Starting Permit User Sessions...
Starting System Logging Service...
[�[0;32m OK �[0m] Started Daily apt download activities.
[�[0;32m OK �[0m] Started Daily apt upgrade and clean activities.
[�[0;32m OK �[0m] Reached target Timers.
[�[0;32m OK �[0m] Started Regular background program processing daemon.
[�[0;32m OK �[0m] Started System Logging Service.
[�[0;32m OK �[0m] Started Permit User Sessions.
[�[0;32m OK �[0m] Started OpenBSD Secure Shell server.
[�[0;32m OK �[0m] Started getty on tty2-tty6 if dbus and logind are not available.
[�[0;32m OK �[0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[�[0;32m OK �[0m] Started Getty on tty6.
[�[0;32m OK �[0m] Started Getty on tty5.
[�[0;32m OK �[0m] Started Getty on tty4.
[�[0;32m OK �[0m] Started Getty on tty3.
[�[0;32m OK �[0m] Started Getty on tty2.
[�[0;32m OK �[0m] Started Serial Getty on ttyS0.
[�[0;32m OK �[0m] Started Getty on tty1.
[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
Warning: Permanently added '10.128.0.80' (ECDSA) to the list of known hosts.
[ 81.067868][ T37] audit: type=1400 audit(1626169053.539:8): avc: denied { execmem } for pid=8450 comm="syz-executor480" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
Debian GNU/Linux 9 syzkaller ttyS0
syzkaller login: [ 82.421139][ T8452] chnl_net:caif_netlink_parms(): no params data found
[ 82.477964][ T8452] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.486388][ T8452] bridge0: port 1(bridge_slave_0) entered disabled state
[ 82.495835][ T8452] device bridge_slave_0 entered promiscuous mode
[ 82.505608][ T8452] bridge0: port 2(bridge_slave_1) entered blocking state
[ 82.513585][ T8452] bridge0: port 2(bridge_slave_1) entered disabled state
[ 82.522162][ T8452] device bridge_slave_1 entered promiscuous mode
[ 82.543930][ T8452] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 82.555008][ T8452] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 82.582208][ T8452] team0: Port device team_slave_0 added
[ 82.589441][ T8452] team0: Port device team_slave_1 added
[ 82.609428][ T8452] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 82.616806][ T8452] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 82.644361][ T8452] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 82.658477][ T8452] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 82.666344][ T8452] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 82.692556][ T8452] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 82.720982][ T8452] device hsr_slave_0 entered promiscuous mode
[ 82.727787][ T8452] device hsr_slave_1 entered promiscuous mode
[ 82.850208][ T8452] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 82.863707][ T8452] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 82.874287][ T8452] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 82.885543][ T8452] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 82.910940][ T8452] bridge0: port 2(bridge_slave_1) entered blocking state
[ 82.918073][ T8452] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 82.925998][ T8452] bridge0: port 1(bridge_slave_0) entered blocking state
[ 82.933151][ T8452] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 82.979104][ T8452] 8021q: adding VLAN 0 to HW filter on device bond0
[ 82.992789][ T3159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 83.005962][ T3159] bridge0: port 1(bridge_slave_0) entered disabled state
[ 83.014708][ T3159] bridge0: port 2(bridge_slave_1) entered disabled state
[ 83.023438][ T3159] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 83.038316][ T8452] 8021q: adding VLAN 0 to HW filter on device team0
[ 83.051525][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 83.059887][ T26] bridge0: port 1(bridge_slave_0) entered blocking state
[ 83.066986][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 83.079250][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 83.088200][ T26] bridge0: port 2(bridge_slave_1) entered blocking state
[ 83.095309][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 83.116287][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 83.126432][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 83.138144][ T8678] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 83.155561][ T8452] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 83.167236][ T8452] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 83.179379][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 83.188821][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 83.197636][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 83.220445][ T8452] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 83.229085][ T4562] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 83.237291][ T4562] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 83.261718][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 83.282204][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 83.290572][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 83.298361][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 83.309212][ T8452] device veth0_vlan entered promiscuous mode
[ 83.322405][ T8452] device veth1_vlan entered promiscuous mode
[ 83.345189][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 83.354414][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 83.363718][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 83.375885][ T8452] device veth0_macvtap entered promiscuous mode
[ 83.385616][ T8452] device veth1_macvtap entered promiscuous mode
[ 83.395667][ T4562] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 83.413721][ T8452] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 83.421600][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 83.430009][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 83.443895][ T8452] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 83.452359][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 83.461252][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 83.473532][ T8452] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.482565][ T8452] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.500786][ T8452] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.509492][ T8452] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 83.631535][ T29] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 83.639518][ T29] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 83.668245][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
executing program
[ 83.688451][ T167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 83.697495][ T167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 83.711217][ T3159] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 84.000781][ T3159] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 84.261971][ T26] Bluetooth: hci0: command 0x0409 tx timeout
[ 84.360991][ T3159] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[ 84.372230][ T3159] usb 1-1: New USB device found, idVendor=12cf, idProduct=7111, bcdDevice=44.11
[ 84.382562][ T3159] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 84.401175][ T3159] usb 1-1: config 0 descriptor??
[ 84.660756][ T3159] radio-si470x 1-1:0.0: DeviceID=0x0000 ChipID=0x0000
[ 84.667804][ T3159] radio-si470x 1-1:0.0: This driver is known to work with firmware version 12,
[ 84.680898][ T3159] radio-si470x 1-1:0.0: but the device has firmware version 0.
[ 84.880803][ T3159] radio-si470x 1-1:0.0: software version 0, hardware version 0
[ 84.888389][ T3159] radio-si470x 1-1:0.0: This driver is known to work with hardware version 1,
[ 84.897922][ T3159] radio-si470x 1-1:0.0: but the device has hardware version 0.
[ 84.906116][ T3159] radio-si470x 1-1:0.0: If you have some trouble using this driver,
[ 84.914561][ T3159] radio-si470x 1-1:0.0: please report to V4L ML at linux-media@vger.kernel.org
write to /proc/sys/net/core/bpf_jit_kallsyms failed: No such file or directory
write to /proc/sys/net/core/bpf_jit_harden failed: No such file or directory
[ 85.412075][ T29] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 85.441054][ T3159] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -110
[ 85.461040][ T3159] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -32
[ 85.469518][ T3159] radio-si470x: probe of 1-1:0.0 failed with error -22
write to /proc/sys/net/core/bpf_jit_kallsyms failed: No such file or directory
write to /proc/sys/net/core/bpf_jit_harden failed: No such file or directory
[ 88.073152][ T8452] syz-executor480 (8452) used greatest stack depth: 22672 bytes left
[ 88.080737][ C0] ==================================================================
[ 88.083452][ T4562] usb 1-1: USB disconnect, device number 2
[ 88.089446][ C0] BUG: KASAN: use-after-free in si470x_int_in_callback.cold+0x96/0xbf
[ 88.103380][ C0] Read of size 8 at addr ffff888037360b40 by task sshd/8448
[ 88.110673][ C0]
[ 88.113068][ C0] CPU: 0 PID: 8448 Comm: sshd Not tainted 5.14.0-rc1-syzkaller #0
[ 88.120895][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 88.130963][ C0] Call Trace:
[ 88.134251][ C0] <IRQ>
[ 88.137104][ C0] dump_stack_lvl+0xcd/0x134
[ 88.141724][ C0] print_address_description.constprop.0.cold+0x6c/0x2d6
[ 88.148771][ C0] ? si470x_int_in_callback.cold+0x96/0xbf
[ 88.154602][ C0] ? si470x_int_in_callback.cold+0x96/0xbf
[ 88.160429][ C0] kasan_report.cold+0x83/0xdf
[ 88.165300][ C0] ? si470x_int_in_callback.cold+0x96/0xbf
[ 88.171126][ C0] si470x_int_in_callback.cold+0x96/0xbf
[ 88.176787][ C0] ? __usb_hcd_giveback_urb+0x413/0x5c0
[ 88.182337][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 88.187175][ C0] ? si470x_fops_read+0x790/0x790
[ 88.192186][ C0] __usb_hcd_giveback_urb+0x2b0/0x5c0
[ 88.197546][ C0] usb_hcd_giveback_urb+0x367/0x410
[ 88.202731][ C0] dummy_timer+0x11f9/0x32b0
[ 88.207334][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 88.213305][ C0] ? lock_chain_count+0x20/0x20
[ 88.218149][ C0] ? dummy_dequeue+0x500/0x500
[ 88.222905][ C0] ? dummy_dequeue+0x500/0x500
[ 88.227654][ C0] call_timer_fn+0x1a5/0x6b0
[ 88.232238][ C0] ? add_timer_on+0x4a0/0x4a0
[ 88.236924][ C0] ? _raw_spin_unlock_irq+0x1f/0x40
[ 88.242116][ C0] ? dummy_dequeue+0x500/0x500
[ 88.246880][ C0] __run_timers.part.0+0x675/0xa50
[ 88.251994][ C0] ? call_timer_fn+0x6b0/0x6b0
[ 88.256742][ C0] ? lapic_next_event+0x4d/0x80
[ 88.261588][ C0] run_timer_softirq+0xb3/0x1d0
[ 88.266425][ C0] __do_softirq+0x29b/0x9c2
[ 88.270928][ C0] __irq_exit_rcu+0x16e/0x1c0
[ 88.275590][ C0] irq_exit_rcu+0x5/0x20
[ 88.279815][ C0] sysvec_apic_timer_interrupt+0x93/0xc0
[ 88.285446][ C0] </IRQ>
[ 88.288364][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 88.294333][ C0] RIP: 0010:deref_stack_reg+0x105/0x150
[ 88.299873][ C0] Code: 00 00 00 00 00 fc ff df 48 89 d9 48 89 ef e8 12 f9 ff ff 48 c1 e9 03 80 3c 11 00 75 31 48 89 03 b8 01 00 00 00 48 83 c4 08 5b <5d> 41 5c 41 5d c3 e8 f0 fb 86 00 e9 1f ff ff ff e8 f6 fb 86 00 e9
[ 88.319583][ C0] RSP: 0018:ffffc90001d47508 EFLAGS: 00000296
[ 88.325645][ C0] RAX: 0000000000000001 RBX: 1ffff920003a8ead RCX: 1ffff920003a8ec9
[ 88.333622][ C0] RDX: dffffc0000000000 RSI: ffffc90001d47f50 RDI: ffffc90001d47f50
[ 88.341592][ C0] RBP: ffffc90001d47f50 R08: ffffffff8e7c4608 R09: 0000000000000001
[ 88.349553][ C0] R10: fffff520003a8ecb R11: 0000000000086088 R12: ffffc90001d47600
[ 88.357529][ C0] R13: ffffc90001d40000 R14: ffffc90001d47600 R15: ffffffff8e7c460c
[ 88.365556][ C0] unwind_next_frame+0xcc3/0x1ce0
[ 88.370582][ C0] ? do_syscall_64+0x35/0xb0
[ 88.375180][ C0] ? deref_stack_reg+0x150/0x150
[ 88.380108][ C0] ? __unwind_start+0x51b/0x800
[ 88.384946][ C0] ? create_prof_cpu_mask+0x20/0x20
[ 88.390133][ C0] arch_stack_walk+0x7d/0xe0
[ 88.394742][ C0] ? entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 88.400812][ C0] stack_trace_save+0x8c/0xc0
[ 88.405496][ C0] ? stack_trace_consume_entry+0x160/0x160
[ 88.411297][ C0] ? __kmalloc_node_track_caller+0x38/0x60
[ 88.417089][ C0] ? tcp_sendmsg+0x2b/0x40
[ 88.421497][ C0] ? inet_sendmsg+0x99/0xe0
[ 88.425993][ C0] ? sock_sendmsg+0xcf/0x120
[ 88.430578][ C0] ? sock_write_iter+0x289/0x3c0
[ 88.435511][ C0] ? new_sync_write+0x426/0x650
[ 88.440380][ C0] ? vfs_write+0x75a/0xa40
[ 88.444800][ C0] ? ksys_write+0x1ee/0x250
[ 88.449294][ C0] ? do_syscall_64+0x35/0xb0
[ 88.453870][ C0] kasan_save_stack+0x1b/0x40
[ 88.458529][ C0] ? kasan_save_stack+0x1b/0x40
[ 88.463360][ C0] ? __kasan_kmalloc+0x98/0xc0
[ 88.468106][ C0] ? __alloc_skb+0xde/0x340
[ 88.472604][ C0] ? sk_stream_alloc_skb+0x109/0xc30
[ 88.477873][ C0] ? tcp_sendmsg_locked+0xc00/0x2e60
[ 88.483142][ C0] ? tcp_sendmsg+0x2b/0x40
[ 88.487545][ C0] ? inet_sendmsg+0x99/0xe0
[ 88.492051][ C0] ? sock_sendmsg+0xcf/0x120
[ 88.496625][ C0] ? sock_write_iter+0x289/0x3c0
[ 88.501546][ C0] ? new_sync_write+0x426/0x650
[ 88.506393][ C0] ? vfs_write+0x75a/0xa40
[ 88.510806][ C0] ? ksys_write+0x1ee/0x250
[ 88.515292][ C0] ? do_syscall_64+0x35/0xb0
[ 88.519880][ C0] ? cache_alloc_refill+0x30d/0x380
[ 88.525066][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 88.529914][ C0] ? find_held_lock+0x2d/0x110
[ 88.534662][ C0] ? rcu_read_lock_sched_held+0x3a/0x70
[ 88.540194][ C0] ? kmem_cache_alloc_node_trace+0x42a/0x5d0
[ 88.546183][ C0] ? rcu_read_lock_sched_held+0x3a/0x70
[ 88.551717][ C0] __kasan_kmalloc+0x98/0xc0
[ 88.556311][ C0] __alloc_skb+0xde/0x340
[ 88.560638][ C0] sk_stream_alloc_skb+0x109/0xc30
[ 88.565735][ C0] ? tcp_send_mss+0x164/0x2b0
[ 88.570406][ C0] ? __sanitizer_cov_trace_cmp4+0x1c/0x70
[ 88.576110][ C0] tcp_sendmsg_locked+0xc00/0x2e60
[ 88.581248][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 88.586089][ C0] ? tcp_remove_empty_skb+0x8a0/0x8a0
[ 88.591462][ C0] ? mark_held_locks+0x9f/0xe0
[ 88.596219][ C0] ? __local_bh_enable_ip+0xa0/0x120
[ 88.601492][ C0] tcp_sendmsg+0x2b/0x40
[ 88.605730][ C0] inet_sendmsg+0x99/0xe0
[ 88.610087][ C0] ? inet_send_prepare+0x4e0/0x4e0
[ 88.615216][ C0] sock_sendmsg+0xcf/0x120
[ 88.619617][ C0] sock_write_iter+0x289/0x3c0
[ 88.624368][ C0] ? sock_sendmsg+0x120/0x120
[ 88.629057][ C0] ? file_has_perm+0x25a/0x340
[ 88.633818][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 88.640049][ C0] new_sync_write+0x426/0x650
[ 88.644751][ C0] ? new_sync_read+0x6e0/0x6e0
[ 88.649541][ C0] ? selinux_file_permission+0x36/0x520
[ 88.655091][ C0] vfs_write+0x75a/0xa40
[ 88.659322][ C0] ksys_write+0x1ee/0x250
[ 88.663667][ C0] ? __ia32_sys_read+0xb0/0xb0
[ 88.668429][ C0] ? syscall_enter_from_user_mode+0x21/0x70
[ 88.674312][ C0] do_syscall_64+0x35/0xb0
[ 88.678712][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 88.684591][ C0] RIP: 0033:0x7f045de9a970
[ 88.688992][ C0] Code: 73 01 c3 48 8b 0d 28 d5 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 99 2d 2c 00 00 75 10 b8 01 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 7e 9b 01 00 48 89 04 24
[ 88.708611][ C0] RSP: 002b:00007ffd0d6f2958 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 88.717014][ C0] RAX: ffffffffffffffda RBX: 0000000000000048 RCX: 00007f045de9a970
[ 88.724974][ C0] RDX: 0000000000000048 RSI: 000056259510f478 RDI: 0000000000000003
[ 88.732933][ C0] RBP: 000056259510ce90 R08: 0000000000000058 R09: 00007ffd0d783080
[ 88.740981][ C0] R10: 00007ffd0d7830f0 R11: 0000000000000246 R12: 0000000000000001
[ 88.749028][ C0] R13: 00007ffd0d6f29ef R14: 0000562593e7bbe7 R15: 0000000000000003
[ 88.757001][ C0]
[ 88.759311][ C0] Allocated by task 3159:
[ 88.763617][ C0] kasan_save_stack+0x1b/0x40
[ 88.768283][ C0] __kasan_kmalloc+0x98/0xc0
[ 88.772855][ C0] kmem_cache_alloc_trace+0x1e4/0x480
[ 88.778294][ C0] si470x_usb_driver_probe+0x51/0xf90
[ 88.783874][ C0] usb_probe_interface+0x315/0x7f0
[ 88.789000][ C0] really_probe+0x23c/0xcd0
[ 88.793497][ C0] __driver_probe_device+0x338/0x4d0
[ 88.798788][ C0] driver_probe_device+0x4c/0x1a0
[ 88.803889][ C0] __device_attach_driver+0x20b/0x2f0
[ 88.809253][ C0] bus_for_each_drv+0x15f/0x1e0
[ 88.814132][ C0] __device_attach+0x228/0x4a0
[ 88.818886][ C0] bus_probe_device+0x1e4/0x290
[ 88.823738][ C0] device_add+0xc2f/0x2180
[ 88.828143][ C0] usb_set_configuration+0x113a/0x1910
[ 88.833585][ C0] usb_generic_driver_probe+0xba/0x100
[ 88.839059][ C0] usb_probe_device+0xd9/0x2c0
[ 88.843839][ C0] really_probe+0x23c/0xcd0
