fix-insert-wifi-and-usb-wifi-panic #249
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
friendlyarm
pushed a commit
to friendlyarm/kernel-rockchip
that referenced
this pull request
Aug 31, 2021
commit b42b0bd upstream. I got a UAF report when doing fuzz test: [ 152.880091][ T8030] ================================================================== [ 152.881240][ T8030] BUG: KASAN: use-after-free in pwq_unbound_release_workfn+0x50/0x190 [ 152.882442][ T8030] Read of size 4 at addr ffff88810d31bd00 by task kworker/3:2/8030 [ 152.883578][ T8030] [ 152.883932][ T8030] CPU: 3 PID: 8030 Comm: kworker/3:2 Not tainted 5.13.0+ rockchip-linux#249 [ 152.885014][ T8030] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 [ 152.886442][ T8030] Workqueue: events pwq_unbound_release_workfn [ 152.887358][ T8030] Call Trace: [ 152.887837][ T8030] dump_stack_lvl+0x75/0x9b [ 152.888525][ T8030] ? pwq_unbound_release_workfn+0x50/0x190 [ 152.889371][ T8030] print_address_description.constprop.10+0x48/0x70 [ 152.890326][ T8030] ? pwq_unbound_release_workfn+0x50/0x190 [ 152.891163][ T8030] ? pwq_unbound_release_workfn+0x50/0x190 [ 152.891999][ T8030] kasan_report.cold.15+0x82/0xdb [ 152.892740][ T8030] ? pwq_unbound_release_workfn+0x50/0x190 [ 152.893594][ T8030] __asan_load4+0x69/0x90 [ 152.894243][ T8030] pwq_unbound_release_workfn+0x50/0x190 [ 152.895057][ T8030] process_one_work+0x47b/0x890 [ 152.895778][ T8030] worker_thread+0x5c/0x790 [ 152.896439][ T8030] ? process_one_work+0x890/0x890 [ 152.897163][ T8030] kthread+0x223/0x250 [ 152.897747][ T8030] ? set_kthread_struct+0xb0/0xb0 [ 152.898471][ T8030] ret_from_fork+0x1f/0x30 [ 152.899114][ T8030] [ 152.899446][ T8030] Allocated by task 8884: [ 152.900084][ T8030] kasan_save_stack+0x21/0x50 [ 152.900769][ T8030] __kasan_kmalloc+0x88/0xb0 [ 152.901416][ T8030] __kmalloc+0x29c/0x460 [ 152.902014][ T8030] alloc_workqueue+0x111/0x8e0 [ 152.902690][ T8030] __btrfs_alloc_workqueue+0x11e/0x2a0 [ 152.903459][ T8030] btrfs_alloc_workqueue+0x6d/0x1d0 [ 152.904198][ T8030] scrub_workers_get+0x1e8/0x490 [ 152.904929][ T8030] btrfs_scrub_dev+0x1b9/0x9c0 [ 152.905599][ T8030] btrfs_ioctl+0x122c/0x4e50 [ 152.906247][ T8030] __x64_sys_ioctl+0x137/0x190 [ 152.906916][ T8030] do_syscall_64+0x34/0xb0 [ 152.907535][ T8030] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 152.908365][ T8030] [ 152.908688][ T8030] Freed by task 8884: [ 152.909243][ T8030] kasan_save_stack+0x21/0x50 [ 152.909893][ T8030] kasan_set_track+0x20/0x30 [ 152.910541][ T8030] kasan_set_free_info+0x24/0x40 [ 152.911265][ T8030] __kasan_slab_free+0xf7/0x140 [ 152.911964][ T8030] kfree+0x9e/0x3d0 [ 152.912501][ T8030] alloc_workqueue+0x7d7/0x8e0 [ 152.913182][ T8030] __btrfs_alloc_workqueue+0x11e/0x2a0 [ 152.913949][ T8030] btrfs_alloc_workqueue+0x6d/0x1d0 [ 152.914703][ T8030] scrub_workers_get+0x1e8/0x490 [ 152.915402][ T8030] btrfs_scrub_dev+0x1b9/0x9c0 [ 152.916077][ T8030] btrfs_ioctl+0x122c/0x4e50 [ 152.916729][ T8030] __x64_sys_ioctl+0x137/0x190 [ 152.917414][ T8030] do_syscall_64+0x34/0xb0 [ 152.918034][ T8030] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 152.918872][ T8030] [ 152.919203][ T8030] The buggy address belongs to the object at ffff88810d31bc00 [ 152.919203][ T8030] which belongs to the cache kmalloc-512 of size 512 [ 