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 52.809343][ T3612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 52.822984][ T141] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 52.831619][ T141] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 52.839622][ T141] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 52.849633][ T3605] device veth0_vlan entered promiscuous mode
[ 52.861102][ T3605] device veth1_vlan entered promiscuous mode
[ 52.878943][ T141] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 52.886962][ T141] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 52.894940][ T141] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 52.906343][ T3605] device veth0_macvtap entered promiscuous mode
[ 52.916142][ T3605] device veth1_macvtap entered promiscuous mode
[ 52.932009][ T3605] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 52.940478][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 52.950514][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 52.961276][ T3605] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 52.969336][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 52.978570][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 52.989138][ T3605] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 52.999349][ T3605] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[ 53.008355][ T3605] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 53.018587][ T3605] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 53.325703][ T5] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 53.696814][ T5] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[ 53.708015][ T5] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 17664, setting to 1024
[ 53.719304][ T5] usb 1-1: New USB device found, idVendor=12cf, idProduct=7111, bcdDevice=44.11
[ 53.728573][ T5] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 53.744674][ T5] usb 1-1: config 0 descriptor??
[ 53.768256][ T3605] raw-gadget gadget: fail, usb_ep_enable returned -22
[ 54.008387][ T5] radio-si470x 1-1:0.0: DeviceID=0x0000 ChipID=0x0000
[ 54.016505][ T5] radio-si470x 1-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[ 54.215863][ T5] radio-si470x 1-1:0.0: software version 0, hardware version 0
[ 54.223532][ T5] radio-si470x 1-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[ 54.235915][ T5] radio-si470x 1-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[ 54.457942][ T8] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 54.765988][ T5] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -110
[ 54.785487][ C0] radio-si470x 1-1:0.0: non-zero urb status (-71)
[ 54.792883][ T5] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -32
[ 54.802856][ T5] radio-si470x: probe of 1-1:0.0 failed with error -22
[ 54.810018][ C0] ==================================================================
[ 54.810104][ C0] BUG: KASAN: use-after-free in si470x_int_in_callback.cold+0x96/0xbf
[ 54.810154][ C0] Read of size 8 at addr ffff88801ef86b48 by task kworker/0:0/5
[ 54.810176][ C0]
[ 54.810183][ C0] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.16.0-rc6-next-20211224-syzkaller #0
[ 54.810211][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 54.810229][ C0] Workqueue: usb_hub_wq hub_event
