[ 72.250496][ T39] audit: type=1400 audit(1661953436.235:189): avc: denied { transition } for pid=3835 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '[localhost]:35287' (ECDSA) to the list of known hosts.
2022/08/31 13:43:59 ignoring optional flag "sandboxArg"="0"
2022/08/31 13:43:59 parsed 1 programs
[ 75.739605][ T39] audit: type=1400 audit(1661953439.715:190): avc: denied { mounton } for pid=3879 comm="syz-executor" path="/syzcgroup/unified" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[ 75.739882][ T3879] cgroup: Unknown subsys name 'net'
[ 75.768032][ T3879] cgroup: Unknown subsys name 'rlimit'
[ 75.778013][ T39] audit: type=1400 audit(1661953439.755:191): avc: denied { mounton } for pid=3879 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
2022/08/31 13:43:59 executed programs: 0
[ 75.795086][ T39] audit: type=1400 audit(1661953439.755:192): avc: denied { mount } for pid=3879 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 75.816893][ T39] audit: type=1400 audit(1661953439.765:193): avc: denied { create } for pid=3879 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 75.830844][ T39] audit: type=1400 audit(1661953439.765:194): avc: denied { write } for pid=3879 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 75.843149][ T39] audit: type=1400 audit(1661953439.765:195): avc: denied { read } for pid=3879 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 75.857740][ T39] audit: type=1400 audit(1661953439.795:196): avc: denied { read } for pid=3347 comm="dhcpcd" name="n82" dev="tmpfs" ino=1579 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 75.875841][ T39] audit: type=1400 audit(1661953439.795:197): avc: denied { open } for pid=3347 comm="dhcpcd" path="/run/udev/data/n82" dev="tmpfs" ino=1579 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 75.896244][ T39] audit: type=1400 audit(1661953439.795:198): avc: denied { getattr } for pid=3347 comm="dhcpcd" path="/run/udev/data/n82" dev="tmpfs" ino=1579 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 76.907963][ T64] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 76.915610][ T64] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 76.925453][ T64] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 76.937240][ T64] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 76.950188][ T64] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 76.959217][ T64] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 77.067384][ T3886] chnl_net:caif_netlink_parms(): no params data found
[ 77.140764][ T3886] bridge0: port 1(bridge_slave_0) entered blocking state
[ 77.146864][ T3886] bridge0: port 1(bridge_slave_0) entered disabled state
[ 77.155054][ T3886] device bridge_slave_0 entered promiscuous mode
[ 77.164797][ T3886] bridge0: port 2(bridge_slave_1) entered blocking state
[ 77.171179][ T3886] bridge0: port 2(bridge_slave_1) entered disabled state
[ 77.177922][ T3886] device bridge_slave_1 entered promiscuous mode
[ 77.211440][ T3886] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 77.219581][ T3886] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 77.256254][ T3886] team0: Port device team_slave_0 added
[ 77.264890][ T3886] team0: Port device team_slave_1 added
[ 77.298533][ T3886] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 77.304011][ T3886] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 77.320612][ T3886] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 77.328947][ T3886] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 77.333455][ T3886] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 77.349769][ T3886] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 77.393737][ T3886] device hsr_slave_0 entered promiscuous mode
[ 77.398783][ T3886] device hsr_slave_1 entered promiscuous mode
[ 77.527805][ T3886] bridge0: port 2(bridge_slave_1) entered blocking state
[ 77.533086][ T3886] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 77.537683][ T3886] bridge0: port 1(bridge_slave_0) entered blocking state
[ 77.543734][ T3886] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 77.605698][ T3886] 8021q: adding VLAN 0 to HW filter on device bond0
[ 77.623200][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 77.633485][ T34] bridge0: port 1(bridge_slave_0) entered disabled state
[ 77.641093][ T34] bridge0: port 2(bridge_slave_1) entered disabled state
[ 77.649275][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 77.665190][ T3886] 8021q: adding VLAN 0 to HW filter on device team0
[ 77.682562][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 77.688624][ T40] bridge0: port 1(bridge_slave_0) entered blocking state
[ 77.692952][ T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 77.703440][ T1349] ieee802154 phy0 wpan0: encryption failed: -22
[ 77.708761][ T1349] ieee802154 phy1 wpan1: encryption failed: -22
[ 77.716787][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 77.725470][ T40] bridge0: port 2(bridge_slave_1) entered blocking state
[ 77.731621][ T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 77.751792][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 77.759616][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 77.771400][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 77.785951][ T3886] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 77.795790][ T3886] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 77.805801][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 77.813414][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 77.820385][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 77.836604][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 77.841983][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 77.853747][ T3886] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 78.120119][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 78.126760][ T3692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 78.146868][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 78.153290][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 78.158998][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 78.164159][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 78.173922][ T3886] device veth0_vlan entered promiscuous mode
[ 78.184884][ T3886] device veth1_vlan entered promiscuous mode
[ 78.202525][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 78.208027][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 78.213828][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 78.219371][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 78.228045][ T3886] device veth0_macvtap entered promiscuous mode
[ 78.238703][ T3886] device veth1_macvtap entered promiscuous mode
[ 78.261818][ T3886] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 78.267322][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 78.273175][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 78.279209][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 78.285214][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 78.295703][ T3886] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 78.301032][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 78.307200][ T3690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 78.357133][ T39] kauditd_printk_skb: 7 callbacks suppressed
[ 78.357153][ T39] audit: type=1400 audit(1661953442.335:206): avc: denied { mounton } for pid=3886 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=2383 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 78.437581][ T39] audit: type=1400 audit(1661953442.415:207): avc: denied { ioctl } for pid=3936 comm="syz-executor.0" path="/dev/raw-gadget" dev="devtmpfs" ino=760 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 78.720870][ T3690] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 79.052224][ T3692] Bluetooth: hci0: command 0x0409 tx timeout
[ 79.100037][ T3690] usb 5-1: config 0 has an invalid interface number: 130 but max is 0
[ 79.105720][ T3690] usb 5-1: config 0 has no interface number 0
[ 79.112216][ T3690] usb 5-1: config 0 interface 130 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 79.122068][ T3690] usb 5-1: New USB device found, idVendor=2040, idProduct=8265, bcdDevice=f3.4a
[ 79.129411][ T3690] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 79.140743][ T3690] usb 5-1: config 0 descriptor??
[ 79.194410][ T3690] em28xx 5-1:0.130: New device @ 480 Mbps (2040:8265, interface 130, class 130)
[ 79.201432][ T3690] em28xx 5-1:0.130: Audio interface 130 found (Vendor Class)
[ 79.520018][ T3690] em28xx 5-1:0.130: unknown em28xx chip ID (0)
[ 79.539956][ T3690] em28xx 5-1:0.130: Config register raw data: 0xfffffffb
[ 79.560704][ T3690] em28xx 5-1:0.130: AC97 chip type couldn't be determined
[ 79.565803][ T3690] em28xx 5-1:0.130: No AC97 audio processor
[ 79.570283][ T3690] em28xx 5-1:0.130: We currently don't support analog TV or stream capture on dual tuners.
[ 79.700070][ T3690] em28xx 5-1:0.130: unknown em28xx chip ID (0)
[ 79.720622][ T3690] em28xx 5-1:0.130: Config register raw data: 0xfffffffb
[ 79.740366][ T3690] em28xx 5-1:0.130: AC97 chip type couldn't be determined
[ 79.745624][ T3690] em28xx 5-1:0.130: No AC97 audio processor
[ 80.006179][ T3690] usb 5-1: USB disconnect, device number 2
[ 80.011645][ T3690] em28xx 5-1:0.130: Disconnecting em28xx #1
[ 80.015323][ T3690] em28xx 5-1:0.130: Disconnecting em28xx
[ 80.023341][ T3690] em28xx 5-1:0.130: Freeing device
[ 80.026705][ T3690] em28xx 5-1:0.130: Freeing device
[ 80.399883][ T3690] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[ 80.760448][ T3690] usb 5-1: config 0 has an invalid interface number: 130 but max is 0
[ 80.767802][ T3690] usb 5-1: config 0 has no interface number 0
[ 80.772989][ T3690] usb 5-1: config 0 interface 130 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 80.780779][ T3690] usb 5-1: New USB device found, idVendor=2040, idProduct=8265, bcdDevice=f3.4a
[ 80.786581][ T3690] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 80.795174][ T3690] usb 5-1: config 0 descriptor??
[ 80.841917][ T3690] em28xx 5-1:0.130: New device @ 480 Mbps (2040:8265, interface 130, class 130)
[ 80.847823][ T3690] em28xx 5-1:0.130: Audio interface 130 found (Vendor Class)
[ 81.130659][ T34] Bluetooth: hci0: command 0x041b tx timeout
[ 81.160097][ T3690] em28xx 5-1:0.130: unknown em28xx chip ID (0)
[ 81.180007][ T3690] em28xx 5-1:0.130: Config register raw data: 0xfffffffb
[ 81.199962][ T3690] em28xx 5-1:0.130: AC97 chip type couldn't be determined
[ 81.204638][ T3690] em28xx 5-1:0.130: No AC97 audio processor
[ 81.209351][ T3690] ==================================================================
[ 81.215523][ T3690] BUG: KASAN: use-after-free in __list_add_valid+0xa5/0xb0
[ 81.221427][ T3690] Read of size 8 at addr ffff888025588250 by task kworker/2:3/3690
[ 81.229709][ T3690]
[ 81.231203][ T3690] CPU: 2 PID: 3690 Comm: kworker/2:3 Not tainted 6.0.0-rc3-syzkaller-00792-gdcf8e5633e2e #0
[ 81.237369][ T3690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 81.243327][ T3690] Workqueue: usb_hub_wq hub_event
[ 81.246588][ T3690] Call Trace:
[ 81.248838][ T3690]
[ 81.250854][ T3690] dump_stack_lvl+0xcd/0x134
[ 81.254188][ T3690] print_report.cold+0x2ba/0x6e9
[ 81.257951][ T3690] ? __list_add_valid+0xa5/0xb0
[ 81.261956][ T3690] kasan_report+0xb1/0x1e0
[ 81.264970][ T3690] ? em28xx_audio_setup+0xe0/0x1e0
[ 81.267817][ T3690] ? __list_add_valid+0xa5/0xb0
[ 81.270738][ T3690] __list_add_valid+0xa5/0xb0
[ 81.273503][ T3690] em28xx_init_extension+0x44/0x1f0
[ 81.276699][ T3690] em28xx_init_dev.constprop.0+0xa8b/0x1746
[ 81.280673][ T3690] ? __dev_printk+0xcf/0xf5
[ 81.283422][ T3690] ? _dev_info+0xd7/0x109
[ 81.286473][ T3690] ? em28xx_pre_card_setup+0x5f7/0x5f7
[ 81.289557][ T3690] ? lockdep_init_map_type+0x21a/0x7f0
[ 81.293148][ T3690] ? lockdep_init_map_type+0x21a/0x7f0
[ 81.296891][ T3690] ? __raw_spin_lock_init+0x36/0x110
[ 81.300557][ T3690] em28xx_usb_probe.cold+0xc29/0x258a
[ 81.304252][ T3690] usb_probe_interface+0x30b/0x7f0
