Warning: Permanently added '10.128.0.155' (ECDSA) to the list of known hosts.
[   73.852870][  T221] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.860889][  T221] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.889773][   T27] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
executing program
[   73.891362][   T82] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.923281][   T82] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.942587][ T3156] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   74.251376][   T27] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   74.631812][   T27] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[   74.643400][   T27] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 1280, setting to 1024
[   74.654790][   T27] usb 1-1: New USB device found, idVendor=12cf, idProduct=7111, bcdDevice=44.11
[   74.664178][   T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   74.679618][   T27] usb 1-1: config 0 descriptor??
[   74.703194][ T8423] raw-gadget gadget: fail, usb_ep_enable returned -22
[   74.942002][   T27] radio-si470x 1-1:0.0: DeviceID=0x0000 ChipID=0x0000
[   74.949049][   T27] radio-si470x 1-1:0.0: This driver is known to work with firmware version 12,
[   74.965253][   T27] radio-si470x 1-1:0.0: but the device has firmware version 0.
[   75.161500][   T27] radio-si470x 1-1:0.0: software version 0, hardware version 0
[   75.169087][   T27] radio-si470x 1-1:0.0: This driver is known to work with hardware version 1,
[   75.183255][   T27] radio-si470x 1-1:0.0: but the device has hardware version 0.
[   75.190822][   T27] radio-si470x 1-1:0.0: If you have some trouble using this driver,
[   75.204645][   T27] radio-si470x 1-1:0.0: please report to V4L ML at linux-media@vger.kernel.org
[   75.372623][   T27] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -71
[   75.391384][    C1] radio-si470x 1-1:0.0: non-zero urb status (-71)
[   75.398289][   T27] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -71
[   75.411265][    C1] radio-si470x 1-1:0.0: non-zero urb status (-71)
[   75.422716][   T27] radio-si470x: probe of 1-1:0.0 failed with error -22
[   75.431583][    C1] ==================================================================
[   75.440182][    C1] BUG: KASAN: use-after-free in si470x_int_in_callback.cold+0x96/0xbf
[   75.448350][    C1] Read of size 8 at addr ffff88803231ab40 by task systemd-udevd/8488
[   75.456439][    C1] 
[   75.458750][    C1] CPU: 1 PID: 8488 Comm: systemd-udevd Not tainted 5.13.0-rc3-syzkaller #0
[   75.467425][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   75.477475][    C1] Call Trace:
[   75.480835][    C1]  <IRQ>
[   75.483705][    C1]  dump_stack+0x141/0x1d7
[   75.488065][    C1]  ? si470x_int_in_callback.cold+0x96/0xbf
[   75.493863][    C1]  print_address_description.constprop.0.cold+0x5b/0x2f8
[   75.500933][    C1]  ? si470x_int_in_callback.cold+0x96/0xbf
[   75.506734][    C1]  ? si470x_int_in_callback.cold+0x96/0xbf
[   75.512547][    C1]  kasan_report.cold+0x7c/0xd8
[   75.517318][    C1]  ? si470x_int_in_callback.cold+0x96/0xbf
[   75.523141][    C1]  si470x_int_in_callback.cold+0x96/0xbf
[   75.528881][    C1]  ? __usb_hcd_giveback_urb+0x413/0x5c0
[   75.535040][    C1]  ? lock_downgrade+0x6e0/0x6e0
[   75.539895][    C1]  ? si470x_fops_read+0x790/0x790
[   75.544923][    C1]  __usb_hcd_giveback_urb+0x2b0/0x5c0
[   75.550297][    C1]  usb_hcd_giveback_urb+0x367/0x410
[   75.555594][    C1]  dummy_timer+0x11f4/0x32a0
[   75.560205][    C1]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   75.566518][    C1]  ? dummy_dequeue+0x500/0x500
[   75.571504][    C1]  ? dummy_dequeue+0x500/0x500
[   75.576675][    C1]  call_timer_fn+0x1a5/0x6b0
[   75.581271][    C1]  ? add_timer_on+0x4a0/0x4a0
[   75.585956][    C1]  ? lock_downgrade+0x6e0/0x6e0
[   75.590837][    C1]  ? _find_next_bit+0x1e3/0x260
[   75.595704][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[   75.600909][    C1]  ? dummy_dequeue+0x500/0x500
[   75.605679][    C1]  __run_timers.part.0+0x67c/0xa50
[   75.610803][    C1]  ? call_timer_fn+0x6b0/0x6b0
[   75.615570][    C1]  ? lapic_next_event+0x4d/0x80
[   75.620432][    C1]  ? kvm_sched_clock_read+0x14/0x40
[   75.625630][    C1]  ? sched_clock_cpu+0x18/0x1f0
[   75.630488][    C1]  run_timer_softirq+0xb3/0x1d0
[   75.635352][    C1]  __do_softirq+0x29b/0x9f6
[   75.639901][    C1]  __irq_exit_rcu+0x136/0x200
[   75.644589][    C1]  irq_exit_rcu+0x5/0x20
[   75.648857][    C1]  sysvec_apic_timer_interrupt+0x93/0xc0
[   75.655371][    C1]  </IRQ>
[   75.659442][    C1]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   75.665452][    C1] RIP: 0010:_raw_spin_unlock_irq+0x25/0x40
[   75.671265][    C1] Code: 0f 1f 44 00 00 55 48 8b 74 24 08 48 89 fd 48 83 c7 18 e8 6e 5d 41 f8 48 89 ef e8 06 d6 41 f8 e8 61 ca 61 f8 fb bf 01 00 00 00 <e8> e6 cb 35 f8 65 8b 05 cf cd e8 76 85 c0 74 02 5d c3 e8 8b 23 e7
[   75.690981][    C1] RSP: 0018:ffffc9000163fed8 EFLAGS: 00000202
[   75.697051][    C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 1ffffffff1b92611
[   75.705029][    C1] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000001
[   75.712999][    C1] RBP: ffff8880b9d35640 R08: 0000000000000001 R09: 0000000000000001
[   75.720971][    C1] R10: ffffffff817aec78 R11: 0000000000000001 R12: ffff8880b9d35640
[   75.728943][    C1] R13: ffff888015fb54c0 R14: ffff888013bd9500 R15: ffff88802ce11c40
[   75.736921][    C1]  ? trace_hardirqs_on+0x38/0x1c0
[   75.741967][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[   75.747165][    C1]  finish_task_switch.isra.0+0x15d/0x810
[   75.752804][    C1]  ? finish_task_switch.isra.0+0x127/0x810
[   75.758762][    C1]  schedule_tail+0x7/0xd0
[   75.763123][    C1]  ret_from_fork+0x8/0x30
[   75.767459][    C1] 
[   75.769767][    C1] Allocated by task 27:
[   75.773900][    C1]  kasan_save_stack+0x1b/0x40
[   75.778766][    C1]  __kasan_kmalloc+0x9b/0xd0
[   75.783350][    C1]  si470x_usb_driver_probe+0x51/0xf30
[   75.788727][    C1]  usb_probe_interface+0x315/0x7f0
[   75.793828][    C1]  really_probe+0x291/0xf60
[   75.798334][    C1]  driver_probe_device+0x298/0x410
[   75.803445][    C1]  __device_attach_driver+0x203/0x2c0