[ 54.810262][ C0] Call Trace:
[ 54.810270][ C0]
[ 54.810281][ C0] dump_stack_lvl+0xcd/0x134
[ 54.810315][ C0] print_address_description.constprop.0.cold+0xa5/0x3ed
[ 54.810360][ C0] ? si470x_int_in_callback.cold+0x96/0xbf
[ 54.810395][ C0] ? si470x_int_in_callback.cold+0x96/0xbf
[ 54.810430][ C0] kasan_report.cold+0x83/0xdf
[ 54.810470][ C0] ? si470x_int_in_callback.cold+0x96/0xbf
[ 54.810510][ C0] si470x_int_in_callback.cold+0x96/0xbf
[ 54.810546][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 54.810590][ C0] ? si470x_fops_read+0x790/0x790
[ 54.810629][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 54.810672][ C0] ? usb_hcd_unmap_urb_for_dma+0x105/0x6d0
[ 54.810705][ C0] ? dummy_timer+0x11e7/0x32b0
[ 54.810748][ C0] __usb_hcd_giveback_urb+0x2b0/0x5c0
[ 54.810788][ C0] usb_hcd_giveback_urb+0x367/0x410
[ 54.810827][ C0] dummy_timer+0x11f9/0x32b0
[ 54.810878][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 54.810938][ C0] ? lock_chain_count+0x20/0x20
[ 54.810979][ C0] ? dummy_dequeue+0x500/0x500
[ 54.811027][ C0] ? dummy_dequeue+0x500/0x500
[ 54.811065][ C0] call_timer_fn+0x1a5/0x6b0
[ 54.811096][ C0] ? add_timer_on+0x4a0/0x4a0
[ 54.811135][ C0] ? _raw_spin_unlock_irq+0x1f/0x40
[ 54.811171][ C0] ? dummy_dequeue+0x500/0x500
[ 54.811212][ C0] __run_timers.part.0+0x67c/0xa30
[ 54.811253][ C0] ? call_timer_fn+0x6b0/0x6b0
[ 54.811284][ C0] ? lockdep_hardirqs_on+0x79/0x100
[ 54.811317][ C0] ? asm_sysvec_call_function_single+0x12/0x20
[ 54.811370][ C0] run_timer_softirq+0xb3/0x1d0
[ 54.811400][ C0] __do_softirq+0x29b/0x9c2
[ 54.811433][ C0] __irq_exit_rcu+0x123/0x180
[ 54.811474][ C0] irq_exit_rcu+0x5/0x20
[ 54.811510][ C0] sysvec_apic_timer_interrupt+0x93/0xc0
[ 54.811542][ C0]
[ 54.811550][ C0]
[ 54.811560][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 54.811599][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60
[ 54.811660][ C0] Code: 48 89 ef 5d e9 61 77 4a 00 5d be 03 00 00 00 e9 76 c8 70 02 66 0f 1f 44 00 00 48 8b be b0 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 <65> 8b 05 39 6b 8a 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b
[ 54.811686][ C0] RSP: 0018:ffffc90000ca6f50 EFLAGS: 00000293
[ 54.811708][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 54.811725][ C0] RDX: ffff888010e80000 RSI: ffffffff815f0b8c RDI: 0000000000000003
[ 54.811743][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8ffb5947
[ 54.811760][ C0] R10: ffffffff815f0b82 R11: 0000000000000000 R12: ffffffff84e25790
[ 54.811778][ C0] R13: 0000000000000200 R14: ffffc90000ca6fb0 R15: dffffc0000000000
[ 54.811797][ C0] ? loopback_xmit+0x6d0/0x6d0
[ 54.811833][ C0] ? console_unlock+0x6b2/0xb70
[ 54.811871][ C0] ? console_unlock+0x6bc/0xb70
[ 54.811910][ C0] console_unlock+0x6c2/0xb70
[ 54.811950][ C0] ? devkmsg_read+0x730/0x730
[ 54.811995][ C0] ? lock_release+0x720/0x720
[ 54.812041][ C0] ? vprintk+0x80/0x90
[ 54.812078][ C0] ? vprintk+0x80/0x90
[ 54.812118][ C0] vprintk_emit+0x198/0x4f0
[ 54.812160][ C0] vprintk+0x80/0x90
[ 54.812197][ C0] _printk+0xba/0xed
[ 54.812229][ C0] ? record_print_text.cold+0x16/0x16
[ 54.812262][ C0] ? __sanitizer_cov_trace_cmp4+0x1c/0x70
[ 54.812304][ C0] ? __pm_runtime_suspend+0xce/0x2d0
[ 54.812344][ C0] ? usb_probe_interface+0x3bf/0x7f0
[ 54.812389][ C0] ? really_probe+0x25c/0xcc0
