Warning: Permanently added '10.128.0.86' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program [ 90.125366][ T38] audit: type=1400 audit(1627305883.176:8): avc: denied { execmem } for pid=8464 comm="syz-executor719" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 90.398573][ T3160] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 90.417790][ T2949] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 90.428701][ T4854] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 90.436277][ T5] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 90.444163][ T7] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 90.458757][ T20] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 90.657803][ T2949] usb 6-1: Using ep0 maxpacket: 8 [ 90.677744][ T3160] usb 1-1: Using ep0 maxpacket: 8 [ 90.688791][ T4854] usb 5-1: Using ep0 maxpacket: 8 [ 90.694770][ T7] usb 3-1: Using ep0 maxpacket: 8 [ 90.701344][ T5] usb 4-1: Using ep0 maxpacket: 8 [ 90.728225][ T20] usb 2-1: Using ep0 maxpacket: 8 [ 90.778216][ T2949] usb 6-1: config 0 has an invalid interface number: 138 but max is 0 [ 90.787065][ T2949] usb 6-1: config 0 has no interface number 0 [ 90.795145][ T2949] usb 6-1: config 0 interface 138 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 90.818506][ T4854] usb 5-1: config 0 has an invalid interface number: 138 but max is 0 [ 90.826915][ T4854] usb 5-1: config 0 has no interface number 0 [ 90.834795][ T5] usb 4-1: config 0 has an invalid interface number: 138 but max is 0 [ 90.837960][ T3160] usb 1-1: config 0 has an invalid interface number: 138 but max is 0 [ 90.843925][ T7] usb 3-1: config 0 has an invalid interface number: 138 but max is 0 [ 90.852511][ T3160] usb 1-1: config 0 has no interface number 0 [ 90.860499][ T4854] usb 5-1: config 0 interface 138 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 90.860610][ T5] usb 4-1: config 0 has no interface number 0 [ 90.860639][ T5] usb 4-1: config 0 interface 138 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 90.860712][ T7] usb 3-1: config 0 has no interface number 0 [ 90.860746][ T7] usb 3-1: config 0 interface 138 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 90.912412][ T20] usb 2-1: config 0 has an invalid interface number: 138 but max is 0 [ 90.920737][ T20] usb 2-1: config 0 has no interface number 0 [ 90.926841][ T20] usb 2-1: config 0 interface 138 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 90.938072][ T3160] usb 1-1: config 0 interface 138 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 90.977921][ T2949] usb 6-1: New USB device found, idVendor=7392, idProduct=7612, bcdDevice=4e.42 [ 90.987746][ T2949] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.996268][ T2949] usb 6-1: Product: syz [ 91.000893][ T2949] usb 6-1: Manufacturer: syz [ 91.005742][ T2949] usb 6-1: SerialNumber: syz [ 91.018027][ T4854] usb 5-1: New USB device found, idVendor=7392, idProduct=7612, bcdDevice=4e.42 [ 91.027109][ T4854] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.035768][ T7] usb 3-1: New USB device found, idVendor=7392, idProduct=7612, bcdDevice=4e.42 [ 91.045098][ T5] usb 4-1: New USB device found, idVendor=7392, idProduct=7612, bcdDevice=4e.42 [ 91.060738][ T2949] usb 6-1: config 0 descriptor?? [ 91.079191][ T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.087302][ T5] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.097324][ T7] usb 3-1: Product: syz [ 91.105377][ T4854] usb 5-1: Product: syz [ 91.111905][ T5] usb 4-1: Product: syz [ 91.116103][ T5] usb 4-1: Manufacturer: syz [ 91.122458][ T7] usb 3-1: Manufacturer: syz [ 91.127082][ T7] usb 3-1: SerialNumber: syz [ 91.133092][ T4854] usb 5-1: Manufacturer: syz [ 91.137951][ T20] usb 2-1: New USB device found, idVendor=7392, idProduct=7612, bcdDevice=4e.42 [ 91.139518][ T5] usb 4-1: SerialNumber: syz [ 91.147254][ T3160] usb 1-1: New USB device found, idVendor=7392, idProduct=7612, bcdDevice=4e.42 [ 91.153621][ T4854] usb 5-1: SerialNumber: syz [ 91.167122][ T20] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.172987][ T7] usb 3-1: config 0 descriptor?? [ 91.180377][ T3160] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.187373][ T4854] usb 5-1: config 0 descriptor?? [ 91.194164][ T20] usb 2-1: Product: syz [ 91.195480][ T5] usb 4-1: config 0 descriptor?? [ 91.217071][ T20] usb 2-1: Manufacturer: syz [ 91.223344][ T3160] usb 1-1: Product: syz executing program [ 91.245067][ T3160] usb 1-1: Manufacturer: syz [ 91.250411][ T20] usb 2-1: SerialNumber: syz [ 91.255420][ T3160] usb 1-1: SerialNumber: syz [ 91.267179][ T20] usb 2-1: config 0 descriptor?? [ 91.283015][ T3160] usb 1-1: config 0 descriptor?? [ 91.342309][ T2949] r8712u: register rtl8712_netdev_ops to netdev_ops [ 91.369337][ T2949] usb 6-1: r8712u: USB_SPEED_HIGH with 0 endpoints executing program executing program executing program [ 91.436891][ T2949] usb 6-1: r8712u: Boot from EFUSE: Autoload Failed [ 91.444878][ T2949] usb 6-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 91.460113][ T2949] usb 6-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 91.490571][ T7] r8712u: register rtl8712_netdev_ops to netdev_ops [ 91.497306][ T7] usb 3-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 91.506228][ T4854] r8712u: register rtl8712_netdev_ops to netdev_ops [ 91.515130][ T5] r8712u: register rtl8712_netdev_ops to netdev_ops [ 91.528338][ T5] usb 4-1: r8712u: USB_SPEED_HIGH with 0 endpoints executing program executing program [ 91.529457][ T4854] usb 5-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 91.559221][ T2949] usb 6-1: USB disconnect, device number 2 [ 91.587879][ T5] usb 4-1: r8712u: Boot from EFUSE: Autoload Failed [ 91.597106][ T5] usb 4-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 91.609358][ T20] r8712u: register rtl8712_netdev_ops to netdev_ops [ 91.612853][ T5] usb 4-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 91.616080][ T20] usb 2-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 91.618851][ T3160] r8712u: register rtl8712_netdev_ops to netdev_ops [ 91.624387][ T7] usb 3-1: r8712u: Boot from EFUSE: Autoload Failed [ 91.657864][ T4854] usb 5-1: r8712u: Boot from EFUSE: Autoload Failed [ 91.664598][ T4854] usb 5-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 91.684797][ T5] usb 4-1: USB disconnect, device number 2 [ 91.692810][ T3160] usb 1-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 91.699977][ T20] usb 2-1: r8712u: Boot from EFUSE: Autoload Failed [ 91.704888][ T7] usb 3-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 91.714943][ T4854] usb 5-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 91.730061][ T20] usb 2-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 91.758643][ T4854] usb 5-1: USB disconnect, device number 2 [ 91.768267][ T7] usb 3-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 