152.921155][ T8030] The buggy address is located 256 bytes inside of [ 152.921155][ T8030] 512-byte region [ffff88810d31bc00, ffff88810d31be00) [ 152.922993][ T8030] The buggy address belongs to the page: [ 152.923800][ T8030] page:ffffea000434c600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10d318 [ 152.925249][ T8030] head:ffffea000434c600 order:2 compound_mapcount:0 compound_pincount:0 [ 152.926399][ T8030] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff) [ 152.927515][ T8030] raw: 057ff00000010200 dead000000000100 dead000000000122 ffff888009c42c80 [ 152.928716][ T8030] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 152.929890][ T8030] page dumped because: kasan: bad access detected [ 152.930759][ T8030] [ 152.931076][ T8030] Memory state around the buggy address: [ 152.931851][ T8030] ffff88810d31bc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 152.932967][ T8030] ffff88810d31bc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 152.934068][ T8030] >ffff88810d31bd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 152.935189][ T8030] ^ [ 152.935763][ T8030] ffff88810d31bd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 152.936847][ T8030] ffff88810d31be00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 152.937940][ T8030] ================================================================== If apply_wqattrs_prepare() fails in alloc_workqueue(), it will call put_pwq() which invoke a work queue to call pwq_unbound_release_workfn() and use the 'wq'. The 'wq' allocated in alloc_workqueue() will be freed in error path when apply_wqattrs_prepare() fails. So it will lead a UAF. CPU0 CPU1 alloc_workqueue() alloc_and_link_pwqs() apply_wqattrs_prepare() fails apply_wqattrs_cleanup() schedule_work(&pwq->unbound_release_work) kfree(wq) worker_thread() pwq_unbound_release_workfn() <- trigger uaf here If apply_wqattrs_prepare() fails, the new pwq are not linked, it doesn't hold any reference to the 'wq', 'wq' is invalid to access in the worker, so add check pwq if linked to fix this. Fixes: 2d5f076 ("workqueue: split apply_workqueue_attrs() into 3 stages") Cc: stable@vger.kernel.org # v4.2+ Reported-by: Hulk Robot <hulkci@huawei.com> Suggested-by: Lai Jiangshan <jiangshanlai@gmail.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> Reviewed-by: Lai Jiangshan <jiangshanlai@gmail.com> Tested-by: Pavel Skripkin <paskripkin@gmail.com> Signed-off-by: Tejun Heo <tj@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[ 44.306135] usb 1-1.1: USB disconnect, device number 3
[ 44.306419] Unable to handle kernel read from unreadable memory at virtual address 0000000000000000
[ 44.307466] Mem abort info:
[ 44.307719] ESR = 0x96000005
[ 44.307994] Exception class = DABT (current EL), IL = 32 bits
[ 44.308518] SET = 0, FnV = 0
[ 44.308794] EA = 0, S1PTW = 0
[ 44.309068] Data abort info:
[ 44.309322] ISV = 0, ISS = 0x00000005
[ 44.309664] CM = 0, WnR = 0
[ 44.309931] user pgtable: 4k pages, 39-bit VAs, pgdp = 00000000c6dfa931
[ 44.310512] [0000000000000000] pgd=0000000000000000, pud=0000000000000000
[ 44.311109] Internal error: Oops: 96000005 [#1] PREEMPT SMP
[ 44.311600] Modules linked in:
[ 44.311878] Process kworker/0:1 (pid: 46, stack limit = 0x00000000514b81b2)
[ 44.312496] CPU: 0 PID: 46 Comm: kworker/0:1 Not tainted 4.19.161 #54
