Warning: Permanently added '10.128.1.173' (ED25519) to the list of known hosts.
2024/03/21 03:08:31 ignoring optional flag "sandboxArg"="0"
2024/03/21 03:08:31 parsed 1 programs
2024/03/21 03:08:34 executed programs: 0
[ 79.336920][ T3070] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 89.539490][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 90.059579][ T9] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 90.068794][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 90.077059][ T9] usb 1-1: Product: syz
[ 90.081258][ T9] usb 1-1: Manufacturer: syz
[ 90.085849][ T9] usb 1-1: SerialNumber: syz
[ 90.131645][ T9] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 90.709478][ T2166] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 90.910991][ T3530] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 90.920031][ T3530] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 91.136790][ T2166] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services
[ 91.149461][ C0] ==================================================================
[ 91.157648][ C0] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x36/0x210
[ 91.165404][ C0] Read of size 4 at addr ffff888121db8c1c by task swapper/0/0
[ 91.173387][ C0]
[ 91.175704][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.8.0-rc6-syzkaller-00190-ga788e53c05ae-dirty #0
[ 91.185874][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 91.195920][ C0] Call Trace:
[ 91.199188][ C0]
[ 91.202030][ C0] dump_stack_lvl+0xd9/0x1b0
[ 91.206622][ C0] print_report+0xc4/0x620
[ 91.211033][ C0] ? __virt_addr_valid+0x5e/0x580
[ 91.216050][ C0] ? __phys_addr+0xc6/0x140
[ 91.220671][ C0] kasan_report+0xda/0x110
[ 91.225189][ C0] ? kfree_skb_reason+0x36/0x210
[ 91.230195][ C0] ? kfree_skb_reason+0x36/0x210
[ 91.235120][ C0] kasan_check_range+0xef/0x190
[ 91.239965][ C0] kfree_skb_reason+0x36/0x210
[ 91.244736][ C0] hif_usb_regout_cb+0x15f/0x1d0
[ 91.249758][ C0] __usb_hcd_giveback_urb+0x359/0x5c0
[ 91.255342][ C0] usb_hcd_giveback_urb+0x389/0x430
[ 91.260589][ C0] dummy_timer+0x1415/0x3600
[ 91.265205][ C0] ? hlock_class+0x4e/0x130
[ 91.269722][ C0] ? dummy_urb_enqueue+0x8f0/0x8f0
[ 91.274938][ C0] ? dummy_urb_enqueue+0x8f0/0x8f0
[ 91.280338][ C0] call_timer_fn+0x193/0x590
[ 91.285013][ C0] ? timer_fixup_assert_init+0x210/0x210
[ 91.290726][ C0] ? reacquire_held_locks+0x4c0/0x4c0
[ 91.296181][ C0] ? dummy_urb_enqueue+0x8f0/0x8f0
[ 91.301304][ C0] __run_timers+0x759/0xaa0
[ 91.305947][ C0] ? call_timer_fn+0x590/0x590
[ 91.310808][ C0] ? find_held_lock+0x2d/0x110
[ 91.315653][ C0] ? lapic_next_event+0x10/0x20
[ 91.321551][ C0] ? clockevents_program_event+0x134/0x370
[ 91.327473][ C0] run_timer_softirq+0x58/0xd0
[ 91.332258][ C0] __do_softirq+0x20a/0x8c1
[ 91.336967][ C0] ? __lock_text_end+0x3/0x3
[ 91.341602][ C0] irq_exit_rcu+0xa7/0x110
[ 91.346017][ C0] sysvec_apic_timer_interrupt+0x90/0xb0
[ 91.351739][ C0]
[ 91.354665][ C0]
[ 91.357607][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 91.363615][ C0] RIP: 0010:acpi_safe_halt+0x1b/0x20
[ 91.368899][ C0] Code: ed c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 65 48 8b 04 25 c0 b0 03 00 48 8b 00 a8 08 75 0c 66 90 0f 00 2d e7 5b 58 00 fb f4 c3 0f 1f 00 0f b6 47 08 3c 01 74 0b 3c 02 74 05 8b 7f 04 eb 9f
