usb 1-1: Falling back to sysfs fallback for: ueagle-atm/eagleII.fw ------------[ cut here ]------------ WARNING: fs/kernfs/dir.c:560 at kernfs_get+0x8c/0xcc fs/kernfs/dir.c:560, CPU#1: kworker/1:5/4770 Modules linked in: CPU: 1 UID: 0 PID: 4770 Comm: kworker/1:5 Tainted: G L syzkaller #0 PREEMPT Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 Workqueue: events request_firmware_work_func pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : kernfs_get+0x8c/0xcc fs/kernfs/dir.c:560 lr : kernfs_get+0x8c/0xcc fs/kernfs/dir.c:560 sp : ffff8000963475a0 x29: ffff8000963475a0 x28: 1fffe0001a12a4b3 x27: dfff800000000000 x26: 1fffe0001a12a4b0 x25: ffff0000d0952598 x24: ffff800086deae00 x23: ffff0000d09525a8 x22: 1fffe0001a12a4b6 x21: 1fffe0001a12a4b5 x20: 0000000000000000 x19: ffff0000cdf26b40 x18: 1fffe00035c23420 x17: ffff8000888eb000 x16: ffff80008899dba0 x15: ffff0001ae11a10c x14: ffff0001ae11a108 x13: 0000000000000001 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 x5 : 0000000000000001 x4 : 0000000000000008 x3 : ffff800080eb308c x2 : 0000000000000000 x1 : ffff0000d8223a00 x0 : 0000000000000000 Call trace: kernfs_get+0x8c/0xcc fs/kernfs/dir.c:560 (P) sysfs_get include/linux/sysfs.h:802 [inline] create_dir lib/kobject.c:89 [inline] kobject_add_internal+0x308/0x6e8 lib/kobject.c:240 kobject_add_varg+0x98/0xe4 lib/kobject.c:374 kobject_add+0x110/0x1cc lib/kobject.c:426 class_dir_create_and_add drivers/base/core.c:3234 [inline] get_device_parent+0x2c4/0x34c drivers/base/core.c:3285 device_add+0x294/0x9e4 drivers/base/core.c:3615 fw_load_sysfs_fallback drivers/base/firmware_loader/fallback.c:86 [inline] fw_load_from_user_helper drivers/base/firmware_loader/fallback.c:162 [inline] firmware_fallback_sysfs+0x294/0x910 drivers/base/firmware_loader/fallback.c:238 _request_firmware+0xb04/0xf00 drivers/base/firmware_loader/main.c:898 request_firmware_work_func+0xa8/0x19c drivers/base/firmware_loader/main.c:1150 process_one_work kernel/workqueue.c:3314 [inline] process_scheduled_works+0x79c/0x1098 kernel/workqueue.c:3397 worker_thread+0x754/0xba0 kernel/workqueue.c:3478 kthread+0x2f8/0x3c8 kernel/kthread.c:436 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:842 irq event stamp: 38018 hardirqs last enabled at (38017): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline] hardirqs last enabled at (38017): [] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:198 hardirqs last disabled at (38018): [] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:429 softirqs last enabled at (37882): [] local_bh_enable include/linux/bottom_half.h:33 [inline] softirqs last enabled at (37882): [] put_cpu_fpsimd_context arch/arm64/kernel/fpsimd.c:251 [inline] softirqs last enabled at (37882): [] kernel_neon_begin+0x220/0x354 arch/arm64/kernel/fpsimd.c:1948 softirqs last disabled at (37880): [] local_bh_disable include/linux/bottom_half.h:20 [inline] softirqs last disabled at (37880): [] get_cpu_fpsimd_context arch/arm64/kernel/fpsimd.c:234 [inline] softirqs last disabled at (37880): [] kernel_neon_begin+0x11c/0x354 arch/arm64/kernel/fpsimd.c:1907 ---[ end trace 0000000000000000 ]--- ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read_write include/linux/instrumented.h:112 [inline] BUG: KASAN: slab-use-after-free in atomic_inc