[ 44.313065] Hardware name: rockchip,rk3399-mid (DT)
[ 44.313512] Workqueue: usb_hub_wq hub_event
[ 44.313881] pstate: 60400085 (nZCv daIf +PAN -UAO)
[ 44.314309] pc : wl_cfg80211_netdev_notifier_call+0x208/0x274
[ 44.314813] lr : wl_cfg80211_netdev_notifier_call+0x1f4/0x274
[ 44.315315] sp : ffffff8009d637d0
[ 44.315613] x29: ffffff8009d637d0 x28: 00000000ffffffed
[ 44.316082] x27: dead000000000200 x26: dead000000000100
[ 44.316551] x25: 0000000000000001 x24: ffffff800938420c
[ 44.317021] x23: ffffff800982e940 x22: ffffffc0ebf2cec8
[ 44.317490] x21: 0000000000000009 x20: ffffffc0ebf2d000
[ 44.317960] x19: ffffffc0ebf2c920 x18: ffffffc00a362794
[ 44.318429] x17: 0000000000000000 x16: 0000000000000000
[ 44.318898] x15: 0000000000000000 x14: ffffffc0edd32088
[ 44.319367] x13: ffffffc00a362790 x12: 0000000000000030
[ 44.319837] x11: 0000000000000030 x10: 0101010101010101
[ 44.320306] x9 : 72241f396d747335 x8 : 7f7f7f7f7f7f7f7f
[ 44.320776] x7 : ffff716475687163 x6 : 00000000000011b0
[ 44.321245] x5 : 0000000000000000 x4 : ffffffffffffee50
[ 44.321714] x3 : 0000000000000000 x2 : ffffffffffffee50
[ 44.322183] x1 : ffffffc0ebf2ceb8 x0 : 0000000000000000
[ 44.322653]
PC: 0xffffff800882fec4:
[ 44.323088] fec4 f900469f f9404a80 97e72536 f9004a9f f9404e80 97e72533 f9004e9f 8b190280
[ 44.323812] fee4 a97b0c04 f9000483 f9000064 a93b6c1a b954fa60 51000400 b914fa60 aa1403e0
[ 44.324535] ff04 97e72528 f94037e1 928235e2 d2823605 f948daa0 aa1503f4 8b020015 17ffffd9
[ 44.325257] ff24 9116a276 aa1603e0 941d384d f942ce62 928235e4 91166261 d2823606 8b040042
[ 44.325979] ff44 f948d843 8b040063 8b060045 eb0100bf 54000061 52800015 14000007 b4000214
[ 44.326702] ff64 f9400045 eb05029f 540001a1 f9403855 530106b5 aa0003e1 aa1603e0 941d38b5
[ 44.327424] ff84 34fff1f5 52800023 aa1403e1 2a0303e2 aa1303e0 97ffa9fc 17ffff89 f948d865
[ 44.328146] ffa4 aa0303e2 8b0400a3 17ffffe8 a9b87bfd 910003fd a90573fb d000737b 912b237b
[ 44.328870]
LR: 0xffffff800882feb0:
[ 44.329305] feb0 eb0002df 54000301 f9404680 f90037e1 97e72539 f900469f f9404a80 97e72536
[ 44.330027] fed0 f9004a9f f9404e80 97e72533 f9004e9f 8b190280 a97b0c04 f9000483 f9000064
[ 44.330750] fef0 a93b6c1a b954fa60 51000400 b914fa60 aa1403e0 97e72528 f94037e1 928235e2
[ 44.331473] ff10 d2823605 f948daa0 aa1503f4 8b020015 17ffffd9 9116a276 aa1603e0 941d384d
[ 44.332196] ff30 f942ce62 928235e4 91166261 d2823606 8b040042 f948d843 8b040063 8b060045
[ 44.332918] ff50 eb0100bf 54000061 52800015 14000007 b4000214 f9400045 eb05029f 540001a1
[ 44.333641] ff70 f9403855 530106b5 aa0003e1 aa1603e0 941d38b5 34fff1f5 52800023 aa1403e1
[ 44.334363] ff90 2a0303e2 aa1303e0 97ffa9fc 17ffff89 f948d865 aa0303e2 8b0400a3 17ffffe8
[ 44.335086]
SP: 0xffffff8009d63750:
[ 44.335521] 3750 0938420c ffffff80 00000001 00000000 00000100 dead0000 00000200 dead0000
[ 44.336243] 3770 ffffffed 00000000 09d637d0 ffffff80 0882ff30 ffffff80 09d637d0 ffffff80
[ 44.336966] 3790 0882ff44 ffffff80 60400085 00000000 09d63840 ffffff80 080d87b4 ffffff80
[ 44.337688] 37b0 ffffffff ffffffff 0882ff30 ffffff80 09d637d0 ffffff80 0882ff44 ffffff80
[ 44.338410] 37d0 09d63840 ffffff80 080d87b4 ffffff80 ffffffe9 00000000 00000000 00000000
[ 44.339133] 37f0 00000009 00000000 09d638d8 ffffff80 0982e940 ffffff80 0938420c ffffff80
