Warning: Permanently added '10.128.0.224' (ECDSA) to the list of known hosts. [ 237.523642][ T37] audit: type=1400 audit(1627598704.279:8): avc: denied { execmem } for pid=8438 comm="syz-executor296" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 237.650702][ T29] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 237.658681][ T29] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 237.720357][ T3159] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 237.748220][ T29] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 237.756812][ T29] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program [ 237.777211][ T3159] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 238.059278][ T20] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 238.308876][ T20] usb 1-1: Using ep0 maxpacket: 16 [ 238.439039][ T20] usb 1-1: config 0 has an invalid interface number: 194 but max is 0 [ 238.447353][ T20] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 238.458111][ T20] usb 1-1: config 0 has no interface number 0 [ 238.464674][ T20] usb 1-1: config 0 interface 194 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 238.475015][ T20] usb 1-1: New USB device found, idVendor=177f, idProduct=0154, bcdDevice=b5.86 [ 238.484414][ T20] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.496894][ T20] usb 1-1: config 0 descriptor?? [ 238.544148][ T20] r8712u: register rtl8712_netdev_ops to netdev_ops [ 238.551975][ T20] usb 1-1: r8712u: USB_SPEED_HIGH with 1 endpoints [ 238.659071][ T20] usb 1-1: r8712u: Boot from EFUSE: Autoload Failed [ 238.665683][ T20] usb 1-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 238.681475][ T20] usb 1-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" executing program [ 238.718607][ T20] usb 1-1: Direct firmware load for rtlwifi/rtl8712u.bin failed with error -2 [ 238.727553][ T20] usb 1-1: Falling back to sysfs fallback for: rtlwifi/rtl8712u.bin [ 238.752423][ T26] usb 1-1: USB disconnect, device number 2 [ 238.776489][ T20] usb 1-1: r8712u: Firmware request failed [ 239.158743][ T26] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 239.398701][ T26] usb 1-1: Using ep0 maxpacket: 16 [ 239.538815][ T26] usb 1-1: config 0 has an invalid interface number: 194 but max is 0 [ 239.547058][ T26] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 239.558696][ T26] usb 1-1: config 0 has no interface number 0 [ 239.564858][ T26] usb 1-1: config 0 interface 194 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 239.576141][ T26] usb 1-1: New USB device found, idVendor=177f, idProduct=0154, bcdDevice=b5.86 [ 239.586333][ T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.596617][ T26] usb 1-1: config 0 descriptor?? [ 239.651326][ T26] r8712u: register rtl8712_netdev_ops to netdev_ops [ 239.658169][ T26] usb 1-1: r8712u: USB_SPEED_HIGH with 1 endpoints [ 239.768722][ T26] usb 1-1: r8712u: Boot from EFUSE: Autoload Failed [ 239.775336][ T26] usb 1-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 239.790725][ T26] usb 1-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 239.800602][ T26] usb 1-1: Direct firmware load for rtlwifi/rtl8712u.bin failed with error -2 [ 239.809552][ T26] usb 1-1: Falling back to sysfs fallback for: rtlwifi/rtl8712u.bin executing program [ 239.830209][ T26] usb 1-1: r8712u: Firmware request failed [ 239.853393][ T26] usb 1-1: USB disconnect, device number 3 [ 240.208568][ T26] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 