WARNING in usb_free_urb - sanan.hasanou

Linux-mm Archive on lore.kernel.org
 help / color / mirror / Atom feed

From: sanan.hasanou@gmail.com
To: vbabka@suse.cz, akpm@linux-foundation.org, cl@gentwo.org,
	rientjes@google.com, roman.gushchin@linux.dev,
	harry.yoo@oracle.com, linux-mm@kvack.org,
	linux-kernel@vger.kernel.org
Cc: syzkaller@googlegroups.com, contact@pgazz.com
Subject: WARNING in usb_free_urb
Date: Fri, 26 Jun 2026 14:27:09 -0700 (PDT)	[thread overview]
Message-ID: <6a3eeead.7fb353d3.354599.b0b0@mx.google.com> (raw)

Good day, dear maintainers,

We found a bug using a modified version of syzkaller.

Kernel Branch: 7.0-rc1
Kernel Config: <https://drive.google.com/open?id=1zJHAs5GUroGFBkxAlzfDaWAd_NVPZTfJ>
Unfortunately, we don't have any reproducer for this bug yet.
Thank you!

Best regards,
Sanan Hasanov

179683 pages reserved
0 pages cma reserved
Memory cgroup min protection 0kB -- low protection 0kB
------------[ cut here ]------------
!PageLargeKmalloc(page)
WARNING: mm/slub.c:6352 at free_large_kmalloc+0xb3/0x160 mm/slub.c:6352, CPU#1: kworker/1:4/12317
Modules linked in:
CPU: 1 UID: 0 PID: 12317 Comm: kworker/1:4 Tainted: G             L      7.0.0-rc1 #1 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Workqueue: events request_module_async
RIP: 0010:free_large_kmalloc+0xb3/0x160 mm/slub.c:6352
Code: 25 00 00 00 ff 3d 00 00 00 f8 0f 85 a6 00 00 00 c7 43 30 ff ff ff ff 48 89 df 44 89 f6 e8 45 d9 fc ff 5b 41 5e 41 5f 5d c3 90 <0f> 0b 90 48 89 df 48 c7 c6 b7 4c 72 8d e8 cb e8 08 ff eb e4 90 0f
RSP: 0018:ffffc900028e76f8 EFLAGS: 00010287
RAX: 00000000f0000000 RBX: ffffea00019a5c00 RCX: ffff888067550001
RDX: 0000000000000000 RSI: ffff888066970000 RDI: ffffea00019a5c00
RBP: ffffc900028e7710 R08: ffff888049c40603 R09: 1ffff110093880c0
R10: dffffc0000000000 R11: ffffed10093880c1 R12: ffff888066970000
R13: ffffffff870bc0f1 R14: 0000000000000000 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880ef136000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fba7e4bf008 CR3: 000000005776b000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 kfree+0xae/0x630 mm/slub.c:6437
 urb_destroy drivers/usb/core/urb.c:25 [inline]
 kref_put include/linux/kref.h:65 [inline]
 usb_free_urb+0xd1/0x120 drivers/usb/core/urb.c:96
 em28xx_uninit_usb_xfer+0x165/0x310 drivers/media/usb/em28xx/em28xx-core.c:833
 em28xx_alloc_urbs+0xf2a/0x1130 drivers/media/usb/em28xx/em28xx-core.c:-1
 em28xx_dvb_init+0x2b0/0x4a20 drivers/media/usb/em28xx/em28xx-dvb.c:-1
 em28xx_init_extension+0x121/0x1d0 drivers/media/usb/em28xx/em28xx-core.c:1117
 request_module_async+0x5e/0x80 drivers/media/usb/em28xx/em28xx-cards.c:3457
 process_one_work kernel/workqueue.c:3275 [inline]
 process_scheduled_works+0xae1/0x1800 kernel/workqueue.c:3358
 worker_thread+0xa0f/0xf70 kernel/workqueue.c:3439
 kthread+0x37d/0x470 kernel/kthread.c:467
 ret_from_fork+0x507/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:245
 </TASK>

