[ 30.123178][ T3178] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
syzkaller login: [ 41.286551][ T26] kauditd_printk_skb: 37 callbacks suppressed
[ 41.286567][ T26] audit: type=1400 audit(1646854430.328:73): avc: denied { transition } for pid=3385 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 41.322671][ T26] audit: type=1400 audit(1646854430.358:74): avc: denied { write } for pid=3385 comm="sh" path="pipe:[27809]" dev="pipefs" ino=27809 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
[ 76.254356][ T919] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts.
2022/03/09 19:39:43 parsed 1 programs
[ 394.813492][ T26] audit: type=1400 audit(1646854783.858:75): avc: denied { getattr } for pid=3621 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 394.837333][ T26] audit: type=1400 audit(1646854783.858:76): avc: denied { read } for pid=3621 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 394.859194][ T26] audit: type=1400 audit(1646854783.858:77): avc: denied { open } for pid=3621 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 394.883163][ T26] audit: type=1400 audit(1646854783.858:78): avc: denied { read } for pid=3621 comm="syz-execprog" name="raw-gadget" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 394.885603][ T3627] cgroup: Unknown subsys name 'net'
[ 394.906975][ T26] audit: type=1400 audit(1646854783.858:79): avc: denied { open } for pid=3621 comm="syz-execprog" path="/dev/raw-gadget" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 394.935614][ T26] audit: type=1400 audit(1646854783.858:80): avc: denied { read } for pid=3621 comm="syz-execprog" name="vhci" dev="devtmpfs" ino=1072 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[ 394.959180][ T26] audit: type=1400 audit(1646854783.858:81): avc: denied { open } for pid=3621 comm="syz-execprog" path="/dev/vhci" dev="devtmpfs" ino=1072 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[ 394.983518][ T26] audit: type=1400 audit(1646854783.898:82): avc: denied { mounton } for pid=3627 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1137 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 395.006736][ T26] audit: type=1400 audit(1646854783.898:83): avc: denied { mount } for pid=3627 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 395.029401][ T26] audit: type=1400 audit(1646854783.998:84): avc: denied { unmount } for pid=3627 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 395.139465][ T3627] cgroup: Unknown subsys name 'rlimit'
2022/03/09 19:39:44 executed programs: 0
[ 396.341758][ T3635] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 396.349809][ T3635] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 396.357426][ T3635] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 396.365436][ T3635] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 396.373148][ T3635] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 396.380404][ T3635] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 396.471504][ T3633] chnl_net:caif_netlink_parms(): no params data found
[ 396.515920][ T3633] bridge0: port 1(bridge_slave_0) entered blocking state
[ 396.523491][ T3633] bridge0: port 1(bridge_slave_0) entered disabled state
[ 396.531326][ T3633] device bridge_slave_0 entered promiscuous mode
[ 396.541126][ T3633] bridge0: port 2(bridge_slave_1) entered blocking state
[ 396.548672][ T3633] bridge0: port 2(bridge_slave_1) entered disabled state
[ 396.557805][ T3633] device bridge_slave_1 entered promiscuous mode
[ 396.578392][ T3633] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 396.591089][ T3633] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 396.615707][ T3633] team0: Port device team_slave_0 added
