Warning: Permanently added '10.128.0.215' (ECDSA) to the list of known hosts.
2020/06/08 21:23:34 parsed 1 programs
2020/06/08 21:23:34 executed programs: 0
[ 99.419357][ T379] cgroup: Unknown subsys name 'perf_event'
[ 99.426909][ T375] cgroup: Unknown subsys name 'perf_event'
[ 99.427226][ T378] cgroup: Unknown subsys name 'perf_event'
[ 99.435935][ T383] cgroup: Unknown subsys name 'perf_event'
[ 99.446915][ T379] cgroup: Unknown subsys name 'net_cls'
[ 99.453202][ T384] cgroup: Unknown subsys name 'perf_event'
[ 99.453246][ T375] cgroup: Unknown subsys name 'net_cls'
[ 99.460668][ T385] cgroup: Unknown subsys name 'perf_event'
[ 99.471446][ T383] cgroup: Unknown subsys name 'net_cls'
[ 99.471471][ T384] cgroup: Unknown subsys name 'net_cls'
[ 99.483044][ T378] cgroup: Unknown subsys name 'net_cls'
[ 99.489641][ T385] cgroup: Unknown subsys name 'net_cls'
[ 108.347344][ T164] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 108.427188][ T103] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 108.434767][ T21] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 108.477265][ T5] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 108.537195][ T94] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 108.587206][ T3064] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 108.877389][ T164] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 108.886673][ T164] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 108.894857][ T164] usb 4-1: Product: syz
[ 108.899092][ T164] usb 4-1: Manufacturer: syz
[ 108.903671][ T164] usb 4-1: SerialNumber: syz
[ 108.948874][ T164] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 108.967524][ T103] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 108.976715][ T103] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 108.986670][ T103] usb 6-1: Product: syz
[ 108.990884][ T103] usb 6-1: Manufacturer: syz
[ 108.995463][ T103] usb 6-1: SerialNumber: syz
[ 109.000148][ T21] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 109.009285][ T21] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 109.017545][ T21] usb 1-1: Product: syz
[ 109.021702][ T21] usb 1-1: Manufacturer: syz
[ 109.026282][ T21] usb 1-1: SerialNumber: syz
[ 109.027308][ T5] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 109.040073][ T5] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 109.048176][ T5] usb 5-1: Product: syz
[ 109.052329][ T5] usb 5-1: Manufacturer: syz
[ 109.057141][ T5] usb 5-1: SerialNumber: syz
[ 109.077990][ T103] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 109.088768][ T21] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 109.099587][ T94] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 109.108961][ T94] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 109.116955][ T94] usb 3-1: Product: syz
[ 109.121191][ T94] usb 3-1: Manufacturer: syz
[ 109.125775][ T94] usb 3-1: SerialNumber: syz
[ 109.134194][ T5] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 109.188204][ T94] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 109.207442][ T3064] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 109.216905][ T3064] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 109.225077][ T3064] usb 2-1: Product: syz
[ 109.229352][ T3064] usb 2-1: Manufacturer: syz
[ 109.233940][ T3064] usb 2-1: SerialNumber: syz
[ 109.287940][ T3064] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 109.647231][ T164] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 109.717251][ T103] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 109.717318][ T5] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 109.726422][ T21] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 109.757224][ T94] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 109.897196][ T3064] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 110.777024][ T94] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[ 110.784149][ T5] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[ 110.786953][ T21] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 110.791920][ T94] ath9k_htc: Failed to initialize the device