[ 81.308159][ T3690] ? usb_match_dynamic_id+0x1a0/0x1a0
[ 81.311564][ T3690] really_probe+0x249/0xb90
[ 81.314584][ T3690] __driver_probe_device+0x1df/0x4d0
[ 81.318367][ T3690] ? usb_match_id.part.0+0x15d/0x1b0
[ 81.322357][ T3690] driver_probe_device+0x4c/0x1a0
[ 81.325839][ T3690] __device_attach_driver+0x206/0x2e0
[ 81.329555][ T3690] ? driver_allows_async_probing+0x170/0x170
[ 81.333238][ T3690] bus_for_each_drv+0x15f/0x1e0
[ 81.336749][ T3690] ? bus_for_each_dev+0x1d0/0x1d0
[ 81.340404][ T3690] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 81.344305][ T3690] ? lockdep_hardirqs_on+0x79/0x100
[ 81.347836][ T3690] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 81.351658][ T3690] __device_attach+0x1e4/0x530
[ 81.354659][ T3690] ? device_driver_attach+0x210/0x210
[ 81.357696][ T3690] ? kobject_uevent_env+0x2a7/0x1640
[ 81.360841][ T3690] bus_probe_device+0x1e4/0x290
[ 81.364341][ T3690] device_add+0xbd5/0x1e90
[ 81.367274][ T3690] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0
[ 81.372212][ T3690] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 81.376047][ T3690] usb_set_configuration+0x1019/0x1900
[ 81.379323][ T3690] usb_generic_driver_probe+0xba/0x100
[ 81.382801][ T3690] usb_probe_device+0xd4/0x2c0
[ 81.385712][ T3690] ? usb_driver_release_interface+0x180/0x180
[ 81.390127][ T3690] really_probe+0x249/0xb90
[ 81.393156][ T3690] __driver_probe_device+0x1df/0x4d0
[ 81.396288][ T3690] driver_probe_device+0x4c/0x1a0
[ 81.399181][ T3690] __device_attach_driver+0x206/0x2e0
[ 81.402367][ T3690] ? driver_allows_async_probing+0x170/0x170
[ 81.406327][ T3690] bus_for_each_drv+0x15f/0x1e0
[ 81.409359][ T3690] ? bus_for_each_dev+0x1d0/0x1d0
[ 81.412661][ T3690] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 81.416825][ T3690] ? lockdep_hardirqs_on+0x79/0x100
[ 81.420274][ T3690] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 81.423747][ T3690] __device_attach+0x1e4/0x530
[ 81.427059][ T3690] ? device_driver_attach+0x210/0x210
[ 81.430412][ T3690] ? kobject_uevent_env+0x2a7/0x1640
[ 81.433680][ T3690] bus_probe_device+0x1e4/0x290
[ 81.436517][ T3690] device_add+0xbd5/0x1e90
[ 81.439509][ T3690] ? usb_match_device+0xd4/0x550
[ 81.442936][ T3690] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0
[ 81.447007][ T3690] ? usb_detect_static_quirks+0x305/0x3b0
[ 81.451582][ T3690] usb_new_device.cold+0x685/0x10ad
[ 81.455067][ T3690] ? hub_disconnect+0x510/0x510
[ 81.458108][ T3690] ? rwlock_bug.part.0+0x90/0x90
[ 81.461303][ T3690] ? _raw_spin_unlock_irq+0x1f/0x40
[ 81.464811][ T3690] ? _raw_spin_unlock_irq+0x1f/0x40
[ 81.468676][ T3690] hub_event+0x26c7/0x4610
[ 81.471443][ T3690] ? hub_port_debounce+0x3b0/0x3b0
[ 81.474469][ T3690] ? lock_release+0x780/0x780
[ 81.477736][ T3690] ? lock_downgrade+0x6e0/0x6e0
[ 81.480480][ T3690] ? do_raw_spin_lock+0x120/0x2a0
[ 81.484077][ T3690] process_one_work+0x991/0x1610
[ 81.487887][ T3690] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 81.491548][ T3690] ? rwlock_bug.part.0+0x90/0x90
[ 81.494700][ T3690] ? _raw_spin_lock_irq+0x41/0x50