[ 88.848337][ C0] __driver_probe_device+0x338/0x4d0
[ 88.853650][ C0] driver_probe_device+0x4c/0x1a0
[ 88.858735][ C0] __device_attach_driver+0x20b/0x2f0
[ 88.864092][ C0] bus_for_each_drv+0x15f/0x1e0
[ 88.868930][ C0] __device_attach+0x228/0x4a0
[ 88.873682][ C0] bus_probe_device+0x1e4/0x290
[ 88.878535][ C0] device_add+0xc2f/0x2180
[ 88.882956][ C0] usb_new_device.cold+0x63f/0x108e
[ 88.888139][ C0] hub_event+0x2357/0x4330
[ 88.892593][ C0] process_one_work+0x98d/0x1630
[ 88.897520][ C0] worker_thread+0x658/0x11f0
[ 88.902183][ C0] kthread+0x3e5/0x4d0
[ 88.906275][ C0] ret_from_fork+0x1f/0x30
[ 88.910675][ C0]
[ 88.912977][ C0] Freed by task 3159:
[ 88.916932][ C0] kasan_save_stack+0x1b/0x40
[ 88.921592][ C0] kasan_set_track+0x1c/0x30
[ 88.926163][ C0] kasan_set_free_info+0x20/0x30
[ 88.931080][ C0] __kasan_slab_free+0xcd/0x100
[ 88.936034][ C0] kfree+0x106/0x2c0
[ 88.939918][ C0] si470x_usb_driver_probe+0xb3d/0xf90
[ 88.945375][ C0] usb_probe_interface+0x315/0x7f0
[ 88.950492][ C0] really_probe+0x23c/0xcd0
[ 88.955004][ C0] __driver_probe_device+0x338/0x4d0
[ 88.960294][ C0] driver_probe_device+0x4c/0x1a0
[ 88.965303][ C0] __device_attach_driver+0x20b/0x2f0
[ 88.970658][ C0] bus_for_each_drv+0x15f/0x1e0
[ 88.975501][ C0] __device_attach+0x228/0x4a0
[ 88.980246][ C0] bus_probe_device+0x1e4/0x290
[ 88.985077][ C0] device_add+0xc2f/0x2180
[ 88.989474][ C0] usb_set_configuration+0x113a/0x1910
[ 88.994913][ C0] usb_generic_driver_probe+0xba/0x100
[ 89.000361][ C0] usb_probe_device+0xd9/0x2c0
[ 89.005126][ C0] really_probe+0x23c/0xcd0
[ 89.009615][ C0] __driver_probe_device+0x338/0x4d0
[ 89.014884][ C0] driver_probe_device+0x4c/0x1a0
[ 89.019889][ C0] __device_attach_driver+0x20b/0x2f0
[ 89.025243][ C0] bus_for_each_drv+0x15f/0x1e0
[ 89.030092][ C0] __device_attach+0x228/0x4a0
[ 89.034839][ C0] bus_probe_device+0x1e4/0x290
[ 89.039671][ C0] device_add+0xc2f/0x2180
[ 89.044068][ C0] usb_new_device.cold+0x63f/0x108e
[ 89.049253][ C0] hub_event+0x2357/0x4330
[ 89.053662][ C0] process_one_work+0x98d/0x1630
[ 89.058586][ C0] worker_thread+0x658/0x11f0
[ 89.063246][ C0] kthread+0x3e5/0x4d0
[ 89.067296][ C0] ret_from_fork+0x1f/0x30
[ 89.071705][ C0]
[ 89.074009][ C0] The buggy address belongs to the object at ffff888037360000
[ 89.074009][ C0] which belongs to the cache kmalloc-4k of size 4096
[ 89.088051][ C0] The buggy address is located 2880 bytes inside of
[ 89.088051][ C0] 4096-byte region [ffff888037360000, ffff888037361000)
[ 89.101496][ C0] The buggy address belongs to the page:
[ 89.107104][ C0] page:ffffea0000dcd800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x37360
[ 89.117234][ C0] head:ffffea0000dcd800 order:1 compound_mapcount:0
[ 89.123811][ C0] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 89.131794][ C0] raw: 00fff00000010200 ffffea0000c45908 ffffea0000bb1508 ffff888010840900
[ 89.140359][ C0] raw: 0000000000000000 ffff888037360000 0000000100000001 0000000000000000
[ 89.148919][ C0] page dumped because: kasan: bad access detected