[ 54.812435][ C0] really_probe.cold+0x6d/0x278
[ 54.812462][ C0] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 54.812507][ C0] __driver_probe_device+0x338/0x4d0
[ 54.812552][ C0] driver_probe_device+0x4c/0x1a0
[ 54.812593][ C0] __device_attach_driver+0x20b/0x2f0
[ 54.812637][ C0] ? driver_allows_async_probing+0x150/0x150
[ 54.812677][ C0] bus_for_each_drv+0x15f/0x1e0
[ 54.812714][ C0] ? bus_for_each_dev+0x1d0/0x1d0
[ 54.812748][ C0] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 54.812786][ C0] ? lockdep_hardirqs_on+0x79/0x100
[ 54.812819][ C0] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 54.812861][ C0] __device_attach+0x228/0x4a0
[ 54.812902][ C0] ? device_driver_attach+0x210/0x210
[ 54.812946][ C0] ? kobject_uevent_env+0x2bb/0x1650
[ 54.812989][ C0] bus_probe_device+0x1e4/0x290
[ 54.813033][ C0] device_add+0xc17/0x1ee0
[ 54.813069][ C0] ? mark_held_locks+0x9f/0xe0
[ 54.813107][ C0] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0
[ 54.813142][ C0] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 54.813178][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 54.813228][ C0] usb_set_configuration+0x101e/0x1900
[ 54.813290][ C0] usb_generic_driver_probe+0xba/0x100
[ 54.813331][ C0] usb_probe_device+0xd9/0x2c0
[ 54.813370][ C0] ? usb_driver_release_interface+0x180/0x180
[ 54.813414][ C0] really_probe+0x245/0xcc0
[ 54.813452][ C0] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 54.813497][ C0] __driver_probe_device+0x338/0x4d0
[ 54.813541][ C0] driver_probe_device+0x4c/0x1a0
[ 54.813582][ C0] __device_attach_driver+0x20b/0x2f0
[ 54.813625][ C0] ? driver_allows_async_probing+0x150/0x150
[ 54.813666][ C0] bus_for_each_drv+0x15f/0x1e0
[ 54.813702][ C0] ? bus_for_each_dev+0x1d0/0x1d0
[ 54.813737][ C0] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 54.813774][ C0] ? lockdep_hardirqs_on+0x79/0x100
[ 54.813806][ C0] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 54.813847][ C0] __device_attach+0x228/0x4a0
[ 54.813887][ C0] ? device_driver_attach+0x210/0x210
[ 54.813929][ C0] ? kobject_uevent_env+0x2bb/0x1650
[ 54.813966][ C0] bus_probe_device+0x1e4/0x290
[ 54.814014][ C0] device_add+0xc17/0x1ee0
[ 54.814056][ C0] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0
[ 54.814096][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 54.814143][ C0] usb_new_device.cold+0x63f/0x108e
[ 54.814195][ C0] ? hub_disconnect+0x510/0x510
[ 54.814223][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 54.814263][ C0] ? _raw_spin_unlock_irq+0x1f/0x40
[ 54.814303][ C0] hub_event+0x2585/0x44d0
[ 54.814364][ C0] ? hub_port_debounce+0x3c0/0x3c0
[ 54.814402][ C0] ? lock_release+0x720/0x720
[ 54.814436][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 54.814470][ C0] ? do_raw_spin_lock+0x120/0x2b0
[ 54.814522][ C0] process_one_work+0x9ac/0x1650
[ 54.814559][ C0] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 54.814593][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 54.814629][ C0] ? _raw_spin_lock_irq+0x41/0x50
[ 54.814673][ C0] worker_thread+0x657/0x1110
[ 54.814712][ C0] ? process_one_work+0x1650/0x1650
[ 54.814743][ C0] kthread+0x2e9/0x3a0
[ 54.814779][ C0] ? kthread_complete_and_exit+0x40/0x40
[ 54.814821][ C0] ret_from_fork+0x1f/0x30
[ 54.814872][ C0]