91.780069][ T20] usb 2-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 91.805696][ T7] usb 3-1: USB disconnect, device number 2 [ 91.807727][ T3160] usb 1-1: r8712u: Boot from EFUSE: Autoload Failed [ 91.835111][ T20] usb 2-1: USB disconnect, device number 2 [ 91.855487][ T8488] usb 6-1: Direct firmware load for rtlwifi/rtl8712u.bin failed with error -2 [ 91.855556][ T3160] usb 1-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 91.877695][ T8488] usb 6-1: Falling back to sysfs fallback for: rtlwifi/rtl8712u.bin [ 91.924857][ T3160] usb 1-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 91.952468][ T8547] usb 4-1: r8712u: Firmware request failed [ 91.957752][ T3160] usb 1-1: USB disconnect, device number 2 [ 91.958700][ T8484] usb 5-1: r8712u: Firmware request failed [ 91.966403][ T26] usb 2-1: r8712u: Firmware request failed [ 91.970850][ T8550] usb 3-1: r8712u: Firmware request failed [ 91.992421][ T8488] usb 6-1: r8712u: Firmware request failed [ 92.007855][ T26] usb 1-1: Direct firmware load for rtlwifi/rtl8712u.bin failed with error -2 [ 92.055236][ T26] usb 1-1: Falling back to sysfs fallback for: rtlwifi/rtl8712u.bin [ 92.106264][ T26] usb 1-1: r8712u: Firmware request failed [ 92.357718][ T4854] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 92.365364][ T5] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 92.374461][ T2949] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 92.382479][ T7] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 92.387651][ T20] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 92.507644][ T3160] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 92.597819][ T4854] usb 5-1: Using ep0 maxpacket: 8 [ 92.627665][ T5] usb 4-1: Using ep0 maxpacket: 8 [ 92.632911][ T2949] usb 6-1: Using ep0 maxpacket: 8 [ 92.638228][ T7] usb 3-1: Using ep0 maxpacket: 8 [ 92.649811][ T20] usb 2-1: Using ep0 maxpacket: 8 [ 92.718297][ T4854] usb 5-1: config 0 has an invalid interface number: 138 but max is 0 [ 92.727117][ T4854] usb 5-1: config 0 has no interface number 0 [ 92.734627][ T4854] usb 5-1: config 0 interface 138 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 92.757902][ T5] usb 4-1: config 0 has an invalid interface number: 138 but max is 0 [ 92.766450][ T2949] usb 6-1: config 0 has an invalid interface number: 138 but max is 0 [ 92.774945][ T7] usb 3-1: config 0 has an invalid interface number: 138 but max is 0 [ 92.784851][ T5] usb 4-1: config 0 has no interface number 0 [ 92.787590][ T3160] usb 1-1: Using ep0 maxpacket: 8 [ 92.796173][ T2949] usb 6-1: config 0 has no interface number 0 [ 92.798206][ T20] usb 2-1: config 0 has an invalid interface number: 138 but max is 0 [ 92.804513][ T7] usb 3-1: config 0 has no interface number 0 [ 92.811969][ T20] usb 2-1: config 0 has no interface number 0 [ 92.821285][ T5] usb 4-1: config 0 interface 138 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 92.824978][ T20] usb 2-1: config 0 interface 138 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 92.838028][ T2949] usb 6-1: config 0 interface 138 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 92.860377][ T7] usb 3-1: config 0 interface 138 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 92.897812][ T4854] usb 5-1: New USB device found, idVendor=7392, idProduct=7612, bcdDevice=4e.42 [ 92.907381][ T4854] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.917258][ T4854] usb 5-1: Product: syz [ 92.921975][ T4854] usb 5-1: Manufacturer: syz [ 92.926579][ T4854] usb 5-1: SerialNumber: syz [ 92.935255][ T4854] usb 5-1: config 0 descriptor?? [ 92.957773][ T3160] usb 1-1: config 0 has an invalid interface number: 138 but max is 0 [ 92.966989][ T3160] usb 1-1: config 0 has no interface number 0 [ 92.976614][ T3160] usb 1-1: config 0 interface 138 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 93.027890][ T7] usb 3-1: New USB device found, idVendor=7392, idProduct=7612, bcdDevice=4e.42 [ 93.037854][ T2949] usb 6-1: New USB device found, idVendor=7392, idProduct=7612, bcdDevice=4e.42 [ 93.048007][ T5] usb 4-1: New USB device found, idVendor=7392, idProduct=7612, bcdDevice=4e.42 [ 93.057282][ T5] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.066085][ T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.067671][ T20] usb 2-1: New USB device found, idVendor=7392, idProduct=7612, bcdDevice=4e.42 [ 93.074656][ T2949] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.086660][ T20] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.100680][ T5] usb 4-1: Product: syz [ 93.103507][ T20] usb 2-1: Product: syz [ 93.105403][ T5] usb 4-1: Manufacturer: syz [ 93.105421][ T5] usb 4-1: SerialNumber: syz [ 93.106388][ T7] usb 3-1: Product: syz [ 93.122575][ T20] usb 2-1: Manufacturer: syz executing program [ 93.131970][ T20] usb 2-1: SerialNumber: syz [ 93.135029][ T5] usb 4-1: config 0 descriptor?? [ 93.143082][ T2949] usb 6-1: Product: syz [ 93.148725][ T7] usb 3-1: Manufacturer: syz [ 93.149722][ T20] usb 2-1: config 0 descriptor?? [ 93.160450][ T2949] usb 6-1: Manufacturer: syz [ 93.170251][ T7] usb 3-1: SerialNumber: syz [ 93.176201][ T2949] usb 6-1: SerialNumber: syz [ 93.204038][ T7] usb 3-1: config 0 descriptor?? [ 93.217934][ T3160] usb 1-1: New USB device found, idVendor=7392, idProduct=7612, bcdDevice=4e.42 [ 93.219820][ T4854] r8712u: register rtl8712_netdev_ops to netdev_ops [ 93.243125][ T2949] usb 6-1: config 0 descriptor?? [ 93.245260][ T3160] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.269260][ T3160] usb 1-1: Product: syz [ 93.287164][ T4854] usb 5-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 93.292222][ T3160] usb 1-1: Manufacturer: syz [ 93.325404][ T3160] usb 1-1: SerialNumber: syz executing program [ 93.352625][ T3160] usb 1-1: config 0 descriptor?? [ 93.367679][ T4854] usb 5-1: r8712u: Boot from EFUSE: Autoload Failed [ 93.376876][ T4854] usb 5-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 executing program [ 93.425174][ T4854] usb 5-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 93.436700][ T5] r8712u: register rtl8712_netdev_ops to netdev_ops [ 93.453364][ T5] usb 4-1: r8712u: USB_SPEED_HIGH with 0 endpoints executing program [ 93.480197][ T4854] usb 5-1: USB disconnect, device number 3 [ 93.482581][ T20] r8712u: register rtl8712_netdev_ops to netdev_ops [ 93.503175][ T8488] usb 5-1: Direct firmware load for rtlwifi/rtl8712u.bin failed with error -2 [ 93.507948][ T20] usb 2-1: r8712u: USB_SPEED_HIGH with 0 endpoints executing program [ 93.549873][ T7] r8712u: register rtl8712_netdev_ops to netdev_ops [ 93.556688][ T7] usb 3-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 93.565945][ T2949] r8712u: register rtl8712_netdev_ops to netdev_ops [ 93.575197][ T5] usb 4-1: r8712u: Boot from EFUSE: Autoload Failed [ 93.601281][ T2949] usb 6-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 