[ 89.155308][ C0] page_owner tracks the page as allocated
[ 89.160999][ C0] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x2420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 3159, ts 84444838096, free_ts 84301687828
[ 89.178778][ C0] get_page_from_freelist+0xa72/0x2f80
[ 89.184233][ C0] __alloc_pages+0x1b2/0x500
[ 89.188817][ C0] cache_grow_begin+0x75/0x460
[ 89.193584][ C0] cache_alloc_refill+0x27f/0x380
[ 89.198592][ C0] kmem_cache_alloc_trace+0x38c/0x480
[ 89.203943][ C0] si470x_usb_driver_probe+0x51/0xf90
[ 89.209312][ C0] usb_probe_interface+0x315/0x7f0
[ 89.214406][ C0] really_probe+0x23c/0xcd0
[ 89.218893][ C0] __driver_probe_device+0x338/0x4d0
[ 89.224170][ C0] driver_probe_device+0x4c/0x1a0
[ 89.229175][ C0] __device_attach_driver+0x20b/0x2f0
[ 89.234529][ C0] bus_for_each_drv+0x15f/0x1e0
[ 89.239361][ C0] __device_attach+0x228/0x4a0
[ 89.244108][ C0] bus_probe_device+0x1e4/0x290
[ 89.248954][ C0] device_add+0xc2f/0x2180
[ 89.253368][ C0] usb_set_configuration+0x113a/0x1910
[ 89.258811][ C0] page last free stack trace:
[ 89.263481][ C0] free_pcp_prepare+0x2c5/0x780
[ 89.268332][ C0] free_unref_page+0x19/0x690
[ 89.272991][ C0] slabs_destroy+0x89/0xc0
[ 89.277387][ C0] ___cache_free+0x4ba/0x600
[ 89.281961][ C0] qlist_free_all+0x4e/0x110
[ 89.286534][ C0] kasan_quarantine_reduce+0x180/0x200
[ 89.291996][ C0] __kasan_slab_alloc+0x8b/0xa0
[ 89.296847][ C0] __kmalloc+0x284/0x4d0
[ 89.301070][ C0] tomoyo_realpath_from_path+0xc3/0x620
[ 89.306609][ C0] tomoyo_path_number_perm+0x1d5/0x590
[ 89.312052][ C0] security_file_ioctl+0x50/0xb0
[ 89.316974][ C0] __x64_sys_ioctl+0xb3/0x200
[ 89.321632][ C0] do_syscall_64+0x35/0xb0
[ 89.326033][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 89.331910][ C0]
[ 89.334212][ C0] Memory state around the buggy address:
[ 89.339826][ C0] ffff888037360a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 89.347872][ C0] ffff888037360a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 89.355916][ C0] >ffff888037360b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 89.363954][ C0] ^
[ 89.370085][ C0] ffff888037360b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 89.378143][ C0] ffff888037360c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 89.386298][ C0] ==================================================================
[ 89.394343][ C0] Disabling lock debugging due to kernel taint
[ 89.400474][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 89.407104][ C0] CPU: 0 PID: 8448 Comm: sshd Tainted: G B 5.14.0-rc1-syzkaller #0
[ 89.416455][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 89.426490][ C0] Call Trace:
[ 89.429762][ C0] <IRQ>
[ 89.432591][ C0] dump_stack_lvl+0xcd/0x134
[ 89.437172][ C0] panic+0x306/0x73d
[ 89.441046][ C0] ? __warn_printk+0xf3/0xf3
[ 89.445617][ C0] ? si470x_int_in_callback.cold+0x96/0xbf
[ 89.451405][ C0] ? si470x_int_in_callback.cold+0x96/0xbf
[ 89.457196][ C0] end_report.cold+0x5a/0x5a
[ 89.461786][ C0] kasan_report.cold+0x71/0xdf