[ 91.388503][ C0] RSP: 0018:ffffffff87c07d68 EFLAGS: 00000246
[ 91.394561][ C0] RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffffffff86574aa7
[ 91.402614][ C0] RDX: 0000000000000001 RSI: ffff88810369d800 RDI: ffff88810369d864
[ 91.410693][ C0] RBP: ffff88810369d864 R08: 0000000000000001 R09: ffffed103ecc6da5
[ 91.418672][ C0] R10: ffff8881f6636d2b R11: 0000000000000000 R12: ffff88810fec8000
[ 91.426813][ C0] R13: ffffffff88308580 R14: 0000000000000000 R15: 0000000000000000
[ 91.435055][ C0] ? ct_kernel_exit+0x137/0x190
[ 91.439922][ C0] acpi_idle_enter+0xc5/0x160
[ 91.444638][ C0] cpuidle_enter_state+0x83/0x500
[ 91.449842][ C0] ? mark_tsc_async_resets+0x50/0x50
[ 91.455133][ C0] cpuidle_enter+0x4e/0xa0
[ 91.459650][ C0] do_idle+0x319/0x400
[ 91.463714][ C0] ? arch_cpu_idle_exit+0x30/0x30
[ 91.468994][ C0] cpu_startup_entry+0x50/0x60
[ 91.473773][ C0] rest_init+0x16f/0x2b0
[ 91.478106][ C0] ? regulator_has_full_constraints+0x9/0x20
[ 91.484269][ C0] ? trace_init_perf_perm_irq_work_exit+0x20/0x20
[ 91.490851][ C0] arch_call_rest_init+0x13/0x30
[ 91.495782][ C0] start_kernel+0x39a/0x480
[ 91.500281][ C0] x86_64_start_reservations+0x18/0x30
[ 91.505729][ C0] x86_64_start_kernel+0xb2/0xc0
[ 91.510747][ C0] secondary_startup_64_no_verify+0x15e/0x16b
[ 91.516827][ C0]
[ 91.519834][ C0]
[ 91.522141][ C0] Allocated by task 2166:
[ 91.526449][ C0] kasan_save_stack+0x33/0x50
[ 91.531136][ C0] kasan_save_track+0x14/0x30
[ 91.535823][ C0] __kasan_slab_alloc+0x66/0x70
[ 91.540668][ C0] kmem_cache_alloc_node+0x156/0x310
[ 91.545954][ C0] __alloc_skb+0x287/0x330
[ 91.550371][ C0] htc_connect_service+0x2d7/0x9f0
[ 91.555484][ C0] ath9k_wmi_connect+0xf1/0x1c0
[ 91.560347][ C0] ath9k_init_htc_services.constprop.0+0xb3/0x820
[ 91.566937][ C0] ath9k_htc_probe_device+0x23f/0x25f0
[ 91.572585][ C0] ath9k_htc_hw_init+0x33/0x70
[ 91.577350][ C0] ath9k_hif_usb_firmware_cb+0x272/0x620
[ 91.582973][ C0] request_firmware_work_func+0x13a/0x240
[ 91.588694][ C0] process_one_work+0x886/0x15d0
[ 91.593638][ C0] worker_thread+0x8b9/0x1290
[ 91.598328][ C0] kthread+0x2c6/0x3a0
[ 91.602507][ C0] ret_from_fork+0x45/0x80
[ 91.607032][ C0] ret_from_fork_asm+0x11/0x20
[ 91.611792][ C0]
[ 91.614187][ C0] Freed by task 2166:
[ 91.618177][ C0] kasan_save_stack+0x33/0x50
[ 91.622849][ C0] kasan_save_track+0x14/0x30
[ 91.627514][ C0] kasan_save_free_info+0x3f/0x60
[ 91.632626][ C0] __kasan_slab_free+0x106/0x1b0
[ 91.637564][ C0] kmem_cache_free+0x10a/0x330
[ 91.642417][ C0] kfree_skbmem+0xef/0x1b0
[ 91.646946][ C0] kfree_skb_reason+0x13a/0x210
[ 91.651833][ C0] htc_connect_service+0x641/0x9f0
[ 91.657123][ C0] ath9k_wmi_connect+0xf1/0x1c0
[ 91.661970][ C0] ath9k_init_htc_services.constprop.0+0xb3/0x820
[ 91.668555][ C0] ath9k_htc_probe_device+0x23f/0x25f0
[ 91.674028][ C0] ath9k_htc_hw_init+0x33/0x70
[ 91.678983][ C0] ath9k_hif_usb_firmware_cb+0x272/0x620
[ 91.684811][ C0] request_firmware_work_func+0x13a/0x240
[ 91.690527][ C0] process_one_work+0x886/0x15d0
[ 91.695584][ C0] worker_thread+0x8b9/0x1290
[ 91.700542][ C0] kthread+0x2c6/0x3a0
[ 91.704616][ C0] ret_from_fork+0x45/0x80
[ 91.709197][ C0] ret_from_fork_asm+0x11/0x20
[ 91.713955][ C0]
