./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4077499239 <...> DUID 00:04:dc:6c:a8:75:19:b8:f7:30:df:f1:e8:1e:24:9d:66:1e forked to background, child pid 3187 [ 26.349303][ T3188] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.363362][ T3188] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.95' (ECDSA) to the list of known hosts. execve("./syz-executor4077499239", ["./syz-executor4077499239"], 0x7ffe87e43450 /* 10 vars */) = 0 brk(NULL) = 0x555556844000 brk(0x555556844c40) = 0x555556844c40 arch_prctl(ARCH_SET_FS, 0x555556844300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor4077499239", 4096) = 28 brk(0x555556865c40) = 0x555556865c40 brk(0x555556866000) = 0x555556866000 mprotect(0x7fcf03358000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3616 attached , child_tidptr=0x5555568445d0) = 3616 [pid 3616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3616] setpgid(0, 0) = 0 [pid 3616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3616] write(3, "1000", 4) = 4 [pid 3616] close(3) = 0 [pid 3616] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 3616] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffd45f11300) = 0 [pid 3616] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 3616] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd45f11300) = 0 [pid 3616] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd45f11300) = 0 [pid 3616] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd45f102f0) = 18 syzkaller login: [ 45.064731][ T2989] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 3616] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd45f11300) = 0 [pid 3616] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd45f102f0) = 18 [ 45.304659][ T2989] usb 1-1: Using ep0 maxpacket: 16 [pid 3616] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd45f11300) = 0 [pid 3616] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd45f102f0) = 9 [pid 3616] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd45f11300) = 0 [pid 3616] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd45f102f0) = 36 [pid 3616] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd45f11300) = 0 [pid 3616] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd45f102f0) = 4 [ 45.424946][ T2989] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1024 [pid 3616] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd45f11300) = 0 [pid 3616] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd45f102f0) = 8 [pid 3616] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd45f11300) = 0 [pid 3616] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd45f102f0) = 8 [pid 3616] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd45f11300) = 0 [pid 3616] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffd45f102f0) = 8 [pid 3616] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffd45f11300) = 0 [pid 3616] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 3616] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [ 45.594845][ T2989] usb 1-1: New USB device found, idVendor=1435, idProduct=0826, bcdDevice=1c.50 [ 45.603979][ T2989] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 45.612034][ T2989] usb 1-1: Product: syz [ 45.616266][ T2989] usb 1-1: Manufacturer: syz [ 45.620845][ T2989] usb 1-1: SerialNumber: syz [ 45.629650][ T2989] usb 