include/linux/atomic/atomic-instrumented.h:435 [inline] BUG: KASAN: slab-use-after-free in kernfs_get+0x60/0xcc fs/kernfs/dir.c:561 Write of size 4 at addr ffff0000cdf26b40 by task kworker/1:5/4770 CPU: 1 UID: 0 PID: 4770 Comm: kworker/1:5 Tainted: G W L syzkaller #0 PREEMPT Tainted: [W]=WARN, [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 Workqueue: events request_firmware_work_func Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 print_address_description+0xb0/0x238 mm/kasan/report.c:378 print_report+0x68/0x84 mm/kasan/report.c:482 kasan_report+0x8c/0xc4 mm/kasan/report.c:595 check_region_inline mm/kasan/generic.c:-1 [inline] kasan_check_range+0x17c/0x1ac mm/kasan/generic.c:200 __kasan_check_write+0x20/0x30 mm/kasan/shadow.c:37 instrument_atomic_read_write include/linux/instrumented.h:112 [inline] atomic_inc include/linux/atomic/atomic-instrumented.h:435 [inline] kernfs_get+0x60/0xcc fs/kernfs/dir.c:561 sysfs_get include/linux/sysfs.h:802 [inline] create_dir lib/kobject.c:89 [inline] kobject_add_internal+0x308/0x6e8 lib/kobject.c:240 kobject_add_varg+0x98/0xe4 lib/kobject.c:374 kobject_add+0x110/0x1cc lib/kobject.c:426 class_dir_create_and_add drivers/base/core.c:3234 [inline] get_device_parent+0x2c4/0x34c drivers/base/core.c:3285 device_add+0x294/0x9e4 drivers/base/core.c:3615 fw_load_sysfs_fallback drivers/base/firmware_loader/fallback.c:86 [inline] fw_load_from_user_helper drivers/base/firmware_loader/fallback.c:162 [inline] firmware_fallback_sysfs+0x294/0x910 drivers/base/firmware_loader/fallback.c:238 _request_firmware+0xb04/0xf00 drivers/base/firmware_loader/main.c:898 request_firmware_work_func+0xa8/0x19c drivers/base/firmware_loader/main.c:1150 process_one_work kernel/workqueue.c:3314 [inline] process_scheduled_works+0x79c/0x1098 kernel/workqueue.c:3397 worker_thread+0x754/0xba0 kernel/workqueue.c:3478 kthread+0x2f8/0x3c8 kernel/kthread.c:436 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:842 Allocated by task 4770: kasan_save_stack mm/kasan/common.c:57 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:78 kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:570 unpoison_slab_object mm/kasan/common.c:340 [inline] __kasan_slab_alloc+0x70/0x88 mm/kasan/common.c:366 kasan_slab_alloc include/linux/kasan.h:253 [inline] slab_post_alloc_hook mm/slub.c:4569 [inline] slab_alloc_node mm/slub.c:4898 [inline] kmem_cache_alloc_noprof+0x26c/0x610 mm/slub.c:4905 __kernfs_new_node+0xec/0x800 fs/kernfs/dir.c:664 kernfs_new_node+0xe8/0x160 fs/kernfs/dir.c:748 kernfs_create_dir_ns+0x58/0x12c fs/kernfs/dir.c:1121 sysfs_create_dir_ns+0x120/0x1f4 fs/sysfs/dir.c:59 create_dir lib/kobject.c:73 [inline] kobject_add_internal+0x28c/0x6e8 lib/kobject.c:240 kobject_add_varg+0x98/0xe4 lib/kobject.c:374 kobject_add+0x110/0x1cc lib/kobject.c:426 class_dir_create_and_add drivers/base/core.c:3234 [inline] get_device_parent+0x2c4/0x34c drivers/base/core.c:3285 device_add+0x294/0x9e4 drivers/base/core.c:3615 fw_load_sysfs_fallback drivers/base/firmware_loader/fallback.c:86 [inline] fw_load_from_user_helper drivers/base/firmware_loader/fallback.c:162 [inline] firmware_fallback_sysfs+0x294/0x910 drivers/base/firmware_loader/fallback.c:238 _request_firmware+0xb04/0xf00 drivers/base/firmware_loader/main.c:898 request_firmware_work_func+0xa8/0x19c