./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor486097310
<...>
forked to background, child pid 3183
no interfa[ 17.997868][ T3184] 8021q: adding VLAN 0 to HW filter on device bond0
ces have a carrier
[ 18.007977][ T3184] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.78' (ECDSA) to the list of known hosts.
execve("./syz-executor486097310", ["./syz-executor486097310"], 0x7ffc08c141e0 /* 10 vars */) = 0
brk(NULL) = 0x555556954000
brk(0x555556954c40) = 0x555556954c40
arch_prctl(ARCH_SET_FS, 0x555556954300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor486097310", 4096) = 27
brk(0x555556975c40) = 0x555556975c40
brk(0x555556976000) = 0x555556976000
mprotect(0x7f2cf4d05000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569545d0) = 3605
./strace-static-x86_64: Process 3605 attached
[pid 3605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3605] setpgid(0, 0) = 0
[pid 3605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3605] write(3, "1000", 4) = 4
[pid 3605] close(3) = 0
[pid 3605] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3605] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffef3428960) = 0
[pid 3605] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 18
syzkaller login: [ 33.625584][ T2933] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 18
[pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 9
[pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[ 34.025805][ T2933] usb 1-1: unable to get BOS descriptor or descriptor too short
[pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 654
[ 34.105663][ T2933] usb 1-1: config 0 has an invalid interface number: 43 but max is 3
[ 34.113884][ T2933] usb 1-1: config 0 has an invalid interface number: 207 but max is 3
[ 34.122423][ T2933] usb 1-1: config 0 has an invalid interface number: 60 but max is 3
[ 34.130730][ T2933] usb 1-1: config 0 has an invalid interface number: 226 but max is 3
[ 34.138904][ T2933] usb 1-1: config 0 has no interface number 0
[ 34.144955][ T2933] usb 1-1: config 0 has no interface number 1
[ 34.151234][ T2933] usb 1-1: config 0 has no interface number 2
[ 34.157323][ T2933] usb 1-1: config 0 has no interface number 3
[ 34.163489][ T2933] usb 1-1: config 0 interface 43 altsetting 139 endpoint 0x9 has an invalid bInterval 141, changing to 11
[ 34.174815][ T2933] usb 1-1: config 0 interface 43 altsetting 139 has an invalid endpoint with address 0x80, skipping
[ 34.185599][ T2933] usb 1-1: config 0 interface 207 altsetting 131 has a duplicate endpoint with address 0xA, skipping
[ 34.196481][ T2933] usb 1-1: config 0 interface 207 altsetting 131 has a duplicate endpoint with address 0x6, skipping
[ 34.207350][ T2933] usb 1-1: config 0 interface 207 altsetting 131 has a duplicate endpoint with address 0xB, skipping
[ 34.218471][ T2933] usb 1-1: config 0 interface 207 altsetting 131 has a duplicate endpoint with address 0xB, skipping
[ 34.229361][ T2933] usb 1-1: config 0 interface 207 altsetting 131 endpoint 0x3 has invalid maxpacket 512, setting to 64
[ 34.240409][ T2933] usb 1-1: config 0 interface 207 altsetting 131 has an invalid endpoint descriptor of length 2, skipping
[ 34.251900][ T2933] usb 1-1: config 0 interface 207 altsetting 131 has a duplicate endpoint with address 0x6, skipping
[ 34.262789][ T2933] usb 1-1: config 0 interface 207 altsetting 131 endpoint 0x7 has an invalid bInterval 0, changing to 7
[ 34.273929][ T2933] usb 1-1: config 0 interface 207 altsetting 131 has 9 endpoint descriptors, different from the interface descriptor's value: 8
[ 34.287216][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has an invalid endpoint with address 0x18, skipping
[ 34.297842][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has a duplicate endpoint with address 0xD, skipping
[ 34.308468][ T2933] usb 1-1: config 0 interface 60 altsetting 6 endpoint 0xF has invalid maxpacket 1023, setting to 64
[ 34.319359][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has a duplicate endpoint with address 0xA, skipping
[ 34.330007][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has an invalid endpoint with address 0x80, skipping
[ 34.340612][ T2933] usb 1-1: config 0 interface 60 altsetting 6 endpoint 0x8 has invalid maxpacket 2015, setting to 64
[ 34.351858][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has a duplicate endpoint with address 0xA, skipping
[ 34.362468][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has a duplicate endpoint with address 0xD, skipping
[ 34.373087][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has a duplicate endpoint with address 0x1, skipping
[ 34.383713][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has a duplicate endpoint with address 0x3, skipping
