DUID 00:04:98:96:05:40:f2:aa:0a:66:7a:29:c2:20:2e:76:e0:ec
forked to background, child pid 3182
[ 30.909187][ T3183] 8021q: adding VLAN 0 to HW filter on device bond0
[ 30.920169][ T3183] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.130' (ECDSA) to the list of known hosts.
syzkaller login: [ 50.417091][ T3598] chnl_net:caif_netlink_parms(): no params data found
[ 50.458851][ T3598] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.466361][ T3598] bridge0: port 1(bridge_slave_0) entered disabled state
[ 50.474378][ T3598] device bridge_slave_0 entered promiscuous mode
[ 50.483331][ T3598] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.490410][ T3598] bridge0: port 2(bridge_slave_1) entered disabled state
[ 50.498843][ T3598] device bridge_slave_1 entered promiscuous mode
[ 50.519104][ T3598] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 50.530104][ T3598] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 50.552467][ T3598] team0: Port device team_slave_0 added
[ 50.559629][ T3598] team0: Port device team_slave_1 added
[ 50.576238][ T3598] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 50.583449][ T3598] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 50.609371][ T3598] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 50.622430][ T3598] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 50.629374][ T3598] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 50.655477][ T3598] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 50.681763][ T3598] device hsr_slave_0 entered promiscuous mode
[ 50.689027][ T3598] device hsr_slave_1 entered promiscuous mode
[ 50.766735][ T3598] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 50.777189][ T3598] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 50.786248][ T3598] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 50.794826][ T3598] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 50.815136][ T3598] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.822283][ T3598] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 50.829780][ T3598] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.836871][ T3598] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 50.878426][ T3598] 8021q: adding VLAN 0 to HW filter on device bond0
[ 50.890266][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 50.900386][ T136] bridge0: port 1(bridge_slave_0) entered disabled state
[ 50.909303][ T136] bridge0: port 2(bridge_slave_1) entered disabled state
[ 50.917466][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 50.930186][ T3598] 8021q: adding VLAN 0 to HW filter on device team0
[ 50.942402][ T1157] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 50.951002][ T1157] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.958055][ T1157] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 50.968443][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 50.977624][ T136] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.984699][ T136] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.010059][ T3598] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 51.022031][ T3598] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 51.035153][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 51.043941][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 51.053208][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 51.061878][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 51.070095][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 51.077778][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 51.098057][ T3598] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 51.105680][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 51.113828][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 51.137478][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 51.146403][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 51.154769][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 51.162367][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 51.173992][ T3598] device veth0_vlan entered promiscuous mode
[ 51.184078][ T3598] device veth1_vlan entered promiscuous mode
[ 51.202876][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 51.210766][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 51.219108][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 51.229940][ T3598] device veth0_macvtap entered promiscuous mode
[ 51.238780][ T3598] device veth1_macvtap entered promiscuous mode
[ 51.254909][ T3598] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 51.262399][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 51.271911][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 51.283221][ T3598] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 51.290723][ T1157] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 51.303316][ T3598] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 51.313492][ T3598] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 51.322582][ T3598] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[ 51.331789][ T3598] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 51.631140][ T7] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 51.871107][ T7] usb 1-1: Using ep0 maxpacket: 8
[ 51.991319][ T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 52.002684][ T7] usb 1-1: New USB device found, idVendor=06e1, idProduct=a155, bcdDevice=ad.15
[ 52.011776][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 52.024368][ T7] usb 1-1: config 0 descriptor??
[ 52.281220][ T7] radio-si470x 1-1:0.0: DeviceID=0x0000 ChipID=0x0000
[ 52.288221][ T7] radio-si470x 1-1:0.0: This driver is known to work with firmware version 12,
[ 52.298305][ T7] radio-si470x 1-1:0.0: but the device has firmware version 0.