[ 81.498603][ T3690] worker_thread+0x854/0x1080
[ 81.502331][ T3690] ? __kthread_parkme+0x15f/0x220
[ 81.505837][ T3690] ? process_one_work+0x1610/0x1610
[ 81.509197][ T3690] kthread+0x2e4/0x3a0
[ 81.511643][ T3690] ? kthread_complete_and_exit+0x40/0x40
[ 81.515485][ T3690] ret_from_fork+0x1f/0x30
[ 81.518221][ T3690]
[ 81.520235][ T3690]
[ 81.521689][ T3690] Allocated by task 3690:
[ 81.524434][ T3690] kasan_save_stack+0x1e/0x40
[ 81.527027][ T3690] __kasan_kmalloc+0xa6/0xd0
[ 81.529601][ T3690] __kmalloc_track_caller+0x1f6/0x4a0
[ 81.532894][ T3690] kmemdup+0x23/0x50
[ 81.535476][ T3690] em28xx_usb_probe.cold+0x134a/0x258a
[ 81.538984][ T3690] usb_probe_interface+0x30b/0x7f0
[ 81.542284][ T3690] really_probe+0x249/0xb90
[ 81.545292][ T3690] __driver_probe_device+0x1df/0x4d0
[ 81.548730][ T3690] driver_probe_device+0x4c/0x1a0
[ 81.552052][ T3690] __device_attach_driver+0x206/0x2e0
[ 81.555253][ T3690] bus_for_each_drv+0x15f/0x1e0
[ 81.558852][ T3690] __device_attach+0x1e4/0x530
[ 81.562535][ T3690] bus_probe_device+0x1e4/0x290
[ 81.566392][ T3690] device_add+0xbd5/0x1e90
[ 81.569850][ T3690] usb_set_configuration+0x1019/0x1900
[ 81.573823][ T3690] usb_generic_driver_probe+0xba/0x100
[ 81.577324][ T3690] usb_probe_device+0xd4/0x2c0
[ 81.580218][ T3690] really_probe+0x249/0xb90
[ 81.582940][ T3690] __driver_probe_device+0x1df/0x4d0
[ 81.586089][ T3690] driver_probe_device+0x4c/0x1a0
[ 81.589054][ T3690] __device_attach_driver+0x206/0x2e0
[ 81.592177][ T3690] bus_for_each_drv+0x15f/0x1e0
[ 81.594865][ T3690] __device_attach+0x1e4/0x530
[ 81.597603][ T3690] bus_probe_device+0x1e4/0x290
[ 81.600308][ T3690] device_add+0xbd5/0x1e90
[ 81.602777][ T3690] usb_new_device.cold+0x685/0x10ad
[ 81.606331][ T3690] hub_event+0x26c7/0x4610
[ 81.609715][ T3690] process_one_work+0x991/0x1610
[ 81.613311][ T3690] worker_thread+0x665/0x1080
[ 81.616571][ T3690] kthread+0x2e4/0x3a0
[ 81.619566][ T3690] ret_from_fork+0x1f/0x30
[ 81.622416][ T3690]
[ 81.623975][ T3690] Freed by task 3690:
[ 81.626609][ T3690] kasan_save_stack+0x1e/0x40
[ 81.630374][ T3690] kasan_set_track+0x21/0x30
[ 81.634081][ T3690] kasan_set_free_info+0x20/0x30
[ 81.637619][ T3690] ____kasan_slab_free+0x13d/0x1a0
[ 81.641008][ T3690] kfree+0x173/0x390
[ 81.643431][ T3690] kref_put.constprop.0.isra.0+0x3d/0x7e
[ 81.647172][ T3690] em28xx_usb_disconnect.cold+0x1c2/0x237
[ 81.650933][ T3690] usb_unbind_interface+0x1d8/0x8e0
[ 81.654184][ T3690] device_remove+0x11f/0x170
[ 81.656820][ T3690] device_release_driver_internal+0x4a1/0x700
[ 81.661330][ T3690] bus_remove_device+0x2e3/0x590
[ 81.664941][ T3690] device_del+0x4f3/0xc80
[ 81.667736][ T3690] usb_disable_device+0x356/0x7a0
[ 81.670887][ T3690] usb_disconnect.cold+0x259/0x6ed
[ 81.674117][ T3690] hub_event+0x1f86/0x4610
[ 81.677327][ T3690] process_one_work+0x991/0x1610
[ 81.681089][ T3690] worker_thread+0x854/0x1080
[ 81.684481][ T3690] kthread+0x2e4/0x3a0
[ 81.687482][ T3690] ret_from_fork+0x1f/0x30
[ 81.691073][ T3690]
[ 81.692869][ T3690] The buggy address belongs to the object at ffff888025588000