[ 91.716350][ C0] The buggy address belongs to the object at ffff888121db8b40
[ 91.716350][ C0] which belongs to the cache skbuff_head_cache of size 232
[ 91.731010][ C0] The buggy address is located 220 bytes inside of
[ 91.731010][ C0] freed 232-byte region [ffff888121db8b40, ffff888121db8c28)
[ 91.744797][ C0]
[ 91.747121][ C0] The buggy address belongs to the physical page:
[ 91.753602][ C0] page:ffffea0004876e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x121db8
[ 91.764121][ C0] anon flags: 0x200000000000800(slab|node=0|zone=2)
[ 91.770925][ C0] page_type: 0xffffffff()
[ 91.775362][ C0] raw: 0200000000000800 ffff8881026d7000 ffffea000440c480 dead000000000005
[ 91.784049][ C0] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 91.792654][ C0] page dumped because: kasan: bad access detected
[ 91.799082][ C0] page_owner tracks the page as allocated
[ 91.804982][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY), pid 2477, tgid 2477 (sshd), ts 29846224506, free_ts 29763017245
[ 91.822951][ C0] post_alloc_hook+0x2d0/0x350
[ 91.827738][ C0] get_page_from_freelist+0x139c/0x3470
[ 91.833374][ C0] __alloc_pages+0x228/0x2250
[ 91.838146][ C0] new_slab+0xcc/0x3a0
[ 91.842206][ C0] ___slab_alloc+0x4b0/0x1860
[ 91.846900][ C0] __slab_alloc.constprop.0+0x56/0xa0
[ 91.852268][ C0] kmem_cache_alloc_node+0x286/0x310
[ 91.857644][ C0] __alloc_skb+0x287/0x330
[ 91.862068][ C0] __tcp_send_ack.part.0+0x64/0x720
[ 91.867264][ C0] tcp_send_ack+0x82/0xa0
[ 91.871593][ C0] __tcp_cleanup_rbuf+0x278/0x4b0
[ 91.876617][ C0] tcp_recvmsg_locked+0x113a/0x2450
[ 91.881829][ C0] tcp_recvmsg+0x12e/0x670
[ 91.886265][ C0] inet_recvmsg+0x114/0x630
[ 91.890948][ C0] sock_recvmsg+0xe2/0x170
[ 91.895484][ C0] sock_read_iter+0x2c3/0x3c0
[ 91.900164][ C0] page last free pid 2479 tgid 2479 stack trace:
[ 91.906572][ C0] free_unref_page_prepare+0x504/0xae0
[ 91.912157][ C0] free_unref_page+0x33/0x2d0
[ 91.917025][ C0] __folio_put+0x83/0xb0
[ 91.921362][ C0] anon_pipe_buf_release+0x36c/0x430
[ 91.926764][ C0] pipe_read+0x6fc/0x1020
[ 91.931092][ C0] vfs_read+0x9f3/0xb70
[ 91.935241][ C0] ksys_read+0x1f0/0x250
[ 91.939587][ C0] do_syscall_64+0xd3/0x250
[ 91.944525][ C0] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 91.950428][ C0]
[ 91.952838][ C0] Memory state around the buggy address:
[ 91.958458][ C0] ffff888121db8b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 91.966506][ C0] ffff888121db8b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 91.974667][ C0] >ffff888121db8c00: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[ 91.982723][ C0] ^
[ 91.987594][ C0] ffff888121db8c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 91.995649][ C0] ffff888121db8d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[ 92.003714][ C0] ==================================================================
[ 92.011765][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 92.018945][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.8.0-rc6-syzkaller-00190-ga788e53c05ae-dirty #0
[ 92.029189][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 92.039256][ C0] Call Trace:
[ 92.042653][ C0]
[ 92.045503][ C0] dump_stack_lvl+0xd9/0x1b0
[ 92.050206][ C0] panic+0x6dc/0x790
[ 92.054096][ C0] ? panic_smp_self_stop+0xa0/0xa0