[ 34.394348][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has an invalid endpoint descriptor of length 2, skipping
[ 34.405410][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has a duplicate endpoint with address 0xD, skipping
[ 34.416060][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has an invalid endpoint with address 0x80, skipping
[ 34.426696][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has 15 endpoint descriptors, different from the interface descriptor's value: 14
[ 34.439856][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has a duplicate endpoint with address 0xA, skipping
[ 34.450550][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has an invalid endpoint descriptor of length 2, skipping
[ 34.461672][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has a duplicate endpoint with address 0xA, skipping
[ 34.472588][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has an invalid endpoint with address 0x80, skipping
[ 34.483285][ T2933] usb 1-1: config 0 interface 226 altsetting 2 endpoint 0xC has an invalid bInterval 0, changing to 7
[ 34.494242][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has a duplicate endpoint with address 0xA, skipping
[ 34.504944][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has a duplicate endpoint with address 0x6, skipping
[ 34.515668][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has a duplicate endpoint with address 0xD, skipping
[ 34.526377][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has a duplicate endpoint with address 0x9, skipping
[ 34.537087][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has a duplicate endpoint with address 0x1, skipping
[pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[ 34.547795][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has a duplicate endpoint with address 0x1, skipping
[ 34.558488][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has 12 endpoint descriptors, different from the interface descriptor's value: 11
[ 34.571717][ T2933] usb 1-1: config 0 interface 43 has no altsetting 0
[ 34.578425][ T2933] usb 1-1: config 0 interface 207 has no altsetting 0
[ 34.585203][ T2933] usb 1-1: config 0 interface 60 has no altsetting 0
[ 34.591922][ T2933] usb 1-1: config 0 interface 226 has no altsetting 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x40) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3605] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2cf4d0b46c) = -1 EINVAL (Invalid argument)
[pid 3605] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2cf4d0b47c) = -1 EINVAL (Invalid argument)
[pid 3605] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffef3427950) = 0
[ 34.835634][ T2933] usb 1-1: string descriptor 0 read error: -22
[ 34.841975][ T2933] usb 1-1: New USB device found, idVendor=1110, idProduct=9010, bcdDevice=7c.ae
[ 34.851018][ T2933] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 34.859687][ T2933] usb 1-1: config 0 descriptor??
[ 34.897071][ T2933] usb 1-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9010) Rev (0X7CAE): Eagle I
[pid 3605] exit_group(0) = ?
[pid 3605] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3605, si_uid=0, si_status=0, si_utime=1, si_stime=1} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569545d0) = 3608
./strace-static-x86_64: Process 3608 attached
[pid 3608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3608] setpgid(0, 0) = 0
[pid 3608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3608] write(3, "1000", 4) = 4
[pid 3608] close(3) = 0
[pid 3608] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3608] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffef3428960) = 0
[pid 3608] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[ 35.055785][ T2933] usb 1-1: reset high-speed USB device number 2 using dummy_hcd
[ 35.495580][ T2933] usb 1-1: device descriptor read/64, error -71
[pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 18
[ 35.775583][ T2933] usb 1-1: reset high-speed USB device number 2 using dummy_hcd
[pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 18
[pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 654
[ 36.235683][ T2933] usb 1-1: unable to get BOS descriptor or descriptor too short
[pid 3608] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3608] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x40) = 0
[pid 3608] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3608] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2cf4d0b46c) = -1 EINVAL (Invalid argument)
[pid 3608] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2cf4d0b47c) = -1 EINVAL (Invalid argument)
[pid 3608] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffef3427950) = 0
[pid 3608] exit_group(0) = ?