[ 81.692869][ T3690] which belongs to the cache kmalloc-16k of size 16384
[ 81.702908][ T3690] The buggy address is located 592 bytes inside of
[ 81.702908][ T3690] 16384-byte region [ffff888025588000, ffff88802558c000)
[ 81.710916][ T3690]
[ 81.712283][ T3690] The buggy address belongs to the physical page:
[ 81.716034][ T3690] page:ffffea0000956200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25588
[ 81.723158][ T3690] head:ffffea0000956200 order:3 compound_mapcount:0 compound_pincount:0
[ 81.728589][ T3690] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 81.733639][ T3690] raw: 00fff00000010200 ffffea0000a01408 ffffea00006f0008 ffff888010c40b00
[ 81.740623][ T3690] raw: 0000000000000000 ffff888025588000 0000000100000001 0000000000000000
[ 81.746165][ T3690] page dumped because: kasan: bad access detected
[ 81.750554][ T3690] page_owner tracks the page as allocated
[ 81.754830][ T3690] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x3420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_HARDWALL|__GFP_THISNODE), pid 3690, tgid 3690 (kworker/2:3), ts 79577229824, free_ts 75143484200
[ 81.770658][ T3690] get_page_from_freelist+0x109b/0x2ce0
[ 81.774474][ T3690] __alloc_pages+0x1c7/0x510
[ 81.778073][ T3690] cache_grow_begin+0x75/0x360
[ 81.782130][ T3690] cache_alloc_refill+0x27f/0x380
[ 81.785618][ T3690] __kmalloc_track_caller+0x39e/0x4a0
[ 81.789541][ T3690] kmemdup+0x23/0x50
[ 81.792194][ T3690] em28xx_usb_probe.cold+0x134a/0x258a
[ 81.795214][ T3690] usb_probe_interface+0x30b/0x7f0
[ 81.798997][ T3690] really_probe+0x249/0xb90
[ 81.802118][ T3690] __driver_probe_device+0x1df/0x4d0
[ 81.805361][ T3690] driver_probe_device+0x4c/0x1a0
[ 81.809044][ T3690] __device_attach_driver+0x206/0x2e0
[ 81.812433][ T3690] bus_for_each_drv+0x15f/0x1e0
[ 81.815379][ T3690] __device_attach+0x1e4/0x530
[ 81.818514][ T3690] bus_probe_device+0x1e4/0x290
[ 81.821736][ T3690] device_add+0xbd5/0x1e90
[ 81.824628][ T3690] page last free stack trace:
[ 81.827869][ T3690] free_pcp_prepare+0x5e4/0xd20
[ 81.831260][ T3690] free_unref_page+0x19/0x4d0
[ 81.834720][ T3690] __folio_put+0x105/0x130
[ 81.837573][ T3690] do_exit+0x1f14/0x29b0
[ 81.840440][ T3690] do_group_exit+0xd2/0x2f0
[ 81.844722][ T3690] __x64_sys_exit_group+0x3a/0x50
[ 81.849493][ T3690] do_syscall_64+0x35/0x80
[ 81.853050][ T3690] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 81.857729][ T3690]
[ 81.859484][ T3690] Memory state around the buggy address:
[ 81.863004][ T3690] ffff888025588100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 81.869358][ T3690] ffff888025588180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 81.875717][ T3690] >ffff888025588200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 81.881721][ T3690] ^
[ 81.886238][ T3690] ffff888025588280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 81.891453][ T3690] ffff888025588300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 81.896896][ T3690] ==================================================================
[ 81.902711][ T3690] Kernel panic - not syncing: panic_on_warn set ...