[ 52.501195][ T7] radio-si470x 1-1:0.0: software version 0, hardware version 0
[ 52.508786][ T7] radio-si470x 1-1:0.0: This driver is known to work with hardware version 1,
[ 52.518597][ T7] radio-si470x 1-1:0.0: but the device has hardware version 0.
[ 52.526227][ T7] radio-si470x 1-1:0.0: If you have some trouble using this driver,
[ 52.535097][ T7] radio-si470x 1-1:0.0: please report to V4L ML at linux-media@vger.kernel.org
[ 52.721128][ T7] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -71
[ 52.741228][ C0] radio-si470x 1-1:0.0: non-zero urb status (-71)
[ 52.749160][ T7] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -71
[ 52.758938][ T7] radio-si470x: probe of 1-1:0.0 failed with error -22
[ 52.766024][ C0] ==================================================================
[ 52.766106][ C0] BUG: KASAN: use-after-free in si470x_int_in_callback.cold+0x96/0xbf
[ 52.766163][ C0] Read of size 8 at addr ffff88801ea5ab88 by task kworker/0:1/7
[ 52.766183][ C0]
[ 52.766191][ C0] CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.16.0-rc7-syzkaller #0
[ 52.766219][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 52.766237][ C0] Workqueue: usb_hub_wq hub_event
[ 52.766269][ C0] Call Trace:
[ 52.766278][ C0]
[ 52.766288][ C0] dump_stack_lvl+0xcd/0x134
[ 52.766320][ C0] print_address_description.constprop.0.cold+0x8d/0x320
[ 52.766361][ C0] ? si470x_int_in_callback.cold+0x96/0xbf
[ 52.766390][ C0] ? si470x_int_in_callback.cold+0x96/0xbf
[ 52.766419][ C0] kasan_report.cold+0x83/0xdf
[ 52.766454][ C0] ? si470x_int_in_callback.cold+0x96/0xbf
[ 52.766491][ C0] si470x_int_in_callback.cold+0x96/0xbf
[ 52.766525][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 52.766564][ C0] ? si470x_fops_read+0x790/0x790
[ 52.766594][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 52.766627][ C0] ? usb_hcd_unmap_urb_for_dma+0x105/0x6d0
[ 52.766662][ C0] ? dummy_timer+0x11e7/0x32b0
[ 52.766695][ C0] __usb_hcd_giveback_urb+0x2b0/0x5c0
[ 52.766734][ C0] usb_hcd_giveback_urb+0x367/0x410
[ 52.766778][ C0] dummy_timer+0x11f9/0x32b0
[ 52.766817][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 52.766879][ C0] ? lock_chain_count+0x20/0x20
[ 52.766912][ C0] ? dummy_dequeue+0x500/0x500
[ 52.766954][ C0] ? dummy_dequeue+0x500/0x500
[ 52.766983][ C0] call_timer_fn+0x1a5/0x6b0
[ 52.767011][ C0] ? add_timer_on+0x4a0/0x4a0
[ 52.767050][ C0] ? _raw_spin_unlock_irq+0x1f/0x40
[ 52.767084][ C0] ? dummy_dequeue+0x500/0x500
[ 52.767117][ C0] __run_timers.part.0+0x67c/0xa30
[ 52.767158][ C0] ? call_timer_fn+0x6b0/0x6b0
[ 52.767207][ C0] run_timer_softirq+0xb3/0x1d0
[ 52.767238][ C0] __do_softirq+0x29b/0x9c2
[ 52.767275][ C0] __irq_exit_rcu+0x123/0x180
[ 52.767307][ C0] irq_exit_rcu+0x5/0x20
[ 52.767335][ C0] sysvec_apic_timer_interrupt+0x93/0xc0
[ 52.767364][ C0]
[ 52.767372][ C0]
[ 52.767381][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 52.767413][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60
[ 52.767450][ C0] Code: 48 89 ef 5d e9 b1 1c 46 00 5d be 03 00 00 00 e9 46 8c 63 02 66 0f 1f 44 00 00 48 8b be b0 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 <65> 8b 05 c9 dd 8a 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b
[ 52.767477][ C0] RSP: 0018:ffffc90000cc6f50 EFLAGS: 00000293
[ 52.767503][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 52.767521][ C0] RDX: ffff888010e7ba00 RSI: ffffffff815ed30c RDI: 0000000000000003
[ 52.767541][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8ff76a07
[ 52.767560][ C0] R10: ffffffff815ed302 R11: 0000000000000000 R12: ffffffff84d45e80
[ 52.767580][ C0] R13: 0000000000000200 R14: ffffc90000cc6fb0 R15: dffffc0000000000
[ 52.767603][ C0] ? loopback_xmit+0x6d0/0x6d0
[ 52.767635][ C0] ? console_unlock+0x6b2/0xb70
[ 52.767670][ C0] ? console_unlock+0x6bc/0xb70
[ 52.767722][ C0] console_unlock+0x6c2/0xb70
[ 52.767768][ C0] ? devkmsg_read+0x730/0x730
[ 52.767799][ C0] ? lock_release+0x720/0x720
[ 52.767840][ C0] ? vprintk+0x80/0x90
[ 52.767872][ C0] ? vprintk+0x80/0x90
[ 52.767908][ C0] vprintk_emit+0x198/0x4f0
[ 52.767946][ C0] vprintk+0x80/0x90
[ 52.767977][ C0] _printk+0xba/0xed
[ 52.768007][ C0] ? record_print_text.cold+0x16/0x16
[ 52.768037][ C0] ? __sanitizer_cov_trace_cmp4+0x1c/0x70
[ 52.768074][ C0] ? __pm_runtime_suspend+0xce/0x2d0
[ 52.768109][ C0] ? usb_probe_interface+0x3bf/0x7f0
[ 52.768147][ C0] ? really_probe+0x25c/0xcc0
[ 52.768180][ C0] really_probe.cold+0x6d/0x278
[ 52.768210][ C0] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 52.768251][ C0] __driver_probe_device+0x338/0x4d0
[ 52.768290][ C0] driver_probe_device+0x4c/0x1a0
[ 52.768327][ C0] __device_attach_driver+0x20b/0x2f0
[ 52.768363][ C0] ? driver_allows_async_probing+0x150/0x150
[ 52.768396][ C0] bus_for_each_drv+0x15f/0x1e0
[ 52.768428][ C0] ? bus_for_each_dev+0x1d0/0x1d0
[ 52.768457][ C0] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 52.768493][ C0] ? lockdep_hardirqs_on+0x79/0x100
[ 52.768525][ C0] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 52.768564][ C0] __device_attach+0x228/0x4a0
[ 52.768597][ C0] ? device_driver_attach+0x210/0x210
[ 52.768633][ C0] ? kobject_uevent_env+0x2bb/0x1650
[ 52.768671][ C0] bus_probe_device+0x1e4/0x290
[ 52.768709][ C0] device_add+0xc17/0x1ee0
[ 52.768747][ C0] ? mark_held_locks+0x9f/0xe0
[ 52.768782][ C0] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0
[ 52.768814][ C0] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 52.768849][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 52.768894][ C0] usb_set_configuration+0x101e/0x1900
[ 52.768953][ C0] usb_generic_driver_probe+0xba/0x100
[ 52.768987][ C0] usb_probe_device+0xd9/0x2c0
[ 52.769019][ C0] ? usb_driver_release_interface+0x180/0x180
[ 52.769053][ C0] really_probe+0x245/0xcc0
[ 52.769084][ C0] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 52.769123][ C0] __driver_probe_device+0x338/0x4d0
[ 52.769162][ C0] driver_probe_device+0x4c/0x1a0
[ 52.769198][ C0] __device_attach_driver+0x20b/0x2f0
[ 52.769234][ C0] ? driver_allows_async_probing+0x150/0x150
[ 52.769267][ C0] bus_for_each_drv+0x15f/0x1e0
[ 52.769300][ C0] ? bus_for_each_dev+0x1d0/0x1d0
[ 52.769329][ C0] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 52.769365][ C0] ? lockdep_hardirqs_on+0x79/0x100
[ 52.769398][ C0] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 52.769438][ C0] __device_attach+0x228/0x4a0
[ 52.769472][ C0] ? device_driver_attach+0x210/0x210
[ 52.769510][ C0] ? kobject_uevent_env+0x2bb/0x1650
[ 52.769547][ C0] bus_probe_device+0x1e4/0x290
[ 52.769585][ C0] device_add+0xc17/0x1ee0
[ 52.769622][ C0] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0
[ 52.769659][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 52.769703][ C0] usb_new_device.cold+0x63f/0x108e
[ 52.769764][ C0] ? hub_disconnect+0x510/0x510
[ 52.769795][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 52.769832][ C0] ? _raw_spin_unlock_irq+0x1f/0x40
[ 52.769872][ C0] hub_event+0x23e5/0x4460
[ 52.769939][ C0] ? hub_port_debounce+0x3c0/0x3c0
[ 52.769982][ C0] ? lock_release+0x720/0x720
[ 52.770014][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 52.770046][ C0] ? do_raw_spin_lock+0x120/0x2b0
[ 52.770095][ C0] process_one_work+0x9b2/0x1660
[ 52.770135][ C0] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 52.770170][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 52.770200][ C0] ? _raw_spin_lock_irq+0x41/0x50
[ 52.770243][ C0] worker_thread+0x65d/0x1130
[ 52.770286][ C0] ? process_one_work+0x1660/0x1660
[ 52.770318][ C0] kthread+0x405/0x4f0
[ 52.770350][ C0] ? set_kthread_struct+0x130/0x130
[ 52.770387][ C0] ret_from_fork+0x1f/0x30
[ 52.770437][ C0]
[ 52.770447][ C0]
[ 52.770453][ C0] Allocated by task 7:
[ 52.770466][ C0] kasan_save_stack+0x1e/0x50
[ 52.770496][ C0] __kasan_kmalloc+0xa9/0xd0
[ 52.770523][ C0] si470x_usb_driver_probe+0x51/0xf90
[ 52.770550][ C0] usb_probe_interface+0x315/0x7f0
[ 52.770578][ C0] really_probe+0x245/0xcc0
[ 52.770606][ C0] __driver_probe_device+0x338/0x4d0
[ 52.770635][ C0] driver_probe_device+0x4c/0x1a0
[ 52.770664][ C0] __device_attach_driver+0x20b/0x2f0
[ 52.770694][ C0] bus_for_each_drv+0x15f/0x1e0
[ 52.770721][ C0] __device_attach+0x228/0x4a0
[ 52.770755][ C0] bus_probe_device+0x1e4/0x290
[ 52.770784][ C0] device_add+0xc17/0x1ee0
[ 52.770809][ C0] usb_set_configuration+0x101e/0x1900
[ 52.770836][ C0] usb_generic_driver_probe+0xba/0x100
[ 52.770863][ C0] usb_probe_device+0xd9/0x2c0
[ 52.770890][ C0] really_probe+0x245/0xcc0
[ 52.770917][ C0] __driver_probe_device+0x338/0x4d0
[ 52.770950][ C0] driver_probe_device+0x4c/0x1a0
[ 52.770977][ C0] __device_attach_driver+0x20b/0x2f0
[ 52.771003][ C0] bus_for_each_drv+0x15f/0x1e0
[ 52.771028][ C0] __device_attach+0x228/0x4a0
[ 52.771054][ C0] bus_probe_device+0x1e4/0x290
[ 52.771081][ C0] device_add+0xc17/0x1ee0
[ 52.771106][ C0] usb_new_device.cold+0x63f/0x108e