[pid 3608] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3608, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3611 attached
, child_tidptr=0x5555569545d0) = 3611
[pid 3611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3611] setpgid(0, 0) = 0
[pid 3611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3611] write(3, "1000", 4) = 4
[pid 3611] close(3) = 0
[pid 3611] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3611] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffef3428960) = 0
[pid 3611] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[ 36.545641][ T2933] usb 1-1: failed to restore interface 43 altsetting 139 (error=-71)
[ 36.554115][ T2933] usb 1-1: [ueagle-atm] pre-firmware device, uploading firmware
[ 36.562097][ T2933] usb 1-1: [ueagle-atm] loading firmware ueagle-atm/eagleI.fw
[ 36.571472][ T2933] usb 1-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9010) Rev (0X7CAE): Eagle I
[ 36.581684][ T2933] usb 1-1: [ueagle-atm] pre-firmware device, uploading firmware
[ 36.589381][ T2933] usb 1-1: [ueagle-atm] loading firmware ueagle-atm/eagleI.fw
[ 36.598253][ T2933] usb 1-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9010) Rev (0X7CAE): Eagle I
[ 36.608345][ T2933] usb 1-1: [ueagle-atm] pre-firmware device, uploading firmware
[ 36.615999][ T2933] usb 1-1: [ueagle-atm] loading firmware ueagle-atm/eagleI.fw
[ 36.624841][ T2933] usb 1-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9010) Rev (0X7CAE): Eagle I
[ 36.634946][ T2933] usb 1-1: [ueagle-atm] pre-firmware device, uploading firmware
[ 36.642627][ T2933] usb 1-1: [ueagle-atm] loading firmware ueagle-atm/eagleI.fw
[ 36.651360][ T2933] usb 1-1: USB disconnect, device number 2
[ 36.659891][ T140] usb 1-1: Direct firmware load for ueagle-atm/eagleI.fw failed with error -2
[ 36.668999][ T140] usb 1-1: Falling back to sysfs fallback for: ueagle-atm/eagleI.fw
[ 36.680813][ T140] kobject_add_internal failed for firmware (error: -2 parent: 1-1)
[ 36.688763][ T140] firmware ueagle-atm!eagleI.fw: fw_load_sysfs_fallback: device_register failed
[ 36.697853][ T3612] usb 1-1: [UEAGLE-ATM] firmware is not available
[ 36.704304][ T140] usb 1-1: [UEAGLE-ATM] firmware is not available
[ 36.710907][ T140] usb 1-1: Direct firmware load for ueagle-atm/eagleI.fw failed with error -2
[ 36.719797][ T140] usb 1-1: Falling back to sysfs fallback for: ueagle-atm/eagleI.fw
[ 36.728002][ T140] kobject_add_internal failed for firmware (error: -2 parent: 1-1)
[ 36.735954][ T140] firmware ueagle-atm!eagleI.fw: fw_load_sysfs_fallback: device_register failed
[ 36.745074][ T140] usb 1-1: [UEAGLE-ATM] firmware is not available
[ 36.751721][ T140] usb 1-1: Direct firmware load for ueagle-atm/eagleI.fw failed with error -2
[ 36.760627][ T140] usb 1-1: Falling back to sysfs fallback for: ueagle-atm/eagleI.fw
[ 36.768717][ T140] kobject_add_internal failed for firmware (error: -2 parent: 1-1)
[ 36.776720][ T140] firmware ueagle-atm!eagleI.fw: fw_load_sysfs_fallback: device_register failed
[ 36.785852][ T140] usb 1-1: [UEAGLE-ATM] firmware is not available
[pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 18
[ 37.025603][ T2933] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 18
[pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 9
[ 37.505686][ T2933] usb 1-1: unable to get BOS descriptor or descriptor too short
[pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 654
[ 37.595630][ T2933] usb 1-1: config 0 has an invalid interface number: 43 but max is 3
[ 37.603771][ T2933] usb 1-1: config 0 has an invalid interface number: 207 but max is 3
[ 37.612533][ T2933] usb 1-1: config 0 has an invalid interface number: 60 but max is 3
[ 37.620647][ T2933] usb 1-1: config 0 has an invalid interface number: 226 but max is 3
[ 37.628827][ T2933] usb 1-1: config 0 has no interface number 0
[ 37.634916][ T2933] usb 1-1: config 0 has no interface number 1
[ 37.641172][ T2933] usb 1-1: config 0 has no interface number 2
[ 37.647262][ T2933] usb 1-1: config 0 has no interface number 3
[ 37.653326][ T2933] usb 1-1: config 0 interface 43 altsetting 139 endpoint 0x9 has an invalid bInterval 141, changing to 11
[ 37.664802][ T2933] usb 1-1: config 0 interface 43 altsetting 139 has an invalid endpoint with address 0x80, skipping
[ 37.675609][ T2933] usb 1-1: config 0 interface 207 altsetting 131 has a duplicate endpoint with address 0xA, skipping
[ 37.686515][ T2933] usb 1-1: config 0 interface 207 altsetting 131 has a duplicate endpoint with address 0x6, skipping
[ 37.697411][ T2933] usb 1-1: config 0 interface 207 altsetting 131 has a duplicate endpoint with address 0xB, skipping
[ 37.708323][ T2933] usb 1-1: config 0 interface 207 altsetting 131 has a duplicate endpoint with address 0xB, skipping
