Warning: Permanently added '10.128.0.184' (ED25519) to the list of known hosts.
executing program
[ 49.412489][ T29] audit: type=1400 audit(1721921556.005:80): avc: denied { execmem } for pid=2645 comm="syz-executor276" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 49.432360][ T29] audit: type=1400 audit(1721921556.005:81): avc: denied { read write } for pid=2646 comm="syz-executor276" name="raw-gadget" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 49.456284][ T29] audit: type=1400 audit(1721921556.005:82): avc: denied { open } for pid=2646 comm="syz-executor276" path="/dev/raw-gadget" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 49.480296][ T29] audit: type=1400 audit(1721921556.015:83): avc: denied { ioctl } for pid=2646 comm="syz-executor276" path="/dev/raw-gadget" dev="devtmpfs" ino=140 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 49.700884][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 49.890746][ T9] usb 1-1: Using ep0 maxpacket: 16
[ 49.898316][ T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 49.908158][ T9] usb 1-1: config 15 has an invalid interface number: 79 but max is 1
[ 49.916538][ T9] usb 1-1: config 15 has an invalid descriptor of length 255, skipping remainder of the config
[ 49.926951][ T9] usb 1-1: config 15 has 1 interface, different from the descriptor's value: 2
[ 49.935961][ T9] usb 1-1: config 15 has no interface number 0
[ 49.942234][ T9] usb 1-1: config 15 interface 79 altsetting 9 endpoint 0x1 has invalid maxpacket 9228, setting to 1024
[ 49.953534][ T9] usb 1-1: config 15 interface 79 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[ 49.966554][ T9] usb 1-1: config 15 interface 79 has no altsetting 0
[ 49.976674][ T9] usb 1-1: string descriptor 0 read error: -22
[ 49.983349][ T9] usb 1-1: Dual-Role OTG device on HNP port
[ 49.989585][ T9] usb 1-1: New USB device found, idVendor=0bda, idProduct=d82b, bcdDevice=7f.9d
[ 49.998687][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 50.013792][ T2646] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 50.030061][ T9] rtw_8822cu 1-1:15.79: invalid number of endpoints 0
[ 50.037179][ T9] rtw_8822cu 1-1:15.79: failed to init USB interface
[ 50.055614][ T8] rtw_8822cu 1-1:15.79: Direct firmware load for rtw88/rtw8822c_wow_fw.bin failed with error -2
[ 50.066267][ T8] rtw_8822cu 1-1:15.79: failed to request firmware
[ 50.073619][ T700] rtw_8822cu 1-1:15.79: Direct firmware load for rtw88/rtw8822c_fw.bin failed with error -2
[ 50.083867][ T700] rtw_8822cu 1-1:15.79: failed to request firmware
[ 50.094531][ T9] rtw_8822cu 1-1:15.79: probe with driver rtw_8822cu failed with error -22
executing program
[ 50.226227][ T37] usb 1-1: USB disconnect, device number 2
[ 50.600761][ T37] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 50.780744][ T37] usb 1-1: Using ep0 maxpacket: 16
[ 50.788096][ T37] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 50.797305][ T37] usb 1-1: config 15 has an invalid interface number: 79 but max is 1
[ 50.805564][ T37] usb 1-1: config 15 has an invalid descriptor of length 255, skipping remainder of the config
[ 50.816052][ T37] usb 1-1: config 15 has 1 interface, different from the descriptor's value: 2
[ 50.825122][ T37] usb 1-1: config 15 has no interface number 0
[ 50.831430][ T37] usb 1-1: config 15 interface 79 altsetting 9 endpoint 0x1 has invalid maxpacket 9228, setting to 1024
[ 50.842623][ T37] usb 1-1: config 15 interface 79 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[ 50.855636][ T37] usb 1-1: config 15 interface 79 has no altsetting 0
[ 50.865333][ T37] usb 1-1: string descriptor 0 read error: -22
[ 50.871842][ T37] usb 1-1: Dual-Role OTG device on HNP port
[ 50.878081][ T37] usb 1-1: New USB device found, idVendor=0bda, idProduct=d82b, bcdDevice=7f.9d