[ 52.771136][ C0] hub_event+0x23e5/0x4460
[ 52.771163][ C0] process_one_work+0x9b2/0x1660
[ 52.771185][ C0] worker_thread+0x65d/0x1130
[ 52.771207][ C0] kthread+0x405/0x4f0
[ 52.771233][ C0] ret_from_fork+0x1f/0x30
[ 52.771258][ C0]
[ 52.771264][ C0] Freed by task 7:
[ 52.771275][ C0] kasan_save_stack+0x1e/0x50
[ 52.771302][ C0] kasan_set_track+0x21/0x30
[ 52.771327][ C0] kasan_set_free_info+0x20/0x30
[ 52.771357][ C0] __kasan_slab_free+0xff/0x130
[ 52.771386][ C0] slab_free_freelist_hook+0x8b/0x1c0
[ 52.771413][ C0] kfree+0xf6/0x560
[ 52.771438][ C0] si470x_usb_driver_probe+0xb3d/0xf90
[ 52.771464][ C0] usb_probe_interface+0x315/0x7f0
[ 52.771492][ C0] really_probe+0x245/0xcc0
[ 52.771520][ C0] __driver_probe_device+0x338/0x4d0
[ 52.771549][ C0] driver_probe_device+0x4c/0x1a0
[ 52.771578][ C0] __device_attach_driver+0x20b/0x2f0
[ 52.771607][ C0] bus_for_each_drv+0x15f/0x1e0
[ 52.771633][ C0] __device_attach+0x228/0x4a0
[ 52.771661][ C0] bus_probe_device+0x1e4/0x290
[ 52.771689][ C0] device_add+0xc17/0x1ee0
[ 52.771713][ C0] usb_set_configuration+0x101e/0x1900
[ 52.771747][ C0] usb_generic_driver_probe+0xba/0x100
[ 52.771774][ C0] usb_probe_device+0xd9/0x2c0
[ 52.771800][ C0] really_probe+0x245/0xcc0
[ 52.771827][ C0] __driver_probe_device+0x338/0x4d0
[ 52.771855][ C0] driver_probe_device+0x4c/0x1a0
[ 52.771883][ C0] __device_attach_driver+0x20b/0x2f0
[ 52.771914][ C0] bus_for_each_drv+0x15f/0x1e0
[ 52.771941][ C0] __device_attach+0x228/0x4a0
[ 52.771969][ C0] bus_probe_device+0x1e4/0x290
[ 52.771996][ C0] device_add+0xc17/0x1ee0
[ 52.772020][ C0] usb_new_device.cold+0x63f/0x108e
[ 52.772049][ C0] hub_event+0x23e5/0x4460
[ 52.772077][ C0] process_one_work+0x9b2/0x1660
[ 52.772102][ C0] worker_thread+0x65d/0x1130
[ 52.772125][ C0] kthread+0x405/0x4f0
[ 52.772153][ C0] ret_from_fork+0x1f/0x30
[ 52.772180][ C0]
[ 52.772186][ C0] The buggy address belongs to the object at ffff88801ea5a000
[ 52.772186][ C0] which belongs to the cache kmalloc-4k of size 4096
[ 52.772207][ C0] The buggy address is located 2952 bytes inside of
[ 52.772207][ C0] 4096-byte region [ffff88801ea5a000, ffff88801ea5b000)
[ 52.772234][ C0] The buggy address belongs to the page:
[ 52.772243][ C0] page:ffffea00007a9600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ea58
[ 52.772272][ C0] head:ffffea00007a9600 order:3 compound_mapcount:0 compound_pincount:0
[ 52.772294][ C0] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 52.772333][ C0] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888010c42140
[ 52.772366][ C0] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[ 52.772381][ C0] page dumped because: kasan: bad access detected
[ 52.772394][ C0] page_owner tracks the page as allocated
[ 52.772402][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 7, ts 52061719444, free_ts 51952736611
[ 52.772442][ C0] get_page_from_freelist+0xa72/0x2f50
[ 52.772469][ C0] __alloc_pages+0x1b2/0x500
[ 52.772492][ C0] alloc_pages+0x1a7/0x300
[ 52.772519][ C0] new_slab+0x32d/0x4a0
[ 52.772543][ C0] ___slab_alloc+0x918/0xfe0
[ 52.772568][ C0] __slab_alloc.constprop.0+0x4d/0xa0
[ 52.772597][ C0] kmem_cache_alloc_trace+0x289/0x2c0
[ 52.772626][ C0] kobject_uevent_env+0x240/0x1650
[ 52.772652][ C0] device_add+0xbb4/0x1ee0
[ 52.772678][ C0] usb_set_configuration+0x101e/0x1900
[ 52.772706][ C0] usb_generic_driver_probe+0xba/0x100
[ 52.772733][ C0] usb_probe_device+0xd9/0x2c0
[ 52.772765][ C0] really_probe+0x245/0xcc0
[ 52.772792][ C0] __driver_probe_device+0x338/0x4d0
[ 52.772822][ C0] driver_probe_device+0x4c/0x1a0
[ 52.772851][ C0] __device_attach_driver+0x20b/0x2f0
[ 52.772882][ C0] page last free stack trace:
[ 52.772889][ C0] free_pcp_prepare+0x374/0x870
[ 52.772918][ C0] free_unref_page+0x19/0x690
[ 52.772948][ C0] __unfreeze_partials+0x343/0x360
[ 52.772975][ C0] qlist_free_all+0x5a/0xc0
[ 52.772997][ C0] kasan_quarantine_reduce+0x180/0x200
[ 52.773029][ C0] __kasan_slab_alloc+0xa2/0xc0
[ 52.773058][ C0] __kmalloc+0x1e7/0x340
[ 52.773083][ C0] usb_get_configuration+0x321/0x3b30
[ 52.773112][ C0] usb_new_device+0x583/0x7d0
[ 52.773141][ C0] hub_event+0x23e5/0x4460
[ 52.773169][ C0] process_one_work+0x9b2/0x1660
[ 52.773194][ C0] worker_thread+0x65d/0x1130
[ 52.773217][ C0] kthread+0x405/0x4f0
[ 52.773244][ C0] ret_from_fork+0x1f/0x30
[ 52.773271][ C0]
[ 52.773277][ C0] Memory state around the buggy address:
[ 52.773290][ C0] ffff88801ea5aa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.773309][ C0] ffff88801ea5ab00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.773328][ C0] >ffff88801ea5ab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.773343][ C0] ^
[ 52.773357][ C0] ffff88801ea5ac00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.773377][ C0] ffff88801ea5ac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 52.773392][ C0] ==================================================================
[ 52.773402][ C0] Disabling lock debugging due to kernel taint
[ 52.773411][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 52.773422][ C0] CPU: 0 PID: 7 Comm: kworker/0:1 Tainted: G B 5.16.0-rc7-syzkaller #0
[ 52.773448][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 52.773465][ C0] Workqueue: usb_hub_wq hub_event
[ 52.773495][ C0] Call Trace:
[ 52.773501][ C0]
[ 52.773509][ C0] dump_stack_lvl+0xcd/0x134
[ 52.773540][ C0] panic+0x2b0/0x6dd
[ 52.773570][ C0] ? __warn_printk+0xf3/0xf3
[ 52.773607][ C0] ? si470x_int_in_callback.cold+0x96/0xbf
[ 52.773640][ C0] ? si470x_int_in_callback.cold+0x96/0xbf
[ 52.773672][ C0] end_report.cold+0x63/0x6f
[ 52.773702][ C0] kasan_report.cold+0x71/0xdf
[ 52.773736][ C0] ? si470x_int_in_callback.cold+0x96/0xbf
[ 52.773777][ C0] si470x_int_in_callback.cold+0x96/0xbf
[ 52.773807][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 52.773839][ C0] ? si470x_fops_read+0x790/0x790
[ 52.773865][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 52.773898][ C0] ? usb_hcd_unmap_urb_for_dma+0x105/0x6d0
