[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 14.970709][ C1] random: crng init done
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 24.702498][ T1737] can: request_module (can-proto-0) failed.
[ 24.751712][ T1737] can: request_module (can-proto-0) failed.
Warning: Permanently added '10.128.0.253' (ECDSA) to the list of known hosts.
2019/11/19 09:08:42 parsed 1 programs
2019/11/19 09:08:42 executed programs: 0
[ 31.507065][ T1858] cgroup1: Unknown subsys name 'perf_event'
[ 31.514072][ T1858] cgroup1: Unknown subsys name 'net_cls'
[ 31.515564][ T1862] cgroup1: Unknown subsys name 'perf_event'
[ 31.521080][ T1860] cgroup1: Unknown subsys name 'perf_event'
[ 31.526321][ T1862] cgroup1: Unknown subsys name 'net_cls'
[ 31.536645][ T1860] cgroup1: Unknown subsys name 'net_cls'
[ 31.550326][ T1867] cgroup1: Unknown subsys name 'perf_event'
[ 31.557672][ T1868] cgroup1: Unknown subsys name 'perf_event'
[ 31.557675][ T1870] cgroup1: Unknown subsys name 'perf_event'
[ 31.557946][ T1870] cgroup1: Unknown subsys name 'net_cls'
[ 31.563839][ T1868] cgroup1: Unknown subsys name 'net_cls'
[ 31.594570][ T1867] cgroup1: Unknown subsys name 'net_cls'
[ 34.804759][ T2107] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 34.812720][ T5] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 34.874238][ T12] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 34.874943][ T22] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 34.881809][ T2853] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 34.914468][ T2864] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 35.044224][ T2107] usb 4-1: Using ep0 maxpacket: 16
[ 35.054394][ T5] usb 3-1: Using ep0 maxpacket: 16
[ 35.134277][ T2853] usb 5-1: Using ep0 maxpacket: 16
[ 35.134937][ T22] usb 1-1: Using ep0 maxpacket: 16
[ 35.139524][ T12] usb 6-1: Using ep0 maxpacket: 16
[ 35.154212][ T2864] usb 2-1: Using ep0 maxpacket: 16
[ 35.164843][ T2107] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 35.175232][ T2107] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[ 35.186268][ T2107] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 1280, setting to 1024
[ 35.197403][ T2107] usb 4-1: New USB device found, idVendor=12cf, idProduct=7111, bcdDevice=48.08
[ 35.206477][ T2107] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 35.214532][ T5] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 35.224914][ T5] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[ 35.235816][ T5] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 1280, setting to 1024
[ 35.246993][ T5] usb 3-1: New USB device found, idVendor=12cf, idProduct=7111, bcdDevice=48.08
[ 35.256054][ T5] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 35.265260][ T22] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 35.266026][ T2107] usb 4-1: config 0 descriptor??
[ 35.279138][ T22] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[ 35.281632][ T5] usb 3-1: config 0 descriptor??
[ 35.291353][ T22] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 1280, setting to 1024
[ 35.291381][ T22] usb 1-1: New USB device found, idVendor=12cf, idProduct=7111, bcdDevice=48.08
[ 35.291395][ T22] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 35.304464][ T22] usb 1-1: config 0 descriptor??
[ 35.308607][ T2853] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 35.340706][ T12] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 35.350891][ T2864] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 35.363977][ T2864] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[ 35.375021][ T2864] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 1280, setting to 1024
[ 35.386293][ T2864] usb 2-1: New USB device found, idVendor=12cf, idProduct=7111, bcdDevice=48.08
[ 35.395422][ T2864] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 35.405573][ T12] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[ 35.416510][ T12] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 1280, setting to 1024
[ 35.427619][ T12] usb 6-1: New USB device found, idVendor=12cf, idProduct=7111, bcdDevice=48.08
[ 35.436800][ T12] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 35.445602][ T2853] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[ 35.456532][ T2853] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 1280, setting to 1024
[ 35.467640][ T2853] usb 5-1: New USB device found, idVendor=12cf, idProduct=7111, bcdDevice=48.08
[ 35.476696][ T2853] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 35.486659][ T2864] usb 2-1: config 0 descriptor??