240.458503][ T26] usb 1-1: Using ep0 maxpacket: 16 [ 240.578667][ T26] usb 1-1: config 0 has an invalid interface number: 194 but max is 0 [ 240.586854][ T26] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 240.598204][ T26] usb 1-1: config 0 has no interface number 0 [ 240.605082][ T26] usb 1-1: config 0 interface 194 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 240.615825][ T26] usb 1-1: New USB device found, idVendor=177f, idProduct=0154, bcdDevice=b5.86 [ 240.625489][ T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.635671][ T26] usb 1-1: config 0 descriptor?? [ 240.681246][ T26] r8712u: register rtl8712_netdev_ops to netdev_ops [ 240.687965][ T26] usb 1-1: r8712u: USB_SPEED_HIGH with 1 endpoints [ 240.798563][ T26] usb 1-1: r8712u: Boot from EFUSE: Autoload Failed [ 240.805398][ T26] usb 1-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 240.818683][ T26] usb 1-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 240.829016][ T26] usb 1-1: Direct firmware load for rtlwifi/rtl8712u.bin failed with error -2 [ 240.837942][ T26] usb 1-1: Falling back to sysfs fallback for: rtlwifi/rtl8712u.bin executing program [ 240.859904][ T26] usb 1-1: r8712u: Firmware request failed [ 240.882456][ T26] usb 1-1: USB disconnect, device number 4 [ 241.288433][ T26] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 241.538348][ T26] usb 1-1: Using ep0 maxpacket: 16 [ 241.659132][ T26] usb 1-1: config 0 has an invalid interface number: 194 but max is 0 [ 241.667367][ T26] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 241.678027][ T26] usb 1-1: config 0 has no interface number 0 [ 241.684325][ T26] usb 1-1: config 0 interface 194 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 241.694394][ T26] usb 1-1: New USB device found, idVendor=177f, idProduct=0154, bcdDevice=b5.86 [ 241.703588][ T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.713346][ T26] usb 1-1: config 0 descriptor?? [ 241.760867][ T26] r8712u: register rtl8712_netdev_ops to netdev_ops [ 241.767493][ T26] usb 1-1: r8712u: USB_SPEED_HIGH with 1 endpoints [ 241.868350][ T26] usb 1-1: r8712u: Boot from EFUSE: Autoload Failed [ 241.875028][ T26] usb 1-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 241.883123][ T26] usb 1-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 241.895267][ T26] usb 1-1: Direct firmware load for rtlwifi/rtl8712u.bin failed with error -2 [ 241.905334][ T26] usb 1-1: Falling back to sysfs fallback for: rtlwifi/rtl8712u.bin executing program [ 241.926252][ T26] usb 1-1: r8712u: Firmware request failed [ 241.961536][ T3159] usb 1-1: USB disconnect, device number 5 [ 242.388466][ T3159] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 242.648255][ T3159] usb 1-1: Using ep0 maxpacket: 16 [ 242.808383][ T3159] usb 1-1: config 0 has an invalid interface number: 194 but max is 0 [ 242.816672][ T3159] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 242.828697][ T3159] usb 1-1: config 0 has no interface number 0 [ 242.834812][ T3159] usb 1-1: config 0 interface 194 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 242.847052][ T3159] usb 1-1: New USB device found, idVendor=177f, idProduct=0154, bcdDevice=b5.86 [ 242.857335][ T3159] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.868714][ T3159] usb 1-1: config 0 descriptor?? [ 242.920871][ T3159] r8712u: register rtl8712_netdev_ops to netdev_ops [ 242.929161][ T3159] usb 1-1: r8712u: USB_SPEED_HIGH with 1 endpoints [ 243.028209][ T3159] usb 1-1: r8712u: Boot from EFUSE: Autoload Failed [ 243.034922][ T3159] usb 1-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 243.042834][ T3159] usb 1-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 243.053537][ T3159] usb 1-1: Direct firmware load for rtlwifi/rtl8712u.bin failed with error -2 [ 243.064618][ T3159] usb 1-1: Falling back to sysfs fallback for: rtlwifi/rtl8712u.bin executing program [ 243.082506][ T3159] usb 1-1: r8712u: Firmware request failed [ 243.122375][ T3159] usb 1-1: USB disconnect, device number 6 [ 243.528070][ T3159] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 243.768030][ T3159] usb 1-1: Using ep0 maxpacket: 16 [ 243.898073][ T3159] usb 1-1: config 0 has an invalid interface number: 194 but max is 0 [ 243.906260][ T3159] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 243.917793][ T3159] usb 1-1: config 0 has no interface number 0 [ 243.925088][ T3159] usb 1-1: config 0 interface 194 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 243.935796][ T3159] usb 1-1: New USB device found, idVendor=177f, idProduct=0154, bcdDevice=b5.86 [ 243.945544][ T3159] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.956738][ T3159] usb 1-1: config 0 descriptor?? [ 244.000630][ T3159] r8712u: register rtl8712_netdev_ops to netdev_ops [ 244.007431][ T3159] usb 1-1: r8712u: USB_SPEED_HIGH with 1 endpoints [ 244.138018][ T3159] usb 1-1: r8712u: Boot from EFUSE: Autoload Failed [ 244.144691][ T3159] usb 1-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 244.159058][ T3159] usb 1-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 244.175745][ T3159] usb 1-1: Direct firmware load for rtlwifi/rtl8712u.bin failed with error -2 executing program [ 244.188715][ T3159] usb 1-1: Falling back to sysfs fallback for: rtlwifi/rtl8712u.bin [ 244.205047][ T26] usb 1-1: USB disconnect, device number 7 [ 244.219413][ T3159] usb 1-1: r8712u: Firmware request failed [ 244.226499][ T26] ================================================================== [ 244.234569][ T26] BUG: KASAN: use-after-free in __lock_acquire+0x3d86/0x54a0 [ 244.242116][ T26] Read of size 8 at addr ffff888039764e28 by task kworker/1:1/26 [ 244.249836][ T26] [ 244.252162][ T26] CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 5.14.0-rc3-syzkaller #0 [ 244.260403][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 244.270466][ T26] Workqueue: usb_hub_wq hub_event [ 244.275604][ T26] Call Trace: [ 244.278890][ T26] dump_stack_lvl+0xcd/0x134 [ 244.283546][ T26] print_address_description.constprop.0.cold+0x6c/0x2d6 [ 244.290630][ T26] ? __lock_acquire+0x3d86/0x54a0 [ 244.295666][ T26] ? __lock_acquire+0x3d86/0x54a0 [ 244.300698][ T26] kasan_report.cold+0x83/0xdf [ 244.305571][ T26] ? __lock_acquire+0x3d86/0x54a0 [ 244.310589][ T26] __lock_acquire+0x3d86/0x54a0 [ 244.315451][ T26] ? __schedule+0x942/0x26f0 [ 244.320114][ T26] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 244.326078][ T26] ? io_schedule_timeout+0x140/0x140 [ 244.331369][ T26] lock_acquire+0x1ab/0x510 [ 244.335950][ T26] ? wait_for_completion+0x181/0x280 [ 244.341229][ T26] ? lock_release+0x720/0x720 [ 244.345907][ T26] ? usleep_range+0x170/0x170 [ 244.350568][ T26] ? wait_for_completion+0x16e/0x280 [ 244.356023][ T26] ? mark_held_locks+0x9f/0xe0 [ 244.360775][ T26] ? _raw_spin_lock_irq+0x41/0x50 [ 244.365898][ T26] _raw_spin_lock_irq+0x32/0x50 [ 244.370740][ T26] ? wait_for_completion+0x181/0x280 [ 244.376013][ T26] wait_for_completion+0x181/0x280 [ 244.381111][ T26] ? lockdep_hardirqs_on+0x79/0x100 [ 244.386375][ T26] ? bit_wait_io_timeout+0x160/0x160 [ 244.391647][ T26] ? mark_held_locks+0x9f/0xe0 [ 244.396412][ T26] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 244.402700][ T26] r871xu_dev_remove+0x80/0x320 [ 244.407583][ T26] usb_unbind_interface+0x1d8/0x8d0 [ 244.412764][ T26] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 244.418339][ T26] ? usb_unbind_device+0x1a0/0x1a0 [ 244.423451][ T26] __device_release_driver+0x3bd/0x6f0 [ 244.429034][ T26] device_release_driver+0x26/0x40 [ 244.434159][ T26] bus_remove_device+0x2eb/0x5a0 [ 244.439093][ T26] device_del+0x502/0xd40 [ 244.443585][ T26] ? __device_links_queue_sync_state+0x400/0x400 [ 244.449921][ T26] ? kobject_put+0x1f3/0x540 [ 244.454553][ T26] usb_disable_device+0x35b/0x7b0 [ 244.459570][ T26] usb_disconnect.cold+0x27a/0x78e [ 244.464706][ T26] hub_event+0x1c9c/0x4330 [ 244.469128][ T26] ? hub_port_debounce+0x3c0/0x3c0 [ 244.474223][ T26] ? lock_release+0x720/0x720 [ 244.478899][ T26] ? lock_downgrade+0x6e0/0x6e0 [ 244.483763][ T26] ? do_raw_spin_lock+0x120/0x2b0 [ 244.488823][ T26] process_one_work+0x98d/0x1630 [ 244.493832][ T26] ? pwq_dec_nr_in_flight+0x320/0x320 [ 244.499193][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 244.504115][ T26] ? _raw_spin_lock_irq+0x41/0x50 [ 244.509128][ T26] worker_thread+0x658/0x11f0 [ 244.513794][ T26] ? process_one_work+0x1630/0x1630 [ 244.518992][ T26] kthread+0x3e5/0x4d0 [ 244.523240][ T26] ? set_kthread_struct+0x130/0x130 [ 244.528423][ T26] ret_from_fork+0x1f/0x30 [ 244.532886][ T26] [ 244.535201][ T26] Allocated by task 3159: [ 244.539505][ T26] kasan_save_stack+0x1b/0x40 [ 244.544225][ T26] __kasan_kmalloc+0x98/0xc0 [ 244.548816][ T26] kvmalloc_node+0xb4/0xf0 [ 244.553256][ T26] alloc_netdev_mqs+0x98/0xe80 [ 244.558081][ T26] r8712_init_netdev+0x1d/0xe0 [ 244.562843][ T26] r871xu_drv_init+0xba/0x440 [ 244.567515][ T26] usb_probe_interface+0x315/0x7f0 [ 244.572782][ T26] really_probe+0x23c/0xcd0 [ 244.577271][ T26] __driver_probe_device+0x338/0x4d0 [ 244.582539][ T26] driver_probe_device+0x4c/0x1a0 [ 244.587547][ T26] __device_attach_driver+0x20b/0x2f0 [ 244.592899][ T26] bus_for_each_drv+0x15f/0x1e0 [ 244.597749][ T26] __device_attach+0x228/0x4a0 [ 244.602601][ T26] bus_probe_device+0x1e4/0x290 [ 244.607435][ T26] device_add+0xc2f/0x2180 [ 244.611832][ T26] usb_set_configuration+0x113a/0x1910 [ 244.617301][ T26] usb_generic_driver_probe+0xba/0x100 [ 244.622824][ T26] usb_probe_device+0xd9/0x2c0 [ 244.627567][ T26] really_probe+0x23c/0xcd0 [ 244.632055][ T26] __driver_probe_device+0x338/0x4d0 [ 244.637322][ T26] driver_probe_device+0x4c/0x1a0 [ 244.642434][ T26] __device_attach_driver+0x20b/0x2f0 [ 244.647792][ T26] bus_for_each_drv+0x15f/0x1e0 [ 244.652645][ T26] __device_attach+0x228/0x4a0 [ 244.657390][ T26] bus_probe_device+0x1e4/0x290 [ 244.662222][ T26] device_add+0xc2f/0x2180 [ 244.666618][ T26] usb_new_device.cold+0x63f/0x108e [ 244.671797][ T26] hub_event+0x2357/0x4330 [ 244.676204][ T26] process_one_work+0x98d/0x1630 [ 244.681214][ T26] worker_thread+0x658/0x11f0 [ 244.685897][ T26] kthread+0x3e5/0x4d0 [ 244.689947][ T26] ret_from_fork+0x1f/0x30 [ 244.694523][ T26] [ 244.696847][ T26] Freed by task 3159: [ 244.700811][ T26] kasan_save_stack+0x1b/0x40 [ 244.705479][ T26] kasan_set_track+0x1c/0x30 [ 244.710152][ T26] kasan_set_free_info+0x20/0x30 [ 244.715089][ T26] __kasan_slab_free+0xcd/0x100 [ 244.719930][ T26] kfree+0x106/0x2c0 [ 244.724055][ T26] kvfree+0x42/0x50 [ 244.727854][ T26] free_netdev+0x495/0x5b0 [ 244.732276][ T26] rtl871x_load_fw_cb.cold+0xf7/0x117 [ 244.737698][ T26] request_firmware_work_func+0x12c/0x230 [ 244.743471][ T26] process_one_work+0x98d/0x1630 [ 244.748483][ T26] worker_thread+0x658/0x11f0 [ 244.753146][ T26] kthread+0x3e5/0x4d0 [ 244.757199][ T26] ret_from_fork+0x1f/0x30 [ 244.761611][ T26] [ 244.763914][ T26] The buggy address belongs to the object at ffff888039760000 [ 244.763914][ T26] which belongs to the cache kmalloc-32k of size 32768 [ 244.778226][ T26] The buggy address is located 20008 bytes inside of [ 244.778226][ T26] 32768-byte region [ffff888039760000, ffff888039768000) [ 244.791874][ T26] The buggy address belongs to the page: [ 244.797482][ T26] page:ffffea0000e5d800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x39760 [ 244.808420][ T26] head:ffffea0000e5d800 order:4 compound_mapcount:0 compound_pincount:0 [ 244.816721][ T26] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 244.824688][ T26] raw: 00fff00000010200 ffffea0000e1e408 ffff888010841d50 ffff888010840c00 [ 244.833251][ T26] raw: 0000000000000000 ffff888039760000 0000000100000001 0000000000000000 [ 244.841841][ T26] page dumped because: kasan: bad access detected [ 244.848230][ T26] page_owner tracks the page as allocated [ 244.853918][ T26] page last allocated via order 4, migratetype Unmovable, gfp_mask 0x2460c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP|__GFP_THISNODE), pid 3159, ts 244000362435, free_ts 71470627309 [ 244.873707][ T26] get_page_from_freelist+0xa72/0x2f80 [ 244.879224][ T26] __alloc_pages+0x1b2/0x500 [ 244.883799][ T26] cache_grow_begin+0x75/0x460 [ 244.888632][ T26] cache_alloc_refill+0x27f/0x380 [ 244.893662][ T26] kmem_cache_alloc_node_trace+0x4ca/0x5d0 [ 244.899444][ T26] __kmalloc_node+0x38/0x60 [ 244.903937][ T26] kvmalloc_node+0xb4/0xf0 [ 244.908331][ T26] alloc_netdev_mqs+0x98/0xe80 [ 244.913088][ T26] r8712_init_netdev+0x1d/0xe0 [ 244.917837][ T26] r871xu_drv_init+0xba/0x440 [ 244.922494][ T26] usb_probe_interface+0x315/0x7f0 [ 244.927584][ T26] really_probe+0x23c/0xcd0 [ 244.932073][ T26] __driver_probe_device+0x338/0x4d0 [ 244.937691][ T26] driver_probe_device+0x4c/0x1a0 [ 244.942705][ T26] __device_attach_driver+0x20b/0x2f0 [ 244.948064][ T26] bus_for_each_drv+0x15f/0x1e0 [ 244.952897][ T26] page last free stack trace: [ 244.957546][ T26] free_pcp_prepare+0x2c5/0x780 [ 244.962395][ T26] free_unref_page+0x19/0x690 [ 244.967080][ T26] __put_page+0xf9/0x3f0 [ 244.971348][ T26] skb_release_data+0x49d/0x790 [ 244.976197][ T26] __kfree_skb+0x46/0x60 [ 244.980417][ T26] tcp_recvmsg_locked+0x12f7/0x2320 [ 244.985645][ T26] tcp_recvmsg+0x134/0x550 [ 244.990040][ T26] inet_recvmsg+0x11b/0x5e0 [ 244.994565][ T26] sock_read_iter+0x33c/0x470 [ 244.999256][ T26] new_sync_read+0x5b7/0x6e0 [ 245.003862][ T26] vfs_read+0x35c/0x570 [ 245.008012][ T26] ksys_read+0x1ee/0x250 [ 245.012236][ T26] do_syscall_64+0x35/0xb0 [ 245.016830][ T26] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 245.022706][ T26] [ 245.025013][ T26] Memory state around the buggy address: [ 245.030618][ T26] ffff888039764d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 245.038657][ T26] ffff888039764d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 245.046698][ T26] >ffff888039764e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 