[ 110.798557][ T103] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[ 110.804702][ T5] ath9k_htc: Failed to initialize the device
[ 110.818762][ T21] ath9k_htc: Failed to initialize the device
[ 110.825067][ T103] ath9k_htc: Failed to initialize the device
[ 110.937284][ T3064] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[ 110.944513][ T3064] ath9k_htc: Failed to initialize the device
[ 111.417106][ T164] usb 4-1: Service connection timeout for: 256
[ 111.423395][ T164] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services
[ 111.432158][ T164] ath9k_htc: Failed to initialize the device
[ 111.447116][ C0] ==================================================================
[ 111.455399][ C0] BUG: KASAN: use-after-free in kfree_skb+0x32/0x3d0
[ 111.462153][ C0] Read of size 4 at addr ffff8881d17495d4 by task swapper/0/0
[ 111.469932][ C0]
[ 111.472382][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.7.0-rc6-syzkaller #0
[ 111.480701][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 111.490751][ C0] Call Trace:
[ 111.494014][ C0]
[ 111.496861][ C0] dump_stack+0xef/0x16e
[ 111.501253][ C0] print_address_description.constprop.0.cold+0xd3/0x415
[ 111.508309][ C0] ? lock_acquire+0x18b/0x7c0
[ 111.512970][ C0] ? kcov_remote_start+0xd9/0x390
[ 111.518012][ C0] ? vprintk_func+0x7d/0x113
[ 111.523202][ C0] ? kfree_skb+0x32/0x3d0
[ 111.527651][ C0] __kasan_report.cold+0x37/0x7d
[ 111.532757][ C0] ? kfree_skb+0x32/0x3d0
[ 111.537082][ C0] ? kfree_skb+0x32/0x3d0
[ 111.541516][ C0] kasan_report+0x33/0x50
[ 111.545834][ C0] check_memory_region+0x173/0x1d0
[ 111.550934][ C0] kfree_skb+0x32/0x3d0
[ 111.555081][ C0] hif_usb_regout_cb+0x156/0x1c0
[ 111.560023][ C0] ? _raw_spin_unlock_irqrestore+0x2a/0x40
[ 111.565814][ C0] __usb_hcd_giveback_urb+0x29a/0x550
[ 111.571170][ C0] usb_hcd_giveback_urb+0x368/0x420
[ 111.576437][ C0] dummy_timer+0x125e/0x32b4
[ 111.581015][ C0] ? __lock_acquire+0x2248/0x6650
[ 111.586071][ C0] ? dummy_udc_probe+0x980/0x980
[ 111.591153][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 111.596693][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 111.602081][ C0] call_timer_fn+0x1ac/0x700
[ 111.606882][ C0] ? dummy_udc_probe+0x980/0x980
[ 111.611814][ C0] ? timer_fixup_init+0x60/0x60
2020/06/08 21:23:47 executed programs: 6
[ 111.617519][ C0] ? lock_downgrade+0x720/0x720
[ 111.622102][ T3092] usb 4-1: USB disconnect, device number 2
[ 111.622367][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 111.633807][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 111.639101][ C0] ? _raw_spin_unlock_irq+0x1f/0x30
[ 111.644320][ C0] ? dummy_udc_probe+0x980/0x980
[ 111.649286][ C0] run_timer_softirq+0x5f9/0x1500
[ 111.654312][ C0] ? add_timer+0x7a0/0x7a0
[ 111.658823][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 111.664369][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 111.669657][ C0] __do_softirq+0x21e/0x9aa
[ 111.674168][ C0] irq_exit+0x178/0x1a0
[ 111.678362][ C0] smp_apic_timer_interrupt+0x141/0x540
[ 111.683939][ C0] apic_timer_interrupt+0xf/0x20
[ 111.688886][ C0]
[ 111.692024][ C0] RIP: 0010:default_idle+0x28/0x300
[ 111.697054][ T3105] usb 5-1: USB disconnect, device number 2
[ 111.697310][ C0] Code: cc cc 41 56 41 55 65 44 8b 2d 94 3f 6b 7a 41 54 55 53 0f 1f 44 00 00 e8 16 28 af fb e9 07 00 00 00 0f 00 2d 7a e1 4b 00 fb f4 <65> 44 8b 2d 70 3f 6b 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