[ 396.623967][ T3633] team0: Port device team_slave_1 added
[ 396.641196][ T3633] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 396.648175][ T3633] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 396.674465][ T3633] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 396.688101][ T3633] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 396.695181][ T3633] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 396.721228][ T3633] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 396.749004][ T3633] device hsr_slave_0 entered promiscuous mode
[ 396.755802][ T3633] device hsr_slave_1 entered promiscuous mode
[ 396.844693][ T3633] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 396.856106][ T3633] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 396.866089][ T3633] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 396.875997][ T3633] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 396.897910][ T3633] bridge0: port 2(bridge_slave_1) entered blocking state
[ 396.905131][ T3633] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 396.913150][ T3633] bridge0: port 1(bridge_slave_0) entered blocking state
[ 396.920231][ T3633] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 396.966766][ T3633] 8021q: adding VLAN 0 to HW filter on device bond0
[ 396.979644][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 396.990528][ T3642] bridge0: port 1(bridge_slave_0) entered disabled state
[ 396.999750][ T3642] bridge0: port 2(bridge_slave_1) entered disabled state
[ 397.008087][ T3642] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 397.021905][ T3633] 8021q: adding VLAN 0 to HW filter on device team0
[ 397.032733][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 397.041165][ T3628] bridge0: port 1(bridge_slave_0) entered blocking state
[ 397.048480][ T3628] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 397.064146][ T3644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 397.072644][ T3644] bridge0: port 2(bridge_slave_1) entered blocking state
[ 397.079695][ T3644] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 397.101132][ T3633] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 397.111831][ T3633] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 397.128240][ T3644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 397.137139][ T3644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 397.146313][ T3644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 397.155026][ T3644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 397.163879][ T3644] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 397.171611][ T3644] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 397.188933][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 397.196695][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 397.210041][ T3633] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 397.352998][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 397.361700][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 397.370442][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 397.378603][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 397.387970][ T3633] device veth0_vlan entered promiscuous mode
[ 397.400042][ T3633] device veth1_vlan entered promiscuous mode
[ 397.419526][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 397.428314][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 397.436530][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 397.446597][ T3633] device veth0_macvtap entered promiscuous mode
[ 397.457341][ T3633] device veth1_macvtap entered promiscuous mode