[ 44.339855] 3810 00000001 00000000 00000100 dead0000 00000200 dead0000 ffffffed 00000000
[ 44.340578] 3830 00000001 00000000 8cc17400 046ac34b 09d63880 ffffff80 080d886c ffffff80
[ 44.341301]
X1: 0xffffffc0ebf2ce38:
[ 44.341736] ce38 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.342459] ce58 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.343181] ce78 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.343903] ce98 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.344626] ceb8 00000000 00000000 00000000 00000000 00000001 00000000 00000000 00000000
[ 44.345348] ced8 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.346071] cef8 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.346793] cf18 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.347516]
X2: 0xffffffffffffedd0:
[ 44.347951] edd0 ******** ******** ******** ******** ******** ******** ******** ********
[ 44.348676] edf0 ******** ******** ******** ******** ******** ******** ******** ********
[ 44.349399] ee10 ******** ******** ******** ******** ******** ******** ******** ********
[ 44.350122] ee30 ******** ******** ******** ******** ******** ******** ******** ********
[ 44.350845] ee50 ******** ******** ******** ******** ******** ******** ******** ********
[ 44.351568] ee70 ******** ******** ******** ******** ******** ******** ******** ********
[ 44.352292] ee90 ******** ******** ******** ******** ******** ******** ******** ********
[ 44.353015] eeb0 ******** ******** ******** ******** ******** ******** ******** ********
[ 44.353739]
X4: 0xffffffffffffedd0:
[ 44.354173] edd0 ******** ******** ******** ******** ******** ******** ******** ********
[ 44.354897] edf0 ******** ******** ******** ******** ******** ******** ******** ********
[ 44.355620] ee10 ******** ******** ******** ******** ******** ******** ******** ********
[ 44.356343] ee30 ******** ******** ******** ******** ******** ******** ******** ********
[ 44.357066] ee50 ******** ******** ******** ******** ******** ******** ******** ********
[ 44.357789] ee70 ******** ******** ******** ******** ******** ******** ******** ********
[ 44.358513] ee90 ******** ******** ******** ******** ******** ******** ******** ********
[ 44.359236] eeb0 ******** ******** ******** ******** ******** ******** ******** ********
[ 44.359963]
X13: 0xffffffc00a362710:
[ 44.360408] 2710 0a362380 ffffffc0 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.361131] 2730 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.361853] 2750 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.362575] 2770 00000000 00000000 00000000 00000000 0a366000 ffffffc0 00000002 00000000
[ 44.363297] 2790 00000000 02000004 f149eda1 ffffffc0 00000000 00007cce 00007ccd 00000001
[ 44.364019] 27b0 00000000 00000000 ef468e98 ffffffc0 ef468e98 ffffffc0 00000000 00000000
[ 44.364742] 27d0 0a3627d0 ffffffc0 0a3627d0 ffffffc0 00000000 00000000 00000000 00000000
[ 44.365464] 27f0 00000000 00000000 00000000 00000000 093cd8d8 ffffff80 0a362808 ffffffc0
[ 44.366188]
X14: 0xffffffc0edd32008:
[ 44.366634] 2008 edd32008 ffffffc0 edd32008 ffffffc0 ea624550 ffffffc0 00000000 00000000
[ 44.367357] 2028 00000000 00000000 ea6246e8 ffffffc0 00000000 00000000 00000000 00000000
[ 44.368079] 2048 ea624880 ffffffc0 ea624908 ffffffc0 00000000 00000000 00000000 00000000