[ 111.722689][ C0] RSP: 0018:ffffffff87007da0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 111.731949][ C0] RAX: 0000000000000007 RBX: ffffffff8702f800 RCX: 0000000000000000
[ 111.739942][ C0] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffffffff8703007c
[ 111.747990][ C0] RBP: fffffbfff0e05f00 R08: ffffffff8702f800 R09: 0000000000000000
[ 111.756053][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 111.764043][ C0] R13: 0000000000000000 R14: ffffffff87e88c40 R15: 0000000000000000
[ 111.772213][ C0] do_idle+0x3e0/0x500
[ 111.776298][ C0] ? rcu_read_lock_held+0x9c/0xb0
[ 111.781726][ C0] ? arch_cpu_idle_exit+0x40/0x40
[ 111.786943][ C0] ? schedule+0xe1/0x2b0
[ 111.791168][ C0] cpu_startup_entry+0x14/0x20
[ 111.795922][ C0] start_kernel+0x9bb/0x9f8
[ 111.800431][ C0] ? mem_encrypt_init+0x5/0x5
[ 111.805113][ C0] ? x86_family+0x3d/0x50
[ 111.809444][ C0] ? load_ucode_bsp+0x23d/0x27d
[ 111.814325][ C0] secondary_startup_64+0xb6/0xc0
[ 111.819325][ C0]
[ 111.821704][ C0] Allocated by task 164:
[ 111.826055][ C0] save_stack+0x1b/0x40
[ 111.830197][ C0] __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 111.835811][ C0] kmem_cache_alloc_node+0xdc/0x330
[ 111.841074][ C0] __alloc_skb+0xba/0x5a0
[ 111.845403][ C0] htc_connect_service+0x2cc/0x840
[ 111.851012][ C0] ath9k_wmi_connect+0xd2/0x1a0
[ 111.855841][ C0] ath9k_init_htc_services.constprop.0+0xb4/0x650
[ 111.862231][ C0] ath9k_htc_probe_device+0x25a/0x1da0
[ 111.867664][ C0] ath9k_htc_hw_init+0x31/0x60
[ 111.872405][ C0] ath9k_hif_usb_firmware_cb+0x274/0x510
[ 111.878015][ C0] request_firmware_work_func+0x126/0x242
[ 111.883709][ C0] process_one_work+0x965/0x1630
[ 111.888620][ C0] worker_thread+0x96/0xe20
[ 111.893097][ C0] kthread+0x326/0x430
[ 111.897193][ C0] ret_from_fork+0x24/0x30
[ 111.901593][ C0]
[ 111.903912][ C0] Freed by task 164:
[ 111.907797][ C0] save_stack+0x1b/0x40
[ 111.911997][ C0] __kasan_slab_free+0x117/0x160
[ 111.916913][ C0] kmem_cache_free+0x9b/0x360
[ 111.921618][ C0] kfree_skbmem+0xef/0x1b0
[ 111.926025][ C0] kfree_skb+0x102/0x3d0
[ 111.930344][ C0] htc_connect_service.cold+0xa9/0x109
[ 111.938559][ C0] ath9k_wmi_connect+0xd2/0x1a0
[ 111.943387][ C0] ath9k_init_htc_services.constprop.0+0xb4/0x650
[ 111.949777][ C0] ath9k_htc_probe_device+0x25a/0x1da0
[ 111.955228][ C0] ath9k_htc_hw_init+0x31/0x60
[ 111.959969][ C0] ath9k_hif_usb_firmware_cb+0x274/0x510
[ 111.966192][ C0] request_firmware_work_func+0x126/0x242
[ 111.971906][ C0] process_one_work+0x965/0x1630
[ 111.976823][ C0] worker_thread+0x96/0xe20
[ 111.981315][ C0] kthread+0x326/0x430
[ 111.985360][ C0] ret_from_fork+0x24/0x30
[ 111.989758][ C0]
[ 111.992082][ C0] The buggy address belongs to the object at ffff8881d1749500
[ 111.992082][ C0] which belongs to the cache skbuff_head_cache of size 224
[ 112.006645][ C0] The buggy address is located 212 bytes inside of
[ 112.006645][ C0] 224-byte region [ffff8881d1749500, ffff8881d17495e0)
[ 112.020934][ C0] The buggy address belongs to the page:
[ 112.026833][ C0] page:ffffea000745d240 refcount:1 mapcount:0 mapping:00000000c00be7bd index:0x0
[ 112.035952][ C0] flags: 0x200000000000200(slab)
[ 112.040874][ C0] raw: 0200000000000200 dead000000000100 dead000000000122 ffff8881da175400
[ 112.049452][ C0] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 112.058020][ C0] page dumped because: kasan: bad access detected
[ 112.064406][ C0]
[ 112.066713][ C0] Memory state around the buggy address:
[ 112.072317][ C0] ffff8881d1749480: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[ 112.080366][ C0] ffff8881d1749500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 112.088425][ C0] >ffff8881d1749580: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 112.096460][ C0] ^
