dhcpcd-9.4.0 starting
dev: loaded udev
DUID 00:04:da:02:67:e5:e5:53:d2:9f:6e:c8:e3:c7:0e:cc:92:0b
forked to background, child pid 1205
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.9' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [  186.278948][   T69] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  186.809011][   T69] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  186.818169][   T69] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.826202][   T69] usb 1-1: Product: syz
[  186.830401][   T69] usb 1-1: Manufacturer: syz
[  186.834978][   T69] usb 1-1: SerialNumber: syz
[  186.880377][   T69] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  187.459008][   T69] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  187.662195][   T23] usb 1-1: USB disconnect, device number 2
write to /proc/sys/net/core/bpf_jit_kallsyms failed: No such file or directory
write to /proc/sys/net/core/bpf_jit_harden failed: No such file or directory
executing program
[  188.478982][   T69] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  188.486088][   T69] ath9k_htc: Failed to initialize the device
[  188.492875][   T23] usb 1-1: ath9k_htc: USB layer deinitialized
[  188.858884][   T23] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  189.378993][   T23] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  189.388060][   T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.396112][   T23] usb 1-1: Product: syz
[  189.400298][   T23] usb 1-1: Manufacturer: syz
[  189.404873][   T23] usb 1-1: SerialNumber: syz
[  189.449527][   T23] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  190.019064][   T23] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  190.239051][    C1] usb 1-1: ath: unknown panic pattern!
[  190.245591][   T69] usb 1-1: USB disconnect, device number 3
write to /proc/sys/net/core/bpf_jit_kallsyms failed: No such file or directory
write to /proc/sys/net/core/bpf_jit_harden failed: No such file or directory
executing program
[  191.038889][   T23] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  191.045895][   T23] ath9k_htc: Failed to initialize the device
[  191.052413][   T69] usb 1-1: ath9k_htc: USB layer deinitialized
[  191.408884][   T69] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  191.929007][   T69] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  191.938044][   T69] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.946084][   T69] usb 1-1: Product: syz
[  191.950268][   T69] usb 1-1: Manufacturer: syz
[  191.954850][   T69] usb 1-1: SerialNumber: syz
[  191.999675][   T69] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  192.569029][   T69] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  192.789036][    C1] usb 1-1: ath: unknown panic pattern!
[  192.791216][    T7] usb 1-1: USB disconnect, device number 4
[  192.794694][    C1] ==================================================================
[  192.808442][    C1] BUG: KASAN: use-after-free in kfree_skb_reason+0x33/0x400
[  192.815739][    C1] Read of size 4 at addr ffff888118b6be9c by task syz-executor056/1278
[  192.823962][    C1] 
[  192.826270][    C1] CPU: 1 PID: 1278 Comm: syz-executor056 Not tainted 5.17.0-rc4-syzkaller-00061-g4378e427f705 #0
[  192.836746][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  192.846782][    C1] Call Trace:
[  192.850044][    C1]  <TASK>
[  192.852981][    C1]  dump_stack_lvl+0xcd/0x134
[  192.857571][    C1]  print_address_description.constprop.0.cold+0x8d/0x336
[  192.864600][    C1]  ? kfree_skb_reason+0x33/0x400
[  192.869528][    C1]  ? kfree_skb_reason+0x33/0x400
[  192.874462][    C1]  kasan_report.cold+0x83/0xdf
[  192.879210][    C1]  ? kfree_skb_reason+0x33/0x400
[  192.884180][    C1]  kasan_check_range+0x13d/0x180
[  192.889143][    C1]  kfree_skb_reason+0x33/0x400
[  192.893894][    C1]  ath9k_hif_usb_reg_in_cb+0x4c2/0x630
[  192.899425][    C1]  __usb_hcd_giveback_urb+0x2b0/0x5c0
[  192.904800][    C1]  usb_hcd_giveback_urb+0x367/0x410
[  192.909997][    C1]  dummy_timer+0x11f9/0x32b0
[  192.914577][    C1]  ? dummy_dequeue+0x500/0x500
[  192.919329][    C1]  ? dummy_dequeue+0x500/0x500
[  192.924076][    C1]  call_timer_fn+0x1a5/0x6b0
[  192.928654][    C1]  ? timer_fixup_activate+0x350/0x350
[  192.934012][    C1]  ? lock_downgrade+0x6e0/0x6e0
[  192.938854][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[  192.944061][    C1]  ? dummy_dequeue+0x500/0x500
[  192.948813][    C1]  __run_timers.part.0+0x67c/0xa30
[  192.953948][    C1]  ? call_timer_fn+0x6b0/0x6b0
[  192.958700][    C1]  ? lapic_next_event+0x4d/0x80
[  192.963536][    C1]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[  192.969773][    C1]  ? clockevents_program_event+0x12b/0x370
[  192.975566][    C1]  run_timer_softirq+0xb3/0x1d0
[  192.980409][    C1]  __do_softirq+0x288/0x9a5
[  192.984914][    C1]  __irq_exit_rcu+0x113/0x170
[  192.989583][    C1]  irq_exit_rcu+0x5/0x20
[  192.993842][    C1]  sysvec_apic_timer_interrupt+0x40/0xc0
[  192.999467][    C1]  ? asm_sysvec_apic_timer_interrupt+0xa/0x20
[  193.005522][    C1]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[  193.011501][    C1] RIP: 0033:0x7f65f5afb6ca
[  193.015910][    C1] Code: 83 ff 03 74 3b 48 83 ec 28 b8 fa ff ff ff 83 ff 02 49 89 ca 0f 44 f8 64 8b 04 25 18 00 00 00 85 c0 75 2d b8 e6 00 00 00 0f 05 <89> c2 f7 da 3d 00 f0 ff ff b8 00 00 00 00 0f 47 c2 48 83 c4 28 c3
[  193.035510][    C1] RSP: 002b:00007ffd489cd250 EFLAGS: 00000246
[  193.041567][    C1] RAX: 0000000000000000 RBX: 000000000002e7e7 RCX: 00007f65f5afb6ca
[  193.049524][    C1] RDX: 00007ffd489cd290 RSI: 0000000000000000 RDI: 0000000000000000
[  193.057484][    C1] RBP: 0000000000000008 R08: 00000000000000c0 R09: 00007ffd489f0080
[  193.065441][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd489cd2e0
[  193.073397][    C1] R13: 00007ffd489cd340 R14: 0000000000000002 R15: 431bde82d7b634db
[  193.081452][    C1]  </TASK>
[  193.084464][    C1] 
[  193.086785][    C1] Allocated by task 69:
[  193.090918][    C1]  kasan_save_stack+0x1e/0x40
[  193.095592][    C1]  __kasan_slab_alloc+0x66/0x80
[  193.100430][    C1]  kmem_cache_alloc_node+0x25e/0x4b0
[  193.105703][    C1]  __alloc_skb+0x215/0x340
[  193.110120][    C1]  ath9k_hif_usb_alloc_urbs+0x91d/0x1040
[  193.115738][    C1]  ath9k_hif_usb_firmware_cb+0x148/0x530
[  193.121354][    C1]  request_firmware_work_func+0x12c/0x230
[  193.127065][    C1]  process_one_work+0x9ac/0x1650
[  193.131990][    C1]  worker_thread+0x657/0x1110
[  193.136652][    C1]  kthread+0x2ef/0x3a0
[  193.140721][    C1]  ret_from_fork+0x1f/0x30
[  193.145120][    C1] 
[  193.147433][    C1] Freed by task 1278:
[  193.151392][    C1]  kasan_save_stack+0x1e/0x40
[  193.156057][    C1]  kasan_set_track+0x21/0x30
[  193.160663][    C1]  kasan_set_free_info+0x20/0x30
[  193.165587][    C1]  ____kasan_slab_free+0x102/0x150
[  193.170682][    C1]  kmem_cache_free+0xd5/0x400