[ 54.814881][ C0]
[ 54.814886][ C0] Allocated by task 5:
[ 54.814897][ C0] kasan_save_stack+0x1e/0x40
[ 54.814923][ C0] __kasan_kmalloc+0xa9/0xd0
[ 54.814945][ C0] si470x_usb_driver_probe+0x51/0xf90
[ 54.814984][ C0] usb_probe_interface+0x315/0x7f0
[ 54.815022][ C0] really_probe+0x245/0xcc0
[ 54.815056][ C0] __driver_probe_device+0x338/0x4d0
[ 54.815094][ C0] driver_probe_device+0x4c/0x1a0
[ 54.815130][ C0] __device_attach_driver+0x20b/0x2f0
[ 54.815168][ C0] bus_for_each_drv+0x15f/0x1e0
[ 54.815201][ C0] __device_attach+0x228/0x4a0
[ 54.815236][ C0] bus_probe_device+0x1e4/0x290
[ 54.815270][ C0] device_add+0xc17/0x1ee0
[ 54.815299][ C0] usb_set_configuration+0x101e/0x1900
[ 54.815336][ C0] usb_generic_driver_probe+0xba/0x100
[ 54.815368][ C0] usb_probe_device+0xd9/0x2c0
[ 54.815402][ C0] really_probe+0x245/0xcc0
[ 54.815437][ C0] __driver_probe_device+0x338/0x4d0
[ 54.815474][ C0] driver_probe_device+0x4c/0x1a0
[ 54.815509][ C0] __device_attach_driver+0x20b/0x2f0
[ 54.815547][ C0] bus_for_each_drv+0x15f/0x1e0
[ 54.815579][ C0] __device_attach+0x228/0x4a0
[ 54.815614][ C0] bus_probe_device+0x1e4/0x290
[ 54.815648][ C0] device_add+0xc17/0x1ee0
[ 54.815678][ C0] usb_new_device.cold+0x63f/0x108e
[ 54.815715][ C0] hub_event+0x2585/0x44d0
[ 54.815741][ C0] process_one_work+0x9ac/0x1650
[ 54.815765][ C0] worker_thread+0x657/0x1110
[ 54.815788][ C0] kthread+0x2e9/0x3a0
[ 54.815821][ C0] ret_from_fork+0x1f/0x30
[ 54.815851][ C0]
[ 54.815856][ C0] Freed by task 5:
[ 54.815866][ C0] kasan_save_stack+0x1e/0x40
[ 54.815889][ C0] kasan_set_track+0x21/0x30
[ 54.815911][ C0] kasan_set_free_info+0x20/0x30
[ 54.815940][ C0] ____kasan_slab_free+0x166/0x1a0
[ 54.815963][ C0] slab_free_freelist_hook+0x8b/0x1c0
[ 54.816008][ C0] kfree+0xce/0x380
[ 54.816040][ C0] si470x_usb_driver_probe+0xb3d/0xf90
[ 54.816075][ C0] usb_probe_interface+0x315/0x7f0
[ 54.816112][ C0] really_probe+0x245/0xcc0
[ 54.816147][ C0] __driver_probe_device+0x338/0x4d0
[ 54.816184][ C0] driver_probe_device+0x4c/0x1a0
[ 54.816219][ C0] __device_attach_driver+0x20b/0x2f0
[ 54.816258][ C0] bus_for_each_drv+0x15f/0x1e0
[ 54.816290][ C0] __device_attach+0x228/0x4a0
[ 54.816326][ C0] bus_probe_device+0x1e4/0x290
[ 54.816359][ C0] device_add+0xc17/0x1ee0
[ 54.816388][ C0] usb_set_configuration+0x101e/0x1900
[ 54.816424][ C0] usb_generic_driver_probe+0xba/0x100
[ 54.816457][ C0] usb_probe_device+0xd9/0x2c0
[ 54.816493][ C0] really_probe+0x245/0xcc0
[ 54.816528][ C0] __driver_probe_device+0x338/0x4d0
[ 54.816564][ C0] driver_probe_device+0x4c/0x1a0
[ 54.816601][ C0] __device_attach_driver+0x20b/0x2f0
[ 54.816639][ C0] bus_for_each_drv+0x15f/0x1e0
[ 54.816671][ C0] __device_attach+0x228/0x4a0
[ 54.816707][ C0] bus_probe_device+0x1e4/0x290
[ 54.816741][ C0] device_add+0xc17/0x1ee0
[ 54.816770][ C0] usb_new_device.cold+0x63f/0x108e
[ 54.816805][ C0] hub_event+0x2585/0x44d0
[ 54.816831][ C0] process_one_work+0x9ac/0x1650
[ 54.816855][ C0] worker_thread+0x657/0x1110
[ 54.816878][ C0] kthread+0x2e9/0x3a0
[ 54.816912][ C0] ret_from_fork+0x1f/0x30
[ 54.816942][ C0]
[ 54.816947][ C0] The buggy address belongs to the object at ffff88801ef86000
[ 54.816947][ C0] which belongs to the cache kmalloc-4k of size 4096
[ 54.816967][ C0] The buggy address is located 2888 bytes inside of