[ 397.465359][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 397.480814][ T3633] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 397.489378][ T3644] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 397.498154][ T3644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 397.510898][ T3633] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 397.518469][ T919] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 397.527413][ T919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 397.538131][ T3633] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 397.547155][ T3633] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 397.555991][ T3633] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 397.564953][ T3633] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 397.632943][ T3641] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 397.640920][ T3641] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 397.656550][ T3643] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 397.669245][ T3641] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 397.677367][ T3641] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 397.686369][ T3646] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 398.014682][ T3643] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 398.413148][ T3643] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 398.413828][ T3646] Bluetooth: hci0: command 0x0409 tx timeout
[ 398.585550][ T3643] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 398.598409][ T3643] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 398.606761][ T3643] usb 1-1: Product: syz
[ 398.611008][ T3643] usb 1-1: Manufacturer: syz
[ 398.616029][ T3643] usb 1-1: SerialNumber: syz
[ 398.873141][ T3654] UDC core: couldn't find an available UDC or it's busy: -16
[ 398.880643][ T3654] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 400.112697][ T3643] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 400.119339][ T3643] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[ 400.126871][ T3643] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 400.323307][ T3643] cdc_ncm 1-1:1.0: setting tx_max = 184
[ 400.334696][ T3643] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM, 42:42:42:42:42:42
[ 400.494400][ T3646] Bluetooth: hci0: command 0x041b tx timeout
[ 401.044025][ T3643] IPv6: ADDRCONF(NETDEV_CHANGE): usb0: link becomes ready
2022/03/09 19:39:50 executed programs: 1
[ 401.528840][ T3643] usb 1-1: USB disconnect, device number 2
[ 401.542806][ T3643] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM
[ 401.564049][ T3643] ==================================================================
[ 401.572129][ T3643] BUG: KASAN: use-after-free in __lock_acquire+0x3f2f/0x56c0
[ 401.579565][ T3643] Read of size 8 at addr ffff88802116fcf0 by task kworker/0:2/3643
[ 401.587437][ T3643]
[ 401.589741][ T3643] CPU: 0 PID: 3643 Comm: kworker/0:2 Not tainted 5.17.0-rc7-syzkaller-00064-g330f4c53d3c2 #0
[ 401.599889][ T3643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 401.609932][ T3643] Workqueue: usb_hub_wq hub_event
[ 401.614966][ T3643] Call Trace:
[ 401.618225][ T3643]
[ 401.621141][ T3643] dump_stack_lvl+0xcd/0x134
[ 401.625822][ T3643] print_address_description.constprop.0.cold+0x8d/0x303
[ 401.632858][ T3643] ? __lock_acquire+0x3f2f/0x56c0
[ 401.637867][ T3643] ? __lock_acquire+0x3f2f/0x56c0
[ 401.642871][ T3643] kasan_report.cold+0x83/0xdf
[ 401.647626][ T3643] ? __lock_acquire+0x3f2f/0x56c0
[ 401.652652][ T3643] __lock_acquire+0x3f2f/0x56c0
[ 401.657488][ T3643] ? check_path.constprop.0+0x24/0x50
[ 401.662847][ T3643] ? check_irq_usage+0x32d/0xac0