[ 44.368802] 2068 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.369524] 2088 00000000 00000000 ea624d48 ffffffc0 00000000 00000000 00000000 00000000
[ 44.370247] 20a8 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.370969] 20c8 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.371691] 20e8 ea736330 ffffffc0 ea7363b8 ffffffc0 ea736440 ffffffc0 ea7364c8 ffffffc0
[ 44.372416]
X18: 0xffffffc00a362714:
[ 44.372862] 2714 ffffffc0 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.373584] 2734 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.374306] 2754 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.375028] 2774 00000000 00000000 00000000 0a366000 ffffffc0 00000002 00000000 00000000
[ 44.375751] 2794 02000004 f149eda1 ffffffc0 00000000 00007cce 00007ccd 00000001 00000000
[ 44.376473] 27b4 00000000 ef468e98 ffffffc0 ef468e98 ffffffc0 00000000 00000000 0a3627d0
[ 44.377196] 27d4 ffffffc0 0a3627d0 ffffffc0 00000000 00000000 00000000 00000000 00000000
[ 44.377919] 27f4 00000000 00000000 00000000 093cd8d8 ffffff80 0a362808 ffffffc0 0a362808
[ 44.378642]
X19: 0xffffffc0ebf2c8a0:
[ 44.379087] c8a0 00000001 00000000 edd60b60 ffffffc0 00000000 00000000 00000000 00000000
[ 44.379810] c8c0 ea487e10 ffffffc0 ea487e10 ffffffc0 09820180 ffffff80 00000000 00000000
[ 44.380533] c8e0 09083268 ffffff80 090832a8 ffffff80 00000002 00000000 00010000 00000000
[ 44.381256] c900 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.381978] c920 ebf2b000 ffffffc0 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.382700] c940 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.383423] c960 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.384145] c980 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.384868]
X20: 0xffffffc0ebf2cf80:
[ 44.385314] cf80 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.386037] cfa0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.386759] cfc0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.387481] cfe0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.388202] d000 32786c77 62643030 66363230 00333662 00000000 00000000 f11f6b38 ffffffc0
[ 44.388925] d020 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.389647] d040 00000000 00000000 00000007 00000000 ecb1e050 ffffffc0 efb8e050 ffffffc0
[ 44.390370] d060 0b5e4620 ffffff80 0b5e4620 ffffff80 09d63a18 ffffff80 09d63a18 ffffff80
[ 44.391094]
X22: 0xffffffc0ebf2ce48:
[ 44.391539] ce48 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.392261] ce68 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.392983] ce88 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.393706] cea8 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.394428] cec8 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.395151] cee8 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.395873] cf08 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.396595] cf28 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.397319]
X23: 0xffffff800982e8c0:
[ 44.397764] e8c0 0982e8c0 ffffff80 0982e8c0 ffffff80 00000000 00000000 0000000d 00000000
[ 44.398487] e8e0 00000000 00000000 0001734b 00000001 d2709b98 ffffff7d 9d4a5600 ffffffc0
[ 44.399209] e900 ef800000 ffffffc0 0982f0c0 ffffff80 0982efb8 ffffff80 08e1b628 ffffff80
[ 44.399931] e920 08e1b604 ffffff80 00000000 00000000 00000000 00000000 00000000 00000000