[ 54.816967][ C0] 4096-byte region [ffff88801ef86000, ffff88801ef87000)
[ 54.816995][ C0] The buggy address belongs to the page:
[ 54.817005][ C0] page:ffffea00007be000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ef80
[ 54.817032][ C0] head:ffffea00007be000 order:3 compound_mapcount:0 compound_pincount:0
[ 54.817051][ C0] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 54.817106][ C0] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888010c42140
[ 54.817129][ C0] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[ 54.817143][ C0] page dumped because: kasan: bad access detected
[ 54.817154][ C0] page_owner tracks the page as allocated
[ 54.817162][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3610, ts 53798736010, free_ts 53741347967
[ 54.817201][ C0] get_page_from_freelist+0xa72/0x2f40
[ 54.817232][ C0] __alloc_pages+0x1b2/0x500
[ 54.817259][ C0] alloc_pages+0x1aa/0x310
[ 54.817281][ C0] new_slab+0x28d/0x380
[ 54.817313][ C0] ___slab_alloc+0x6be/0xd60
[ 54.817349][ C0] __slab_alloc.constprop.0+0x4d/0xa0
[ 54.817386][ C0] __kmalloc+0x2fb/0x340
[ 54.817421][ C0] tomoyo_realpath_from_path+0xc3/0x620
[ 54.817459][ C0] tomoyo_path2_perm+0x264/0x6b0
[ 54.817493][ C0] tomoyo_path_rename+0xd2/0x130
[ 54.817530][ C0] security_path_rename+0x1b5/0x2e0
[ 54.817561][ C0] do_renameat2+0x472/0xc80
[ 54.817589][ C0] __x64_sys_rename+0x7d/0xa0
[ 54.817618][ C0] do_syscall_64+0x35/0xb0
[ 54.817639][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 54.817674][ C0] page last free stack trace:
[ 54.817681][ C0] free_pcp_prepare+0x414/0xb60
[ 54.817707][ C0] free_unref_page+0x19/0x690
[ 54.817733][ C0] __unfreeze_partials+0x17c/0x1a0
[ 54.817769][ C0] qlist_free_all+0x6a/0x170
[ 54.817798][ C0] kasan_quarantine_reduce+0x180/0x200
[ 54.817830][ C0] __kasan_slab_alloc+0xa2/0xc0
[ 54.817854][ C0] __kmalloc_node+0x23a/0x380
[ 54.817891][ C0] kvmalloc_node+0x3e/0x100
[ 54.817923][ C0] seq_read_iter+0x7f7/0x1280
[ 54.817952][ C0] kernfs_fop_read_iter+0x44f/0x5f0
[ 54.817985][ C0] new_sync_read+0x429/0x6e0
[ 54.818018][ C0] vfs_read+0x35c/0x600
[ 54.818050][ C0] ksys_read+0x12d/0x250
[ 54.818083][ C0] do_syscall_64+0x35/0xb0
[ 54.818104][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 54.818140][ C0]
[ 54.818145][ C0] Memory state around the buggy address:
[ 54.818156][ C0] ffff88801ef86a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.818174][ C0] ffff88801ef86a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.818191][ C0] >ffff88801ef86b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.818205][ C0] ^
[ 54.818218][ C0] ffff88801ef86b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.818235][ C0] ffff88801ef86c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 54.818249][ C0] ==================================================================
[ 54.818258][ C0] Disabling lock debugging due to kernel taint
[ 54.818266][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 54.818277][ C0] CPU: 0 PID: 5 Comm: kworker/0:0 Tainted: G B 5.16.0-rc6-next-20211224-syzkaller #0
[ 54.818304][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 54.818319][ C0] Workqueue: usb_hub_wq hub_event
[ 54.818346][ C0] Call Trace:
[ 54.818351][ C0]
[ 54.818358][ C0] dump_stack_lvl+0xcd/0x134
[ 54.818387][ C0] panic+0x2b0/0x605