[ 37.719229][ T2933] usb 1-1: config 0 interface 207 altsetting 131 endpoint 0x3 has invalid maxpacket 512, setting to 64
[ 37.730340][ T2933] usb 1-1: config 0 interface 207 altsetting 131 has an invalid endpoint descriptor of length 2, skipping
[ 37.741841][ T2933] usb 1-1: config 0 interface 207 altsetting 131 has a duplicate endpoint with address 0x6, skipping
[ 37.752817][ T2933] usb 1-1: config 0 interface 207 altsetting 131 endpoint 0x7 has an invalid bInterval 0, changing to 7
[ 37.764238][ T2933] usb 1-1: config 0 interface 207 altsetting 131 has 9 endpoint descriptors, different from the interface descriptor's value: 8
[ 37.777485][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has an invalid endpoint with address 0x18, skipping
[ 37.788097][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has a duplicate endpoint with address 0xD, skipping
[ 37.798740][ T2933] usb 1-1: config 0 interface 60 altsetting 6 endpoint 0xF has invalid maxpacket 1023, setting to 64
[ 37.809799][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has a duplicate endpoint with address 0xA, skipping
[ 37.820421][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has an invalid endpoint with address 0x80, skipping
[ 37.831118][ T2933] usb 1-1: config 0 interface 60 altsetting 6 endpoint 0x8 has invalid maxpacket 2015, setting to 64
[ 37.841982][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has a duplicate endpoint with address 0xA, skipping
[ 37.852603][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has a duplicate endpoint with address 0xD, skipping
[ 37.863231][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has a duplicate endpoint with address 0x1, skipping
[ 37.873850][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has a duplicate endpoint with address 0x3, skipping
[ 37.884573][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has an invalid endpoint descriptor of length 2, skipping
[ 37.895712][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has a duplicate endpoint with address 0xD, skipping
[ 37.906364][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has an invalid endpoint with address 0x80, skipping
[ 37.916966][ T2933] usb 1-1: config 0 interface 60 altsetting 6 has 15 endpoint descriptors, different from the interface descriptor's value: 14
[ 37.930101][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has a duplicate endpoint with address 0xA, skipping
[ 37.940795][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has an invalid endpoint descriptor of length 2, skipping
[ 37.951914][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has a duplicate endpoint with address 0xA, skipping
[ 37.962594][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has an invalid endpoint with address 0x80, skipping
[ 37.973290][ T2933] usb 1-1: config 0 interface 226 altsetting 2 endpoint 0xC has an invalid bInterval 0, changing to 7
[ 37.984238][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has a duplicate endpoint with address 0xA, skipping
[ 37.994935][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has a duplicate endpoint with address 0x6, skipping
[ 38.005754][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has a duplicate endpoint with address 0xD, skipping
[ 38.016468][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has a duplicate endpoint with address 0x9, skipping
[ 38.027188][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has a duplicate endpoint with address 0x1, skipping
[pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[ 38.038012][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has a duplicate endpoint with address 0x1, skipping
[ 38.048732][ T2933] usb 1-1: config 0 interface 226 altsetting 2 has 12 endpoint descriptors, different from the interface descriptor's value: 11
[ 38.061999][ T2933] usb 1-1: config 0 interface 43 has no altsetting 0
[ 38.068690][ T2933] usb 1-1: config 0 interface 207 has no altsetting 0
[ 38.075434][ T2933] usb 1-1: config 0 interface 60 has no altsetting 0
[ 38.082149][ T2933] usb 1-1: config 0 interface 226 has no altsetting 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x40) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3611] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2cf4d0b46c) = -1 EINVAL (Invalid argument)
[pid 3611] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2cf4d0b47c) = -1 EINVAL (Invalid argument)
[ 38.345638][ T2933] usb 1-1: string descriptor 0 read error: -22
[ 38.352046][ T2933] usb 1-1: New USB device found, idVendor=1110, idProduct=9010, bcdDevice=7c.ae
[ 38.361275][ T2933] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 38.370033][ T2933] usb 1-1: config 0 descriptor??