1-1: config 0 descriptor?? [pid 3616] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fcf0335e46c) = -1 EINVAL (Invalid argument) [pid 3616] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fcf0335e47c) = 9 [pid 3616] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffd45f102f0) = 0 [ 45.657713][ T3616] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 45.694750][ C0] usb 1-1: RX USB error -71. [ 45.714688][ C0] usb 1-1: RX USB error -71. [ 45.734700][ C0] usb 1-1: RX USB error -71. [ 45.754699][ C0] usb 1-1: RX USB error -71. [ 45.774690][ C0] usb 1-1: RX USB error -71. [ 45.794701][ C0] usb 1-1: RX USB error -71. [ 45.814692][ C0] usb 1-1: RX USB error -71. [ 45.834688][ C0] usb 1-1: RX USB error -71. [ 45.854690][ C0] usb 1-1: RX USB error -71. [ 45.874684][ C0] usb 1-1: RX USB error -71. [ 45.894691][ C0] usb 1-1: RX USB error -71. [ 45.914689][ C0] usb 1-1: RX USB error -71. [ 45.934694][ C0] usb 1-1: RX USB error -71. [ 45.954691][ C0] usb 1-1: RX USB error -71. [ 45.974690][ C0] usb 1-1: RX USB error -71. [ 45.994722][ C0] usb 1-1: RX USB error -71. [ 46.014688][ C0] usb 1-1: RX USB error -71. [ 46.034798][ C0] usb 1-1: RX USB error -71. [ 46.054682][ C0] usb 1-1: RX USB error -71. [ 46.074695][ C0] usb 1-1: RX USB error -71. [ 46.094682][ C0] usb 1-1: RX USB error -71. [ 46.114688][ C0] usb 1-1: RX USB error -71. [ 46.134686][ C0] usb 1-1: RX USB error -71. [ 46.154764][ C0] usb 1-1: RX USB error -71. [ 46.174677][ C0] usb 1-1: RX USB error -71. [ 46.194693][ C0] usb 1-1: RX USB error -71. [ 46.214691][ C0] usb 1-1: RX USB error -71. [ 46.234705][ C0] usb 1-1: RX USB error -71. [ 46.254682][ C0] usb 1-1: RX USB error -71. [ 46.274701][ C0] usb 1-1: RX USB error -71. [ 46.294680][ C0] usb 1-1: RX USB error -71. [ 46.314704][ C0] usb 1-1: RX USB error -71. [ 46.334680][ C0] usb 1-1: RX USB error -71. [ 46.354702][ C0] usb 1-1: RX USB error -71. [ 46.374796][ C0] usb 1-1: RX USB error -71. [ 46.394710][ C0] usb 1-1: RX USB error -71. [ 46.414708][ C0] usb 1-1: RX USB error -71. [ 46.434708][ C0] usb 1-1: RX USB error -71. [ 46.454677][ C0] usb 1-1: RX USB error -71. [ 46.474700][ C0] usb 1-1: RX USB error -71. [ 46.494756][ C0] usb 1-1: RX USB error -71. [ 46.514694][ C0] usb 1-1: RX USB error -71. [ 46.534675][ C0] usb 1-1: RX USB error -71. [ 46.554687][ C0] usb 1-1: RX USB error -71. [ 46.574686][ C0] usb 1-1: RX USB error -71. [ 46.594704][ C0] usb 1-1: RX USB error -71. [ 46.614767][ C0] usb 1-1: RX USB error -71. [ 46.634705][ C0] usb 1-1: RX USB error -71. [ 46.654685][ C0] usb 1-1: RX USB error -71. [ 46.674701][ C0] usb 1-1: RX USB error -71. [ 46.694678][ C0] usb 1-1: RX USB error -71. [ 46.714702][ C0] usb 1-1: RX USB error -71. [ 46.734677][ C0] usb 1-1: RX USB error -71. [ 46.754699][ C0] usb 1-1: RX USB error -71. [ 46.774686][ C0] usb 1-1: RX USB error -71. [ 46.794693][ C0] usb 1-1: RX USB error -71. [ 46.814683][ C0] usb 1-1: RX USB error -71. [ 46.834700][ C0] usb 1-1: RX USB error -71. [ 46.854685][ C0] usb 1-1: RX USB error -71. [ 46.874702][ C0] usb 1-1: RX USB error -71. [ 46.894676][ C0] usb 1-1: RX USB error -71. [ 46.914695][ C0] usb 1-1: RX USB error -71. [ 46.934670][ C0] usb 1-1: RX USB error -71. [ 46.954747][ C0] usb 1-1: RX USB error -71. [ 46.974683][ C0] usb 1-1: RX USB error -71. [ 46.994689][ C0] usb 1-1: RX USB error -71. [ 47.014681][ C0] usb 1-1: RX USB error -71. [ 47.034694][ C0] usb 1-1: RX USB error -71. [ 47.054683][ C0] usb 1-1: RX USB error -71. [ 47.074690][ C0] usb 1-1: RX USB error -71. [ 47.094683][ C0] usb 1-1: RX USB error -71. [ 47.114690][ C0] usb 1-1: RX USB error -71. [ 47.134682][ C0] usb 1-1: RX USB error -71. [ 47.154692][ C0] usb 1-1: RX USB error -71. [ 47.174686][ C0] usb 1-1: RX USB error -71. [ 47.194692][ C0] usb 1-1: RX USB error -71. [ 47.214689][ C0] usb 1-1: RX USB error -71. [ 47.234693][ C0] usb 1-1: RX USB error -71. [ 47.254685][ C0] usb 1-1: RX USB error -71. [ 47.274701][ C0] usb 1-1: RX USB error -71. [ 47.294756][ C0] usb 1-1: RX USB error -71. [ 47.314701][ C0] usb 1-1: RX USB error -71. [ 47.334682][ C0] usb 1-1: RX USB error -71. [ 47.354692][ C0] usb 1-1: RX USB error -71. [ 47.374691][ C0] usb 1-1: RX USB error -71. [ 47.394689][ C0] usb 1-1: RX USB error -71. [ 47.414769][ C0] usb 1-1: RX USB error -71. [ 47.434691][ C0] usb 1-1: RX USB error -71. [ 47.454674][ C0] usb 1-1: RX USB error -71. [ 47.474697][ C0] usb 1-1: RX USB error -71. [ 47.494684][ C0] usb 1-1: RX USB error -71. [ 47.514704][ C0] usb 1-1: RX USB error -71. [ 47.534756][ C0] usb 1-1: RX USB error -71. [ 47.554695][ C0] usb 1-1: RX USB error -71. [ 47.574687][ C0] usb 1-1: RX USB error -71. [ 47.594688][ C0] usb 1-1: RX USB error -71. [ 47.614686][ C0] usb 1-1: RX USB error -71. [ 47.634693][ C0] usb 1-1: RX USB error -71. [ 47.654677][ C0] usb 1-1: RX USB error -71. [ 47.674692][ C0] usb 1-1: RX USB error -71. [ 47.684835][ T2989] usb 1-1: timeout waiting for command 01 reply [ 47.691174][ T2989] usb 1-1: could not initialize adapter [ 47.696796][ C0] usb 1-1: RX USB error -71. [ 47.714693][ C0] usb 1-1: RX USB error -2. [ 47.719596][ C0] usb 1-1: error -1 when submitting rx urb [ 47.726672][ T2989] ar5523: probe of 1-1:0.0 failed with error -110 [pid 3616] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 3615] kill(-3616, SIGKILL [pid 3616] <... ioctl resumed> ) = ? [pid 3616] +++ killed by SIGKILL +++ <... kill resumed>) = 0 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3616, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=2} --- kill(3616, SIGKILL) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568445d0) = 3622 ./strace-static-x86_64: Process 3622 attached [pid 3622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3622] setpgid(0, 0) = 0 [pid 3622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3622] write(3, "1000", 4) = 4 [ 49.781189][ T32] usb 1-1: USB disconnect, device number 2 [ 49.794697][ C0] ================================================================== [ 49.802790][ C0] BUG: KASAN: use-after-free in ar5523_cmd_tx_cb+0x220/0x240 [ 49.810160][ C0] Read of size 8 at addr ffff88801f6533f0 by task syz-executor407/3622 [ 49.818403][ C0] [ 49.820717][ C0] CPU: 0 PID: 3622 Comm: syz-executor407 Not tainted 5.19.0-rc7-syzkaller-00002-g80e19f34c288 #0 [ 49.831283][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 49.841857][ C0] Call Trace: [ 49.845136][ C0] [ 49.847980][ C0] dump_stack_lvl+0xcd/0x134 [ 49.852655][ C0] print_address_description.constprop.0.cold+0xeb/0x495 [ 49.859667][ C0] ? ar5523_cmd_tx_cb+0x220/0x240 [ 49.864694][ C0] kasan_report.cold+0xf4/0x1c6 [ 49.869530][ C0] ? ar5523_cmd_tx_cb+0x220/0x240 [ 49.874538][ C0] ar5523_cmd_tx_cb+0x220/0x240 [ 49.879385][ C0] __usb_hcd_giveback_urb+0x2b0/0x5c0 [ 49.884743][ C0] usb_hcd_giveback_urb+0x367/0x410 [ 49.889927][ C0] dummy_timer+0x11f9/0x32b0 [ 49.894520][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 49.900488][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 49.906470][ C0] ? dummy_dequeue+0x500/0x500 [ 49.911242][ C0] ? dummy_dequeue+0x500/0x500 [ 49.916007][ C0] call_timer_fn+0x1a5/0x6b0 [ 49.920625][ C0] ? timer_fixup_activate+0x350/0x350 [ 49.926014][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 49.931215][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 49.936410][ C0] ? dummy_dequeue+0x500/0x500 [ 49.941261][ C0] __run_timers.part.0+0x679/0xa80 [ 49.946389][ C0] ? call_timer_fn+0x6b0/0x6b0 [ 49.951148][ C0] ? lockdep_hardirqs_on+0x79/0x100 [ 49.956350][ C0] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 49.962014][ C0] run_timer_softirq+0xb3/0x1d0 [ 49.966862][ C0] __do_softirq+0x29b/0x9c2 [ 49.971369][ C0] __irq_exit_rcu+0x123/0x180 [ 49.976051][ C0] irq_exit_rcu+0x5/0x20 [ 49.980295][ C0] sysvec_apic_timer_interrupt+0x93/0xc0 [ 49.985934][ C0] [ 49.988859][ C0] [ 49.991782][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 49.997766][ C0] RIP: 0010:do_raw_read_lock+0x2c/0x80 [ 50.003225][ C0] Code: 00 00 00 00 00 fc ff df 55 48 89 fd 48 83 c7 08 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 04 3c 03 7e 4c 81 7d 08 ed 1e af de <75> 20 be 04 00 00 00 48 89 ef e8 95 55 68 00 b8 00 02 00 00 f0 0f [ 50.022833][ C0] RSP: 0018:ffffc9000301fdc8 EFLAGS: 00000246 [ 50.028895][ C0] RAX: 0000000000000000 RBX: ffff88807497d880 RCX: ffffffff815e077e [ 50.036861][ C0] RDX: 1ffffffff1741411 RSI: 0000000000000001 RDI: ffffffff8ba0a088 [ 50.044827][ C0] RBP: ffffffff8ba0a080 R08: 0000000000000000 R09: ffffffff90684917 [ 50.052794][ C0] R10: fffffbfff20d0922 R11: 0000000000000001 R12: 0000000000000004 [ 50.060758][ C0] R13: 0000000008000000 R14: 0000000000000000 R15: ffff88807497ddf0 [ 50.068728][ C0] ? __lock_acquire+0x163e/0x5660 [ 50.073757][ C0] ? ptrace_stop.part.0+0x2fd/0xa80 [ 50.078956][ C0] ptrace_stop.part.0+0x2fd/0xa80 [ 50.083980][ C0] ptrace_do_notify+0x215/0x2b0 [ 50.088828][ C0] ? ptrace_stop.part.0+0xa80/0xa80 [ 50.094022][ C0] ? _raw_spin_lock_irq+0x41/0x50 [ 50.099047][ C0] ptrace_notify+0xc4/0x140 [ 50.103546][ C0] syscall_exit_to_user_mode_prepare+0xdb/0x230 [ 50.109802][ C0] syscall_exit_to_user_mode+0x9/0x50 [ 50.115177][ C0] do_syscall_64+0x42/0xb0 [ 50.119596][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.125575][ C0] RIP: 0033:0x7fcf032a8fe3 [ 50.129994][ C0] Code: c7 c2 c0 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 [ 50.149597][ C0] RSP: 002b:00007ffd45f11e48 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 50.158098][ C0] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fcf032a8fe3 [ 50.166078][ C0] RDX: 0000000000000004 RSI: 00007ffd45f11e70 RDI: 0000000000000003 [ 50.174045][ C0] RBP: 0000000000000003 R08: 0000000000000000 R09: 00007ffd45f11dc0 [ 50.182112][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd45f11e70 [ 50.190078][ C0] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000 [ 50.198052][ C0] [ 50.201066][ C0] [ 50.203387][ C0] The buggy address belongs to the physical page: [ 50.209786][ C0] page:ffffea00007d94c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1f653 [ 50.219929][ C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 50.227054][ C0] raw: 00fff00000000000 0000000000000000 ffffea00007d94c8 0000000000000000 [ 50.235631][ C0] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 50.244201][ C0] page dumped because: kasan: bad access detected [ 50.250597][ C0] page_owner tracks the page as freed [ 50.255950][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), pid 2989, tgid 2989 (kworker/0:3), ts 45677389093, free_ts 47726640493 [ 50.273759][ C0] get_page_from_freelist+0x1290/0x3b70 [ 50.279320][ C0] __alloc_pages+0x1c7/0x510 [ 50.283905][ C0] alloc_pages+0x1aa/0x310 [ 50.288312][ C0] kmalloc_order+0x34/0xf0 [ 50.292724][ C0] kmalloc_order_trace+0x14/0x120 [ 50.297746][ C0] wiphy_new_nm+0x6f0/0x2080 [ 50.302342][ C0] ieee80211_alloc_hw_nm+0x373/0x2270 [ 50.307710][ C0] ar5523_probe+0x121/0x1da0 [ 50.312296][ C0] usb_probe_interface+0x315/0x7f0 [ 50.317406][ C0] really_probe+0x23e/0xb90 [ 50.321907][ C0] __driver_probe_device+0x338/0x4d0 [ 50.327188][ C0] driver_probe_device+0x4c/0x1a0 [ 50.332209][ C0] __device_attach_driver+0x20b/0x2f0 [ 50.337579][ C0] bus_for_each_drv+0x15f/0x1e0 [ 50.342423][ C0] __device_attach+0x1e4/0x530 [ 50.347183][ C0] bus_probe_device+0x1e4/0x290 [ 50.352048][ C0] page last free stack trace: [ 50.356721][ C0] free_pcp_prepare+0x549/0xd20 [ 50.361583][ C0] free_unref_page+0x19/0x6a0 [ 50.366264][ C0] device_release+0x9f/0x240 [ 50.370852][ C0] kobject_put+0x1c8/0x540 [ 50.375268][ C0] put_device+0x1b/0x30 [ 50.379418][ C0] ar5523_probe+0x1338/0x1da0 [ 50.384107][ C0] usb_probe_interface+0x315/0x7f0 [ 50.389215][ C0] really_probe+0x23e/0xb90 [ 50.393712][ C0] __driver_probe_device+0x338/0x4d0 [ 50.399001][ C0] driver_probe_device+0x4c/0x1a0 [ 50.404031][ C0] __device_attach_driver+0x20b/0x2f0 [ 50.409406][ C0] bus_for_each_drv+0x15f/0x1e0 [ 50.414272][ C0] __device_attach+0x1e4/0x530 [ 50.419066][ C0] bus_probe_device+0x1e4/0x290 [ 50.423923][ C0] device_add+0xbda/0x1ea0 [ 50.428391][ C0] usb_set_configuration+0x101e/0x1900 [ 50.433865][ C0] [ 50.436189][ C0] Memory state around the buggy address: [ 50.441823][ C0] ffff88801f653280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.449892][ C0] ffff88801f653300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.458035][ C0] >ffff88801f653380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.466093][ C0] ^ [ 50.473809][ C0] ffff88801f653400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.481949][ C0] ffff88801f653480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 50.489997][ C0] ================================================================== [ 50.498067][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 50.504659][ C0] CPU: 0 PID: 3622 Comm: syz-executor407 Not tainted 5.19.0-rc7-syzkaller-00002-g80e19f34c288 #0 [ 50.515170][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 50.525217][ C0] Call Trace: [ 50.528490][ C0] [ 50.531332][ C0] dump_stack_lvl+0xcd/0x134 [ 50.535924][ C0] panic+0x2d7/0x636 [ 50.539829][ C0] ? panic_print_sys_info.part.0+0x10b/0x10b [ 50.545830][ C0] ? ar5523_cmd_tx_cb+0x220/0x240 [ 50.550854][ C0] end_report.part.0+0x3f/0x7c [ 50.555616][ C0] kasan_report.cold+0x93/0x1c6 [ 50.560466][ C0] ? ar5523_cmd_tx_cb+0x220/0x240 [ 50.565488][ C0] ar5523_cmd_tx_cb+0x220/0x240 [ 50.570338][ C0] __usb_hcd_giveback_urb+0x2b0/0x5c0 [ 50.575710][ C0] usb_hcd_giveback_urb+0x367/0x410 [ 50.580905][ C0] dummy_timer+0x11f9/0x32b0 [ 50.585499][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 50.591486][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 50.597480][ C0] ? dummy_dequeue+0x500/0x500 [ 50.602248][ C0] ? dummy_dequeue+0x500/0x500 [ 50.607008][ C0] call_timer_fn+0x1a5/0x6b0 [ 50.611595][ C0] ? timer_fixup_activate+0x350/0x350 [ 50.616969][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 50.622166][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 50.627365][ C0] ? dummy_dequeue+0x500/0x500 [ 50.632129][ C0] __run_timers.part.0+0x679/0xa80 [ 50.637244][ C0] ? call_timer_fn+0x6b0/0x6b0 [ 50.642006][ C0] ? lockdep_hardirqs_on+0x79/0x100 [ 50.647204][ C0] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 50.652842][ C0] run_timer_softirq+0xb3/0x1d0 [ 50.657688][ C0] __do_softirq+0x29b/0x9c2 [ 50.662198][ C0] __irq_exit_rcu+0x123/0x180 [ 50.666869][ C0] irq_exit_rcu+0x5/0x20 [ 50.671128][ C0] sysvec_apic_timer_interrupt+0x93/0xc0 [ 50.676781][ C0] [ 50.679707][ C0] [ 50.682633][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 50.688636][ C0] RIP: 0010:do_raw_read_lock+0x2c/0x80 [ 50.694091][ C0] Code: 00 00 00 00 00 fc ff df 55 48 89 fd 48 83 c7 08 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 04 3c 03 7e 4c 81 7d 08 ed 1e af de <75> 20 be 04 00 00 00 48 89 ef e8 95 55 68 00 b8 00 02 00 00 f0 0f [ 50.713692][ C0] RSP: 0018:ffffc9000301fdc8 EFLAGS: 00000246 [ 50.719755][ C0] RAX: 0000000000000000 RBX: ffff88807497d880 RCX: ffffffff815e077e [ 50.727736][ C0] RDX: 1ffffffff1741411 RSI: 0000000000000001 RDI: ffffffff8ba0a088 [ 50.735704][ C0] RBP: ffffffff8ba0a080 R08: 0000000000000000 R09: ffffffff90684917 [ 50.743666][ C0] R10: fffffbfff20d0922 R11: 0000000000000001 R12: 0000000000000004 [ 50.751630][ C0] R13: 0000000008000000 R14: 0000000000000000 R15: ffff88807497ddf0 [ 50.759597][ C0] ? __lock_acquire+0x163e/0x5660 [ 50.764631][ C0] ? ptrace_stop.part.0+0x2fd/0xa80 [ 50.769827][ C0] ptrace_stop.part.0+0x2fd/0xa80 [ 50.774849][ C0] ptrace_do_notify+0x215/0x2b0 [ 50.779700][ C0] ? ptrace_stop.part.0+0xa80/0xa80 [ 50.784896][ C0] ? _raw_spin_lock_irq+0x41/0x50 [ 50.789921][ C0] ptrace_notify+0xc4/0x140 [ 50.794418][ C0] syscall_exit_to_user_mode_prepare+0xdb/0x230 [ 50.800654][ C0] syscall_exit_to_user_mode+0x9/0x50 [ 50.806022][ C0] do_syscall_64+0x42/0xb0 [ 50.810437][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.816331][ C0] RIP: 0033:0x7fcf032a8fe3 [ 50.820742][ C0] Code: c7 c2 c0 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 [ 50.840341][ C0] RSP: 002b:00007ffd45f11e48 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 50.848764][ C0] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fcf032a8fe3 [ 50.856728][ C0] RDX: 0000000000000004 RSI: 00007ffd45f11e70 RDI: 0000000000000003 [ 50.864690][ C0] RBP: 0000000000000003 R08: 0000000000000000 R09: 00007ffd45f11dc0 [ 50.872654][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd45f11e70 [ 50.880621][ C0] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000 [ 50.888591][ C0] [ 50.891754][ C0] Kernel Offset: disabled [ 50.896072][ C0] Rebooting in 86400 seconds..