[ 54.818421][ C0] ? __warn_printk+0xf3/0xf3
[ 54.818461][ C0] ? si470x_int_in_callback.cold+0x96/0xbf
[ 54.818495][ C0] ? si470x_int_in_callback.cold+0x96/0xbf
[ 54.818529][ C0] end_report.cold+0x63/0x6f
[ 54.818564][ C0] kasan_report.cold+0x71/0xdf
[ 54.818599][ C0] ? si470x_int_in_callback.cold+0x96/0xbf
[ 54.818634][ C0] si470x_int_in_callback.cold+0x96/0xbf
[ 54.818668][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 54.818705][ C0] ? si470x_fops_read+0x790/0x790
[ 54.818740][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 54.818779][ C0] ? usb_hcd_unmap_urb_for_dma+0x105/0x6d0
[ 54.818811][ C0] ? dummy_timer+0x11e7/0x32b0
[ 54.818849][ C0] __usb_hcd_giveback_urb+0x2b0/0x5c0
[ 54.818882][ C0] usb_hcd_giveback_urb+0x367/0x410
[ 54.818915][ C0] dummy_timer+0x11f9/0x32b0
[ 54.818956][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 54.819004][ C0] ? lock_chain_count+0x20/0x20
[ 54.819036][ C0] ? dummy_dequeue+0x500/0x500
[ 54.819075][ C0] ? dummy_dequeue+0x500/0x500
[ 54.819109][ C0] call_timer_fn+0x1a5/0x6b0
[ 54.819136][ C0] ? add_timer_on+0x4a0/0x4a0
[ 54.819165][ C0] ? _raw_spin_unlock_irq+0x1f/0x40
[ 54.819197][ C0] ? dummy_dequeue+0x500/0x500
[ 54.819233][ C0] __run_timers.part.0+0x67c/0xa30
[ 54.819264][ C0] ? call_timer_fn+0x6b0/0x6b0
[ 54.819290][ C0] ? lockdep_hardirqs_on+0x79/0x100
[ 54.819319][ C0] ? asm_sysvec_call_function_single+0x12/0x20
[ 54.819362][ C0] run_timer_softirq+0xb3/0x1d0
[ 54.819390][ C0] __do_softirq+0x29b/0x9c2
[ 54.819414][ C0] __irq_exit_rcu+0x123/0x180
[ 54.819451][ C0] irq_exit_rcu+0x5/0x20
[ 54.819485][ C0] sysvec_apic_timer_interrupt+0x93/0xc0
[ 54.819515][ C0]
[ 54.819521][ C0]
[ 54.819528][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 54.819566][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60
[ 54.819605][ C0] Code: 48 89 ef 5d e9 61 77 4a 00 5d be 03 00 00 00 e9 76 c8 70 02 66 0f 1f 44 00 00 48 8b be b0 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 <65> 8b 05 39 6b 8a 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b
[ 54.819628][ C0] RSP: 0018:ffffc90000ca6f50 EFLAGS: 00000293
[ 54.819646][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 54.819661][ C0] RDX: ffff888010e80000 RSI: ffffffff815f0b8c RDI: 0000000000000003
[ 54.819677][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8ffb5947
[ 54.819692][ C0] R10: ffffffff815f0b82 R11: 0000000000000000 R12: ffffffff84e25790
[ 54.819708][ C0] R13: 0000000000000200 R14: ffffc90000ca6fb0 R15: dffffc0000000000
[ 54.819726][ C0] ? loopback_xmit+0x6d0/0x6d0
[ 54.819757][ C0] ? console_unlock+0x6b2/0xb70
[ 54.819790][ C0] ? console_unlock+0x6bc/0xb70
[ 54.819823][ C0] console_unlock+0x6c2/0xb70
[ 54.819857][ C0] ? devkmsg_read+0x730/0x730
[ 54.819890][ C0] ? lock_release+0x720/0x720
[ 54.819925][ C0] ? vprintk+0x80/0x90
[ 54.819958][ C0] ? vprintk+0x80/0x90
[ 54.819997][ C0] vprintk_emit+0x198/0x4f0
[ 54.820031][ C0] vprintk+0x80/0x90
[ 54.820064][ C0] _printk+0xba/0xed
[ 54.820093][ C0] ? record_print_text.cold+0x16/0x16
[ 54.820124][ C0] ? __sanitizer_cov_trace_cmp4+0x1c/0x70
[ 54.820162][ C0] ? __pm_runtime_suspend+0xce/0x2d0
[ 54.820196][ C0] ? usb_probe_interface+0x3bf/0x7f0
[ 54.820237][ C0] ? really_probe+0x25c/0xcc0
[ 54.820273][ C0] really_probe.cold+0x6d/0x278
