usb 1-1: Direct firmware load for ueagle-atm/eagleI.fw failed with error -2
usb 1-1: Falling back to sysfs fallback for: ueagle-atm/eagleI.fw
==================================================================
BUG: KASAN: slab-use-after-free in kernfs_root fs/kernfs/kernfs-internal.h:68 [inline]
BUG: KASAN: slab-use-after-free in kernfs_add_one+0x2fc/0x714 fs/kernfs/dir.c:809
Read of size 8 at addr ffff0000daca8dc0 by task kworker/1:1/25

CPU: 1 PID: 25 Comm: kworker/1:1 Tainted: G    B              6.8.0-rc5-syzkaller-00072-g59a96b711109 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Workqueue: events request_firmware_work_func
Call trace:
 dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0x178/0x518 mm/kasan/report.c:488
 kasan_report+0xd8/0x138 mm/kasan/report.c:601
 __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381
 kernfs_root fs/kernfs/kernfs-internal.h:68 [inline]
 kernfs_add_one+0x2fc/0x714 fs/kernfs/dir.c:809
 kernfs_create_dir_ns+0xd4/0x12c fs/kernfs/dir.c:1062
 sysfs_create_dir_ns+0x150/0x318 fs/sysfs/dir.c:59
 create_dir lib/kobject.c:73 [inline]
 kobject_add_internal+0x598/0xb04 lib/kobject.c:240
 kobject_add_varg lib/kobject.c:374 [inline]
 kobject_add+0x14c/0x224 lib/kobject.c:426
 class_dir_create_and_add drivers/base/core.c:3182 [inline]
 get_device_parent+0x2ec/0x370 drivers/base/core.c:3233
 device_add+0x2a0/0xaac drivers/base/core.c:3563
 fw_load_sysfs_fallback drivers/base/firmware_loader/fallback.c:86 [inline]
 fw_load_from_user_helper drivers/base/firmware_loader/fallback.c:162 [inline]
 firmware_fallback_sysfs+0x2bc/0x918 drivers/base/firmware_loader/fallback.c:238
 _request_firmware+0xcf8/0xf70 drivers/base/firmware_loader/main.c:910
 request_firmware_work_func+0xfc/0x214 drivers/base/firmware_loader/main.c:1161
 process_one_work+0x694/0x1204 kernel/workqueue.c:2633
 process_scheduled_works kernel/workqueue.c:2706 [inline]
 worker_thread+0x938/0xef4 kernel/workqueue.c:2787
 kthread+0x288/0x310 kernel/kthread.c:388
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860

Allocated by task 25:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x40/0x78 mm/kasan/common.c:68
 kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626
 unpoison_slab_object mm/kasan/common.c:314 [inline]
 __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3813 [inline]
 slab_alloc_node mm/slub.c:3860 [inline]
 kmem_cache_alloc+0x1dc/0x488 mm/slub.c:3867
 kmem_cache_zalloc include/linux/slab.h:701 [inline]
 __kernfs_new_node+0xe4/0x684 fs/kernfs/dir.c:615
 kernfs_new_node+0x11c/0x230 fs/kernfs/dir.c:691
 kernfs_create_dir_ns+0x58/0x12c fs/kernfs/dir.c:1052
 sysfs_create_dir_ns+0x150/0x318 fs/sysfs/dir.c:59
 create_dir lib/kobject.c:73 [inline]
 kobject_add_internal+0x598/0xb04 lib/kobject.c:240
 kobject_add_varg lib/kobject.c:374 [inline]
 kobject_add+0x14c/0x224 lib/kobject.c:426
 class_dir_create_and_add drivers/base/core.c:3182 [inline]
 get_device_parent+0x2ec/0x370 drivers/base/core.c:3233
 device_add+0x2a0/0xaac drivers/base/core.c:3563
 fw_load_sysfs_fallback drivers/base/firmware_loader/fallback.c:86 [inline]
 fw_load_from_user_helper drivers/base/firmware_loader/fallback.c:162 [inline]
 firmware_fallback_sysfs+0x2bc/0x918 drivers/base/firmware_loader/fallback.c:238
 _request_firmware+0xcf8/0xf70 drivers/base/firmware_loader/main.c:910
 request_firmware_work_func+0xfc/0x214 drivers/base/firmware_loader/main.c:1161
 process_one_work+0x694/0x1204 kernel/workqueue.c:2633
 process_scheduled_works kernel/workqueue.c:2706 [inline]
 worker_thread+0x938/0xef4 kernel/workqueue.c:2787
 kthread+0x288/0x310 kernel/kthread.c:388
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860

Freed by task 6168:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x40/0x78 mm/kasan/common.c:68
 kasan_save_free_info+0x5c/0x74 mm/kasan/generic.c:640
 poison_slab_object+0x124/0x18c mm/kasan/common.c:241
 __kasan_slab_free+0x3c/0x78 mm/kasan/common.c:257
 kasan_slab_free include/linux/kasan.h:184 [inline]
 slab_free_hook mm/slub.c:2121 [inline]
 slab_free mm/slub.c:4299 [inline]
 kmem_cache_free+0x15c/0x3d4 mm/slub.c:4363
 kernfs_put+0x294/0x440 fs/kernfs/dir.c:569
 __kernfs_remove+0x684/0x7b0 fs/kernfs/dir.c:1499
 kernfs_remove+0x7c/0xa0 fs/kernfs/dir.c:1519
 sysfs_remove_dir+0xa8/0xec fs/sysfs/dir.c:101
 __kobject_del+0xe8/0x2d4 lib/kobject.c:604
 kobject_del+0x48/0x68 lib/kobject.c:627
 device_del+0x6d0/0x87c drivers/base/core.c:3848
 usb_disconnect+0x4b0/0x808 drivers/usb/core/hub.c:2295
 hub_port_connect drivers/usb/core/hub.c:5323 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5623 [inline]
 port_event drivers/usb/core/hub.c:5783 [inline]
 hub_event+0x18ec/0x435c drivers/usb/core/hub.c:5865
 process_one_work+0x694/0x1204 kernel/workqueue.c:2633
 process_scheduled_works kernel/workqueue.c:2706 [inline]
 worker_thread+0x970/0xef4 kernel/workqueue.c:2787
 kthread+0x288/0x310 kernel/kthread.c:388
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860

The buggy address belongs to the object at ffff0000daca8d90
 which belongs to the cache kernfs_node_cache of size 168
The buggy address is located 48 bytes inside of
 freed 168-byte region [ffff0000daca8d90, ffff0000daca8e38)

The buggy address belongs to the physical page:
page:00000000b28bdeff refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11aca8
flags: 0x5ffc00000000800(slab|node=0|zone=2|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 05ffc00000000800 ffff0000c1946000 dead000000000100 dead000000000122
raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000daca8c80: fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb
 ffff0000daca8d00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
>ffff0000daca8d80: fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb
                                           ^
 ffff0000daca8e00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
 ffff0000daca8e80: fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
kobject: kobject_add_internal failed for ueagle-atm!eagleI.fw (error: -2 parent: firmware)
firmware ueagle-atm!eagleI.fw: fw_load_sysfs_fallback: device_register failed
usb 1-1: [UEAGLE-ATM] firmware is not available
usb 1-1: Direct firmware load for ueagle-atm/eagleI.fw failed with error -2
usb 1-1: Falling back to sysfs fallback for: ueagle-atm/eagleI.fw
kobject: kobject_add_internal failed for firmware (error: -2 parent: 1-1)
firmware ueagle-atm!eagleI.fw: fw_load_sysfs_fallback: device_register failed
usb 1-1: [UEAGLE-ATM] firmware is not available