[  193.175372][    C1]  kfree_skbmem+0xef/0x1b0
[  193.179800][    C1]  kfree_skb_reason+0x145/0x400
[  193.184645][    C1]  ath9k_htc_rx_msg+0x1ed/0xb70
write to /proc/sys/net/core/bpf_jit_kallsyms failed: No such file or directory
write to /proc/sys/net/core/bpf_jit_harden failed: No such file or directory
[  193.189483][    C1]  ath9k_hif_usb_reg_in_cb+0x1ac/0x630
[  193.194935][    C1]  __usb_hcd_giveback_urb+0x2b0/0x5c0
[  193.200552][    C1]  usb_hcd_giveback_urb+0x367/0x410
[  193.205736][    C1]  dummy_timer+0x11f9/0x32b0
[  193.210326][    C1]  call_timer_fn+0x1a5/0x6b0
[  193.214904][    C1]  __run_timers.part.0+0x67c/0xa30
[  193.220005][    C1]  run_timer_softirq+0xb3/0x1d0
[  193.224844][    C1]  __do_softirq+0x288/0x9a5
[  193.229376][    C1] 
[  193.231691][    C1] The buggy address belongs to the object at ffff888118b6bdc0
[  193.231691][    C1]  which belongs to the cache skbuff_head_cache of size 232
[  193.246281][    C1] The buggy address is located 220 bytes inside of
[  193.246281][    C1]  232-byte region [ffff888118b6bdc0, ffff888118b6bea8)
[  193.259540][    C1] The buggy address belongs to the page:
[  193.265149][    C1] page:ffffea000462dac0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118b6b
[  193.275369][    C1] flags: 0x200000000000200(slab|node=0|zone=2)
[  193.281525][    C1] raw: 0200000000000200 0000000000000000 dead000000000001 ffff8881003d3640
[  193.290115][    C1] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[  193.298677][    C1] page dumped because: kasan: bad access detected
[  193.305156][    C1] page_owner tracks the page as allocated
[  193.310933][    C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1170, ts 8677100351, free_ts 0
[  193.326017][    C1]  get_page_from_freelist+0x122d/0x2940
[  193.331553][    C1]  __alloc_pages+0x1b2/0x500
[  193.336139][    C1]  alloc_pages+0x1aa/0x310
[  193.340539][    C1]  allocate_slab+0x27f/0x3e0
[  193.345114][    C1]  ___slab_alloc+0xc12/0x1450
[  193.349774][    C1]  __slab_alloc.constprop.0+0x4d/0xa0
[  193.355129][    C1]  kmem_cache_alloc_node+0x397/0x4b0
[  193.360398][    C1]  __alloc_skb+0x215/0x340
[  193.364811][    C1]  alloc_uevent_skb+0x7b/0x210
[  193.369555][    C1]  kobject_uevent_env+0xadf/0x1600
[  193.374651][    C1]  kobject_synth_uevent+0x701/0x850
[  193.379832][    C1]  store_uevent+0x12/0x20
[  193.384149][    C1]  module_attr_store+0x50/0x80
[  193.388899][    C1]  sysfs_kf_write+0x110/0x160
[  193.393558][    C1]  kernfs_fop_write_iter+0x3f8/0x610
[  193.398836][    C1]  new_sync_write+0x431/0x660
[  193.403518][    C1] page_owner free stack trace missing
[  193.408867][    C1] 
[  193.411172][    C1] Memory state around the buggy address:
[  193.416796][    C1]  ffff888118b6bd80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  193.424840][    C1]  ffff888118b6be00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  193.432880][    C1] >ffff888118b6be80: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[  193.440919][    C1]                             ^
[  193.445748][    C1]  ffff888118b6bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  193.453786][    C1]  ffff888118b6bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  193.461823][    C1] ==================================================================
[  193.469860][    C1] Disabling lock debugging due to kernel taint
[  193.475986][    C1] Kernel panic - not syncing: panic_on_warn set ...