[ 54.820297][ C0] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 54.820338][ C0] __driver_probe_device+0x338/0x4d0
[ 54.820377][ C0] driver_probe_device+0x4c/0x1a0
[ 54.820414][ C0] __device_attach_driver+0x20b/0x2f0
[ 54.820454][ C0] ? driver_allows_async_probing+0x150/0x150
[ 54.820493][ C0] bus_for_each_drv+0x15f/0x1e0
[ 54.820527][ C0] ? bus_for_each_dev+0x1d0/0x1d0
[ 54.820559][ C0] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 54.820593][ C0] ? lockdep_hardirqs_on+0x79/0x100
[ 54.820622][ C0] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 54.820658][ C0] __device_attach+0x228/0x4a0
[ 54.820694][ C0] ? device_driver_attach+0x210/0x210
[ 54.820732][ C0] ? kobject_uevent_env+0x2bb/0x1650
[ 54.820762][ C0] bus_probe_device+0x1e4/0x290
[ 54.820799][ C0] device_add+0xc17/0x1ee0
[ 54.820830][ C0] ? mark_held_locks+0x9f/0xe0
[ 54.820863][ C0] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0
[ 54.820896][ C0] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 54.820930][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 54.820977][ C0] usb_set_configuration+0x101e/0x1900
[ 54.821022][ C0] usb_generic_driver_probe+0xba/0x100
[ 54.821057][ C0] usb_probe_device+0xd9/0x2c0
[ 54.821093][ C0] ? usb_driver_release_interface+0x180/0x180
[ 54.821133][ C0] really_probe+0x245/0xcc0
[ 54.821168][ C0] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 54.821208][ C0] __driver_probe_device+0x338/0x4d0
[ 54.821247][ C0] driver_probe_device+0x4c/0x1a0
[ 54.821284][ C0] __device_attach_driver+0x20b/0x2f0
[ 54.821323][ C0] ? driver_allows_async_probing+0x150/0x150
[ 54.821361][ C0] bus_for_each_drv+0x15f/0x1e0
[ 54.821394][ C0] ? bus_for_each_dev+0x1d0/0x1d0
[ 54.821427][ C0] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 54.821461][ C0] ? lockdep_hardirqs_on+0x79/0x100
[ 54.821490][ C0] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 54.821525][ C0] __device_attach+0x228/0x4a0
[ 54.821561][ C0] ? device_driver_attach+0x210/0x210
[ 54.821599][ C0] ? kobject_uevent_env+0x2bb/0x1650
[ 54.821629][ C0] bus_probe_device+0x1e4/0x290
[ 54.821666][ C0] device_add+0xc17/0x1ee0
[ 54.821699][ C0] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0
[ 54.821735][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 54.821775][ C0] usb_new_device.cold+0x63f/0x108e
[ 54.821816][ C0] ? hub_disconnect+0x510/0x510
[ 54.821842][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 54.821878][ C0] ? _raw_spin_unlock_irq+0x1f/0x40
[ 54.821912][ C0] hub_event+0x2585/0x44d0
[ 54.821950][ C0] ? hub_port_debounce+0x3c0/0x3c0
[ 54.821985][ C0] ? lock_release+0x720/0x720
[ 54.822017][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 54.822049][ C0] ? do_raw_spin_lock+0x120/0x2b0
[ 54.822088][ C0] process_one_work+0x9ac/0x1650
[ 54.822117][ C0] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 54.822144][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 54.822178][ C0] ? _raw_spin_lock_irq+0x41/0x50
[ 54.822212][ C0] worker_thread+0x657/0x1110
[ 54.822241][ C0] ? process_one_work+0x1650/0x1650
[ 54.822266][ C0] kthread+0x2e9/0x3a0
[ 54.822300][ C0] ? kthread_complete_and_exit+0x40/0x40
[ 54.822338][ C0] ret_from_fork+0x1f/0x30
[ 54.822374][ C0]
[ 54.822440][ C0] Kernel Offset: disabled
[ 56.848719][ C0] Rebooting in 86400 seconds..