[ 50.887188][ T37] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 50.898963][ T2652] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 50.911075][ T644] rtw_8822cu 1-1:15.79: Direct firmware load for rtw88/rtw8822c_fw.bin failed with error -2
[ 50.921474][ T37] rtw_8822cu 1-1:15.79: invalid number of endpoints 0
[ 50.928258][ T37] rtw_8822cu 1-1:15.79: failed to init USB interface
[ 50.935801][ T644] rtw_8822cu 1-1:15.79: failed to request firmware
[ 50.943034][ T24] rtw_8822cu 1-1:15.79: Direct firmware load for rtw88/rtw8822c_wow_fw.bin failed with error -2
[ 50.953686][ T24] rtw_8822cu 1-1:15.79: failed to request firmware
[ 50.961476][ T37] rtw_8822cu 1-1:15.79: probe with driver rtw_8822cu failed with error -22
executing program
[ 51.110134][ T37] usb 1-1: USB disconnect, device number 3
[ 51.530710][ T37] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[ 51.710793][ T37] usb 1-1: Using ep0 maxpacket: 16
[ 51.718050][ T37] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 51.727045][ T37] usb 1-1: config 15 has an invalid interface number: 79 but max is 1
[ 51.735316][ T37] usb 1-1: config 15 has an invalid descriptor of length 255, skipping remainder of the config
[ 51.745741][ T37] usb 1-1: config 15 has 1 interface, different from the descriptor's value: 2
[ 51.754778][ T37] usb 1-1: config 15 has no interface number 0
[ 51.761060][ T37] usb 1-1: config 15 interface 79 altsetting 9 endpoint 0x1 has invalid maxpacket 9228, setting to 1024
[ 51.772249][ T37] usb 1-1: config 15 interface 79 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[ 51.785379][ T37] usb 1-1: config 15 interface 79 has no altsetting 0
[ 51.795198][ T37] usb 1-1: string descriptor 0 read error: -22
[ 51.801722][ T37] usb 1-1: Dual-Role OTG device on HNP port
[ 51.808089][ T37] usb 1-1: New USB device found, idVendor=0bda, idProduct=d82b, bcdDevice=7f.9d
[ 51.817205][ T37] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 51.828825][ T2655] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 51.841112][ T644] rtw_8822cu 1-1:15.79: Direct firmware load for rtw88/rtw8822c_fw.bin failed with error -2
[ 51.851488][ T37] rtw_8822cu 1-1:15.79: invalid number of endpoints 0
[ 51.858310][ T37] rtw_8822cu 1-1:15.79: failed to init USB interface
[ 51.865844][ T2654] rtw_8822cu 1-1:15.79: Direct firmware load for rtw88/rtw8822c_wow_fw.bin failed with error -2
[ 51.876465][ T644] rtw_8822cu 1-1:15.79: failed to request firmware
[ 51.883200][ T2654] rtw_8822cu 1-1:15.79: failed to request firmware
[ 51.890957][ T37] rtw_8822cu 1-1:15.79: probe with driver rtw_8822cu failed with error -22
executing program
[ 52.041287][ T37] usb 1-1: USB disconnect, device number 4
[ 52.450753][ T37] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[ 52.630741][ T37] usb 1-1: Using ep0 maxpacket: 16
[ 52.637939][ T37] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 52.646801][ T37] usb 1-1: config 15 has an invalid interface number: 79 but max is 1
[ 52.655060][ T37] usb 1-1: config 15 has an invalid descriptor of length 255, skipping remainder of the config
[ 52.665468][ T37] usb 1-1: config 15 has 1 interface, different from the descriptor's value: 2
[ 52.674477][ T37] usb 1-1: config 15 has no interface number 0
[ 52.680755][ T37] usb 1-1: config 15 interface 79 altsetting 9 endpoint 0x1 has invalid maxpacket 9228, setting to 1024
[ 52.691943][ T37] usb 1-1: config 15 interface 79 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[ 52.704958][ T37] usb 1-1: config 15 interface 79 has no altsetting 0
[ 52.714602][ T37] usb 1-1: string descriptor 0 read error: -22
[ 52.721035][ T37] usb 1-1: Dual-Role OTG device on HNP port
[ 52.727250][ T37] usb 1-1: New USB device found, idVendor=0bda, idProduct=d82b, bcdDevice=7f.9d