[   75.808851][    C1]  bus_for_each_drv+0x15f/0x1e0
[   75.813784][    C1]  __device_attach+0x228/0x4b0
[   75.818559][    C1]  bus_probe_device+0x1e4/0x290
[   75.823402][    C1]  device_add+0xbe0/0x2100
[   75.827823][    C1]  usb_set_configuration+0x113f/0x1910
[   75.833297][    C1]  usb_generic_driver_probe+0xba/0x100
[   75.838754][    C1]  usb_probe_device+0xd9/0x2c0
[   75.843510][    C1]  really_probe+0x291/0xf60
[   75.848004][    C1]  driver_probe_device+0x298/0x410
[   75.853109][    C1]  __device_attach_driver+0x203/0x2c0
[   75.858472][    C1]  bus_for_each_drv+0x15f/0x1e0
[   75.863311][    C1]  __device_attach+0x228/0x4b0
[   75.868096][    C1]  bus_probe_device+0x1e4/0x290
[   75.872948][    C1]  device_add+0xbe0/0x2100
[   75.877356][    C1]  usb_new_device.cold+0x721/0x1058
[   75.882554][    C1]  hub_event+0x2357/0x4330
[   75.887007][    C1]  process_one_work+0x98d/0x1600
[   75.892041][    C1]  worker_thread+0x64c/0x1120
[   75.896713][    C1]  kthread+0x3b1/0x4a0
[   75.900790][    C1]  ret_from_fork+0x1f/0x30
[   75.905202][    C1] 
[   75.907517][    C1] Freed by task 27:
[   75.911308][    C1]  kasan_save_stack+0x1b/0x40
[   75.915991][    C1]  kasan_set_track+0x1c/0x30
[   75.920575][    C1]  kasan_set_free_info+0x20/0x30
[   75.925503][    C1]  __kasan_slab_free+0xfb/0x130
[   75.930343][    C1]  slab_free_freelist_hook+0xdf/0x240
[   75.935708][    C1]  kfree+0xe5/0x7f0
[   75.939518][    C1]  si470x_usb_driver_probe+0xb0f/0xf30
[   75.944966][    C1]  usb_probe_interface+0x315/0x7f0
[   75.950070][    C1]  really_probe+0x291/0xf60
[   75.954664][    C1]  driver_probe_device+0x298/0x410
[   75.959777][    C1]  __device_attach_driver+0x203/0x2c0
[   75.965148][    C1]  bus_for_each_drv+0x15f/0x1e0
[   75.970000][    C1]  __device_attach+0x228/0x4b0
[   75.974775][    C1]  bus_probe_device+0x1e4/0x290
[   75.979628][    C1]  device_add+0xbe0/0x2100
[   75.984056][    C1]  usb_set_configuration+0x113f/0x1910
[   75.989522][    C1]  usb_generic_driver_probe+0xba/0x100
[   75.994978][    C1]  usb_probe_device+0xd9/0x2c0
[   75.999756][    C1]  really_probe+0x291/0xf60
[   76.004249][    C1]  driver_probe_device+0x298/0x410
[   76.009349][    C1]  __device_attach_driver+0x203/0x2c0
[   76.014733][    C1]  bus_for_each_drv+0x15f/0x1e0
[   76.019588][    C1]  __device_attach+0x228/0x4b0
[   76.024344][    C1]  bus_probe_device+0x1e4/0x290
[   76.029187][    C1]  device_add+0xbe0/0x2100
[   76.033614][    C1]  usb_new_device.cold+0x721/0x1058
[   76.038830][    C1]  hub_event+0x2357/0x4330
[   76.043352][    C1]  process_one_work+0x98d/0x1600
[   76.048290][    C1]  worker_thread+0x64c/0x1120
[   76.052962][    C1]  kthread+0x3b1/0x4a0
[   76.057025][    C1]  ret_from_fork+0x1f/0x30
[   76.061436][    C1] 
[   76.063751][    C1] The buggy address belongs to the object at ffff88803231a000
[   76.063751][    C1]  which belongs to the cache kmalloc-4k of size 4096
[   76.077800][    C1] The buggy address is located 2880 bytes inside of
[   76.077800][    C1]  4096-byte region [ffff88803231a000, ffff88803231b000)
[   76.091255][    C1] The buggy address belongs to the page:
[   76.096913][    C1] page:ffffea0000c8c600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32318
[   76.107153][    C1] head:ffffea0000c8c600 order:3 compound_mapcount:0 compound_pincount:0
[   76.115497][    C1] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   76.123501][    C1] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888011042140
[   76.132084][    C1] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[   76.140670][    C1] page dumped because: kasan: bad access detected
[   76.147139][    C1] page_owner tracks the page as allocated
[   76.152931][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4860, ts 74724593590, free_ts 74689895942
[   76.171253][    C1]  get_page_from_freelist+0x1033/0x2b60
[   76.176824][    C1]  __alloc_pages+0x1b2/0x500
[   76.181416][    C1]  alloc_pages+0x18c/0x2a0
[   76.185842][    C1]  allocate_slab+0x2c5/0x4c0
[   76.190430][    C1]  ___slab_alloc+0x4a1/0x810
[   76.195018][    C1]  __slab_alloc.constprop.0+0xa7/0xf0
[   76.200384][    C1]  __kmalloc+0x315/0x330
[   76.204634][    C1]  tomoyo_realpath_from_path+0xc3/0x620
[   76.210172][    C1]  tomoyo_check_open_permission+0x272/0x380
[   76.216064][    C1]  tomoyo_file_open+0xa3/0xd0
[   76.220863][    C1]  security_file_open+0x52/0x4f0
[   76.225836][    C1]  do_dentry_open+0x358/0x11b0
[   76.230610][    C1]  path_openat+0x1c0e/0x27e0
[   76.235214][    C1]  do_filp_open+0x190/0x3d0
[   76.239723][    C1]  do_sys_openat2+0x16d/0x420
[   76.244392][    C1]  __x64_sys_open+0x119/0x1c0
[   76.249059][    C1] page last free stack trace:
[   76.253716][    C1]  __free_pages_ok+0x476/0xce0
[   76.258487][    C1]  unfreeze_partials+0x17c/0x1d0
[   76.263504][    C1]  put_cpu_partial+0x13d/0x230
[   76.268263][    C1]  qlist_free_all+0x5a/0xc0
[   76.272777][    C1]  kasan_quarantine_reduce+0x180/0x200
[   76.278249][    C1]  __kasan_slab_alloc+0x8e/0xa0
[   76.283090][    C1]  kmem_cache_alloc+0x219/0x3a0
[   76.287934][    C1]  getname_flags.part.0+0x50/0x4f0
[   76.293055][    C1]  getname+0x8e/0xd0
[   76.296948][    C1]  do_sys_openat2+0xf5/0x420
[   76.301633][    C1]  __x64_sys_open+0x119/0x1c0
[   76.306321][    C1]  do_syscall_64+0x3a/0xb0
[   76.310766][    C1]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   76.316675][    C1] 
[   76.318991][    C1] Memory state around the buggy address:
[   76.324698][    C1]  ffff88803231aa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.332857][    C1]  ffff88803231aa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.340918][    C1] >ffff88803231ab00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.348979][    C1]                                            ^
[   76.355143][    C1]  ffff88803231ab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.363220][    C1]  ffff88803231ac00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   76.371292][    C1] ==================================================================
[   76.379413][    C1] Disabling lock debugging due to kernel taint
[   76.385597][    C1] Kernel panic - not syncing: panic_on_warn set ...
