./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3692539452
<...>
Warning: Permanently added '10.128.1.95' (ECDSA) to the list of known hosts.
execve("./syz-executor3692539452", ["./syz-executor3692539452"], 0x7ffc4a1668d0 /* 10 vars */) = 0
brk(NULL) = 0x555555ad4000
brk(0x555555ad4c40) = 0x555555ad4c40
arch_prctl(ARCH_SET_FS, 0x555555ad4300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3692539452", 4096) = 28
brk(0x555555af5c40) = 0x555555af5c40
brk(0x555555af6000) = 0x555555af6000
mprotect(0x7f80f8120000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3610 attached
, child_tidptr=0x555555ad45d0) = 3610
[pid 3610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3610] setpgid(0, 0) = 0
[pid 3610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3610] write(3, "1000", 4) = 4
[pid 3610] close(3) = 0
[pid 3610] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3
[pid 3610] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffca5afd060) = 0
[pid 3610] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0
[pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca5afd060) = 0
[pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca5afd060) = 0
[pid 3610] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca5afc050) = 18
syzkaller login: [ 41.555941][ T3273] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca5afd060) = 0
[pid 3610] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca5afc050) = 18
[ 41.795901][ T3273] usb 1-1: Using ep0 maxpacket: 16
[pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca5afd060) = 0
[pid 3610] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca5afc050) = 9
[pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca5afd060) = 0
[pid 3610] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca5afc050) = 36
[pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca5afd060) = 0
[pid 3610] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca5afc050) = 4
[ 41.916082][ T3273] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1024
[pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca5afd060) = 0
[pid 3610] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca5afc050) = 8
[pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca5afd060) = 0
[pid 3610] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca5afc050) = 8
[pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca5afd060) = 0
[pid 3610] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffca5afc050) = 8
[pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffca5afd060) = 0
[pid 3610] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0
[pid 3610] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0
[ 42.085979][ T3273] usb 1-1: New USB device found, idVendor=1435, idProduct=0826, bcdDevice=1c.50
[ 42.095116][ T3273] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 42.103385][ T3273] usb 1-1: Product: syz
[ 42.107580][ T3273] usb 1-1: Manufacturer: syz
[ 42.112252][ T3273] usb 1-1: SerialNumber: syz
[ 42.121938][ T3273] usb 1-1: config 0 descriptor??
[pid 3610] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f80f812646c) = -1 EINVAL (Invalid argument)
[pid 3610] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f80f812647c) = 9
[pid 3610] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffca5afc050) = 0
[ 42.148077][ T3610] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 42.185883][ C0] usb 1-1: RX USB error -71.
[ 42.205899][ C0] usb 1-1: RX USB error -71.
[ 42.225870][ C0] usb 1-1: RX USB error -71.
[ 42.245897][ C0] usb 1-1: RX USB error -71.
[ 42.265890][ C0] usb 1-1: RX USB error -71.
[ 42.285886][ C0] usb 1-1: RX USB error -71.
[ 42.305895][ C0] usb 1-1: RX USB error -71.
[ 42.325877][ C0] usb 1-1: RX USB error -71.
[ 42.345876][ C0] usb 1-1: RX USB error -71.
[ 42.365893][ C0] usb 1-1: RX USB error -71.
[ 42.385883][ C0] usb 1-1: RX USB error -71.
[ 42.405887][ C0] usb 1-1: RX USB error -71.
[ 42.425885][ C0] usb 1-1: RX USB error -71.
[ 42.445897][ C0] usb 1-1: RX USB error -71.
[ 42.465870][ C0] usb 1-1: RX USB error -71.
[ 42.485871][ C0] usb 1-1: RX USB error -71.
[ 42.505882][ C0] usb 1-1: RX USB error -71.
[ 42.525887][ C0] usb 1-1: RX USB error -71.
[ 42.545877][ C0] usb 1-1: RX USB error -71.
[ 42.565891][ C0] usb 1-1: RX USB error -71.
[ 42.585891][ C0] usb 1-1: RX USB error -71.
[ 42.605902][ C0] usb 1-1: RX USB error -71.
[ 42.625885][ C0] usb 1-1: RX USB error -71.
[ 42.645887][ C0] usb 1-1: RX USB error -71.
[ 42.665881][ C0] usb 1-1: RX USB error -71.
[ 42.685879][ C0] usb 1-1: RX USB error -71.
[ 42.705889][ C0] usb 1-1: RX USB error -71.
[ 42.725887][ C0] usb 1-1: RX USB error -71.
[ 42.745892][ C0] usb 1-1: RX USB error -71.
[ 42.765877][ C0] usb 1-1: RX USB error -71.
[ 42.785885][ C0] usb 1-1: RX USB error -71.
[ 42.805882][ C0] usb 1-1: RX USB error -71.
[ 42.825904][ C0] usb 1-1: RX USB error -71.
[ 42.845916][ C0] usb 1-1: RX USB error -71.
[ 42.865933][ C0] usb 1-1: RX USB error -71.
[ 42.885892][ C0] usb 1-1: RX USB error -71.
[ 42.905885][ C0] usb 1-1: RX USB error -71.
[ 42.925891][ C0] usb 1-1: RX USB error -71.
[ 42.945896][ C0] usb 1-1: RX USB error -71.
[ 42.965869][ C0] usb 1-1: RX USB error -71.
[ 42.985890][ C0] usb 1-1: RX USB error -71.
[ 43.005883][ C0] usb 1-1: RX USB error -71.
[ 43.025894][ C0] usb 1-1: RX USB error -71.
[ 43.045928][ C0] usb 1-1: RX USB error -71.
[ 43.065904][ C0] usb 1-1: RX USB error -71.
[ 43.085883][ C0] usb 1-1: RX USB error -71.
[ 43.105882][ C0] usb 1-1: RX USB error -71.
[ 43.125886][ C0] usb 1-1: RX USB error -71.
[ 43.145874][ C0] usb 1-1: RX USB error -71.
[ 43.165888][ C0] usb 1-1: RX USB error -71.
[ 43.185890][ C0] usb 1-1: RX USB error -71.
[ 43.205880][ C0] usb 1-1: RX USB error -71.
[ 43.225884][ C0] usb 1-1: RX USB error -71.
[ 43.245891][ C0] usb 1-1: RX USB error -71.
[ 43.265882][ C0] usb 1-1: RX USB error -71.
[ 43.285877][ C0] usb 1-1: RX USB error -71.
[ 43.305883][ C0] usb 1-1: RX USB error -71.
[ 43.325897][ C0] usb 1-1: RX USB error -71.
[ 43.345905][ C0] usb 1-1: RX USB error -71.
[ 43.365891][ C0] usb 1-1: RX USB error -71.
[ 43.385888][ C0] usb 1-1: RX USB error -71.
[ 43.405874][ C0] usb 1-1: RX USB error -71.
[ 43.425880][ C0] usb 1-1: RX USB error -71.
[ 43.445901][ C0] usb 1-1: RX USB error -71.
[ 43.465882][ C0] usb 1-1: RX USB error -71.
[ 43.485878][ C0] usb 1-1: RX USB error -71.
[ 43.505916][ C0] usb 1-1: RX USB error -71.
[ 43.525883][ C0] usb 1-1: RX USB error -71.
[ 43.545885][ C0] usb 1-1: RX USB error -71.
[ 43.565883][ C0] usb 1-1: RX USB error -71.
[ 43.585903][ C0] usb 1-1: RX USB error -71.
[ 43.605890][ C0] usb 1-1: RX USB error -71.
[ 43.625890][ C0] usb 1-1: RX USB error -71.
[ 43.645880][ C0] usb 1-1: RX USB error -71.
[ 43.665885][ C0] usb 1-1: RX USB error -71.
[ 43.685909][ C0] usb 1-1: RX USB error -71.
[ 43.705867][ C0] usb 1-1: RX USB error -71.
[ 43.725880][ C0] usb 1-1: RX USB error -71.
[ 43.745882][ C0] usb 1-1: RX USB error -71.
[ 43.765905][ C0] usb 1-1: RX USB error -71.
[ 43.785880][ C0] usb 1-1: RX USB error -71.
[ 43.805880][ C0] usb 1-1: RX USB error -71.
[ 43.825883][ C0] usb 1-1: RX USB error -71.
[ 43.845890][ C0] usb 1-1: RX USB error -71.
[ 43.865885][ C0] usb 1-1: RX USB error -71.
[ 43.885896][ C0] usb 1-1: RX USB error -71.
[ 43.905902][ C0] usb 1-1: RX USB error -71.
[ 43.925895][ C0] usb 1-1: RX USB error -71.
[ 43.945889][ C0] usb 1-1: RX USB error -71.
[ 43.965887][ C0] usb 1-1: RX USB error -71.
[ 43.985884][ C0] usb 1-1: RX USB error -71.
[ 44.005878][ C0] usb 1-1: RX USB error -71.
[ 44.025880][ C0] usb 1-1: RX USB error -71.
[ 44.045912][ C0] usb 1-1: RX USB error -71.
[ 44.065914][ C0] usb 1-1: RX USB error -71.
[ 44.085880][ C0] usb 1-1: RX USB error -71.
[ 44.105882][ C0] usb 1-1: RX USB error -71.
[ 44.125872][ C0] usb 1-1: RX USB error -71.
[ 44.145906][ C0] usb 1-1: RX USB error -71.
[ 44.165872][ C0] usb 1-1: RX USB error -71.
[ 44.185880][ C0] usb 1-1: RX USB error -71.
[ 44.205929][ C0] usb 1-1: RX USB error -71.
[ 44.225886][ C0] usb 1-1: RX USB error -71.
[ 44.230556][ T3273] usb 1-1: timeout waiting for command 01 reply
[ 44.237055][ T3273] usb 1-1: could not initialize adapter
[ 44.245933][ C0] usb 1-1: RX USB error -2.
[ 44.250497][ C0] usb 1-1: error -1 when submitting rx urb
[ 44.256993][ T3273] ar5523: probe of 1-1:0.0 failed with error -110
[pid 3610] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH <unfinished ...>
[pid 3609] kill(-3610, SIGKILL) = 0
[pid 3610] <... ioctl resumed> <unfinished ...>) = ?
[pid 3609] kill(3610, SIGKILL <unfinished ...>
[pid 3610] +++ killed by SIGKILL +++
<... kill resumed>) = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3610, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=1} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3615 attached
, child_tidptr=0x555555ad45d0) = 3615
[pid 3615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3615] setpgid(0, 0) = 0
[ 46.295156][ T3273] usb 1-1: USB disconnect, device number 2
[ 46.305907][ C0] ==================================================================
[ 46.313981][ C0] BUG: KASAN: use-after-free in ar5523_cmd_tx_cb+0x220/0x240
[ 46.321377][ C0] Read of size 8 at addr ffff8880781af450 by task sshd/3604
[ 46.328638][ C0]
[ 46.330944][ C0] CPU: 0 PID: 3604 Comm: sshd Not tainted 6.0.0-rc6-next-20220923-syzkaller #0
[ 46.339861][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[ 46.349895][ C0] Call Trace:
[ 46.353183][ C0] <IRQ>
[ 46.356018][ C0] dump_stack_lvl+0xcd/0x134
[ 46.360629][ C0] print_report+0x15e/0x45d
[ 46.365121][ C0] ? __phys_addr+0xc4/0x140
[ 46.369607][ C0] ? ar5523_cmd_tx_cb+0x220/0x240
[ 46.374621][ C0] kasan_report+0xbb/0x1f0
[ 46.379044][ C0] ? ar5523_cmd_tx_cb+0x220/0x240
[ 46.384056][ C0] ar5523_cmd_tx_cb+0x220/0x240
[ 46.388897][ C0] __usb_hcd_giveback_urb+0x2b0/0x5c0
[ 46.394252][ C0] usb_hcd_giveback_urb+0x380/0x430
[ 46.399432][ C0] dummy_timer+0x11ff/0x32c0
[ 46.404011][ C0] ? do_raw_spin_unlock+0x171/0x230
[ 46.409207][ C0] ? rcu_read_lock_sched_held+0xd/0x70
[ 46.414704][ C0] ? rcu_read_lock_sched_held+0xd/0x70
[ 46.420351][ C0] ? lock_release+0x5cb/0x810
[ 46.425222][ C0] ? __queue_work+0x6d3/0x13b0
[ 46.429990][ C0] ? rcu_read_lock_sched_held+0xd/0x70
[ 46.435482][ C0] ? lock_acquire+0x4fc/0x630
[ 46.440246][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 46.445094][ C0] ? dummy_dequeue+0x500/0x500
[ 46.449868][ C0] call_timer_fn+0x1da/0x7c0
[ 46.454467][ C0] ? dummy_dequeue+0x500/0x500
[ 46.459240][ C0] ? lock_release+0x5cb/0x810
[ 46.463915][ C0] ? timer_fixup_activate+0x3e0/0x3e0