[ 92.059384][ C0] ? rcu_is_watching+0x12/0xb0
[ 92.064184][ C0] ? reacquire_held_locks+0x4c0/0x4c0
[ 92.069813][ C0] ? check_panic_on_warn+0x1f/0xb0
[ 92.074927][ C0] check_panic_on_warn+0xab/0xb0
[ 92.079887][ C0] end_report+0x108/0x150
[ 92.084212][ C0] kasan_report+0xea/0x110
[ 92.088636][ C0] ? kfree_skb_reason+0x36/0x210
[ 92.093633][ C0] ? kfree_skb_reason+0x36/0x210
[ 92.098575][ C0] kasan_check_range+0xef/0x190
[ 92.103529][ C0] kfree_skb_reason+0x36/0x210
[ 92.108391][ C0] hif_usb_regout_cb+0x15f/0x1d0
[ 92.113422][ C0] __usb_hcd_giveback_urb+0x359/0x5c0
[ 92.118885][ C0] usb_hcd_giveback_urb+0x389/0x430
[ 92.124089][ C0] dummy_timer+0x1415/0x3600
[ 92.128700][ C0] ? hlock_class+0x4e/0x130
[ 92.133366][ C0] ? dummy_urb_enqueue+0x8f0/0x8f0
[ 92.138518][ C0] ? dummy_urb_enqueue+0x8f0/0x8f0
[ 92.143819][ C0] call_timer_fn+0x193/0x590
[ 92.148591][ C0] ? timer_fixup_assert_init+0x210/0x210
[ 92.154237][ C0] ? reacquire_held_locks+0x4c0/0x4c0
[ 92.159638][ C0] ? dummy_urb_enqueue+0x8f0/0x8f0
[ 92.164784][ C0] __run_timers+0x759/0xaa0
[ 92.169309][ C0] ? call_timer_fn+0x590/0x590
[ 92.174083][ C0] ? find_held_lock+0x2d/0x110
[ 92.178858][ C0] ? lapic_next_event+0x10/0x20
[ 92.183729][ C0] ? clockevents_program_event+0x134/0x370
[ 92.189556][ C0] run_timer_softirq+0x58/0xd0
[ 92.194326][ C0] __do_softirq+0x20a/0x8c1
[ 92.198855][ C0] ? __lock_text_end+0x3/0x3
[ 92.203545][ C0] irq_exit_rcu+0xa7/0x110
[ 92.208228][ C0] sysvec_apic_timer_interrupt+0x90/0xb0
[ 92.213867][ C0]
[ 92.216795][ C0]
[ 92.219716][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 92.225704][ C0] RIP: 0010:acpi_safe_halt+0x1b/0x20
[ 92.230992][ C0] Code: ed c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 65 48 8b 04 25 c0 b0 03 00 48 8b 00 a8 08 75 0c 66 90 0f 00 2d e7 5b 58 00 fb f4 c3 0f 1f 00 0f b6 47 08 3c 01 74 0b 3c 02 74 05 8b 7f 04 eb 9f
[ 92.250887][ C0] RSP: 0018:ffffffff87c07d68 EFLAGS: 00000246
[ 92.257045][ C0] RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffffffff86574aa7
[ 92.265026][ C0] RDX: 0000000000000001 RSI: ffff88810369d800 RDI: ffff88810369d864
[ 92.273103][ C0] RBP: ffff88810369d864 R08: 0000000000000001 R09: ffffed103ecc6da5
[ 92.281234][ C0] R10: ffff8881f6636d2b R11: 0000000000000000 R12: ffff88810fec8000
[ 92.289402][ C0] R13: ffffffff88308580 R14: 0000000000000000 R15: 0000000000000000
[ 92.297674][ C0] ? ct_kernel_exit+0x137/0x190
[ 92.302543][ C0] acpi_idle_enter+0xc5/0x160
[ 92.307269][ C0] cpuidle_enter_state+0x83/0x500
[ 92.312514][ C0] ? mark_tsc_async_resets+0x50/0x50
[ 92.317812][ C0] cpuidle_enter+0x4e/0xa0
[ 92.322323][ C0] do_idle+0x319/0x400
[ 92.326482][ C0] ? arch_cpu_idle_exit+0x30/0x30
[ 92.331764][ C0] cpu_startup_entry+0x50/0x60
[ 92.336529][ C0] rest_init+0x16f/0x2b0
[ 92.340780][ C0] ? regulator_has_full_constraints+0x9/0x20
[ 92.347029][ C0] ? trace_init_perf_perm_irq_work_exit+0x20/0x20
[ 92.353723][ C0] arch_call_rest_init+0x13/0x30
[ 92.358687][ C0] start_kernel+0x39a/0x480
[ 92.363225][ C0] x86_64_start_reservations+0x18/0x30
[ 92.368785][ C0] x86_64_start_kernel+0xb2/0xc0
[ 92.373915][ C0] secondary_startup_64_no_verify+0x15e/0x16b
[ 92.380177][ C0]
[ 92.383641][ C0] Kernel Offset: disabled
[ 92.388045][ C0] Rebooting in 86400 seconds..