[  193.482549][    C1] CPU: 1 PID: 1278 Comm: syz-executor056 Tainted: G    B             5.17.0-rc4-syzkaller-00061-g4378e427f705 #0
[  193.494411][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  193.504541][    C1] Call Trace:
[  193.507801][    C1]  <TASK>
[  193.510715][    C1]  dump_stack_lvl+0xcd/0x134
[  193.515296][    C1]  panic+0x2b0/0x6dd
[  193.519173][    C1]  ? __warn_printk+0xf3/0xf3
[  193.523786][    C1]  ? kfree_skb_reason+0x33/0x400
[  193.528794][    C1]  ? kfree_skb_reason+0x33/0x400
[  193.533720][    C1]  end_report.cold+0x63/0x6f
[  193.538307][    C1]  kasan_report.cold+0x71/0xdf
[  193.543053][    C1]  ? kfree_skb_reason+0x33/0x400
[  193.547977][    C1]  kasan_check_range+0x13d/0x180
[  193.552898][    C1]  kfree_skb_reason+0x33/0x400
[  193.557663][    C1]  ath9k_hif_usb_reg_in_cb+0x4c2/0x630
[  193.563108][    C1]  __usb_hcd_giveback_urb+0x2b0/0x5c0
[  193.568467][    C1]  usb_hcd_giveback_urb+0x367/0x410
[  193.573650][    C1]  dummy_timer+0x11f9/0x32b0
[  193.578233][    C1]  ? dummy_dequeue+0x500/0x500
[  193.582997][    C1]  ? dummy_dequeue+0x500/0x500
[  193.587747][    C1]  call_timer_fn+0x1a5/0x6b0
[  193.592320][    C1]  ? timer_fixup_activate+0x350/0x350
[  193.597677][    C1]  ? lock_downgrade+0x6e0/0x6e0
[  193.602510][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[  193.607690][    C1]  ? dummy_dequeue+0x500/0x500
[  193.612432][    C1]  __run_timers.part.0+0x67c/0xa30
[  193.617529][    C1]  ? call_timer_fn+0x6b0/0x6b0
[  193.622273][    C1]  ? lapic_next_event+0x4d/0x80
[  193.627107][    C1]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[  193.633326][    C1]  ? clockevents_program_event+0x12b/0x370
[  193.639133][    C1]  run_timer_softirq+0xb3/0x1d0
[  193.643964][    C1]  __do_softirq+0x288/0x9a5
[  193.648455][    C1]  __irq_exit_rcu+0x113/0x170
[  193.653113][    C1]  irq_exit_rcu+0x5/0x20
[  193.657338][    C1]  sysvec_apic_timer_interrupt+0x40/0xc0
[  193.662956][    C1]  ? asm_sysvec_apic_timer_interrupt+0xa/0x20
[  193.669010][    C1]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[  193.674973][    C1] RIP: 0033:0x7f65f5afb6ca
[  193.679370][    C1] Code: 83 ff 03 74 3b 48 83 ec 28 b8 fa ff ff ff 83 ff 02 49 89 ca 0f 44 f8 64 8b 04 25 18 00 00 00 85 c0 75 2d b8 e6 00 00 00 0f 05 <89> c2 f7 da 3d 00 f0 ff ff b8 00 00 00 00 0f 47 c2 48 83 c4 28 c3
[  193.698957][    C1] RSP: 002b:00007ffd489cd250 EFLAGS: 00000246
[  193.705005][    C1] RAX: 0000000000000000 RBX: 000000000002e7e7 RCX: 00007f65f5afb6ca
[  193.712958][    C1] RDX: 00007ffd489cd290 RSI: 0000000000000000 RDI: 0000000000000000
[  193.720908][    C1] RBP: 0000000000000008 R08: 00000000000000c0 R09: 00007ffd489f0080
[  193.728862][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd489cd2e0
[  193.736813][    C1] R13: 00007ffd489cd340 R14: 0000000000000002 R15: 431bde82d7b634db
[  193.744792][    C1]  </TASK>
[  193.747984][    C1] Kernel Offset: disabled
[  193.752291][    C1] Rebooting in 86400 seconds..