[pid 3611] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffef3427950) = 0
[ 38.416633][ T2933] usb 1-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9010) Rev (0X7CAE): Eagle I
[pid 3611] exit_group(0) = ?
[pid 3611] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3611, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569545d0) = 3614
./strace-static-x86_64: Process 3614 attached
[pid 3614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3614] setpgid(0, 0) = 0
[pid 3614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3614] write(3, "1000", 4) = 4
[pid 3614] close(3) = 0
[pid 3614] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3614] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffef3428960) = 0
[pid 3614] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[ 38.585798][ T2933] usb 1-1: reset high-speed USB device number 3 using dummy_hcd
[ 39.025818][ T2933] usb 1-1: device descriptor read/64, error -71
[pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 18
[ 39.305581][ T2933] usb 1-1: reset high-speed USB device number 3 using dummy_hcd
[pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 18
[pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 0
[pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffef3427950) = 654
[pid 3614] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[pid 3614] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0x40) = 0
[ 39.755653][ T2933] usb 1-1: unable to get BOS descriptor or descriptor too short
[pid 3614] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[pid 3614] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2cf4d0b46c) = -1 EINVAL (Invalid argument)
[pid 3614] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f2cf4d0b47c) = -1 EINVAL (Invalid argument)
[pid 3614] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffef3427950) = 0
[pid 3614] exit_group(0) = ?
[pid 3614] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3614, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569545d0) = 3615
./strace-static-x86_64: Process 3615 attached
[pid 3615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3615] setpgid(0, 0) = 0
[pid 3615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3615] write(3, "1000", 4) = 4
[pid 3615] close(3) = 0
[pid 3615] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3615] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffef3428960) = 0
[pid 3615] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3615] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffef3428960) = 0
[ 40.055615][ T2933] usb 1-1: failed to restore interface 43 altsetting 139 (error=-71)
[ 40.064077][ T2933] usb 1-1: [ueagle-atm] pre-firmware device, uploading firmware
[ 40.071773][ T2933] usb 1-1: [ueagle-atm] loading firmware ueagle-atm/eagleI.fw
[ 40.081007][ T2933] usb 1-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9010) Rev (0X7CAE): Eagle I
[ 40.091127][ T2933] usb 1-1: [ueagle-atm] pre-firmware device, uploading firmware
[ 40.098942][ T2933] usb 1-1: [ueagle-atm] loading firmware ueagle-atm/eagleI.fw
[ 40.108058][ T2933] usb 1-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9010) Rev (0X7CAE): Eagle I
[ 40.118875][ T2933] usb 1-1: [ueagle-atm] pre-firmware device, uploading firmware
[ 40.127245][ T2933] usb 1-1: [ueagle-atm] loading firmware ueagle-atm/eagleI.fw
[ 40.136529][ T2933] usb 1-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9010) Rev (0X7CAE): Eagle I
[ 40.146689][ T2933] usb 1-1: [ueagle-atm] pre-firmware device, uploading firmware
[ 40.154322][ T2933] usb 1-1: [ueagle-atm] loading firmware ueagle-atm/eagleI.fw
[ 40.163321][ T140] usb 1-1: Direct firmware load for ueagle-atm/eagleI.fw failed with error -2
