BUG: sleeping function called from invalid context at drivers/usb/core/urb.c:705 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 8651, name: syz.4.933 preempt_count: 101, expected: 0 RCU nest depth: 0, expected: 0 3 locks held by syz.4.933/8651: #0: ffffffff8a46f928 (udc_lock){+.+.}-{4:4}, at: usb_gadget_register_driver_owner+0x15a/0x210 drivers/usb/gadget/udc/core.c:1727 #1: ffffffff896cace0 (console_lock){+.+.}-{0:0}, at: _printk+0xcf/0x110 kernel/printk/printk.c:2504 #2: ffffffff896cad58 (console_srcu){....}-{0:0}, at: rcu_try_lock_acquire include/linux/rcupdate.h:317 [inline] #2: ffffffff896cad58 (console_srcu){....}-{0:0}, at: srcu_read_lock_nmisafe include/linux/srcu.h:428 [inline] #2: ffffffff896cad58 (console_srcu){....}-{0:0}, at: console_srcu_read_lock kernel/printk/printk.c:291 [inline] #2: ffffffff896cad58 (console_srcu){....}-{0:0}, at: console_flush_one_record+0xfd/0xe50 kernel/printk/printk.c:3246 irq event stamp: 2159 hardirqs last enabled at (2158): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline] hardirqs last enabled at (2158): [] _raw_spin_unlock_irqrestore+0x52/0x80 kernel/locking/spinlock.c:194 hardirqs last disabled at (2159): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:130 [inline] hardirqs last disabled at (2159): [] _raw_spin_lock_irqsave+0x52/0x60 kernel/locking/spinlock.c:162 softirqs last enabled at (2116): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last enabled at (2116): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last enabled at (2116): [] __irq_exit_rcu+0xed/0x150 kernel/softirq.c:723 softirqs last disabled at (2155): [] __do_softirq kernel/softirq.c:656 [inline] softirqs last disabled at (2155): [] invoke_softirq kernel/softirq.c:496 [inline] softirqs last disabled at (2155): [] __irq_exit_rcu+0xed/0x150 kernel/softirq.c:723 Preemption disabled at: [] vprintk_emit+0x2b2/0x6b0 kernel/printk/printk.c:2471 CPU: 1 UID: 0 PID: 8651 Comm: syz.4.933 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120 __might_resched.cold+0x1ec/0x232 kernel/sched/core.c:8888 usb_kill_urb+0x8e/0x320 drivers/usb/core/urb.c:705 usb_tx_block+0x91/0x320 drivers/net/wireless/marvell/libertas/if_usb.c:429 if_usb_send_fw_pkt.isra.0+0x2e4/0x550 drivers/net/wireless/marvell/libertas/if_usb.c:366 if_usb_receive_fwload+0x5d3/0x780 drivers/net/wireless/marvell/libertas/if_usb.c:592 __usb_hcd_giveback_urb+0x38d/0x610 drivers/usb/core/hcd.c:1657 usb_hcd_giveback_urb+0x3ca/0x4a0 drivers/usb/core/hcd.c:1741 dummy_timer+0xda1/0x36c0 drivers/usb/gadget/udc/dummy_hcd.c:2005 __run_hrtimer kernel/time/hrtimer.c:1785 [inline] __hrtimer_run_queues+0x50e/0xa70 kernel/time/hrtimer.c:1849 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1866 handle_softirqs+0x1de/0x9d0 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0xed/0x150 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline] sysvec_apic_timer_interrupt+0x8f/0xb0 arch/x86/kernel/apic/apic.c:1056 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:console_flush_one_record+0xac3/0xe50 kernel/printk/printk.c:3270 Code: 00 e8 21 7b 28 00 9c 5d 81 e5 00 02 00 00 31 ff 48 89 ee e8 ff 81 20 00 48 85 ed 0f 85 d7 01 00 00 e8 11 87 20 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 38 00 0f 85 64 03 00 00 48 8b 0c 24 48 8b 6b RSP: 0018:ffffc900064b7a50 EFLAGS: 00000293 RAX: ffffffff89c76cd8 RBX: ffffffff89c76c80 RCX: ffffffff81917521 RDX: ffff888120b9bb00 RSI: ffffffff8191752f RDI: ffff888120b9bb00 RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000051dd R13: ffffffff89c76cd8 R14: ffffc900064b7ad0 R15: dffffc0000000000 console_flush_all kernel/printk/printk.c:3343 [inline] __console_flush_and_unlock kernel/printk/printk.c:3373 [inline] console_unlock+0x103/0x260 kernel/printk/printk.c:3413 vprintk_emit+0x407/0x6b0 kernel/printk/printk.c:2479 _printk+0xcf/0x110 kernel/printk/printk.c:2504 usb_gadget_register_driver_owner.cold+0x58/0xd0 drivers/usb/gadget/udc/core.c:1730 raw_ioctl_run drivers/usb/gadget/legacy/raw_gadget.c:596 [inline] raw_ioctl+0x1a85/0x2b80 drivers/usb/gadget/legacy/raw_gadget.c:1307 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:597 [inline] __se_sys_ioctl fs/ioctl.c:583 [inline] __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:583 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x106/0x7b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f7490c8c4ab Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 RSP: 002b:00007f748f6dcf00 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f7490c8c4ab RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000006 RBP: 00007f748f6ddfd0 R08: 0000000000000001 R09: 00000000ffffffff R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000200000000100 R14: 0000000000000005 R15: 0000000000001938 usb8xxx: URB in failure status: -71 usb8xxx: Download timed out ---------------- Code disassembly (best guess): 0: 00 e8 add %ch,%al 2: 21 7b 28 and %edi,0x28(%rbx) 5: 00 9c 5d 81 e5 00 02 add %bl,0x200e581(%rbp,%rbx,2) c: 00 00 add %al,(%rax) e: 31 ff xor %edi,%edi 10: 48 89 ee mov %rbp,%rsi 13: e8 ff 81 20 00 call 0x208217 18: 48 85 ed test %rbp,%rbp 1b: 0f 85 d7 01 00 00 jne 0x1f8 21: e8 11 87 20 00 call 0x208737 26: fb sti 27: 4c 89 e8 mov %r13,%rax * 2a: 48 c1 e8 03 shr $0x3,%rax <-- trapping instruction 2e: 42 80 3c 38 00 cmpb $0x0,(%rax,%r15,1) 33: 0f 85 64 03 00 00 jne 0x39d 39: 48 8b 0c 24 mov (%rsp),%rcx 3d: 48 rex.W 3e: 8b .byte 0x8b 3f: 6b .byte 0x6b