[ 35.492304][ T12] usb 6-1: config 0 descriptor??
[ 35.498356][ T2853] usb 5-1: config 0 descriptor??
[ 35.534403][ T2107] radio-si470x 4-1:0.0: DeviceID=0x92e4 ChipID=0xd581
[ 35.574299][ T22] radio-si470x 1-1:0.0: DeviceID=0x65af ChipID=0xd481
[ 35.604443][ T5] radio-si470x 3-1:0.0: DeviceID=0x95e4 ChipID=0xd581
[ 35.744358][ T2864] radio-si470x 2-1:0.0: DeviceID=0x9ae4 ChipID=0xd581
[ 35.751279][ T2853] radio-si470x 5-1:0.0: DeviceID=0x9fe4 ChipID=0xd581
[ 35.758190][ T2107] radio-si470x 4-1:0.0: software version 146, hardware version 228
[ 35.766223][ T12] radio-si470x 6-1:0.0: DeviceID=0x9ce4 ChipID=0xd581
[ 35.794817][ T22] radio-si470x 1-1:0.0: software version 101, hardware version 175
[ 35.824352][ T5] radio-si470x 3-1:0.0: software version 149, hardware version 228
[ 35.964425][ T12] radio-si470x 6-1:0.0: software version 156, hardware version 228
[ 35.972492][ T2864] radio-si470x 2-1:0.0: software version 154, hardware version 228
[ 35.980482][ T2853] radio-si470x 5-1:0.0: software version 159, hardware version 228
[ 35.988543][ T2107] radio-si470x 4-1:0.0: si470x_set_report: usb_control_msg returned -71
[ 36.014248][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71)
[ 36.014297][ T22] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -71
[ 36.021041][ T2107] radio-si470x 4-1:0.0: si470x_set_report: usb_control_msg returned -71
[ 36.038033][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71)
[ 36.044195][ C1] radio-si470x 1-1:0.0: non-zero urb status (-71)
[ 36.044657][ T5] radio-si470x 3-1:0.0: si470x_set_report: usb_control_msg returned -71
[ 36.051511][ T22] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -71
[ 36.059481][ T2107] radio-si470x: probe of 4-1:0.0 failed with error -22
[ 36.067770][ C1] radio-si470x 1-1:0.0: non-zero urb status (-71)
[ 36.067937][ C0] ==================================================================
[ 36.067995][ C0] BUG: KASAN: use-after-free in si470x_int_in_callback.cold+0x27/0xbe
[ 36.068004][ C0] Read of size 8 at addr ffff8881d2fceab0 by task kworker/0:2/2107
[ 36.068007][ C0]
[ 36.068019][ C0] CPU: 0 PID: 2107 Comm: kworker/0:2 Not tainted 5.4.0-rc3-syzkaller #0
[ 36.068025][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 36.068037][ C0] Workqueue: usb_hub_wq hub_event
[ 36.068053][ C0] Call Trace:
[ 36.068061][ C0]
[ 36.068077][ C0] dump_stack+0xca/0x13e
[ 36.068090][ C0] ? si470x_int_in_callback.cold+0x27/0xbe
[ 36.068104][ C0] ? si470x_int_in_callback.cold+0x27/0xbe
[ 36.068118][ C0] print_address_description.constprop.0+0x36/0x50
[ 36.068132][ C0] ? si470x_int_in_callback.cold+0x27/0xbe
[ 36.068145][ C0] ? si470x_int_in_callback.cold+0x27/0xbe
[ 36.068156][ C0] __kasan_report.cold+0x1a/0x33
[ 36.068170][ C0] ? si470x_int_in_callback.cold+0x27/0xbe
[ 36.068181][ C0] kasan_report+0xe/0x20
[ 36.068194][ C0] si470x_int_in_callback.cold+0x27/0xbe
[ 36.068207][ C0] ? usb_hcd_unmap_urb_for_dma+0x105/0x9b0
[ 36.068220][ C0] __usb_hcd_giveback_urb+0x1f2/0x470