[ 52.736353][ T37] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 52.748714][ T2657] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 52.760990][ T644] rtw_8822cu 1-1:15.79: Direct firmware load for rtw88/rtw8822c_fw.bin failed with error -2
[ 52.771255][ T37] rtw_8822cu 1-1:15.79: invalid number of endpoints 0
[ 52.778040][ T37] rtw_8822cu 1-1:15.79: failed to init USB interface
[ 52.784877][ T644] rtw_8822cu 1-1:15.79: failed to request firmware
[ 52.792282][ T2654] rtw_8822cu 1-1:15.79: Direct firmware load for rtw88/rtw8822c_wow_fw.bin failed with error -2
[ 52.803872][ T37] rtw_8822cu 1-1:15.79: probe with driver rtw_8822cu failed with error -22
[ 52.812746][ T2654] ==================================================================
[ 52.820919][ T2654] BUG: KASAN: use-after-free in rtw_load_firmware_cb+0x917/0x9f0
[ 52.828778][ T2654] Read of size 8 at addr ffff888113888bc0 by task kworker/1:3/2654
[ 52.836768][ T2654]
[ 52.839127][ T2654] CPU: 1 UID: 0 PID: 2654 Comm: kworker/1:3 Not tainted 6.10.0-syzkaller-g933069701c1b #0
[ 52.849030][ T2654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 52.859091][ T2654] Workqueue: events request_firmware_work_func
[ 52.865268][ T2654] Call Trace:
[ 52.868587][ T2654]
[ 52.871642][ T2654] dump_stack_lvl+0x116/0x1f0
[ 52.876345][ T2654] print_report+0xc3/0x620
[ 52.880774][ T2654] ? __virt_addr_valid+0x5e/0x590
[ 52.885812][ T2654] ? __phys_addr+0xc6/0x150
[ 52.890320][ T2654] kasan_report+0xd9/0x110
[ 52.894749][ T2654] ? rtw_load_firmware_cb+0x917/0x9f0
[ 52.900135][ T2654] ? rtw_load_firmware_cb+0x917/0x9f0
[ 52.905519][ T2654] ? __pfx_rtw_load_firmware_cb+0x10/0x10
[ 52.911336][ T2654] rtw_load_firmware_cb+0x917/0x9f0
[ 52.916544][ T2654] ? __pfx_rtw_load_firmware_cb+0x10/0x10
[ 52.922272][ T2654] request_firmware_work_func+0x13a/0x250
executing program
[ 52.928004][ T2654] ? __pfx_request_firmware_work_func+0x10/0x10
[ 52.934271][ T2654] process_one_work+0x9c5/0x1b40
[ 52.939225][ T2654] ? __pfx_lock_acquire+0x10/0x10
[ 52.944258][ T2654] ? __pfx_process_one_work+0x10/0x10
[ 52.949664][ T2654] ? assign_work+0x1a0/0x250
[ 52.954263][ T2654] worker_thread+0x6c8/0xf20
[ 52.958887][ T2654] ? __kthread_parkme+0x148/0x220
[ 52.963982][ T2654] ? __pfx_worker_thread+0x10/0x10
[ 52.969148][ T2654] kthread+0x2c1/0x3a0
[ 52.973278][ T2654] ? _raw_spin_unlock_irq+0x23/0x50
[ 52.978531][ T2654] ? __pfx_kthread+0x10/0x10
[ 52.983185][ T2654] ret_from_fork+0x45/0x80
[ 52.987658][ T2654] ? __pfx_kthread+0x10/0x10
[ 52.992277][ T2654] ret_from_fork_asm+0x1a/0x30
[ 52.997067][ T2654]
[ 53.000121][ T2654]
[ 53.002445][ T2654] The buggy address belongs to the physical page:
[ 53.008874][ T2654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88811388e000 pfn:0x113888
[ 53.019041][ T2654] flags: 0x200000000000000(node=0|zone=2)
[ 53.024799][ T2654] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[ 53.033400][ T2654] raw: ffff88811388e000 0000000000000000 00000000ffffffff 0000000000000000
[ 53.042079][ T2654] page dumped because: kasan: bad access detected
[ 53.048520][ T2654] page_owner tracks the page as freed
[ 53.053886][ T2654] page last allocated via order 4, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), pid 37, tgid 37 (kworker/1:1), ts 52758259384, free_ts 52803733954
[ 53.071354][ T2654] post_alloc_hook+0x2d1/0x350
[ 53.076151][ T2654] get_page_from_freelist+0x1311/0x25f0
[ 53.081735][ T2654] __alloc_pages_noprof+0x21e/0x2290
[ 53.087140][ T2654] ___kmalloc_large_node+0x7f/0x1a0
[ 53.092357][ T2654] __kmalloc_large_node_noprof+0x1c/0x70
[ 53.098012][ T2654] __kmalloc_noprof.cold+0xc/0x61
[ 53.103052][ T2654] wiphy_new_nm+0x701/0x2120
[ 53.107657][ T2654] ieee80211_alloc_hw_nm+0x1b7a/0x2260