[ 40.172398][ T2933] usb 1-1: USB disconnect, device number 3
[ 40.179375][ T140] usb 1-1: Falling back to sysfs fallback for: ueagle-atm/eagleI.fw
[ 40.192483][ T140] ==================================================================
[ 40.200571][ T140] BUG: KASAN: use-after-free in kernfs_next_descendant_post+0x22a/0x2f0
[ 40.209002][ T140] Read of size 2 at addr ffff88814591c180 by task kworker/0:2/140
[ 40.216831][ T140]
[ 40.219158][ T140] CPU: 0 PID: 140 Comm: kworker/0:2 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0
[ 40.228872][ T140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 40.239044][ T140] Workqueue: events request_firmware_work_func
[ 40.245235][ T140] Call Trace:
[ 40.248509][ T140]
[ 40.251514][ T140] dump_stack_lvl+0xcd/0x134
[ 40.256094][ T140] print_report.cold+0x2ba/0x719
[ 40.261047][ T140] ? kernfs_next_descendant_post+0x22a/0x2f0
[ 40.267116][ T140] kasan_report+0xb1/0x1e0
[ 40.271532][ T140] ? kernfs_next_descendant_post+0x22a/0x2f0
[ 40.277509][ T140] kernfs_next_descendant_post+0x22a/0x2f0
[ 40.283315][ T140] kernfs_add_one+0x38d/0x4e0
[ 40.287993][ T140] kernfs_create_dir_ns+0x18b/0x220
[ 40.293190][ T140] sysfs_create_dir_ns+0x127/0x290
[ 40.298380][ T140] ? sysfs_create_mount_point+0xb0/0xb0
[ 40.304092][ T140] ? rwlock_bug.part.0+0x90/0x90
[ 40.309106][ T140] ? rcu_read_lock_sched_held+0xd/0x70
[ 40.314567][ T140] ? do_raw_spin_unlock+0x171/0x230
[ 40.319771][ T140] kobject_add_internal+0x2c9/0x8f0
[ 40.324974][ T140] kobject_add+0x150/0x1c0
[ 40.329394][ T140] ? kset_create_and_add+0x1a0/0x1a0
[ 40.334696][ T140] ? get_device_parent+0x2b7/0x590
[ 40.339823][ T140] ? trace_kmalloc+0x32/0x100
[ 40.344498][ T140] get_device_parent+0x3d7/0x590
[ 40.349435][ T140] device_add+0x2aa/0x1e90
[ 40.353840][ T140] ? device_initialize+0x540/0x540
[ 40.358952][ T140] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0
[ 40.365283][ T140] ? __init_waitqueue_head+0xc6/0x150
[ 40.370751][ T140] firmware_fallback_sysfs+0x2d5/0xba0
[ 40.376294][ T140] _request_firmware+0xbca/0x1190
[ 40.381311][ T140] ? lock_release+0x521/0x780
[ 40.385983][ T140] ? assign_fw+0x640/0x640
[ 40.390405][ T140] ? do_raw_spin_unlock+0x171/0x230
[ 40.395693][ T140] ? rcu_read_lock_sched_held+0xd/0x70
[ 40.401157][ T140] ? lock_acquire+0x480/0x570
[ 40.405998][ T140] request_firmware_work_func+0xdd/0x230
[ 40.411800][ T140] ? request_partial_firmware_into_buf+0xa0/0xa0
[ 40.418121][ T140] ? __switch_to_asm+0x3a/0x60
[ 40.422879][ T140] process_one_work+0x991/0x1610
[ 40.427813][ T140] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 40.433283][ T140] ? rwlock_bug.part.0+0x90/0x90
[ 40.438210][ T140] worker_thread+0x665/0x1080
[ 40.442885][ T140] ? __kthread_parkme+0x15f/0x220
[ 40.447912][ T140] ? process_one_work+0x1610/0x1610
[ 40.453104][ T140] kthread+0x2e4/0x3a0
[ 40.457160][ T140] ? kthread_complete_and_exit+0x40/0x40
[ 40.462885][ T140] ret_from_fork+0x1f/0x30
[ 40.467317][ T140]
[ 40.470354][ T140]
[ 40.472661][ T140] Allocated by task 140:
[ 40.476969][ T140] kasan_save_stack+0x1e/0x40
[ 40.481654][ T140] __kasan_slab_alloc+0x90/0xc0
[ 40.486495][ T140] kmem_cache_alloc+0x267/0x3b0
[ 40.491381][ T140] __kernfs_new_node+0xd4/0x8b0
[ 40.496230][ T140] kernfs_create_dir_ns+0x9c/0x220
[ 40.501336][ T140] sysfs_create_dir_ns+0x127/0x290
[ 40.506435][ T140] kobject_add_internal+0x2c9/0x8f0
[ 40.511628][ T140] kobject_add+0x150/0x1c0
[ 40.516043][ T140] get_device_parent+0x3d7/0x590
[ 40.521051][ T140] device_add+0x2aa/0x1e90
[ 40.525475][ T140] firmware_fallback_sysfs+0x2d5/0xba0
[ 40.530937][ T140] _request_firmware+0xbca/0x1190
[ 40.536038][ T140] request_firmware_work_func+0xdd/0x230
[ 40.541661][ T140] process_one_work+0x991/0x1610