[ 401.667772][ T3643] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 401.673741][ T3643] ? mark_lock.part.0+0xee/0x1910
[ 401.678755][ T3643] lock_acquire+0x1ab/0x510
[ 401.683257][ T3643] ? cdc_ncm_tx_fixup+0x8f/0x120
[ 401.688211][ T3643] ? lock_release+0x720/0x720
[ 401.692870][ T3643] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 401.698833][ T3643] _raw_spin_lock_bh+0x2f/0x40
[ 401.703629][ T3643] ? cdc_ncm_tx_fixup+0x8f/0x120
[ 401.708550][ T3643] cdc_ncm_tx_fixup+0x8f/0x120
[ 401.713300][ T3643] ? cdc_ncm_fill_tx_frame+0x3890/0x3890
[ 401.718920][ T3643] usbnet_start_xmit+0x152/0x1f70
[ 401.723990][ T3643] dev_hard_start_xmit+0x1eb/0x920
[ 401.729167][ T3643] sch_direct_xmit+0x19f/0xbe0
[ 401.733953][ T3643] ? lock_release+0x720/0x720
[ 401.738620][ T3643] ? __stack_depot_save+0x23f/0x500
[ 401.743829][ T3643] ? pfifo_fast_dequeue+0xae0/0xae0
[ 401.749017][ T3643] ? do_raw_spin_trylock+0xb0/0x180
[ 401.754222][ T3643] ? do_raw_spin_lock+0x220/0x2b0
[ 401.759254][ T3643] __dev_queue_xmit+0x148f/0x37b0
[ 401.764275][ T3643] ? unregister_netdevice_queue+0x2dd/0x3c0
[ 401.770155][ T3643] ? unregister_netdev+0x18/0x20
[ 401.775077][ T3643] ? usbnet_disconnect+0x139/0x270
[ 401.780173][ T3643] ? usb_unbind_interface+0x1d8/0x8e0
[ 401.785579][ T3643] ? __device_release_driver+0x627/0x760
[ 401.791236][ T3643] ? netdev_core_pick_tx+0x2e0/0x2e0
[ 401.796510][ T3643] ? usb_disable_device+0x35b/0x7b0
[ 401.801698][ T3643] ? usb_disconnect.cold+0x27a/0x78e
[ 401.807003][ T3643] ? hub_event+0x1e39/0x44d0
[ 401.811582][ T3643] ? process_one_work+0x990/0x1650
[ 401.816736][ T3643] ? worker_thread+0x657/0x1110
[ 401.821604][ T3643] ? ret_from_fork+0x1f/0x30
[ 401.826208][ T3643] ? memcpy+0x39/0x60
[ 401.830213][ T3643] ? eth_header+0x15e/0x1e0
[ 401.834745][ T3643] ? ether_setup+0x2c0/0x2c0
[ 401.839326][ T3643] ? lapbeth_data_indication+0x4a0/0x4a0
[ 401.844966][ T3643] lapb_data_transmit+0x8f/0xc0
[ 401.849879][ T3643] lapb_transmit_buffer+0x183/0x390
[ 401.855067][ T3643] lapb_send_control+0x1c7/0x370
[ 401.860003][ T3643] __lapb_disconnect_request+0x127/0x1a0
[ 401.865623][ T3643] lapb_device_event+0x292/0x560
[ 401.870641][ T3643] notifier_call_chain+0xb5/0x200
[ 401.875788][ T3643] call_netdevice_notifiers_info+0xb5/0x130
[ 401.881720][ T3643] __dev_close_many+0xf1/0x2e0
[ 401.886498][ T3643] ? __netif_schedule+0x2f0/0x2f0
[ 401.891530][ T3643] dev_close_many+0x22c/0x620
[ 401.896224][ T3643] ? __netdev_adjacent_dev_insert+0xab0/0xab0
[ 401.902283][ T3643] ? pppoe_device_event+0x298/0x970
[ 401.907512][ T3643] dev_close+0x16d/0x210
[ 401.911930][ T3643] ? netdev_name_node_alt_create+0x460/0x460
[ 401.917915][ T3643] ? lockdep_hardirqs_on+0x79/0x100
[ 401.923123][ T3643] ? pppoe_device_event+0x298/0x970
[ 401.928319][ T3643] ? __local_bh_enable_ip+0xa0/0x120
[ 401.933631][ T3643] lapbeth_device_event+0x677/0xc00
[ 401.938813][ T3643] ? hdlc_device_event+0x67/0x200
[ 401.943823][ T3643] notifier_call_chain+0xb5/0x200
[ 401.948841][ T3643] call_netdevice_notifiers_info+0xb5/0x130
[ 401.954746][ T3643] __dev_close_many+0xf1/0x2e0
[ 401.959498][ T3643] ? __netif_schedule+0x2f0/0x2f0
[ 401.964506][ T3643] ? kasan_save_stack+0x2e/0x40
[ 401.969347][ T3643] ? kasan_set_free_info+0x20/0x30
[ 401.974447][ T3643] dev_close_many+0x22c/0x620
[ 401.979128][ T3643] ? __netdev_adjacent_dev_insert+0xab0/0xab0
[ 401.985181][ T3643] ? lock_release+0x720/0x720
[ 401.989861][ T3643] ? lock_chain_count+0x20/0x20
[ 401.994696][ T3643] unregister_netdevice_many+0x3ff/0x18d0
[ 402.000402][ T3643] ? __mutex_lock+0x21a/0x12f0
[ 402.005154][ T3643] ? netdev_pick_tx+0xbe0/0xbe0