<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>

Modules linked in:
CPU: 1 UID: 0 PID: 12317 Comm: kworker/1:4 Tainted: G             L      7.0.0-rc1 #1 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Workqueue: events request_module_async
RIP: 0010:free_large_kmalloc+0xb3/0x160
Code: 25 00 00 00 ff 3d 00 00 00 f8 0f 85 a6 00 00 00 c7 43 30 ff ff ff ff 48 89 df 44 89 f6 e8 45 d9 fc ff 5b 41 5e 41 5f 5d c3 90 <0f> 0b 90 48 89 df 48 c7 c6 b7 4c 72 8d e8 cb e8 08 ff eb e4 90 0f
RSP: 0018:ffffc900028e76f8 EFLAGS: 00010287
RAX: 00000000f0000000 RBX: ffffea00019a5c00 RCX: ffff888067550001
RDX: 0000000000000000 RSI: ffff888066970000 RDI: ffffea00019a5c00
RBP: ffffc900028e7710 R08: ffff888049c40603 R09: 1ffff110093880c0
R10: dffffc0000000000 R11: ffffed10093880c1 R12: ffff888066970000
R13: ffffffff870bc0f1 R14: 0000000000000000 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880ef136000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fba7e4bf008 CR3: 000000005776b000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 kfree+0xae/0x630
 usb_free_urb+0xd1/0x120
 em28xx_uninit_usb_xfer+0x165/0x310
 em28xx_alloc_urbs+0xf2a/0x1130
 em28xx_dvb_init+0x2b0/0x4a20
 em28xx_init_extension+0x121/0x1d0
 request_module_async+0x5e/0x80
 process_scheduled_works+0xae1/0x1800
 worker_thread+0xa0f/0xf70
 kthread+0x37d/0x470
 ret_from_fork+0x507/0xb90
 ret_from_fork_asm+0x11/0x20
 </TASK>
Kernel panic - not syncing: kernel: panic_on_warn set ...
CPU: 1 UID: 0 PID: 12317 Comm: kworker/1:4 Tainted: G             L      7.0.0-rc1 #1 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Workqueue: events request_module_async
Call Trace:
 <TASK>
 __dump_stack+0x21/0x30
 dump_stack_lvl+0x2b/0x150
 dump_stack+0x19/0x20
 vpanic+0x53e/0xa20
 panic+0xb9/0xc0
 __warn+0x320/0x500
 __report_bug+0x28d/0x500
 report_bug+0x175/0x220
 handle_bug+0x9c/0x200
 exc_invalid_op+0x1f/0x50
 asm_exc_invalid_op+0x1f/0x30
RIP: 0010:free_large_kmalloc+0xb3/0x160
Code: 25 00 00 00 ff 3d 00 00 00 f8 0f 85 a6 00 00 00 c7 43 30 ff ff ff ff 48 89 df 44 89 f6 e8 45 d9 fc ff 5b 41 5e 41 5f 5d c3 90 <0f> 0b 90 48 89 df 48 c7 c6 b7 4c 72 8d e8 cb e8 08 ff eb e4 90 0f
RSP: 0018:ffffc900028e76f8 EFLAGS: 00010287
RAX: 00000000f0000000 RBX: ffffea00019a5c00 RCX: ffff888067550001
RDX: 0000000000000000 RSI: ffff888066970000 RDI: ffffea00019a5c00
RBP: ffffc900028e7710 R08: ffff888049c40603 R09: 1ffff110093880c0
R10: dffffc0000000000 R11: ffffed10093880c1 R12: ffff888066970000
R13: ffffffff870bc0f1 R14: 0000000000000000 R15: dffffc0000000000
 kfree+0xae/0x630
 usb_free_urb+0xd1/0x120
 em28xx_uninit_usb_xfer+0x165/0x310
 em28xx_alloc_urbs+0xf2a/0x1130
 em28xx_dvb_init+0x2b0/0x4a20
 em28xx_init_extension+0x121/0x1d0
 request_module_async+0x5e/0x80
 process_scheduled_works+0xae1/0x1800
 worker_thread+0xa0f/0xf70
 kthread+0x37d/0x470
 ret_from_fork+0x507/0xb90
 ret_from_fork_asm+0x11/0x20
 </TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..

<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>

                 reply	other threads:[~2026-06-26 21:27 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6a3eeead.7fb353d3.354599.b0b0@mx.google.com \
    --to=sanan.hasanou@gmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=cl@gentwo.org \
    --cc=contact@pgazz.com \
    --cc=harry.yoo@oracle.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=rientjes@google.com \
    --cc=roman.gushchin@linux.dev \
    --cc=syzkaller@googlegroups.com \
    --cc=vbabka@suse.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox