Hello, syzbot found the following crash on: HEAD commit: b791d1bd Merge tag 'locking-kcsan-2020-06-11' of git://git.. git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing console output: https://syzkaller.appspot.com/x/log.txt?x=13f305a9100000 kernel config: https://syzkaller.appspot.com/x/.config?x=16c2467d4b6dbee2 dashboard link: https://syzkaller.appspot.com/bug?extid=42bc0d31b9a21faebdf8 compiler: gcc (GCC) 9.0.0 20181231 (experimental) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=136ad566100000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10138f7a100000 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+42bc0d31b9a21faebdf8@xxxxxxxxxxxxxxxxxxxxxxxxx INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.7.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xf6/0x16e lib/dump_stack.c:118 assign_lock_key kernel/locking/lockdep.c:894 [inline] register_lock_class+0x1442/0x17e0 kernel/locking/lockdep.c:1206 arch_stack_walk+0x81/0xf0 arch/x86/kernel/stacktrace.c:25 lock_downgrade+0x720/0x720 kernel/locking/lockdep.c:4624 is_dynamic_key+0x1b0/0x1b0 kernel/locking/lockdep.c:1176 trace_hardirqs_off+0x50/0x1f0 kernel/trace/trace_preemptirq.c:83 __lock_acquire+0x101/0x6270 kernel/locking/lockdep.c:4259 save_stack+0x32/0x40 mm/kasan/common.c:50 save_stack+0x1b/0x40 mm/kasan/common.c:48 set_track mm/kasan/common.c:56 [inline] __kasan_kmalloc mm/kasan/common.c:494 [inline] __kasan_kmalloc.constprop.0+0xbf/0xd0 mm/kasan/common.c:467 slab_post_alloc_hook mm/slab.h:586 [inline] slab_alloc_node mm/slub.c:2824 [inline] slab_alloc mm/slub.c:2832 [inline] kmem_cache_alloc+0xd8/0x300 mm/slub.c:2837 __build_skb+0x21/0x60 net/core/skbuff.c:311 __netdev_alloc_skb+0x1e2/0x360 net/core/skbuff.c:464 __dev_alloc_skb include/linux/skbuff.h:2813 [inline] ath9k_hif_usb_rx_stream drivers/net/wireless/ath/ath9k/hif_usb.c:620 [inline] ath9k_hif_usb_rx_cb+0x64f/0x1050 drivers/net/wireless/ath/ath9k/hif_usb.c:671 __usb_hcd_giveback_urb+0x29a/0x550 drivers/usb/core/hcd.c:1650 usb_hcd_giveback_urb+0x368/0x420 drivers/usb/core/hcd.c:1716 dummy_timer+0x125e/0x32b4 drivers/usb/gadget/udc/dummy_hcd.c:1967 call_timer_fn+0x1ac/0x6e0 kernel/time/timer.c:1404 expire_timers kernel/time/timer.c:1449 [inline] __run_timers kernel/time/timer.c:1773 [inline] __run_timers kernel/time/timer.c:1740 [inline] run_timer_softirq+0x5e5/0x14c0 kernel/time/timer.c:1786 __do_softirq+0x21e/0x996 kernel/softirq.c:292 lockdep_hardirqs_on_prepare+0x550/0x550 kernel/locking/lockdep.c:3667 native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline] acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline] acpi_safe_halt+0x72/0x90 drivers/acpi/processor_idle.c:108 --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this bug, for details see: https://goo.gl/tpsmEJ#testing-patches