[ 81.908062][ T3690] CPU: 2 PID: 3690 Comm: kworker/2:3 Not tainted 6.0.0-rc3-syzkaller-00792-gdcf8e5633e2e #0
[ 81.914251][ T3690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
[ 81.920484][ T3690] Workqueue: usb_hub_wq hub_event
[ 81.924347][ T3690] Call Trace:
[ 81.926546][ T3690]
[ 81.928428][ T3690] dump_stack_lvl+0xcd/0x134
[ 81.931988][ T3690] panic+0x2c8/0x627
[ 81.934694][ T3690] ? panic_print_sys_info.part.0+0x10b/0x10b
[ 81.939260][ T3690] ? preempt_schedule_common+0x59/0xc0
[ 81.943031][ T3690] ? preempt_schedule_thunk+0x16/0x18
[ 81.946534][ T3690] ? __list_add_valid+0xa5/0xb0
[ 81.949524][ T3690] end_report.part.0+0x3f/0x7c
[ 81.953182][ T3690] kasan_report.cold+0xa/0xf
[ 81.957186][ T3690] ? em28xx_audio_setup+0xe0/0x1e0
[ 81.960753][ T3690] ? __list_add_valid+0xa5/0xb0
[ 81.964551][ T3690] __list_add_valid+0xa5/0xb0
[ 81.968313][ T3690] em28xx_init_extension+0x44/0x1f0
[ 81.971978][ T3690] em28xx_init_dev.constprop.0+0xa8b/0x1746
[ 81.977244][ T3690] ? __dev_printk+0xcf/0xf5
[ 81.980592][ T3690] ? _dev_info+0xd7/0x109
[ 81.983771][ T3690] ? em28xx_pre_card_setup+0x5f7/0x5f7
[ 81.987748][ T3690] ? lockdep_init_map_type+0x21a/0x7f0
[ 81.991162][ T3690] ? lockdep_init_map_type+0x21a/0x7f0
[ 81.994763][ T3690] ? __raw_spin_lock_init+0x36/0x110
[ 81.998902][ T3690] em28xx_usb_probe.cold+0xc29/0x258a
[ 82.002475][ T3690] usb_probe_interface+0x30b/0x7f0
[ 82.006100][ T3690] ? usb_match_dynamic_id+0x1a0/0x1a0
[ 82.009389][ T3690] really_probe+0x249/0xb90
[ 82.012276][ T3690] __driver_probe_device+0x1df/0x4d0
[ 82.015888][ T3690] ? usb_match_id.part.0+0x15d/0x1b0
[ 82.019676][ T3690] driver_probe_device+0x4c/0x1a0
[ 82.023771][ T3690] __device_attach_driver+0x206/0x2e0
[ 82.027543][ T3690] ? driver_allows_async_probing+0x170/0x170
[ 82.031395][ T3690] bus_for_each_drv+0x15f/0x1e0
[ 82.035040][ T3690] ? bus_for_each_dev+0x1d0/0x1d0
[ 82.038511][ T3690] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 82.041746][ T3690] ? lockdep_hardirqs_on+0x79/0x100
[ 82.044687][ T3690] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 82.048021][ T3690] __device_attach+0x1e4/0x530
[ 82.051061][ T3690] ? device_driver_attach+0x210/0x210
[ 82.054446][ T3690] ? kobject_uevent_env+0x2a7/0x1640
[ 82.057800][ T3690] bus_probe_device+0x1e4/0x290
[ 82.060895][ T3690] device_add+0xbd5/0x1e90
[ 82.063675][ T3690] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0