[ 52.773931][ C0] ? dummy_timer+0x11e7/0x32b0
[ 52.773960][ C0] __usb_hcd_giveback_urb+0x2b0/0x5c0
[ 52.773995][ C0] usb_hcd_giveback_urb+0x367/0x410
[ 52.774031][ C0] dummy_timer+0x11f9/0x32b0
[ 52.774062][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 52.774102][ C0] ? lock_chain_count+0x20/0x20
[ 52.774131][ C0] ? dummy_dequeue+0x500/0x500
[ 52.774159][ C0] ? dummy_dequeue+0x500/0x500
[ 52.774185][ C0] call_timer_fn+0x1a5/0x6b0
[ 52.774211][ C0] ? add_timer_on+0x4a0/0x4a0
[ 52.774239][ C0] ? _raw_spin_unlock_irq+0x1f/0x40
[ 52.774268][ C0] ? dummy_dequeue+0x500/0x500
[ 52.774295][ C0] __run_timers.part.0+0x67c/0xa30
[ 52.774326][ C0] ? call_timer_fn+0x6b0/0x6b0
[ 52.774357][ C0] run_timer_softirq+0xb3/0x1d0
[ 52.774383][ C0] __do_softirq+0x29b/0x9c2
[ 52.774412][ C0] __irq_exit_rcu+0x123/0x180
[ 52.774442][ C0] irq_exit_rcu+0x5/0x20
[ 52.774471][ C0] sysvec_apic_timer_interrupt+0x93/0xc0
[ 52.774501][ C0]
[ 52.774509][ C0]
[ 52.774517][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 52.774551][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60
[ 52.774585][ C0] Code: 48 89 ef 5d e9 b1 1c 46 00 5d be 03 00 00 00 e9 46 8c 63 02 66 0f 1f 44 00 00 48 8b be b0 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 <65> 8b 05 c9 dd 8a 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b
[ 52.774611][ C0] RSP: 0018:ffffc90000cc6f50 EFLAGS: 00000293
[ 52.774632][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 52.774648][ C0] RDX: ffff888010e7ba00 RSI: ffffffff815ed30c RDI: 0000000000000003
[ 52.774665][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8ff76a07
[ 52.774681][ C0] R10: ffffffff815ed302 R11: 0000000000000000 R12: ffffffff84d45e80
[ 52.774697][ C0] R13: 0000000000000200 R14: ffffc90000cc6fb0 R15: dffffc0000000000
[ 52.774716][ C0] ? loopback_xmit+0x6d0/0x6d0
[ 52.774749][ C0] ? console_unlock+0x6b2/0xb70
[ 52.774779][ C0] ? console_unlock+0x6bc/0xb70
[ 52.774810][ C0] console_unlock+0x6c2/0xb70
[ 52.774841][ C0] ? devkmsg_read+0x730/0x730
[ 52.774871][ C0] ? lock_release+0x720/0x720
[ 52.774904][ C0] ? vprintk+0x80/0x90
[ 52.774932][ C0] ? vprintk+0x80/0x90
[ 52.774960][ C0] vprintk_emit+0x198/0x4f0
[ 52.774991][ C0] vprintk+0x80/0x90
[ 52.775018][ C0] _printk+0xba/0xed
[ 52.775044][ C0] ? record_print_text.cold+0x16/0x16
[ 52.775073][ C0] ? __sanitizer_cov_trace_cmp4+0x1c/0x70
[ 52.775104][ C0] ? __pm_runtime_suspend+0xce/0x2d0
[ 52.775133][ C0] ? usb_probe_interface+0x3bf/0x7f0
[ 52.775164][ C0] ? really_probe+0x25c/0xcc0
[ 52.775192][ C0] really_probe.cold+0x6d/0x278
[ 52.775219][ C0] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 52.775252][ C0] __driver_probe_device+0x338/0x4d0
[ 52.775285][ C0] driver_probe_device+0x4c/0x1a0
[ 52.775316][ C0] __device_attach_driver+0x20b/0x2f0
[ 52.775348][ C0] ? driver_allows_async_probing+0x150/0x150
[ 52.775380][ C0] bus_for_each_drv+0x15f/0x1e0