[ 112.103125][ C0] ffff8881d1749600: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 112.111168][ C0] ffff8881d1749680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 112.119213][ C0] ==================================================================
[ 112.127246][ C0] Disabling lock debugging due to kernel taint
[ 112.133380][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 112.139942][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 5.7.0-rc6-syzkaller #0
[ 112.149188][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 112.159222][ C0] Call Trace:
[ 112.162508][ C0]
[ 112.165358][ C0] dump_stack+0xef/0x16e
[ 112.169928][ C0] panic+0x2aa/0x6e1
[ 112.173807][ C0] ? add_taint.cold+0x16/0x16
[ 112.178463][ C0] ? trace_hardirqs_off+0x50/0x200
[ 112.183558][ C0] ? kfree_skb+0x32/0x3d0
[ 112.187866][ C0] end_report+0x4d/0x53
[ 112.192004][ C0] __kasan_report.cold+0x72/0x7d
[ 112.196914][ C0] ? kfree_skb+0x32/0x3d0
[ 112.201371][ C0] ? kfree_skb+0x32/0x3d0
[ 112.205687][ C0] kasan_report+0x33/0x50
[ 112.210197][ C0] check_memory_region+0x173/0x1d0
[ 112.216351][ C0] kfree_skb+0x32/0x3d0
[ 112.220488][ C0] hif_usb_regout_cb+0x156/0x1c0
[ 112.225419][ C0] ? _raw_spin_unlock_irqrestore+0x2a/0x40
[ 112.231202][ C0] __usb_hcd_giveback_urb+0x29a/0x550
[ 112.236605][ C0] usb_hcd_giveback_urb+0x368/0x420
[ 112.241796][ C0] dummy_timer+0x125e/0x32b4
[ 112.246382][ C0] ? __lock_acquire+0x2248/0x6650
[ 112.251383][ C0] ? dummy_udc_probe+0x980/0x980
[ 112.256555][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 112.262074][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 112.267331][ C0] call_timer_fn+0x1ac/0x700
[ 112.271912][ C0] ? dummy_udc_probe+0x980/0x980
[ 112.276823][ C0] ? timer_fixup_init+0x60/0x60
[ 112.281660][ C0] ? lock_downgrade+0x720/0x720
[ 112.286497][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 112.292025][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 112.297368][ C0] ? _raw_spin_unlock_irq+0x1f/0x30
[ 112.306460][ C0] ? dummy_udc_probe+0x980/0x980
[ 112.311378][ C0] run_timer_softirq+0x5f9/0x1500
[ 112.316376][ C0] ? add_timer+0x7a0/0x7a0
[ 112.320763][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 112.326279][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 112.331539][ C0] __do_softirq+0x21e/0x9aa
[ 112.336022][ C0] irq_exit+0x178/0x1a0
[ 112.340151][ C0] smp_apic_timer_interrupt+0x141/0x540
[ 112.345677][ C0] apic_timer_interrupt+0xf/0x20
[ 112.350614][ C0]
[ 112.353529][ C0] RIP: 0010:default_idle+0x28/0x300
[ 112.358719][ C0] Code: cc cc 41 56 41 55 65 44 8b 2d 94 3f 6b 7a 41 54 55 53 0f 1f 44 00 00 e8 16 28 af fb e9 07 00 00 00 0f 00 2d 7a e1 4b 00 fb f4 <65> 44 8b 2d 70 3f 6b 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
[ 112.378818][ C0] RSP: 0018:ffffffff87007da0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 112.387216][ C0] RAX: 0000000000000007 RBX: ffffffff8702f800 RCX: 0000000000000000
[ 112.395183][ C0] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffffffff8703007c
[ 112.403143][ C0] RBP: fffffbfff0e05f00 R08: ffffffff8702f800 R09: 0000000000000000
[ 112.411280][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 112.419224][ C0] R13: 0000000000000000 R14: ffffffff87e88c40 R15: 0000000000000000
[ 112.427178][ C0] do_idle+0x3e0/0x500
[ 112.431240][ C0] ? rcu_read_lock_held+0x9c/0xb0
[ 112.436263][ C0] ? arch_cpu_idle_exit+0x40/0x40
[ 112.441273][ C0] ? schedule+0xe1/0x2b0
[ 112.445506][ C0] cpu_startup_entry+0x14/0x20
[ 112.450250][ C0] start_kernel+0x9bb/0x9f8
[ 112.454832][ C0] ? mem_encrypt_init+0x5/0x5
[ 112.459490][ C0] ? x86_family+0x3d/0x50
[ 112.463808][ C0] ? load_ucode_bsp+0x23d/0x27d
[ 112.468640][ C0] secondary_startup_64+0xb6/0xc0
[ 112.474618][ C0] Kernel Offset: disabled
[ 112.478924][ C0] Rebooting in 86400 seconds..