[ 53.113141][ T2654] rtw_usb_probe+0x32/0x1d80
[ 53.117748][ T2654] usb_probe_interface+0x309/0x9d0
[ 53.122874][ T2654] really_probe+0x23e/0xa90
[ 53.127390][ T2654] __driver_probe_device+0x1de/0x440
[ 53.132690][ T2654] driver_probe_device+0x4c/0x1b0
[ 53.137735][ T2654] __device_attach_driver+0x1df/0x310
[ 53.143124][ T2654] bus_for_each_drv+0x157/0x1e0
[ 53.148075][ T2654] __device_attach+0x1e8/0x4b0
[ 53.152873][ T2654] page last free pid 37 tgid 37 stack trace:
[ 53.158858][ T2654] __free_pages_ok+0x5c1/0xba0
[ 53.163646][ T2654] __folio_put+0x1dc/0x260
[ 53.168089][ T2654] device_release+0xa1/0x240
[ 53.172692][ T2654] kobject_put+0x1fa/0x5b0
[ 53.177135][ T2654] put_device+0x1f/0x30
[ 53.181300][ T2654] rtw_usb_probe+0x7a4/0x1d80
[ 53.185988][ T2654] usb_probe_interface+0x309/0x9d0
[ 53.191116][ T2654] really_probe+0x23e/0xa90
[ 53.195659][ T2654] __driver_probe_device+0x1de/0x440
[ 53.200966][ T2654] driver_probe_device+0x4c/0x1b0
[ 53.206026][ T2654] __device_attach_driver+0x1df/0x310
[ 53.211413][ T2654] bus_for_each_drv+0x157/0x1e0
[ 53.216290][ T2654] __device_attach+0x1e8/0x4b0
[ 53.221177][ T2654] bus_probe_device+0x17f/0x1c0
[ 53.226043][ T2654] device_add+0x114b/0x1a70
[ 53.230573][ T2654] usb_set_configuration+0x10cb/0x1c50
[ 53.236069][ T2654]
[ 53.238388][ T2654] Memory state around the buggy address:
[ 53.244018][ T2654] ffff888113888a80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 53.252258][ T2654] ffff888113888b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 53.260789][ T2654] >ffff888113888b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 53.268963][ T2654] ^
[ 53.275121][ T2654] ffff888113888c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 53.283297][ T2654] ffff888113888c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 53.291357][ T2654] ==================================================================
[ 53.299676][ T2654] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 53.306901][ T2654] CPU: 1 UID: 0 PID: 2654 Comm: kworker/1:3 Not tainted 6.10.0-syzkaller-g933069701c1b #0
[ 53.316835][ T2654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 53.327016][ T2654] Workqueue: events request_firmware_work_func
[ 53.333273][ T2654] Call Trace:
[ 53.336555][ T2654]
[ 53.339485][ T2654] dump_stack_lvl+0x3d/0x1f0
[ 53.344094][ T2654] panic+0x6f5/0x7a0
[ 53.348071][ T2654] ? __pfx_panic+0x10/0x10
[ 53.352502][ T2654] ? check_panic_on_warn+0x1f/0xb0
[ 53.357652][ T2654] check_panic_on_warn+0xab/0xb0
[ 53.362605][ T2654] end_report+0x117/0x180
[ 53.366956][ T2654] kasan_report+0xe9/0x110
[ 53.371385][ T2654] ? rtw_load_firmware_cb+0x917/0x9f0
[ 53.376771][ T2654] ? rtw_load_firmware_cb+0x917/0x9f0
[ 53.382156][ T2654] ? __pfx_rtw_load_firmware_cb+0x10/0x10
[ 53.387886][ T2654] rtw_load_firmware_cb+0x917/0x9f0
[ 53.393096][ T2654] ? __pfx_rtw_load_firmware_cb+0x10/0x10
[ 53.398913][ T2654] request_firmware_work_func+0x13a/0x250
[ 53.404654][ T2654] ? __pfx_request_firmware_work_func+0x10/0x10
[ 53.410926][ T2654] process_one_work+0x9c5/0x1b40
[ 53.415881][ T2654] ? __pfx_lock_acquire+0x10/0x10
[ 53.420917][ T2654] ? __pfx_process_one_work+0x10/0x10
[ 53.426307][ T2654] ? assign_work+0x1a0/0x250
[ 53.430908][ T2654] worker_thread+0x6c8/0xf20
[ 53.435541][ T2654] ? __kthread_parkme+0x148/0x220
[ 53.440598][ T2654] ? __pfx_worker_thread+0x10/0x10
[ 53.445729][ T2654] kthread+0x2c1/0x3a0
[ 53.449827][ T2654] ? _raw_spin_unlock_irq+0x23/0x50
[ 53.455039][ T2654] ? __pfx_kthread+0x10/0x10
[ 53.459649][ T2654] ret_from_fork+0x45/0x80
[ 53.464099][ T2654] ? __pfx_kthread+0x10/0x10
[ 53.468742][ T2654] ret_from_fork_asm+0x1a/0x30
[ 53.473528][ T2654]
[ 53.476874][ T2654] Kernel Offset: disabled
[ 53.481203][ T2654] Rebooting in 86400 seconds..