[   76.392183][    C1] CPU: 1 PID: 8488 Comm: systemd-udevd Tainted: G    B             5.13.0-rc3-syzkaller #0
[   76.402150][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   76.412206][    C1] Call Trace:
[   76.415472][    C1]  <IRQ>
[   76.418319][    C1]  dump_stack+0x141/0x1d7
[   76.422655][    C1]  panic+0x306/0x73d
[   76.426584][    C1]  ? __warn_printk+0xf3/0xf3
[   76.431166][    C1]  ? si470x_int_in_callback.cold+0x96/0xbf
[   76.437062][    C1]  ? si470x_int_in_callback.cold+0x96/0xbf
[   76.442880][    C1]  end_report.cold+0x5a/0x5a
[   76.447547][    C1]  kasan_report.cold+0x6a/0xd8
[   76.452311][    C1]  ? si470x_int_in_callback.cold+0x96/0xbf
[   76.458195][    C1]  si470x_int_in_callback.cold+0x96/0xbf
[   76.463819][    C1]  ? __usb_hcd_giveback_urb+0x413/0x5c0
[   76.469371][    C1]  ? lock_downgrade+0x6e0/0x6e0
[   76.474215][    C1]  ? si470x_fops_read+0x790/0x790
[   76.479230][    C1]  __usb_hcd_giveback_urb+0x2b0/0x5c0
[   76.484611][    C1]  usb_hcd_giveback_urb+0x367/0x410
[   76.489837][    C1]  dummy_timer+0x11f4/0x32a0
[   76.494560][    C1]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   76.500580][    C1]  ? dummy_dequeue+0x500/0x500
[   76.505357][    C1]  ? dummy_dequeue+0x500/0x500
[   76.510130][    C1]  call_timer_fn+0x1a5/0x6b0
[   76.514736][    C1]  ? add_timer_on+0x4a0/0x4a0
[   76.519408][    C1]  ? lock_downgrade+0x6e0/0x6e0
[   76.524262][    C1]  ? _find_next_bit+0x1e3/0x260
[   76.529202][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[   76.534396][    C1]  ? dummy_dequeue+0x500/0x500
[   76.539159][    C1]  __run_timers.part.0+0x67c/0xa50
[   76.544268][    C1]  ? call_timer_fn+0x6b0/0x6b0
[   76.549042][    C1]  ? lapic_next_event+0x4d/0x80
[   76.553926][    C1]  ? kvm_sched_clock_read+0x14/0x40
[   76.559131][    C1]  ? sched_clock_cpu+0x18/0x1f0
[   76.563993][    C1]  run_timer_softirq+0xb3/0x1d0
[   76.568837][    C1]  __do_softirq+0x29b/0x9f6
[   76.573353][    C1]  __irq_exit_rcu+0x136/0x200
[   76.578047][    C1]  irq_exit_rcu+0x5/0x20
[   76.582282][    C1]  sysvec_apic_timer_interrupt+0x93/0xc0
[   76.587916][    C1]  </IRQ>
[   76.590859][    C1]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   76.596870][    C1] RIP: 0010:_raw_spin_unlock_irq+0x25/0x40
[   76.602756][    C1] Code: 0f 1f 44 00 00 55 48 8b 74 24 08 48 89 fd 48 83 c7 18 e8 6e 5d 41 f8 48 89 ef e8 06 d6 41 f8 e8 61 ca 61 f8 fb bf 01 00 00 00 <e8> e6 cb 35 f8 65 8b 05 cf cd e8 76 85 c0 74 02 5d c3 e8 8b 23 e7
[   76.622355][    C1] RSP: 0018:ffffc9000163fed8 EFLAGS: 00000202
[   76.628421][    C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 1ffffffff1b92611
[   76.636404][    C1] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000001
[   76.644483][    C1] RBP: ffff8880b9d35640 R08: 0000000000000001 R09: 0000000000000001
[   76.652460][    C1] R10: ffffffff817aec78 R11: 0000000000000001 R12: ffff8880b9d35640
[   76.660429][    C1] R13: ffff888015fb54c0 R14: ffff888013bd9500 R15: ffff88802ce11c40
[   76.668583][    C1]  ? trace_hardirqs_on+0x38/0x1c0
[   76.673626][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[   76.678812][    C1]  finish_task_switch.isra.0+0x15d/0x810
[   76.684441][    C1]  ? finish_task_switch.isra.0+0x127/0x810
[   76.690241][    C1]  schedule_tail+0x7/0xd0
[   76.694560][    C1]  ret_from_fork+0x8/0x30
[   76.699523][    C1] Kernel Offset: disabled
[   76.703863][    C1] Rebooting in 86400 seconds..