em28xx 5-1:0.130: No AC97 audio processor non-slab/vmalloc memory list_add corruption. prev->next should be next (ffffffff90061ea0), but was ffffffff8960af21. (prev=ffff88803785c250). ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:32! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 2 UID: 0 PID: 24 Comm: kworker/2:0 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Workqueue: usb_hub_wq hub_event RIP: 0010:__list_add_valid_or_report+0xfb/0x130 lib/list_debug.c:32 Code: b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 75 3d 49 8b 55 00 4c 89 e9 48 89 de 48 c7 c7 e0 eb 1a 8c e8 f6 20 25 fc 90 <0f> 0b 4c 89 e7 e8 1b bb 77 fd e9 3a ff ff ff 4c 89 ef e8 0e bb 77 RSP: 0018:ffffc9000062ee20 EFLAGS: 00010282 RAX: 0000000000000075 RBX: ffffffff90061ea0 RCX: 0000000000000000 RDX: 0000000000000075 RSI: ffffffff81e780a9 RDI: fffff520000c5db5 RBP: ffff88803f03c250 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000080000000 R11: 0000000000000000 R12: ffffffff90061ea8 R13: ffff88803785c250 R14: ffff888035f2b800 R15: ffff88802e645000 FS: 0000000000000000(0000) GS:ffff8880d654d000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f46b138d090 CR3: 000000003ddd0000 CR4: 0000000000352ef0 Call Trace: __list_add_valid include/linux/list.h:96 [inline] __list_add include/linux/list.h:158 [inline] list_add_tail include/linux/list.h:191 [inline] em28xx_init_extension+0x48/0x200 drivers/media/usb/em28xx/em28xx-core.c:1114 em28xx_init_dev.isra.0+0xac3/0x17c4 drivers/media/usb/em28xx/em28xx-cards.c:3679 em28xx_usb_probe.cold+0xc3b/0x24ab drivers/media/usb/em28xx/em28xx-cards.c:4034 usb_probe_interface+0x303/0x8f0 drivers/usb/core/driver.c:396 call_driver_probe drivers/base/dd.c:583 [inline] really_probe+0x241/0xa60 drivers/base/dd.c:661 __driver_probe_device+0x1de/0x400 drivers/base/dd.c:803 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:833 __device_attach_driver+0x1ff/0x3e0 drivers/base/dd.c:961 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:500 __device_attach+0x1e4/0x4d0 drivers/base/dd.c:1033 device_initial_probe+0xaf/0xd0 drivers/base/dd.c:1088 bus_probe_device+0x64/0x160 drivers/base/bus.c:574 device_add+0x11d9/0x1950 drivers/base/core.c:3689 usb_set_configuration+0xd97/0x1c60 drivers/usb/core/message.c:2210 usb_generic_driver_probe+0xa1/0xe0 drivers/usb/core/generic.c:250 usb_probe_device+0xef/0x400 drivers/usb/core/driver.c:291 call_driver_probe drivers/base/dd.c:583 [inline] really_probe+0x241/0xa60 drivers/base/dd.c:661 __driver_probe_device+0x1de/0x400 drivers/base/dd.c:803 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:833 __device_attach_driver+0x1ff/0x3e0 drivers/base/dd.c:961 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:500 __device_attach+0x1e4/0x4d0 drivers/base/dd.c:1033 device_initial_probe+0xaf/0xd0 drivers/base/dd.c:1088 bus_probe_device+0x64/0x160 drivers/base/bus.c:574 device_add+0x11d9/0x1950 drivers/base/core.c:3689 usb_new_device.cold+0x685/0x115c drivers/usb/core/hub.c:2695 hub_port_connect drivers/usb/core/hub.c:5567 [inline] hub_port_connect_change drivers/usb/core/hub.c:5707 [inline] port_event drivers/usb/core/hub.c:5871 [inline] hub_event+0x314d/0x4af0 drivers/usb/core/hub.c:5953 process_one_work+0x9d7/0x1920 kernel/workqueue.c:3275 process_scheduled_works kernel/workqueue.c:3358 [inline] worker_thread+0x5da/0xe40 kernel/workqueue.c:3439 kthread+0x370/0x450 kernel/kthread.c:467 ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:__list_add_valid_or_report+0xfb/0x130 lib/list_debug.c:32 Code: b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 75 3d 49 8b 55 00 4c 89 e9 48 89 de 48 c7 c7 e0 eb 1a 8c e8 f6 20 25 fc 90 <0f> 0b 4c 89 e7 e8 1b bb 77 fd e9 3a ff ff ff 4c 89 ef e8 0e bb 77 RSP: 0018:ffffc9000062ee20 EFLAGS: 00010282 RAX: 0000000000000075 RBX: ffffffff90061ea0 RCX: 0000000000000000 RDX: 0000000000000075 RSI: ffffffff81e780a9 RDI: fffff520000c5db5 RBP: ffff88803f03c250 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000080000000 R11: 0000000000000000 R12: ffffffff90061ea8 R13: ffff88803785c250 R14: ffff888035f2b800 R15: ffff88802e645000 FS: 0000000000000000(0000) GS:ffff8880d654d000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f46b138d090 CR3: 000000003ddd0000 CR4: 0000000000352ef0