93.608813][ T8488] usb 5-1: Falling back to sysfs fallback for: rtlwifi/rtl8712u.bin [ 93.617979][ T20] usb 2-1: r8712u: Boot from EFUSE: Autoload Failed [ 93.618067][ T5] usb 4-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 93.629449][ T20] usb 2-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 executing program [ 93.651538][ T8488] usb 5-1: r8712u: Firmware request failed [ 93.672635][ T5] usb 4-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 93.679828][ T3160] r8712u: register rtl8712_netdev_ops to netdev_ops [ 93.681907][ T7] usb 3-1: r8712u: Boot from EFUSE: Autoload Failed [ 93.687756][ T3160] usb 1-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 93.693820][ T2949] usb 6-1: r8712u: Boot from EFUSE: Autoload Failed [ 93.727556][ T2949] usb 6-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 93.738707][ T7] usb 3-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 93.739265][ T20] usb 2-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 93.746462][ T2949] usb 6-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 93.768252][ T5] usb 4-1: USB disconnect, device number 3 [ 93.781069][ T7] usb 3-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 93.820336][ T7] usb 3-1: USB disconnect, device number 3 [ 93.830780][ T20] usb 2-1: USB disconnect, device number 3 [ 93.833511][ T2949] usb 6-1: USB disconnect, device number 3 [ 93.837626][ T3160] usb 1-1: r8712u: Boot from EFUSE: Autoload Failed [ 93.856861][ T8488] usb 4-1: Direct firmware load for rtlwifi/rtl8712u.bin failed with error -2 [ 93.866663][ T8488] usb 4-1: Falling back to sysfs fallback for: rtlwifi/rtl8712u.bin [ 93.867350][ T3160] usb 1-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 93.886725][ T3160] usb 1-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 93.893108][ T8484] usb 3-1: r8712u: Firmware request failed [ 93.900643][ T8550] usb 6-1: r8712u: Firmware request failed [ 93.915751][ T3160] usb 1-1: USB disconnect, device number 3 [ 93.920127][ T8488] usb 4-1: r8712u: Firmware request failed [ 93.935300][ T8487] usb 2-1: Direct firmware load for rtlwifi/rtl8712u.bin failed with error -2 [ 93.956793][ T8487] usb 2-1: Falling back to sysfs fallback for: rtlwifi/rtl8712u.bin [ 94.001243][ T8487] usb 2-1: r8712u: Firmware request failed [ 94.007780][ T26] usb 1-1: r8712u: Firmware request failed [ 94.008614][ T3160] ================================================================== [ 94.022029][ T3160] BUG: KASAN: use-after-free in __lock_acquire+0x3d86/0x54a0 [ 94.029434][ T3160] Read of size 8 at addr ffff888042d84e28 by task kworker/1:2/3160 [ 94.037350][ T3160] [ 94.039691][ T3160] CPU: 1 PID: 3160 Comm: kworker/1:2 Not tainted 5.14.0-rc3-syzkaller #0 [ 94.048121][ T3160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 94.058302][ T3160] Workqueue: usb_hub_wq hub_event [ 94.063348][ T3160] Call Trace: [ 94.066634][ T3160] dump_stack_lvl+0xcd/0x134 [ 94.071254][ T3160] print_address_description.constprop.0.cold+0x6c/0x2d6 [ 94.078724][ T3160] ? __lock_acquire+0x3d86/0x54a0 [ 94.083762][ T3160] ? __lock_acquire+0x3d86/0x54a0 [ 94.088787][ T3160] kasan_report.cold+0x83/0xdf [ 94.093570][ T3160] ? __lock_acquire+0x3d86/0x54a0 [ 94.098773][ T3160] __lock_acquire+0x3d86/0x54a0 [ 94.104324][ T3160] ? __schedule+0x942/0x26f0 [ 94.108938][ T3160] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 94.115379][ T3160] ? io_schedule_timeout+0x140/0x140 [ 94.120682][ T3160] lock_acquire+0x1ab/0x510 [ 94.125200][ T3160] ? wait_for_completion+0x181/0x280 [ 94.130505][ T3160] ? lock_release+0x720/0x720 [ 94.135186][ T3160] ? usleep_range+0x170/0x170 [ 94.140050][ T3160] ? wait_for_completion+0x16e/0x280 [ 94.145360][ T3160] ? mark_held_locks+0x9f/0xe0 [ 94.150249][ T3160] ? _raw_spin_lock_irq+0x41/0x50 [ 94.155413][ T3160] _raw_spin_lock_irq+0x32/0x50 [ 94.160421][ T3160] ? wait_for_completion+0x181/0x280 [ 94.165721][ T3160] wait_for_completion+0x181/0x280 [ 94.171383][ T3160] ? bit_wait_io_timeout+0x160/0x160 [ 94.176680][ T3160] ? mark_held_locks+0x9f/0xe0 [ 94.181442][ T3160] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 94.187697][ T3160] r871xu_dev_remove+0x80/0x320 [ 94.192558][ T3160] usb_unbind_interface+0x1d8/0x8d0 [ 94.198267][ T3160] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 94.204014][ T3160] ? usb_unbind_device+0x1a0/0x1a0 [ 94.209219][ T3160] __device_release_driver+0x3bd/0x6f0 [ 94.214701][ T3160] device_release_driver+0x26/0x40 [ 94.219958][ T3160] bus_remove_device+0x2eb/0x5a0 [ 94.224907][ T3160] device_del+0x502/0xd40 [ 94.229227][ T3160] ? __device_links_queue_sync_state+0x400/0x400 [ 94.235548][ T3160] ? mutex_lock_io_nested+0xf00/0xf00 [ 94.240915][ T3160] usb_disable_device+0x35b/0x7b0 [ 94.246043][ T3160] usb_disconnect.cold+0x27a/0x78e [ 94.251249][ T3160] hub_event+0x1c9c/0x4330 [ 94.255660][ T3160] ? hub_port_debounce+0x3c0/0x3c0 [ 94.260786][ T3160] ? lock_release+0x720/0x720 [ 94.265489][ T3160] ? lock_downgrade+0x6e0/0x6e0 [ 94.270456][ T3160] ? do_raw_spin_lock+0x120/0x2b0 [ 94.275631][ T3160] process_one_work+0x98d/0x1630 [ 94.280590][ T3160] ? pwq_dec_nr_in_flight+0x320/0x320 [ 94.286258][ T3160] ? rwlock_bug.part.0+0x90/0x90 [ 94.291637][ T3160] ? _raw_spin_lock_irq+0x41/0x50 [ 94.296658][ T3160] worker_thread+0x85c/0x11f0 [ 94.301328][ T3160] ? process_one_work+0x1630/0x1630 [ 94.306519][ T3160] kthread+0x3e5/0x4d0 [ 94.310785][ T3160] ? set_kthread_struct+0x130/0x130 [ 94.315997][ T3160] ret_from_fork+0x1f/0x30 [ 94.320501][ T3160] [ 94.322810][ T3160] Allocated by task 3160: [ 94.327120][ T3160] kasan_save_stack+0x1b/0x40 [ 94.331804][ T3160] __kasan_kmalloc+0x98/0xc0 [ 94.336536][ T3160] kvmalloc_node+0xb4/0xf0 [ 94.341037][ T3160] alloc_netdev_mqs+0x98/0xe80 [ 94.345924][ T3160] r8712_init_netdev+0x1d/0xe0 [ 94.350707][ T3160] r871xu_drv_init+0xba/0x440 [ 94.355393][ T3160] usb_probe_interface+0x315/0x7f0 [ 94.360498][ T3160] really_probe+0x23c/0xcd0 [ 94.365001][ T3160] __driver_probe_device+0x338/0x4d0 [ 94.370771][ T3160] driver_probe_device+0x4c/0x1a0 [ 94.376284][ T3160] __device_attach_driver+0x20b/0x2f0 [ 94.382063][ T3160] bus_for_each_drv+0x15f/0x1e0 [ 94.386931][ T3160] __device_attach+0x228/0x4a0 [ 94.391711][ T3160] bus_probe_device+0x1e4/0x290 [ 94.396576][ T3160] device_add+0xc2f/0x2180 [ 94.401083][ T3160] usb_set_configuration+0x113a/0x1910 [ 94.406552][ T3160] usb_generic_driver_probe+0xba/0x100 [ 94.412016][ T3160] usb_probe_device+0xd9/0x2c0 [ 94.416781][ T3160] really_probe+0x23c/0xcd0 [ 94.421294][ T3160] __driver_probe_device+0x338/0x4d0 [ 94.426708][ T3160] driver_probe_device+0x4c/0x1a0 [ 94.431740][ T3160] __device_attach_driver+0x20b/0x2f0 [ 94.437253][ T3160] bus_for_each_drv+0x15f/0x1e0 [ 94.442097][ T3160] __device_attach+0x228/0x4a0 [ 94.446866][ T3160] bus_probe_device+0x1e4/0x290 [ 94.451843][ T3160] device_add+0xc2f/0x2180 [ 94.456265][ T3160] usb_new_device.cold+0x63f/0x108e [ 94.461559][ T3160] hub_event+0x2357/0x4330 [ 94.466241][ T3160] process_one_work+0x98d/0x1630 [ 94.471272][ T3160] worker_thread+0x85c/0x11f0 [ 94.475954][ T3160] kthread+0x3e5/0x4d0 [ 94.480012][ T3160] ret_from_fork+0x1f/0x30 [ 94.484446][ T3160] [ 94.486773][ T3160] Freed by task 26: [ 94.490570][ T3160] kasan_save_stack+0x1b/0x40 [ 94.495250][ T3160] kasan_set_track+0x1c/0x30 [ 94.499858][ T3160] kasan_set_free_info+0x20/0x30 [ 94.504788][ T3160] __kasan_slab_free+0xcd/0x100 [ 94.509629][ T3160] kfree+0x106/0x2c0 [ 94.513511][ T3160] kvfree+0x42/0x50 [ 94.517309][ T3160] free_netdev+0x495/0x5b0 [ 94.521718][ T3160] rtl871x_load_fw_cb.cold+0xf7/0x117 [ 94.527195][ T3160] request_firmware_work_func+0x12c/0x230 [ 94.532908][ T3160] process_one_work+0x98d/0x1630 [ 94.537846][ T3160] worker_thread+0x658/0x11f0 [ 94.542516][ T3160] kthread+0x3e5/0x4d0 [ 94.546576][ T3160] ret_from_fork+0x1f/0x30 [ 94.550994][ T3160] [ 94.553313][ T3160] The buggy address belongs to the object at ffff888042d80000 [ 94.553313][ T3160] which belongs to the cache kmalloc-32k of size 32768 [ 94.567527][ T3160] The buggy address is located 20008 bytes inside of [ 94.567527][ T3160] 32768-byte region [ffff888042d80000, ffff888042d88000) [ 94.581142][ T3160] The buggy address belongs to the page: [ 94.586763][ T3160] page:ffffea00010b6000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x42d80 [ 94.596909][ T3160] head:ffffea00010b6000 order:4 compound_mapcount:0 compound_pincount:0 [ 94.605409][ T3160] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 94.613441][ T3160] raw: 00fff00000010200 ffffea00010aac08 ffff888010841d50 ffff888010840c00 [ 94.622038][ T3160] raw: 0000000000000000 ffff888042d80000 0000000100000001 0000000000000000 [ 94.630613][ T3160] page dumped because: kasan: bad access detected [ 94.637025][ T3160] page_owner tracks the page as allocated [ 94.642856][ T3160] page last allocated via order 4, migratetype Unmovable, gfp_mask 0x2460c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_THISNODE), pid 3160, ts 93679678333, free_ts 0 [ 94.661820][ T3160] get_page_from_freelist+0xa72/0x2f80 [ 94.667285][ T3160] __alloc_pages+0x1b2/0x500 [ 94.671877][ T3160] cache_grow_begin+0x75/0x460 [ 94.676626][ T3160] cache_alloc_refill+0x27f/0x380 [ 94.681637][ T3160] kmem_cache_alloc_node_trace+0x4ca/0x5d0 [ 94.687432][ T3160] __kmalloc_node+0x38/0x60 [ 94.692014][ T3160] kvmalloc_node+0xb4/0xf0 [ 94.696418][ T3160] alloc_netdev_mqs+0x98/0xe80 [ 94.701267][ T3160] r8712_init_netdev+0x1d/0xe0 [ 94.706069][ T3160] r871xu_drv_init+0xba/0x440 [ 94.710854][ T3160] usb_probe_interface+0x315/0x7f0 [ 94.716275][ T3160] really_probe+0x23c/0xcd0 [ 94.720785][ T3160] __driver_probe_device+0x338/0x4d0 [ 94.726075][ T3160] driver_probe_device+0x4c/0x1a0 [ 94.731120][ T3160] __device_attach_driver+0x20b/0x2f0 [ 94.736507][ T3160] bus_for_each_drv+0x15f/0x1e0 [ 94.741357][ T3160] page_owner free stack trace missing [ 94.746917][ T3160] [ 94.749407][ T3160] Memory state around the buggy address: [ 94.755199][ T3160] ffff888042d84d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 94.763365][ T3160] ffff888042d84d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 94.771507][ T3160] >ffff888042d84e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 94.779553][ T3160] ^ [ 94.785033][ T3160] ffff888042d84e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 94.793203][ T3160] ffff888042d84f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 94.801609][ T3160] ================================================================== [ 94.809715][ T3160] Disabling lock debugging due to kernel taint [ 94.815857][ T3160] Kernel panic - not syncing: panic_on_warn set ... [ 94.822783][ T3160] CPU: 1 PID: 3160 Comm: kworker/1:2 Tainted: G B 5.14.0-rc3-syzkaller #0 [ 94.832591][ T3160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 94.843007][ T3160] Workqueue: usb_hub_wq hub_event [ 94.848192][ T3160] Call Trace: [ 94.851468][ T3160] dump_stack_lvl+0xcd/0x134 [ 94.856147][ T3160] panic+0x306/0x73d [ 94.860036][ T3160] ? __warn_printk+0xf3/0xf3 [ 94.864730][ T3160] ? __lock_acquire+0x3d86/0x54a0 [ 94.869836][ T3160] ? __lock_acquire+0x3d86/0x54a0 [ 94.874873][ T3160] ? __lock_acquire+0x3d86/0x54a0 [ 94.880007][ T3160] end_report.cold+0x5a/0x5a [ 94.884626][ T3160] kasan_report.cold+0x71/0xdf [ 94.889481][ T3160] ? __lock_acquire+0x3d86/0x54a0 [ 94.894507][ T3160] __lock_acquire+0x3d86/0x54a0 [ 94.899346][ T3160] ? __schedule+0x942/0x26f0 [ 94.904447][ T3160] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 94.910432][ T3160] ? io_schedule_timeout+0x140/0x140 [ 94.915830][ T3160] lock_acquire+0x1ab/0x510 [ 94.920706][ T3160] ? wait_for_completion+0x181/0x280 [ 94.926015][ T3160] ? lock_release+0x720/0x720 [ 94.930682][ T3160] ? usleep_range+0x170/0x170 [ 94.935448][ T3160] ? wait_for_completion+0x16e/0x280 [ 94.941161][ T3160] ? mark_held_locks+0x9f/0xe0 [ 94.946352][ T3160] ? _raw_spin_lock_irq+0x41/0x50 [ 94.952223][ T3160] _raw_spin_lock_irq+0x32/0x50 [ 94.957305][ T3160] ? wait_for_completion+0x181/0x280 [ 94.962586][ T3160] wait_for_completion+0x181/0x280 [ 94.967692][ T3160] ? bit_wait_io_timeout+0x160/0x160 [ 94.973058][ T3160] ? mark_held_locks+0x9f/0xe0 [ 94.977813][ T3160] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 94.984249][ T3160] r871xu_dev_remove+0x80/0x320 [ 94.989205][ T3160] usb_unbind_interface+0x1d8/0x8d0 [ 94.994491][ T3160] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 95.000034][ T3160] ? usb_unbind_device+0x1a0/0x1a0 [ 95.005224][ T3160] __device_release_driver+0x3bd/0x6f0 [ 95.010864][ T3160] device_release_driver+0x26/0x40 [ 95.016464][ T3160] bus_remove_device+0x2eb/0x5a0 [ 95.021789][ T3160] device_del+0x502/0xd40 [ 95.026106][ T3160] ? __device_links_queue_sync_state+0x400/0x400 [ 95.032843][ T3160] ? mutex_lock_io_nested+0xf00/0xf00 [ 95.038238][ T3160] usb_disable_device+0x35b/0x7b0 [ 95.043462][ T3160] usb_disconnect.cold+0x27a/0x78e [ 95.048928][ T3160] hub_event+0x1c9c/0x4330 [ 95.053529][ T3160] ? hub_port_debounce+0x3c0/0x3c0 [ 95.059536][ T3160] ? lock_release+0x720/0x720 [ 95.064493][ T3160] ? lock_downgrade+0x6e0/0x6e0 [ 95.069613][ T3160] ? do_raw_spin_lock+0x120/0x2b0 [ 95.074848][ T3160] process_one_work+0x98d/0x1630 [ 95.080060][ T3160] ? pwq_dec_nr_in_flight+0x320/0x320 [ 95.086401][ T3160] ? rwlock_bug.part.0+0x90/0x90 [ 95.091342][ T3160] ? _raw_spin_lock_irq+0x41/0x50 [ 95.096477][ T3160] worker_thread+0x85c/0x11f0 [ 95.101704][ T3160] ? process_one_work+0x1630/0x1630 [ 95.107219][ T3160] kthread+0x3e5/0x4d0 [ 95.111407][ T3160] ? set_kthread_struct+0x130/0x130 [ 95.117113][ T3160] ret_from_fork+0x1f/0x30 [ 95.123526][ T3160] Kernel Offset: disabled [ 95.128029][ T3160] Rebooting in 86400 seconds..