245.054734][ T26] ^ [ 245.060084][ T26] ffff888039764e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 245.068124][ T26] ffff888039764f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 245.076162][ T26] ================================================================== [ 245.084224][ T26] Disabling lock debugging due to kernel taint [ 245.090788][ T26] Kernel panic - not syncing: panic_on_warn set ... [ 245.097784][ T26] CPU: 1 PID: 26 Comm: kworker/1:1 Tainted: G B 5.14.0-rc3-syzkaller #0 [ 245.107492][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 245.117528][ T26] Workqueue: usb_hub_wq hub_event [ 245.122538][ T26] Call Trace: [ 245.125797][ T26] dump_stack_lvl+0xcd/0x134 [ 245.130429][ T26] panic+0x306/0x73d [ 245.134350][ T26] ? __warn_printk+0xf3/0xf3 [ 245.138922][ T26] ? __lock_acquire+0x3d86/0x54a0 [ 245.143945][ T26] ? __lock_acquire+0x3d86/0x54a0 [ 245.148953][ T26] ? __lock_acquire+0x3d86/0x54a0 [ 245.153959][ T26] end_report.cold+0x5a/0x5a [ 245.158557][ T26] kasan_report.cold+0x71/0xdf [ 245.163428][ T26] ? __lock_acquire+0x3d86/0x54a0 [ 245.168615][ T26] __lock_acquire+0x3d86/0x54a0 [ 245.173460][ T26] ? __schedule+0x942/0x26f0 [ 245.178106][ T26] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 245.184068][ T26] ? io_schedule_timeout+0x140/0x140 [ 245.189341][ T26] lock_acquire+0x1ab/0x510 [ 245.193837][ T26] ? wait_for_completion+0x181/0x280 [ 245.199111][ T26] ? lock_release+0x720/0x720 [ 245.203771][ T26] ? usleep_range+0x170/0x170 [ 245.208517][ T26] ? wait_for_completion+0x16e/0x280 [ 245.213907][ T26] ? mark_held_locks+0x9f/0xe0 [ 245.218667][ T26] ? _raw_spin_lock_irq+0x41/0x50 [ 245.223671][ T26] _raw_spin_lock_irq+0x32/0x50 [ 245.228505][ T26] ? wait_for_completion+0x181/0x280 [ 245.233789][ T26] wait_for_completion+0x181/0x280 [ 245.238889][ T26] ? lockdep_hardirqs_on+0x79/0x100 [ 245.244077][ T26] ? bit_wait_io_timeout+0x160/0x160 [ 245.249347][ T26] ? mark_held_locks+0x9f/0xe0 [ 245.254106][ T26] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 245.260505][ T26] r871xu_dev_remove+0x80/0x320 [ 245.265341][ T26] usb_unbind_interface+0x1d8/0x8d0 [ 245.270528][ T26] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 245.276057][ T26] ? usb_unbind_device+0x1a0/0x1a0 [ 245.281187][ T26] __device_release_driver+0x3bd/0x6f0 [ 245.286641][ T26] device_release_driver+0x26/0x40 [ 245.291732][ T26] bus_remove_device+0x2eb/0x5a0 [ 245.296661][ T26] device_del+0x502/0xd40 [ 245.301062][ T26] ? __device_links_queue_sync_state+0x400/0x400 [ 245.307547][ T26] ? kobject_put+0x1f3/0x540 [ 245.312269][ T26] usb_disable_device+0x35b/0x7b0 [ 245.317312][ T26] usb_disconnect.cold+0x27a/0x78e [ 245.322413][ T26] hub_event+0x1c9c/0x4330 [ 245.326819][ T26] ? hub_port_debounce+0x3c0/0x3c0 [ 245.332008][ T26] ? lock_release+0x720/0x720 [ 245.336667][ T26] ? lock_downgrade+0x6e0/0x6e0 [ 245.341497][ T26] ? do_raw_spin_lock+0x120/0x2b0 [ 245.346525][ T26] process_one_work+0x98d/0x1630 [ 245.351451][ T26] ? pwq_dec_nr_in_flight+0x320/0x320 [ 245.357470][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 245.362392][ T26] ? _raw_spin_lock_irq+0x41/0x50 [ 245.367407][ T26] worker_thread+0x658/0x11f0 [ 245.372068][ T26] ? process_one_work+0x1630/0x1630 [ 245.377252][ T26] kthread+0x3e5/0x4d0 [ 245.381319][ T26] ? set_kthread_struct+0x130/0x130 [ 245.386501][ T26] ret_from_fork+0x1f/0x30 [ 245.392385][ T26] Kernel Offset: disabled [ 245.396696][ T26] Rebooting in 86400 seconds..