[ 82.067186][ T3690] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 82.070745][ T3690] usb_set_configuration+0x1019/0x1900
[ 82.074308][ T3690] usb_generic_driver_probe+0xba/0x100
[ 82.077534][ T3690] usb_probe_device+0xd4/0x2c0
[ 82.080519][ T3690] ? usb_driver_release_interface+0x180/0x180
[ 82.084352][ T3690] really_probe+0x249/0xb90
[ 82.087118][ T3690] __driver_probe_device+0x1df/0x4d0
[ 82.090513][ T3690] driver_probe_device+0x4c/0x1a0
[ 82.093786][ T3690] __device_attach_driver+0x206/0x2e0
[ 82.097174][ T3690] ? driver_allows_async_probing+0x170/0x170
[ 82.100831][ T3690] bus_for_each_drv+0x15f/0x1e0
[ 82.104024][ T3690] ? bus_for_each_dev+0x1d0/0x1d0
[ 82.107879][ T3690] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 82.112755][ T3690] ? lockdep_hardirqs_on+0x79/0x100
[ 82.116908][ T3690] ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 82.121332][ T3690] __device_attach+0x1e4/0x530
[ 82.124755][ T3690] ? device_driver_attach+0x210/0x210
[ 82.128267][ T3690] ? kobject_uevent_env+0x2a7/0x1640
[ 82.132235][ T3690] bus_probe_device+0x1e4/0x290
[ 82.136064][ T3690] device_add+0xbd5/0x1e90
[ 82.139267][ T3690] ? usb_match_device+0xd4/0x550
[ 82.142994][ T3690] ? __fw_devlink_link_to_suppliers+0x2d0/0x2d0
[ 82.147843][ T3690] ? usb_detect_static_quirks+0x305/0x3b0
[ 82.151754][ T3690] usb_new_device.cold+0x685/0x10ad
[ 82.155447][ T3690] ? hub_disconnect+0x510/0x510
[ 82.158826][ T3690] ? rwlock_bug.part.0+0x90/0x90
[ 82.161766][ T3690] ? _raw_spin_unlock_irq+0x1f/0x40
[ 82.165003][ T3690] ? _raw_spin_unlock_irq+0x1f/0x40
[ 82.168612][ T3690] hub_event+0x26c7/0x4610
[ 82.172256][ T3690] ? hub_port_debounce+0x3b0/0x3b0
[ 82.175691][ T3690] ? lock_release+0x780/0x780
[ 82.179407][ T3690] ? lock_downgrade+0x6e0/0x6e0
[ 82.183326][ T3690] ? do_raw_spin_lock+0x120/0x2a0
[ 82.187076][ T3690] process_one_work+0x991/0x1610
[ 82.190710][ T3690] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 82.194489][ T3690] ? rwlock_bug.part.0+0x90/0x90
[ 82.198551][ T3690] ? _raw_spin_lock_irq+0x41/0x50
[ 82.201894][ T3690] worker_thread+0x854/0x1080
[ 82.205189][ T3690] ? __kthread_parkme+0x15f/0x220
2022/08/31 13:44:06 executed programs: 2
[ 82.208857][ T3690] ? process_one_work+0x1610/0x1610
[ 82.212413][ T3690] kthread+0x2e4/0x3a0
[ 82.215011][ T3690] ? kthread_complete_and_exit+0x40/0x40
[ 82.218757][ T3690] ret_from_fork+0x1f/0x30
[ 82.221801][ T3690]
[ 82.224973][ T3690] Kernel Offset: disabled
[ 82.228020][ T3690] Rebooting in 86400 seconds..