drivers/base/firmware_loader/main.c:1150 process_one_work kernel/workqueue.c:3314 [inline] process_scheduled_works+0x79c/0x1098 kernel/workqueue.c:3397 worker_thread+0x754/0xba0 kernel/workqueue.c:3478 kthread+0x2f8/0x3c8 kernel/kthread.c:436 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:842 Freed by task 4666: kasan_save_stack mm/kasan/common.c:57 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:78 kasan_save_free_info+0x58/0x70 mm/kasan/generic.c:584 poison_slab_object mm/kasan/common.c:253 [inline] __kasan_slab_free+0x74/0xa4 mm/kasan/common.c:285 kasan_slab_free include/linux/kasan.h:235 [inline] slab_free_hook mm/slub.c:2689 [inline] slab_free mm/slub.c:6250 [inline] kmem_cache_free+0x184/0x6b8 mm/slub.c:6377 kernfs_free_rcu+0xd0/0xe4 fs/kernfs/dir.c:576 rcu_do_batch kernel/rcu/tree.c:2617 [inline] rcu_core+0x580/0xef0 kernel/rcu/tree.c:2869 rcu_core_si+0x10/0x1c kernel/rcu/tree.c:2886 handle_softirqs+0x2e4/0xd34 kernel/softirq.c:622 __do_softirq+0x14/0x20 kernel/softirq.c:656 Last potentially related work creation: kasan_save_stack+0x40/0x6c mm/kasan/common.c:57 kasan_record_aux_stack+0xb0/0xc8 mm/kasan/generic.c:556 __call_rcu_common kernel/rcu/tree.c:3131 [inline] call_rcu+0x100/0x774 kernel/rcu/tree.c:3251 kernfs_put+0x230/0x53c fs/kernfs/dir.c:618 __kernfs_remove+0x51c/0x72c fs/kernfs/dir.c:1604 kernfs_remove+0x44/0x6c fs/kernfs/dir.c:1625 sysfs_remove_dir+0xa8/0xec fs/sysfs/dir.c:101 __kobject_del+0xe0/0x1c4 lib/kobject.c:604 kobject_del+0x48/0x68 lib/kobject.c:627 device_del+0x614/0x710 drivers/base/core.c:3915 usb_disconnect+0x48c/0x6f8 drivers/usb/core/hub.c:2376 hub_port_connect drivers/usb/core/hub.c:5407 [inline] hub_port_connect_change drivers/usb/core/hub.c:5707 [inline] port_event drivers/usb/core/hub.c:5871 [inline] hub_event+0x2a24/0x3b20 drivers/usb/core/hub.c:5953 process_one_work kernel/workqueue.c:3314 [inline] process_scheduled_works+0x79c/0x1098 kernel/workqueue.c:3397 worker_thread+0x754/0xba0 kernel/workqueue.c:3478 kthread+0x2f8/0x3c8 kernel/kthread.c:436 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:842 The buggy address belongs to the object at ffff0000cdf26b40 which belongs to the cache kernfs_node_cache of size 176 The buggy address is located 0 bytes inside of freed 176-byte region [ffff0000cdf26b40, ffff0000cdf26bf0) The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10df26 flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) page_type: f5(slab) raw: 05ffc00000000000 ffff0000c1867000 dead000000000122 0000000000000000 raw: 0000000000000000 0000000800110011 00000000f5000000 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff0000cdf26a00: fb fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb ffff0000cdf26a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff0000cdf26b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb ^ ffff0000cdf26b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc ffff0000cdf26c00: fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb ================================================================== kobject: kobject_add_internal failed for ueagle-atm!eagleII.fw (error: -2 parent: firmware) firmware ueagle-atm!eagleII.fw: fw_load_sysfs_fallback: device_register failed usb 1-1: [UEAGLE-ATM] firmware is not available