[ 36.068234][ C0] usb_hcd_giveback_urb+0x368/0x420
[ 36.068246][ C0] dummy_timer+0x120f/0x2fa2
[ 36.068261][ C0] ? __lock_acquire+0x145e/0x3b60
[ 36.068274][ C0] ? find_held_lock+0x2d/0x110
[ 36.068287][ C0] ? debug_object_deactivate+0x1d9/0x320
[ 36.068300][ C0] ? mark_held_locks+0xe0/0xe0
[ 36.068312][ C0] ? dummy_udc_probe+0x930/0x930
[ 36.068325][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 36.068337][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 36.068350][ C0] call_timer_fn+0x179/0x650
[ 36.068362][ C0] ? dummy_udc_probe+0x930/0x930
[ 36.068375][ C0] ? msleep_interruptible+0x130/0x130
[ 36.068388][ C0] ? mark_held_locks+0x9f/0xe0
[ 36.068399][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 36.068412][ C0] ? _raw_spin_unlock_irq+0x24/0x30
[ 36.068423][ C0] ? dummy_udc_probe+0x930/0x930
[ 36.068436][ C0] run_timer_softirq+0x5e3/0x1490
[ 36.068449][ C0] ? add_timer+0x7a0/0x7a0
[ 36.068461][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 36.068473][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 36.068486][ C0] ? mark_held_locks+0x9f/0xe0
[ 36.068499][ C0] __do_softirq+0x221/0x912
[ 36.068512][ C0] irq_exit+0x178/0x1a0
[ 36.068525][ C0] smp_apic_timer_interrupt+0x12f/0x500
[ 36.068537][ C0] apic_timer_interrupt+0xf/0x20
[ 36.068545][ C0]
[ 36.068559][ C0] RIP: 0010:vprintk_emit+0x3cd/0x3e0
[ 36.068572][ C0] Code: 00 83 fb ff 75 d6 e9 db fc ff ff e8 fd 7a 15 00 e8 78 a7 1a 00 41 56 9d e9 b1 fd ff ff e8 eb 7a 15 00 e8 66 a7 1a 00 41 56 9d 2a ff ff ff 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89
[ 36.068594][ C0] RSP: 0018:ffff8881cb01f238 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 36.068612][ C0] RAX: 0000000000000007 RBX: 0000000000000200 RCX: 0000000000000006
[ 36.068621][ C0] RDX: 0000000000000000 RSI: ffff8881cbfa08f0 RDI: ffff8881cbfa084c
[ 36.068632][ C0] RBP: ffff8881cb01f280 R08: ffff8881cbfa0000 R09: fffffbfff11b23ae
[ 36.068641][ C0] R10: fffffbfff11b23ad R11: ffffffff88d91d6f R12: 0000000000000034
[ 36.068651][ C0] R13: ffff8881da24e000 R14: 0000000000000293 R15: 0000000000000000
[ 36.068664][ C0] vprintk_func+0x75/0x113
[ 36.068676][ C0] printk+0xba/0xed
[ 36.068689][ C0] ? kmsg_dump_rewind_nolock+0xd9/0xd9
[ 36.068705][ C0] really_probe.cold+0x69/0x1de
[ 36.068718][ C0] driver_probe_device+0x104/0x210
[ 36.068735][ C0] __device_attach_driver+0x1c2/0x220
[ 36.068749][ C0] ? driver_allows_async_probing+0x160/0x160
[ 36.068762][ C0] bus_for_each_drv+0x162/0x1e0
[ 36.068774][ C0] ? bus_rescan_devices+0x20/0x20
[ 36.068786][ C0] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 36.068799][ C0] ? lockdep_hardirqs_on+0x382/0x580
[ 36.068812][ C0] __device_attach+0x217/0x360
[ 36.068827][ C0] ? device_bind_driver+0xd0/0xd0
[ 36.068836][ C0] ? kobject_uevent_env+0x29e/0x1150
[ 36.068846][ C0] ? kobject_uevent_env+0x2a8/0x1150
[ 36.068856][ C0] bus_probe_device+0x1e4/0x290
[ 36.068869][ C0] ? blocking_notifier_call_chain+0x54/0xa0