[ 89.466544][ C0] ? si470x_int_in_callback.cold+0x96/0xbf
[ 89.472349][ C0] si470x_int_in_callback.cold+0x96/0xbf
[ 89.477962][ C0] ? __usb_hcd_giveback_urb+0x413/0x5c0
[ 89.483629][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 89.488514][ C0] ? si470x_fops_read+0x790/0x790
[ 89.493537][ C0] __usb_hcd_giveback_urb+0x2b0/0x5c0
[ 89.498902][ C0] usb_hcd_giveback_urb+0x367/0x410
[ 89.504084][ C0] dummy_timer+0x11f9/0x32b0
[ 89.508667][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 89.514631][ C0] ? lock_chain_count+0x20/0x20
[ 89.519465][ C0] ? dummy_dequeue+0x500/0x500
[ 89.524207][ C0] ? dummy_dequeue+0x500/0x500
[ 89.528962][ C0] call_timer_fn+0x1a5/0x6b0
[ 89.533535][ C0] ? add_timer_on+0x4a0/0x4a0
[ 89.538202][ C0] ? _raw_spin_unlock_irq+0x1f/0x40
[ 89.543383][ C0] ? dummy_dequeue+0x500/0x500
[ 89.548125][ C0] __run_timers.part.0+0x675/0xa50
[ 89.553219][ C0] ? call_timer_fn+0x6b0/0x6b0
[ 89.557975][ C0] ? lapic_next_event+0x4d/0x80
[ 89.562814][ C0] run_timer_softirq+0xb3/0x1d0
[ 89.567658][ C0] __do_softirq+0x29b/0x9c2
[ 89.572144][ C0] __irq_exit_rcu+0x16e/0x1c0
[ 89.576800][ C0] irq_exit_rcu+0x5/0x20
[ 89.581023][ C0] sysvec_apic_timer_interrupt+0x93/0xc0
[ 89.586728][ C0] </IRQ>
[ 89.589649][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 89.595623][ C0] RIP: 0010:deref_stack_reg+0x105/0x150
[ 89.601168][ C0] Code: 00 00 00 00 00 fc ff df 48 89 d9 48 89 ef e8 12 f9 ff ff 48 c1 e9 03 80 3c 11 00 75 31 48 89 03 b8 01 00 00 00 48 83 c4 08 5b <5d> 41 5c 41 5d c3 e8 f0 fb 86 00 e9 1f ff ff ff e8 f6 fb 86 00 e9
[ 89.620754][ C0] RSP: 0018:ffffc90001d47508 EFLAGS: 00000296
[ 89.626815][ C0] RAX: 0000000000000001 RBX: 1ffff920003a8ead RCX: 1ffff920003a8ec9
[ 89.634767][ C0] RDX: dffffc0000000000 RSI: ffffc90001d47f50 RDI: ffffc90001d47f50
[ 89.642722][ C0] RBP: ffffc90001d47f50 R08: ffffffff8e7c4608 R09: 0000000000000001
[ 89.650680][ C0] R10: fffff520003a8ecb R11: 0000000000086088 R12: ffffc90001d47600
[ 89.658645][ C0] R13: ffffc90001d40000 R14: ffffc90001d47600 R15: ffffffff8e7c460c
[ 89.666601][ C0] unwind_next_frame+0xcc3/0x1ce0
[ 89.671621][ C0] ? do_syscall_64+0x35/0xb0
[ 89.676209][ C0] ? deref_stack_reg+0x150/0x150
[ 89.681135][ C0] ? __unwind_start+0x51b/0x800
[ 89.685974][ C0] ? create_prof_cpu_mask+0x20/0x20
[ 89.691156][ C0] arch_stack_walk+0x7d/0xe0
[ 89.695733][ C0] ? entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 89.701786][ C0] stack_trace_save+0x8c/0xc0
[ 89.706446][ C0] ? stack_trace_consume_entry+0x160/0x160
[ 89.712244][ C0] ? __kmalloc_node_track_caller+0x38/0x60
[ 89.718124][ C0] ? tcp_sendmsg+0x2b/0x40
[ 89.722536][ C0] ? inet_sendmsg+0x99/0xe0
[ 89.727022][ C0] ? sock_sendmsg+0xcf/0x120
[ 89.731592][ C0] ? sock_write_iter+0x289/0x3c0
[ 89.736512][ C0] ? new_sync_write+0x426/0x650
[ 89.741359][ C0] ? vfs_write+0x75a/0xa40
[ 89.745757][ C0] ? ksys_write+0x1ee/0x250
[ 89.750255][ C0] ? do_syscall_64+0x35/0xb0
[ 89.754836][ C0] kasan_save_stack+0x1b/0x40
[ 89.759502][ C0] ? kasan_save_stack+0x1b/0x40
[ 89.764336][ C0] ? __kasan_kmalloc+0x98/0xc0