[ 40.546590][ T140] worker_thread+0x665/0x1080
[ 40.551347][ T140] kthread+0x2e4/0x3a0
[ 40.555406][ T140] ret_from_fork+0x1f/0x30
[ 40.559818][ T140]
[ 40.562125][ T140] Freed by task 2933:
[ 40.566087][ T140] kasan_save_stack+0x1e/0x40
[ 40.570755][ T140] kasan_set_track+0x21/0x30
[ 40.575337][ T140] kasan_set_free_info+0x20/0x30
[ 40.580269][ T140] ____kasan_slab_free+0x166/0x1c0
[ 40.585370][ T140] slab_free_freelist_hook+0x8b/0x1c0
[ 40.590734][ T140] kmem_cache_free+0xeb/0x5b0
[ 40.595403][ T140] kernfs_put.part.0+0x2c4/0x540
[ 40.600333][ T140] kernfs_put+0x42/0x50
[ 40.604481][ T140] __kernfs_remove+0x463/0x600
[ 40.609242][ T140] kernfs_remove+0x77/0xa0
[ 40.613740][ T140] sysfs_remove_dir+0xc1/0x100
[ 40.618492][ T140] __kobject_del+0xe2/0x1f0
[ 40.623163][ T140] kobject_del+0x3c/0x60
[ 40.627483][ T140] device_del+0x81c/0xc80
[ 40.631797][ T140] usb_disconnect.cold+0x49b/0x6ed
[ 40.636902][ T140] hub_event+0x1f86/0x45e0
[ 40.641310][ T140] process_one_work+0x991/0x1610
[ 40.646237][ T140] worker_thread+0x854/0x1080
[ 40.650902][ T140] kthread+0x2e4/0x3a0
[ 40.654955][ T140] ret_from_fork+0x1f/0x30
[ 40.659361][ T140]
[ 40.661666][ T140] The buggy address belongs to the object at ffff88814591c0e8
[ 40.661666][ T140] which belongs to the cache kernfs_node_cache of size 168
[ 40.676225][ T140] The buggy address is located 152 bytes inside of
[ 40.676225][ T140] 168-byte region [ffff88814591c0e8, ffff88814591c190)
[ 40.689484][ T140]
[ 40.691794][ T140] The buggy address belongs to the physical page:
[ 40.698185][ T140] page:ffffea0005164700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14591c
[ 40.708408][ T140] flags: 0x57ff00000000200(slab|node=1|zone=2|lastcpupid=0x7ff)
[ 40.716031][ T140] raw: 057ff00000000200 0000000000000000 dead000000000001 ffff8880119dbb40
[ 40.724599][ T140] raw: 0000000000000000 0000000080110011 00000001ffffffff 0000000000000000
[ 40.733158][ T140] page dumped because: kasan: bad access detected
[ 40.739548][ T140] page_owner tracks the page as allocated
[ 40.745241][ T140] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1 (swapper/0), ts 1564996231, free_ts 0
[ 40.761812][ T140] get_page_from_freelist+0x109b/0x2ce0
[ 40.767357][ T140] __alloc_pages+0x1c7/0x510
[ 40.771939][ T140] alloc_page_interleave+0x1e/0x200
[ 40.777124][ T140] alloc_pages+0x22f/0x270
[ 40.781532][ T140] allocate_slab+0x27e/0x3d0
[ 40.786108][ T140] ___slab_alloc+0x84f/0xe80
[ 40.790685][ T140] __slab_alloc.constprop.0+0x4d/0xa0
[ 40.796046][ T140] kmem_cache_alloc+0x38c/0x3b0
[ 40.800884][ T140] __kernfs_new_node+0xd4/0x8b0
[ 40.805726][ T140] kernfs_new_node+0x93/0x120
[ 40.810398][ T140] __kernfs_create_file+0x51/0x350
[ 40.815494][ T140] sysfs_add_file_mode_ns+0x20f/0x3f0
[ 40.820853][ T140] internal_create_group+0x322/0xb10
[ 40.826124][ T140] param_sysfs_init+0x342/0x43b
[ 40.830967][ T140] do_one_initcall+0xfe/0x650
[ 40.835633][ T140] kernel_init_freeable+0x6b1/0x73a
[ 40.840826][ T140] page_owner free stack trace missing
[ 40.846172][ T140]
[ 40.848486][ T140] Memory state around the buggy address:
[ 40.854097][ T140] ffff88814591c080: fb fb fb fb fb fc fc fc fc fc fc fc fc fa fb fb
[ 40.862164][ T140] ffff88814591c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.870227][ T140] >ffff88814591c180: fb fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb
[ 40.878273][ T140] ^
[ 40.882325][ T140] ffff88814591c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[ 40.890386][ T140] ffff88814591c280: fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb
[ 40.898431][ T140] ==================================================================
[ 40.907390][ T140] Kernel panic - not syncing: panic_on_warn set ...