[ 44.400654] e940 08e1c450 ffffff80 0982e4e8 ffffff80 fffffffb 00000000 00000001 00000000
[ 44.401376] e960 0986bae1 ffffff80 00000001 00000000 0986baf9 ffffff80 0000000a 00000000
[ 44.402099] e980 096a7f20 ffffff80 08e20534 ffffff80 08e20534 ffffff80 08e1e2a4 ffffff80
[ 44.402821] e9a0 08e1e288 ffffff80 00000003 00000000 0982eb98 ffffff80 09aed998 ffffff80
[ 44.403544]
X24: 0xffffff800938418c:
[ 44.403990] 418c 20687361 72746e65 37300079 37303730 636e6900 6572726f 63207463 206f6970
[ 44.404713] 41ac 6874656d 7520646f 3a646573 65737520 20482d20 6377656e 74706f20 006e6f69
[ 44.405436] 41cc 37303730 6e003130 7063206f 6d206f69 63696761 41525400 52454c49 00212121
[ 44.406158] 41ec 276e6163 6c612074 61636f6c 64206574 655f7269 7972746e 66756220 00726566
[ 44.406881] 420c 2d2d3401 2d2d2d2d 2d2d2d2d 205b2d2d 20747563 65726568 2d2d5d20 2d2d2d2d
[ 44.407603] 422c 2d2d2d2d 000a2d2d 74697277 72652065 00726f72 72543601 676e6979 206f7420
[ 44.408326] 424c 61706e75 72206b63 66746f6f 6d692073 20656761 69207361 7274696e 73666d61
[ 44.409048] 426c 0a2e2e2e 72360100 66746f6f 6d692073 20656761 6e207369 6920746f 7274696e
[ 44.409290] read channel() error: -110
[ 44.409774]
X29: 0xffffff8009d63750:
[ 44.410547] 3750 0938420c ffffff80 00000001 00000000 00000100 dead0000 00000200 dead0000
[ 44.411269] 3770 ffffffed 00000000 09d637d0 ffffff80 0882ff30 ffffff80 09d637d0 ffffff80
[ 44.411992] 3790 0882ff44 ffffff80 60400085 00000000 09d63840 ffffff80 080d87b4 ffffff80
[ 44.412717] 37b0 ffffffff ffffffff 0882ff30 ffffff80 09d637d0 ffffff80 0882ff44 ffffff80
[ 44.413468] 37d0 09d63840 ffffff80 080d87b4 ffffff80 ffffffe9 00000000 00000000 00000000
[ 44.413498] 37f0 00000009 00000000 09d638d8 ffffff80 0982e940 ffffff80 0938420c ffffff80
[ 44.413532] 3810 00000001 00000000 00000100 dead0000 00000200 dead0000 ffffffed 00000000
[ 44.415700] 3830 00000001 00000000 8cc17400 046ac34b 09d63880 ffffff80 080d886c ffffff80
[ 44.415712] Call trace:
[ 44.415721] wl_cfg80211_netdev_notifier_call+0x208/0x274
[ 44.415728] notifier_call_chain+0x64/0x84
[ 44.415732] raw_notifier_call_chain+0x14/0x1c
[ 44.415739] call_netdevice_notifiers_info+0x68/0x74
[ 44.415744] call_netdevice_notifiers+0x2c/0x4c
[ 44.415750] __dev_close_many+0x94/0xe0
[ 44.419220] dev_close_many+0x3c/0xe4
[ 44.419226] rollback_registered_many+0xdc/0x4fc
[ 44.419229] rollback_registered+0x3c/0x68
[ 44.419232] unregister_netdevice_queue+0x88/0xc0
[ 44.419235] unregister_netdev+0x20/0x30
[ 44.419240] rtw_os_ndev_unregister+0xa0/0xcc
[ 44.419243] rtw_os_ndevs_unregister+0x24/0x50
[ 44.419247] rtw_dev_remove+0x3c/0x10c
[ 44.419252] usb_unbind_interface+0x94/0x1f0
[ 44.419259] device_release_driver_internal+0xa4/0x188
[ 44.419263] device_release_driver+0x14/0x1c
[ 44.419267] bus_remove_device+0xb4/0xe8
[ 44.419270] device_del+0x184/0x338
[ 44.419274] usb_disable_device+0x10c/0x17c
[ 44.419279] usb_disconnect+0x94/0x22c
[ 44.419282] hub_event+0x5a0/0xeec
[ 44.419288] process_one_work+0x1dc/0x3a4
[ 44.419292] worker_thread+0x220/0x30c
[ 44.419296] kthread+0x14c/0x15c
[ 44.419301] ret_from_fork+0x10/0x18
[ 44.419308] Code: 928235e4 91166261 d2823606 8b040042 (f948d843)
[ 44.426916] ---[ end trace 86ac96a1c1b0fb07 ]---
[ 44.426921] note: kworker/0:1[46] exited with preempt_count 1