[ 402.009986][ T3643] ? unregister_netdev+0xe/0x20
[ 402.014818][ T3643] ? mutex_lock_io_nested+0x1150/0x1150
[ 402.020349][ T3643] unregister_netdevice_queue+0x2dd/0x3c0
[ 402.026057][ T3643] ? unregister_netdevice_many+0x18d0/0x18d0
[ 402.032036][ T3643] ? cdc_ncm_free+0x145/0x1a0
[ 402.036697][ T3643] ? cdc_ncm_free+0x1a0/0x1a0
[ 402.041354][ T3643] unregister_netdev+0x18/0x20
[ 402.046102][ T3643] usbnet_disconnect+0x139/0x270
[ 402.051020][ T3643] usb_unbind_interface+0x1d8/0x8e0
[ 402.056206][ T3643] ? usb_unbind_device+0x1a0/0x1a0
[ 402.061301][ T3643] __device_release_driver+0x627/0x760
[ 402.066783][ T3643] device_release_driver+0x26/0x40
[ 402.071889][ T3643] bus_remove_device+0x2eb/0x5a0
[ 402.076811][ T3643] device_del+0x4f3/0xc80
[ 402.081128][ T3643] ? __device_link_del+0x380/0x380
[ 402.086225][ T3643] ? kobject_put+0x1f3/0x540
[ 402.090819][ T3643] usb_disable_device+0x35b/0x7b0
[ 402.095829][ T3643] usb_disconnect.cold+0x27a/0x78e
[ 402.100928][ T3643] hub_event+0x1e39/0x44d0
[ 402.105353][ T3643] ? hub_port_debounce+0x3c0/0x3c0
[ 402.110462][ T3643] ? lock_release+0x720/0x720
[ 402.115126][ T3643] ? lock_downgrade+0x6e0/0x6e0
[ 402.119973][ T3643] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 402.125951][ T3643] process_one_work+0x9ac/0x1650
[ 402.130879][ T3643] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 402.136246][ T3643] ? rwlock_bug.part.0+0x90/0x90
[ 402.141180][ T3643] ? _raw_spin_lock_irq+0x41/0x50
[ 402.146203][ T3643] worker_thread+0x657/0x1110
[ 402.150876][ T3643] ? process_one_work+0x1650/0x1650
[ 402.156091][ T3643] kthread+0x2e9/0x3a0
[ 402.160154][ T3643] ? kthread_complete_and_exit+0x40/0x40
[ 402.165782][ T3643] ret_from_fork+0x1f/0x30
[ 402.170190][ T3643]
[ 402.173191][ T3643]
[ 402.175501][ T3643] Allocated by task 3643:
[ 402.179804][ T3643] kasan_save_stack+0x1e/0x40
[ 402.184468][ T3643] __kasan_kmalloc+0xa6/0xd0
[ 402.189065][ T3643] kmem_cache_alloc_trace+0x1ea/0x4a0
[ 402.194424][ T3643] cdc_ncm_bind_common+0xb8/0x2df0
[ 402.199520][ T3643] cdc_ncm_bind+0x7c/0x1c0
[ 402.203926][ T3643] usbnet_probe+0xaf8/0x2580
[ 402.208496][ T3643] usb_probe_interface+0x315/0x7f0
[ 402.213597][ T3643] really_probe+0x245/0xcc0
[ 402.218086][ T3643] __driver_probe_device+0x338/0x4d0
[ 402.223372][ T3643] driver_probe_device+0x4c/0x1a0
[ 402.228396][ T3643] __device_attach_driver+0x20b/0x2f0
[ 402.233755][ T3643] bus_for_each_drv+0x15f/0x1e0
[ 402.238590][ T3643] __device_attach+0x228/0x4a0
[ 402.243333][ T3643] bus_probe_device+0x1e4/0x290
[ 402.248168][ T3643] device_add+0xb83/0x1e20
[ 402.252583][ T3643] usb_set_configuration+0x101e/0x1900
[ 402.258065][ T3643] usb_generic_driver_probe+0xba/0x100
[ 402.263506][ T3643] usb_probe_device+0xd9/0x2c0
[ 402.268258][ T3643] really_probe+0x245/0xcc0
[ 402.272739][ T3643] __driver_probe_device+0x338/0x4d0
[ 402.278004][ T3643] driver_probe_device+0x4c/0x1a0
[ 402.283008][ T3643] __device_attach_driver+0x20b/0x2f0
[ 402.288360][ T3643] bus_for_each_drv+0x15f/0x1e0
[ 402.293192][ T3643] __device_attach+0x228/0x4a0
[ 402.297937][ T3643] bus_probe_device+0x1e4/0x290
[ 402.302783][ T3643] device_add+0xb83/0x1e20
[ 402.307192][ T3643] usb_new_device.cold+0x63f/0x108e
[ 402.312372][ T3643] hub_event+0x2585/0x44d0
[ 402.316802][ T3643] process_one_work+0x9ac/0x1650
[ 402.321723][ T3643] worker_thread+0x657/0x1110
[ 402.326380][ T3643] kthread+0x2e9/0x3a0
[ 402.330434][ T3643] ret_from_fork+0x1f/0x30
[ 402.334851][ T3643]
[ 402.337168][ T3643] Freed by task 3643:
[ 402.341125][ T3643] kasan_save_stack+0x1e/0x40
[ 402.345785][ T3643] kasan_set_track+0x21/0x30
[ 402.350354][ T3643] kasan_set_free_info+0x20/0x30
[ 402.355275][ T3643] ____kasan_slab_free+0xff/0x140
[ 402.360279][ T3643] kfree+0xf8/0x2b0
[ 402.364066][ T3643] cdc_ncm_free+0x145/0x1a0
[ 402.368556][ T3643] cdc_ncm_unbind+0x1a7/0x340
[ 402.373215][ T3643] usbnet_disconnect+0x103/0x270
[ 402.378132][ T3643] usb_unbind_interface+0x1d8/0x8e0
[ 402.383314][ T3643] __device_release_driver+0x627/0x760
[ 402.388767][ T3643] device_release_driver+0x26/0x40
[ 402.393859][ T3643] bus_remove_device+0x2eb/0x5a0
[ 402.398778][ T3643] device_del+0x4f3/0xc80
[ 402.403093][ T3643] usb_disable_device+0x35b/0x7b0
[ 402.408102][ T3643] usb_disconnect.cold+0x27a/0x78e
[ 402.413215][ T3643] hub_event+0x1e39/0x44d0
[ 402.417613][ T3643] process_one_work+0x9ac/0x1650
[ 402.422537][ T3643] worker_thread+0x657/0x1110
[ 402.427191][ T3643] kthread+0x2e9/0x3a0
[ 402.431245][ T3643] ret_from_fork+0x1f/0x30
[ 402.435665][ T3643]
[ 402.437978][ T3643] The buggy address belongs to the object at ffff88802116fc00
[ 402.437978][ T3643] which belongs to the cache kmalloc-512 of size 512
[ 402.452006][ T3643] The buggy address is located 240 bytes inside of
[ 402.452006][ T3643] 512-byte region [ffff88802116fc00, ffff88802116fe00)
[ 402.465260][ T3643] The buggy address belongs to the page:
[ 402.470866][ T3643] page:ffffea0000845bc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2116f
[ 402.480994][ T3643] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 402.488554][ T3643] raw: 00fff00000000200 ffffea00008d3308 ffffea00008455c8 ffff888010c40600
[ 402.497136][ T3643] raw: 0000000000000000 ffff88802116f000 0000000100000004 0000000000000000
[ 402.505699][ T3643] page dumped because: kasan: bad access detected
[ 402.512132][ T3643] page_owner tracks the page as allocated
[ 402.517824][ T3643] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 2137, ts 10764288484, free_ts 10762473799
[ 402.535600][ T3643] get_page_from_freelist+0xa72/0x2f50
[ 402.541066][ T3643] __alloc_pages+0x1b2/0x500
[ 402.545636][ T3643] cache_grow_begin+0x75/0x390
[ 402.550380][ T3643] cache_alloc_refill+0x27f/0x380
[ 402.555384][ T3643] kmem_cache_alloc_trace+0x380/0x4a0
[ 402.560735][ T3643] alloc_bprm+0x51/0x8f0
[ 402.564991][ T3643] kernel_execve+0x55/0x460
[ 402.569474][ T3643] call_usermodehelper_exec_async+0x2e3/0x580
[ 402.575572][ T3643] ret_from_fork+0x1f/0x30
[ 402.579987][ T3643] page last free stack trace:
[ 402.584638][ T3643] free_pcp_prepare+0x374/0x870
[ 402.589506][ T3643] free_unref_page_list+0x1a9/0xfa0
[ 402.594692][ T3643] release_pages+0x317/0x1220
[ 402.599489][ T3643] tlb_finish_mmu+0x165/0x8c0
[ 402.604155][ T3643] exit_mmap+0x21b/0x6a0
[ 402.608382][ T3643] __mmput+0x122/0x4b0
[ 402.612436][ T3643] mmput+0x56/0x60
[ 402.616162][ T3643] free_bprm+0x65/0x2e0
[ 402.620305][ T3643] kernel_execve+0x380/0x460
[ 402.624876][ T3643] call_usermodehelper_exec_async+0x2e3/0x580
[ 402.630936][ T3643] ret_from_fork+0x1f/0x30
[ 402.635438][ T3643]
[ 402.637746][ T3643] Memory state around the buggy address:
[ 402.643354][ T3643] ffff88802116fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 402.651399][ T3643] ffff88802116fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 402.659443][ T3643] >ffff88802116fc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 402.667489][ T3643] ^
[ 402.675183][ T3643] ffff88802116fd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 402.683239][ T3643] ffff88802116fd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 402.691275][ T3643] ==================================================================
[ 402.699325][ T3643] Disabling lock debugging due to kernel taint
[ 402.705901][ T3643] Kernel panic - not syncing: panic_on_warn set ...
[ 402.712476][ T3643] CPU: 0 PID: 3643 Comm: kworker/0:2 Tainted: G B 5.17.0-rc7-syzkaller-00064-g330f4c53d3c2 #0
[ 402.723992][ T3643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 402.734030][ T3643] Workqueue: usb_hub_wq hub_event
[ 402.739065][ T3643] Call Trace:
[ 402.742334][ T3643]
[ 402.745260][ T3643] dump_stack_lvl+0xcd/0x134
[ 402.749858][ T3643] panic+0x2b0/0x6dd
[ 402.753786][ T3643] ? __warn_printk+0xf3/0xf3
[ 402.758358][ T3643] ? __lock_acquire+0x3f2f/0x56c0
[ 402.763366][ T3643] ? __lock_acquire+0x3f2f/0x56c0
[ 402.768374][ T3643] ? __lock_acquire+0x3f2f/0x56c0
[ 402.773394][ T3643] end_report.cold+0x63/0x6f
[ 402.777975][ T3643] kasan_report.cold+0x71/0xdf
[ 402.782728][ T3643] ? __lock_acquire+0x3f2f/0x56c0
[ 402.787741][ T3643] __lock_acquire+0x3f2f/0x56c0
[ 402.792580][ T3643] ? check_path.constprop.0+0x24/0x50
[ 402.797942][ T3643] ? check_irq_usage+0x32d/0xac0
[ 402.802877][ T3643] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 402.808845][ T3643] ? mark_lock.part.0+0xee/0x1910
[ 402.813859][ T3643] lock_acquire+0x1ab/0x510
[ 402.818346][ T3643] ? cdc_ncm_tx_fixup+0x8f/0x120
[ 402.823276][ T3643] ? lock_release+0x720/0x720
[ 402.827953][ T3643] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 402.833916][ T3643] _raw_spin_lock_bh+0x2f/0x40
[ 402.838667][ T3643] ? cdc_ncm_tx_fixup+0x8f/0x120
[ 402.843591][ T3643] cdc_ncm_tx_fixup+0x8f/0x120
[ 402.848343][ T3643] ? cdc_ncm_fill_tx_frame+0x3890/0x3890
[ 402.853963][ T3643] usbnet_start_xmit+0x152/0x1f70
[ 402.858968][ T3643] dev_hard_start_xmit+0x1eb/0x920
[ 402.864066][ T3643] sch_direct_xmit+0x19f/0xbe0
[ 402.868821][ T3643] ? lock_release+0x720/0x720
[ 402.873497][ T3643] ? __stack_depot_save+0x23f/0x500
[ 402.878687][ T3643] ? pfifo_fast_dequeue+0xae0/0xae0
[ 402.883866][ T3643] ? do_raw_spin_trylock+0xb0/0x180
[ 402.889064][ T3643] ? do_raw_spin_lock+0x220/0x2b0
[ 402.894086][ T3643] __dev_queue_xmit+0x148f/0x37b0
[ 402.899120][ T3643] ? unregister_netdevice_queue+0x2dd/0x3c0
[ 402.904999][ T3643] ? unregister_netdev+0x18/0x20
[ 402.909941][ T3643] ? usbnet_disconnect+0x139/0x270
[ 402.915046][ T3643] ? usb_unbind_interface+0x1d8/0x8e0
[ 402.920414][ T3643] ? __device_release_driver+0x627/0x760
[ 402.926064][ T3643] ? netdev_core_pick_tx+0x2e0/0x2e0
[ 402.931341][ T3643] ? usb_disable_device+0x35b/0x7b0
[ 402.936546][ T3643] ? usb_disconnect.cold+0x27a/0x78e
[ 402.941815][ T3643] ? hub_event+0x1e39/0x44d0
[ 402.946392][ T3643] ? process_one_work+0x990/0x1650
[ 402.951948][ T3643] ? worker_thread+0x657/0x1110
[ 402.956786][ T3643] ? ret_from_fork+0x1f/0x30
[ 402.961366][ T3643] ? memcpy+0x39/0x60
[ 402.965337][ T3643] ? eth_header+0x15e/0x1e0
[ 402.969831][ T3643] ? ether_setup+0x2c0/0x2c0
[ 402.974408][ T3643] ? lapbeth_data_indication+0x4a0/0x4a0
[ 402.980024][ T3643] lapb_data_transmit+0x8f/0xc0
[ 402.984864][ T3643] lapb_transmit_buffer+0x183/0x390
[ 402.990046][ T3643] lapb_send_control+0x1c7/0x370
[ 402.994970][ T3643] __lapb_disconnect_request+0x127/0x1a0
[ 403.000606][ T3643] lapb_device_event+0x292/0x560
[ 403.005528][ T3643] notifier_call_chain+0xb5/0x200
[ 403.010627][ T3643] call_netdevice_notifiers_info+0xb5/0x130
[ 403.016510][ T3643] __dev_close_many+0xf1/0x2e0
[ 403.021278][ T3643] ? __netif_schedule+0x2f0/0x2f0
[ 403.026283][ T3643] dev_close_many+0x22c/0x620
[ 403.030942][ T3643] ? __netdev_adjacent_dev_insert+0xab0/0xab0
[ 403.036989][ T3643] ? pppoe_device_event+0x298/0x970
[ 403.042175][ T3643] dev_close+0x16d/0x210
[ 403.046408][ T3643] ? netdev_name_node_alt_create+0x460/0x460
[ 403.052368][ T3643] ? lockdep_hardirqs_on+0x79/0x100
[ 403.057565][ T3643] ? pppoe_device_event+0x298/0x970
[ 403.062749][ T3643] ? __local_bh_enable_ip+0xa0/0x120
[ 403.068021][ T3643] lapbeth_device_event+0x677/0xc00
[ 403.073205][ T3643] ? hdlc_device_event+0x67/0x200
[ 403.078214][ T3643] notifier_call_chain+0xb5/0x200
[ 403.083218][ T3643] call_netdevice_notifiers_info+0xb5/0x130
[ 403.089097][ T3643] __dev_close_many+0xf1/0x2e0
[ 403.093893][ T3643] ? __netif_schedule+0x2f0/0x2f0
[ 403.098912][ T3643] ? kasan_save_stack+0x2e/0x40
[ 403.103746][ T3643] ? kasan_set_free_info+0x20/0x30
[ 403.108841][ T3643] dev_close_many+0x22c/0x620
[ 403.113505][ T3643] ? __netdev_adjacent_dev_insert+0xab0/0xab0
[ 403.119580][ T3643] ? lock_release+0x720/0x720
[ 403.124242][ T3643] ? lock_chain_count+0x20/0x20
[ 403.129094][ T3643] unregister_netdevice_many+0x3ff/0x18d0
[ 403.134801][ T3643] ? __mutex_lock+0x21a/0x12f0
[ 403.139570][ T3643] ? netdev_pick_tx+0xbe0/0xbe0
[ 403.144414][ T3643] ? unregister_netdev+0xe/0x20
[ 403.149278][ T3643] ? mutex_lock_io_nested+0x1150/0x1150
[ 403.154815][ T3643] unregister_netdevice_queue+0x2dd/0x3c0
[ 403.160522][ T3643] ? unregister_netdevice_many+0x18d0/0x18d0
[ 403.166487][ T3643] ? cdc_ncm_free+0x145/0x1a0
[ 403.171145][ T3643] ? cdc_ncm_free+0x1a0/0x1a0
[ 403.175807][ T3643] unregister_netdev+0x18/0x20
[ 403.180551][ T3643] usbnet_disconnect+0x139/0x270
[ 403.185476][ T3643] usb_unbind_interface+0x1d8/0x8e0
[ 403.190661][ T3643] ? usb_unbind_device+0x1a0/0x1a0
[ 403.195754][ T3643] __device_release_driver+0x627/0x760
[ 403.201212][ T3643] device_release_driver+0x26/0x40
[ 403.206303][ T3643] bus_remove_device+0x2eb/0x5a0
[ 403.211222][ T3643] device_del+0x4f3/0xc80
[ 403.215534][ T3643] ? __device_link_del+0x380/0x380
[ 403.220630][ T3643] ? kobject_put+0x1f3/0x540
[ 403.225201][ T3643] usb_disable_device+0x35b/0x7b0
[ 403.230207][ T3643] usb_disconnect.cold+0x27a/0x78e
[ 403.235302][ T3643] hub_event+0x1e39/0x44d0
[ 403.239705][ T3643] ? hub_port_debounce+0x3c0/0x3c0
[ 403.244798][ T3643] ? lock_release+0x720/0x720
[ 403.249472][ T3643] ? lock_downgrade+0x6e0/0x6e0
[ 403.254306][ T3643] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 403.260269][ T3643] process_one_work+0x9ac/0x1650
[ 403.265188][ T3643] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 403.270540][ T3643] ? rwlock_bug.part.0+0x90/0x90
[ 403.275461][ T3643] ? _raw_spin_lock_irq+0x41/0x50
[ 403.280469][ T3643] worker_thread+0x657/0x1110
[ 403.285128][ T3643] ? process_one_work+0x1650/0x1650
[ 403.290306][ T3643] kthread+0x2e9/0x3a0
[ 403.294359][ T3643] ? kthread_complete_and_exit+0x40/0x40
[ 403.299976][ T3643] ret_from_fork+0x1f/0x30
[ 403.304382][ T3643]
[ 403.307444][ T3643] Kernel Offset: disabled
[ 403.311754][ T3643] Rebooting in 86400 seconds..