[ 52.775409][ C0] ? bus_for_each_dev+0x1d0/0x1d0
[ 52.775435][ C0] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 52.775466][ C0] ? lockdep_hardirqs_on+0x79/0x100
[ 52.775494][ C0] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 52.775527][ C0] __device_attach+0x228/0x4a0
[ 52.775556][ C0] ? device_driver_attach+0x210/0x210
[ 52.775587][ C0] ? kobject_uevent_env+0x2bb/0x1650
[ 52.775617][ C0] bus_probe_device+0x1e4/0x290
[ 52.775648][ C0] device_add+0xc17/0x1ee0
[ 52.775675][ C0] ? mark_held_locks+0x9f/0xe0
[ 52.775705][ C0] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0
[ 52.775735][ C0] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 52.775772][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 52.775808][ C0] usb_set_configuration+0x101e/0x1900
[ 52.775844][ C0] usb_generic_driver_probe+0xba/0x100
[ 52.775872][ C0] usb_probe_device+0xd9/0x2c0
[ 52.775900][ C0] ? usb_driver_release_interface+0x180/0x180
[ 52.775931][ C0] really_probe+0x245/0xcc0
[ 52.775960][ C0] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[ 52.775994][ C0] __driver_probe_device+0x338/0x4d0
[ 52.776027][ C0] driver_probe_device+0x4c/0x1a0
[ 52.776058][ C0] __device_attach_driver+0x20b/0x2f0
[ 52.776089][ C0] ? driver_allows_async_probing+0x150/0x150
[ 52.776121][ C0] bus_for_each_drv+0x15f/0x1e0
[ 52.776149][ C0] ? bus_for_each_dev+0x1d0/0x1d0
[ 52.776174][ C0] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 52.776206][ C0] ? lockdep_hardirqs_on+0x79/0x100
[ 52.776234][ C0] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 52.776265][ C0] __device_attach+0x228/0x4a0
[ 52.776295][ C0] ? device_driver_attach+0x210/0x210
[ 52.776325][ C0] ? kobject_uevent_env+0x2bb/0x1650
[ 52.776354][ C0] bus_probe_device+0x1e4/0x290
[ 52.776384][ C0] device_add+0xc17/0x1ee0
[ 52.776412][ C0] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0
[ 52.776444][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 52.776479][ C0] usb_new_device.cold+0x63f/0x108e
[ 52.776516][ C0] ? hub_disconnect+0x510/0x510
[ 52.776546][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 52.776577][ C0] ? _raw_spin_unlock_irq+0x1f/0x40
[ 52.776610][ C0] hub_event+0x23e5/0x4460
[ 52.776651][ C0] ? hub_port_debounce+0x3c0/0x3c0
[ 52.776685][ C0] ? lock_release+0x720/0x720
[ 52.776712][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 52.776745][ C0] ? do_raw_spin_lock+0x120/0x2b0
[ 52.776781][ C0] process_one_work+0x9b2/0x1660
[ 52.776811][ C0] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 52.776864][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 52.776894][ C0] ? _raw_spin_lock_irq+0x41/0x50
[ 52.776928][ C0] worker_thread+0x65d/0x1130
[ 52.776958][ C0] ? process_one_work+0x1660/0x1660
[ 52.776984][ C0] kthread+0x405/0x4f0
[ 52.777012][ C0] ? set_kthread_struct+0x130/0x130
[ 52.777044][ C0] ret_from_fork+0x1f/0x30
[ 52.777078][ C0]
[ 52.777140][ C0] Kernel Offset: disabled
[ 54.775818][ C0] Rebooting in 86400 seconds..