[ 36.068878][ C0] device_add+0xae6/0x16f0
[ 36.068888][ C0] ? uevent_store+0x50/0x50
[ 36.068898][ C0] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 36.068910][ C0] usb_set_configuration+0xdf6/0x1670
[ 36.068923][ C0] generic_probe+0x9d/0xd5
[ 36.068935][ C0] usb_probe_device+0x99/0x100
[ 36.068946][ C0] ? usb_suspend+0x620/0x620
[ 36.068956][ C0] really_probe+0x281/0x6d0
[ 36.068966][ C0] driver_probe_device+0x104/0x210
[ 36.068980][ C0] __device_attach_driver+0x1c2/0x220
[ 36.068993][ C0] ? driver_allows_async_probing+0x160/0x160
[ 36.069006][ C0] bus_for_each_drv+0x162/0x1e0
[ 36.069018][ C0] ? bus_rescan_devices+0x20/0x20
[ 36.069030][ C0] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 36.069043][ C0] ? lockdep_hardirqs_on+0x382/0x580
[ 36.069056][ C0] __device_attach+0x217/0x360
[ 36.069069][ C0] ? device_bind_driver+0xd0/0xd0
[ 36.069081][ C0] ? kobject_uevent_env+0x29e/0x1150
[ 36.069093][ C0] ? kobject_uevent_env+0x2a8/0x1150
[ 36.069106][ C0] bus_probe_device+0x1e4/0x290
[ 36.069119][ C0] ? blocking_notifier_call_chain+0x54/0xa0
[ 36.069131][ C0] device_add+0xae6/0x16f0
[ 36.069143][ C0] ? uevent_store+0x50/0x50
[ 36.069155][ C0] usb_new_device.cold+0x6a4/0xe79
[ 36.069167][ C0] hub_event+0x1dd0/0x37e0
[ 36.069179][ C0] ? hub_port_debounce+0x260/0x260
[ 36.069192][ C0] ? find_held_lock+0x2d/0x110
[ 36.069205][ C0] ? mark_held_locks+0xe0/0xe0
[ 36.069217][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 36.069229][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 36.069244][ C0] process_one_work+0x92b/0x1530
[ 36.069257][ C0] ? pwq_dec_nr_in_flight+0x310/0x310
[ 36.069269][ C0] ? do_raw_spin_lock+0x11a/0x280
[ 36.069281][ C0] worker_thread+0x96/0xe20
[ 36.069294][ C0] ? process_one_work+0x1530/0x1530
[ 36.069305][ C0] kthread+0x318/0x420
[ 36.069317][ C0] ? kthread_create_on_node+0xf0/0xf0
[ 36.069329][ C0] ret_from_fork+0x24/0x30
[ 36.069336][ C0]
[ 36.069345][ C0] Allocated by task 2107:
[ 36.069358][ C0] save_stack+0x1b/0x80
[ 36.069371][ C0] __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 36.069383][ C0] si470x_usb_driver_probe+0x51/0xf50
[ 36.069396][ C0] usb_probe_interface+0x305/0x7a0
[ 36.069408][ C0] really_probe+0x281/0x6d0
[ 36.069421][ C0] driver_probe_device+0x104/0x210
[ 36.069433][ C0] __device_attach_driver+0x1c2/0x220
[ 36.069445][ C0] bus_for_each_drv+0x162/0x1e0
[ 36.069457][ C0] __device_attach+0x217/0x360
[ 36.069469][ C0] bus_probe_device+0x1e4/0x290
[ 36.069480][ C0] device_add+0xae6/0x16f0
[ 36.069493][ C0] usb_set_configuration+0xdf6/0x1670
[ 36.069505][ C0] generic_probe+0x9d/0xd5
[ 36.069517][ C0] usb_probe_device+0x99/0x100
[ 36.069529][ C0] really_probe+0x281/0x6d0
[ 36.069542][ C0] driver_probe_device+0x104/0x210
[ 36.069554][ C0] __device_attach_driver+0x1c2/0x220
[ 36.069566][ C0] bus_for_each_drv+0x162/0x1e0
[ 36.069578][ C0] __device_attach+0x217/0x360
[ 36.069590][ C0] bus_probe_device+0x1e4/0x290
[ 36.069601][ C0] device_add+0xae6/0x16f0
[ 36.069613][ C0] usb_new_device.cold+0x6a4/0xe79
[ 36.069624][ C0] hub_event+0x1dd0/0x37e0
[ 36.069635][ C0] process_one_work+0x92b/0x1530
[ 36.069647][ C0] worker_thread+0x96/0xe20
[ 36.069657][ C0] kthread+0x318/0x420
[ 36.069668][ C0] ret_from_fork+0x24/0x30
[ 36.069675][ C0]
[ 36.069683][ C0] Freed by task 2107:
[ 36.069696][ C0] save_stack+0x1b/0x80
[ 36.069708][ C0] __kasan_slab_free+0x130/0x180
[ 36.069720][ C0] kfree+0xe4/0x320
[ 36.069737][ C0] si470x_usb_driver_probe+0xb27/0xf50
[ 36.069750][ C0] usb_probe_interface+0x305/0x7a0
[ 36.069762][ C0] really_probe+0x281/0x6d0
[ 36.069774][ C0] driver_probe_device+0x104/0x210
[ 36.069787][ C0] __device_attach_driver+0x1c2/0x220
[ 36.069799][ C0] bus_for_each_drv+0x162/0x1e0
[ 36.069811][ C0] __device_attach+0x217/0x360
[ 36.069823][ C0] bus_probe_device+0x1e4/0x290
[ 36.069835][ C0] device_add+0xae6/0x16f0
[ 36.069846][ C0] usb_set_configuration+0xdf6/0x1670
[ 36.069855][ C0] generic_probe+0x9d/0xd5
[ 36.069865][ C0] usb_probe_device+0x99/0x100
[ 36.069875][ C0] really_probe+0x281/0x6d0
[ 36.069885][ C0] driver_probe_device+0x104/0x210
[ 36.069895][ C0] __device_attach_driver+0x1c2/0x220
[ 36.069905][ C0] bus_for_each_drv+0x162/0x1e0
[ 36.069914][ C0] __device_attach+0x217/0x360
[ 36.069924][ C0] bus_probe_device+0x1e4/0x290
[ 36.069932][ C0] device_add+0xae6/0x16f0
[ 36.069941][ C0] usb_new_device.cold+0x6a4/0xe79
[ 36.069949][ C0] hub_event+0x1dd0/0x37e0
[ 36.069958][ C0] process_one_work+0x92b/0x1530
[ 36.069967][ C0] worker_thread+0x96/0xe20
[ 36.069978][ C0] kthread+0x318/0x420
[ 36.069989][ C0] ret_from_fork+0x24/0x30
[ 36.069995][ C0]
[ 36.070006][ C0] The buggy address belongs to the object at ffff8881d2fce000
[ 36.070006][ C0] which belongs to the cache kmalloc-4k of size 4096
[ 36.070018][ C0] The buggy address is located 2736 bytes inside of
[ 36.070018][ C0] 4096-byte region [ffff8881d2fce000, ffff8881d2fcf000)
[ 36.070025][ C0] The buggy address belongs to the page:
[ 36.070036][ C0] page:ffffea00074bf200 refcount:1 mapcount:0 mapping:ffff8881da00c280 index:0x0 compound_mapcount: 0
[ 36.070060][ C0] flags: 0x200000000010200(slab|head)
[ 36.070077][ C0] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da00c280
[ 36.070094][ C0] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[ 36.070102][ C0] page dumped because: kasan: bad access detected
[ 36.070109][ C0]
[ 36.070116][ C0] Memory state around the buggy address:
[ 36.070126][ C0] ffff8881d2fce980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 36.070136][ C0] ffff8881d2fcea00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 36.070145][ C0] >ffff8881d2fcea80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 36.070153][ C0] ^
[ 36.070163][ C0] ffff8881d2fceb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 36.070172][ C0] ffff8881d2fceb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 36.070180][ C0] ==================================================================
[ 36.070187][ C0] Disabling lock debugging due to kernel taint
[ 36.070194][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 36.070207][ C0] CPU: 0 PID: 2107 Comm: kworker/0:2 Tainted: G B 5.4.0-rc3-syzkaller #0
[ 36.070215][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 36.070225][ C0] Workqueue: usb_hub_wq hub_event
[ 36.070243][ C0] Call Trace:
[ 36.070250][ C0]
[ 36.070263][ C0] dump_stack+0xca/0x13e
[ 36.070276][ C0] panic+0x2aa/0x6e1
[ 36.070288][ C0] ? add_taint.cold+0x16/0x16
[ 36.070299][ C0] ? print_shadow_for_address+0xb8/0x114
[ 36.070312][ C0] ? trace_hardirqs_off+0x50/0x1d0
[ 36.070325][ C0] ? si470x_int_in_callback.cold+0x27/0xbe
[ 36.070335][ C0] end_report+0x43/0x49
[ 36.070348][ C0] ? si470x_int_in_callback.cold+0x27/0xbe
[ 36.070359][ C0] __kasan_report.cold+0xd/0x33
[ 36.070372][ C0] ? si470x_int_in_callback.cold+0x27/0xbe
[ 36.070383][ C0] kasan_report+0xe/0x20
[ 36.070395][ C0] si470x_int_in_callback.cold+0x27/0xbe
[ 36.070407][ C0] ? usb_hcd_unmap_urb_for_dma+0x105/0x9b0
[ 36.070419][ C0] __usb_hcd_giveback_urb+0x1f2/0x470
[ 36.070430][ C0] usb_hcd_giveback_urb+0x368/0x420
[ 36.070441][ C0] dummy_timer+0x120f/0x2fa2
[ 36.070454][ C0] ? __lock_acquire+0x145e/0x3b60
[ 36.070466][ C0] ? find_held_lock+0x2d/0x110
[ 36.070478][ C0] ? debug_object_deactivate+0x1d9/0x320
[ 36.070490][ C0] ? mark_held_locks+0xe0/0xe0
[ 36.070501][ C0] ? dummy_udc_probe+0x930/0x930
[ 36.070512][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 36.070523][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 36.070535][ C0] call_timer_fn+0x179/0x650
[ 36.070546][ C0] ? dummy_udc_probe+0x930/0x930
[ 36.070558][ C0] ? msleep_interruptible+0x130/0x130
[ 36.070570][ C0] ? mark_held_locks+0x9f/0xe0
[ 36.070581][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 36.070592][ C0] ? _raw_spin_unlock_irq+0x24/0x30
[ 36.070603][ C0] ? dummy_udc_probe+0x930/0x930
[ 36.070617][ C0] run_timer_softirq+0x5e3/0x1490
[ 36.070627][ C0] ? add_timer+0x7a0/0x7a0
[ 36.070636][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 36.070644][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 36.070655][ C0] ? mark_held_locks+0x9f/0xe0
[ 36.070664][ C0] __do_softirq+0x221/0x912
[ 36.070673][ C0] irq_exit+0x178/0x1a0
[ 36.070683][ C0] smp_apic_timer_interrupt+0x12f/0x500
[ 36.070692][ C0] apic_timer_interrupt+0xf/0x20
[ 36.070696][ C0]
[ 36.070705][ C0] RIP: 0010:vprintk_emit+0x3cd/0x3e0
[ 36.070716][ C0] Code: 00 83 fb ff 75 d6 e9 db fc ff ff e8 fd 7a 15 00 e8 78 a7 1a 00 41 56 9d e9 b1 fd ff ff e8 eb 7a 15 00 e8 66 a7 1a 00 41 56 9d 2a ff ff ff 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89
[ 36.070720][ C0] RSP: 0018:ffff8881cb01f238 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 36.070741][ C0] RAX: 0000000000000007 RBX: 0000000000000200 RCX: 0000000000000006
[ 36.070750][ C0] RDX: 0000000000000000 RSI: ffff8881cbfa08f0 RDI: ffff8881cbfa084c
[ 36.070759][ C0] RBP: ffff8881cb01f280 R08: ffff8881cbfa0000 R09: fffffbfff11b23ae
[ 36.070768][ C0] R10: fffffbfff11b23ad R11: ffffffff88d91d6f R12: 0000000000000034
[ 36.070777][ C0] R13: ffff8881da24e000 R14: 0000000000000293 R15: 0000000000000000
[ 36.070790][ C0] vprintk_func+0x75/0x113
[ 36.070801][ C0] printk+0xba/0xed
[ 36.070812][ C0] ? kmsg_dump_rewind_nolock+0xd9/0xd9
[ 36.070825][ C0] really_probe.cold+0x69/0x1de
[ 36.070837][ C0] driver_probe_device+0x104/0x210
[ 36.070850][ C0] __device_attach_driver+0x1c2/0x220
[ 36.070863][ C0] ? driver_allows_async_probing+0x160/0x160
[ 36.070874][ C0] bus_for_each_drv+0x162/0x1e0
[ 36.070886][ C0] ? bus_rescan_devices+0x20/0x20
[ 36.070898][ C0] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 36.070910][ C0] ? lockdep_hardirqs_on+0x382/0x580
[ 36.070922][ C0] __device_attach+0x217/0x360
[ 36.070934][ C0] ? device_bind_driver+0xd0/0xd0
[ 36.070946][ C0] ? kobject_uevent_env+0x29e/0x1150
[ 36.070957][ C0] ? kobject_uevent_env+0x2a8/0x1150
[ 36.070969][ C0] bus_probe_device+0x1e4/0x290
[ 36.070981][ C0] ? blocking_notifier_call_chain+0x54/0xa0
[ 36.070992][ C0] device_add+0xae6/0x16f0
[ 36.071003][ C0] ? uevent_store+0x50/0x50
[ 36.071015][ C0] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 36.071027][ C0] usb_set_configuration+0xdf6/0x1670
[ 36.071039][ C0] generic_probe+0x9d/0xd5
[ 36.071052][ C0] usb_probe_device+0x99/0x100
[ 36.071064][ C0] ? usb_suspend+0x620/0x620
[ 36.071076][ C0] really_probe+0x281/0x6d0
[ 36.071088][ C0] driver_probe_device+0x104/0x210
[ 36.071101][ C0] __device_attach_driver+0x1c2/0x220
[ 36.071113][ C0] ? driver_allows_async_probing+0x160/0x160
[ 36.071125][ C0] bus_for_each_drv+0x162/0x1e0
[ 36.071137][ C0] ? bus_rescan_devices+0x20/0x20
[ 36.071148][ C0] ? _raw_spin_unlock_irqrestore+0x3e/0x50
[ 36.071160][ C0] ? lockdep_hardirqs_on+0x382/0x580
[ 36.071172][ C0] __device_attach+0x217/0x360
[ 36.071185][ C0] ? device_bind_driver+0xd0/0xd0
[ 36.071196][ C0] ? kobject_uevent_env+0x29e/0x1150
[ 36.071208][ C0] ? kobject_uevent_env+0x2a8/0x1150
[ 36.071220][ C0] bus_probe_device+0x1e4/0x290
[ 36.071241][ C0] ? blocking_notifier_call_chain+0x54/0xa0
[ 36.071252][ C0] device_add+0xae6/0x16f0
[ 36.071263][ C0] ? uevent_store+0x50/0x50
[ 36.071274][ C0] usb_new_device.cold+0x6a4/0xe79
[ 36.071285][ C0] hub_event+0x1dd0/0x37e0
[ 36.071297][ C0] ? hub_port_debounce+0x260/0x260
[ 36.071309][ C0] ? find_held_lock+0x2d/0x110
[ 36.071321][ C0] ? mark_held_locks+0xe0/0xe0
[ 36.071332][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 36.071351][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 36.071363][ C0] process_one_work+0x92b/0x1530
[ 36.071375][ C0] ? pwq_dec_nr_in_flight+0x310/0x310
[ 36.071386][ C0] ? do_raw_spin_lock+0x11a/0x280
[ 36.071398][ C0] worker_thread+0x96/0xe20
[ 36.071410][ C0] ? process_one_work+0x1530/0x1530
[ 36.071420][ C0] kthread+0x318/0x420
[ 36.071431][ C0] ? kthread_create_on_node+0xf0/0xf0
[ 36.071442][ C0] ret_from_fork+0x24/0x30
[ 36.072071][ C0] Kernel Offset: disabled
[ 37.694522][ C0] Rebooting in 86400 seconds..