[ 40.913986][ T140] CPU: 0 PID: 140 Comm: kworker/0:2 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0
[ 40.923603][ T140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 40.933649][ T140] Workqueue: events request_firmware_work_func
[ 40.939803][ T140] Call Trace:
[ 40.943416][ T140]
[ 40.946337][ T140] dump_stack_lvl+0xcd/0x134
[ 40.950922][ T140] panic+0x2c8/0x622
[ 40.954810][ T140] ? panic_print_sys_info.part.0+0x10b/0x10b
[ 40.960789][ T140] ? preempt_schedule_common+0x59/0xc0
[ 40.966246][ T140] ? preempt_schedule_thunk+0x16/0x18
[ 40.971618][ T140] ? kernfs_next_descendant_post+0x22a/0x2f0
[ 40.977596][ T140] end_report.part.0+0x3f/0x7c
[ 40.982359][ T140] kasan_report.cold+0xa/0xf
[ 40.986940][ T140] ? kernfs_next_descendant_post+0x22a/0x2f0
[ 40.992919][ T140] kernfs_next_descendant_post+0x22a/0x2f0
[ 40.998725][ T140] kernfs_add_one+0x38d/0x4e0
[ 41.003398][ T140] kernfs_create_dir_ns+0x18b/0x220
[ 41.008598][ T140] sysfs_create_dir_ns+0x127/0x290
[ 41.013698][ T140] ? sysfs_create_mount_point+0xb0/0xb0
[ 41.019231][ T140] ? rwlock_bug.part.0+0x90/0x90
[ 41.024159][ T140] ? rcu_read_lock_sched_held+0xd/0x70
[ 41.029639][ T140] ? do_raw_spin_unlock+0x171/0x230
[ 41.034827][ T140] kobject_add_internal+0x2c9/0x8f0
[ 41.040020][ T140] kobject_add+0x150/0x1c0
[ 41.044430][ T140] ? kset_create_and_add+0x1a0/0x1a0
[ 41.049711][ T140] ? get_device_parent+0x2b7/0x590
[ 41.054812][ T140] ? trace_kmalloc+0x32/0x100
[ 41.059483][ T140] get_device_parent+0x3d7/0x590
[ 41.064410][ T140] device_add+0x2aa/0x1e90
[ 41.068823][ T140] ? device_initialize+0x540/0x540
[ 41.073936][ T140] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0
[ 41.080166][ T140] ? __init_waitqueue_head+0xc6/0x150
[ 41.085541][ T140] firmware_fallback_sysfs+0x2d5/0xba0
[ 41.090998][ T140] _request_firmware+0xbca/0x1190
[ 41.096015][ T140] ? lock_release+0x521/0x780
[ 41.100684][ T140] ? assign_fw+0x640/0x640
[ 41.105088][ T140] ? do_raw_spin_unlock+0x171/0x230
[ 41.110361][ T140] ? rcu_read_lock_sched_held+0xd/0x70
[ 41.115818][ T140] ? lock_acquire+0x480/0x570
[ 41.120485][ T140] request_firmware_work_func+0xdd/0x230
[ 41.126107][ T140] ? request_partial_firmware_into_buf+0xa0/0xa0
[ 41.132426][ T140] ? __switch_to_asm+0x3a/0x60
[ 41.137188][ T140] process_one_work+0x991/0x1610
[ 41.142125][ T140] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 41.147492][ T140] ? rwlock_bug.part.0+0x90/0x90
[ 41.152421][ T140] worker_thread+0x665/0x1080
[ 41.157091][ T140] ? __kthread_parkme+0x15f/0x220
[ 41.162102][ T140] ? process_one_work+0x1610/0x1610
[ 41.167297][ T140] kthread+0x2e4/0x3a0
[ 41.171354][ T140] ? kthread_complete_and_exit+0x40/0x40
[ 41.176975][ T140] ret_from_fork+0x1f/0x30
[ 41.181393][ T140]
[ 41.185092][ T140] Kernel Offset: disabled
[ 41.189409][ T140] Rebooting in 86400 seconds..