[ 89.769087][ C0] ? __alloc_skb+0xde/0x340
[ 89.773584][ C0] ? sk_stream_alloc_skb+0x109/0xc30
[ 89.778852][ C0] ? tcp_sendmsg_locked+0xc00/0x2e60
[ 89.784121][ C0] ? tcp_sendmsg+0x2b/0x40
[ 89.788524][ C0] ? inet_sendmsg+0x99/0xe0
[ 89.793010][ C0] ? sock_sendmsg+0xcf/0x120
[ 89.797617][ C0] ? sock_write_iter+0x289/0x3c0
[ 89.802648][ C0] ? new_sync_write+0x426/0x650
[ 89.807479][ C0] ? vfs_write+0x75a/0xa40
[ 89.811875][ C0] ? ksys_write+0x1ee/0x250
[ 89.816380][ C0] ? do_syscall_64+0x35/0xb0
[ 89.820955][ C0] ? cache_alloc_refill+0x30d/0x380
[ 89.826146][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 89.830978][ C0] ? find_held_lock+0x2d/0x110
[ 89.835736][ C0] ? rcu_read_lock_sched_held+0x3a/0x70
[ 89.841264][ C0] ? kmem_cache_alloc_node_trace+0x42a/0x5d0
[ 89.847223][ C0] ? rcu_read_lock_sched_held+0x3a/0x70
[ 89.852753][ C0] __kasan_kmalloc+0x98/0xc0
[ 89.857324][ C0] __alloc_skb+0xde/0x340
[ 89.861635][ C0] sk_stream_alloc_skb+0x109/0xc30
[ 89.866729][ C0] ? tcp_send_mss+0x164/0x2b0
[ 89.871385][ C0] ? __sanitizer_cov_trace_cmp4+0x1c/0x70
[ 89.877084][ C0] tcp_sendmsg_locked+0xc00/0x2e60
[ 89.882177][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 89.887007][ C0] ? tcp_remove_empty_skb+0x8a0/0x8a0
[ 89.892374][ C0] ? mark_held_locks+0x9f/0xe0
[ 89.897126][ C0] ? __local_bh_enable_ip+0xa0/0x120
[ 89.902405][ C0] tcp_sendmsg+0x2b/0x40
[ 89.906629][ C0] inet_sendmsg+0x99/0xe0
[ 89.910940][ C0] ? inet_send_prepare+0x4e0/0x4e0
[ 89.916046][ C0] sock_sendmsg+0xcf/0x120
[ 89.920443][ C0] sock_write_iter+0x289/0x3c0
[ 89.925214][ C0] ? sock_sendmsg+0x120/0x120
[ 89.929889][ C0] ? file_has_perm+0x25a/0x340
[ 89.934633][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 89.940869][ C0] new_sync_write+0x426/0x650
[ 89.945533][ C0] ? new_sync_read+0x6e0/0x6e0
[ 89.950278][ C0] ? selinux_file_permission+0x36/0x520
[ 89.955981][ C0] vfs_write+0x75a/0xa40
[ 89.960217][ C0] ksys_write+0x1ee/0x250
[ 89.964534][ C0] ? __ia32_sys_read+0xb0/0xb0
[ 89.969280][ C0] ? syscall_enter_from_user_mode+0x21/0x70
[ 89.975173][ C0] do_syscall_64+0x35/0xb0
[ 89.979568][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 89.985442][ C0] RIP: 0033:0x7f045de9a970
[ 89.989838][ C0] Code: 73 01 c3 48 8b 0d 28 d5 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 99 2d 2c 00 00 75 10 b8 01 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 7e 9b 01 00 48 89 04 24
[ 90.009426][ C0] RSP: 002b:00007ffd0d6f2958 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 90.017837][ C0] RAX: ffffffffffffffda RBX: 0000000000000048 RCX: 00007f045de9a970
[ 90.025795][ C0] RDX: 0000000000000048 RSI: 000056259510f478 RDI: 0000000000000003
[ 90.033749][ C0] RBP: 000056259510ce90 R08: 0000000000000058 R09: 00007ffd0d783080
[ 90.041715][ C0] R10: 00007ffd0d7830f0 R11: 0000000000000246 R12: 0000000000000001
[ 90.049679][ C0] R13: 00007ffd0d6f29ef R14: 0000562593e7bbe7 R15: 0000000000000003
[ 90.058586][ C0] Kernel Offset: disabled
[ 90.062904][ C0] Rebooting in 86400 seconds..