[ 46.469290][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 46.474142][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 46.479193][ C0] ? __next_timer_interrupt+0x234/0x2b0
[ 46.484779][ C0] ? dummy_dequeue+0x500/0x500
[ 46.489570][ C0] ? dummy_dequeue+0x500/0x500
[ 46.494350][ C0] ? dummy_dequeue+0x500/0x500
[ 46.499127][ C0] __run_timers.part.0+0x6a2/0xaf0
[ 46.504255][ C0] ? call_timer_fn+0x7c0/0x7c0
[ 46.509027][ C0] ? cpuacct_stats_show+0x5f0/0x5f0
[ 46.514230][ C0] ? kvm_sched_clock_read+0x14/0x40
[ 46.519437][ C0] ? sched_clock_cpu+0x69/0x2b0
[ 46.524396][ C0] ? tick_program_event+0xb4/0x140
[ 46.529513][ C0] run_timer_softirq+0xb3/0x1d0
[ 46.534376][ C0] __do_softirq+0x1f7/0xad8
[ 46.538893][ C0] do_softirq.part.0+0xde/0x130
[ 46.543754][ C0] </IRQ>
[ 46.546684][ C0] <TASK>
[ 46.549613][ C0] ? ip_finish_output2+0x7a2/0x2170
[ 46.554828][ C0] __local_bh_enable_ip+0x102/0x120
[ 46.560037][ C0] ip_finish_output2+0x7d0/0x2170
[ 46.565081][ C0] ? ip_fragment.constprop.0+0x240/0x240
[ 46.570731][ C0] ? ip_mc_finish_output+0x5a0/0x5a0
[ 46.576031][ C0] ? lock_acquire+0x4fc/0x630
[ 46.580714][ C0] __ip_finish_output+0x396/0x650
[ 46.585757][ C0] ip_finish_output+0x2d/0x280
[ 46.590556][ C0] ip_output+0x19f/0x310
[ 46.594829][ C0] __ip_queue_xmit+0x8de/0x1be0
[ 46.599706][ C0] __tcp_transmit_skb+0x1967/0x3800
[ 46.604915][ C0] ? __tcp_select_window+0xde0/0xde0
[ 46.610218][ C0] ? lock_release+0x810/0x810
[ 46.614907][ C0] ? tcp_write_xmit+0x31/0x6050
[ 46.619771][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 46.624655][ C0] ? trace_hardirqs_on+0x2d/0x160
[ 46.629685][ C0] ? ktime_get+0x38a/0x470
[ 46.634116][ C0] tcp_write_xmit+0xd89/0x6050
[ 46.638895][ C0] __tcp_push_pending_frames+0xaa/0x380
[ 46.644463][ C0] tcp_push+0x499/0x720
[ 46.648629][ C0] ? tcp_tx_timestamp+0x5b/0x2d0
[ 46.653576][ C0] tcp_sendmsg_locked+0x2439/0x2f90
[ 46.658795][ C0] ? lock_release+0x5cb/0x810
[ 46.663509][ C0] ? tcp_sendpage+0xd0/0xd0
[ 46.668062][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 46.673041][ C0] ? __local_bh_enable_ip+0xa0/0x120
[ 46.678349][ C0] tcp_sendmsg+0x2b/0x40
[ 46.682619][ C0] inet_sendmsg+0x99/0xe0
[ 46.686983][ C0] ? inet_send_prepare+0x4e0/0x4e0
[ 46.692144][ C0] sock_sendmsg+0xcf/0x120
[ 46.696585][ C0] sock_write_iter+0x291/0x3d0
[ 46.701367][ C0] ? sock_sendmsg+0x120/0x120
[ 46.706054][ C0] ? ns_to_timespec64+0xc0/0xc0
[ 46.710929][ C0] ? bpf_lsm_file_permission+0x5/0x10
[ 46.716315][ C0] ? security_file_permission+0xab/0xd0
[ 46.721899][ C0] vfs_write+0x9e9/0xdd0
[ 46.726160][ C0] ? vfs_read+0x930/0x930
[ 46.730532][ C0] ? __ct_user_exit+0xff/0x150
[ 46.735323][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 46.740197][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 46.745064][ C0] ? __fget_light+0x20a/0x270
[ 46.749789][ C0] ksys_write+0x1e8/0x250
[ 46.754147][ C0] ? __ia32_sys_read+0xb0/0xb0
[ 46.758933][ C0] ? syscall_enter_from_user_mode+0x22/0xb0
[ 46.764856][ C0] ? trace_hardirqs_on+0x2d/0x160
[ 46.769883][ C0] do_syscall_64+0x35/0xb0
[ 46.774561][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 46.780468][ C0] RIP: 0033:0x7fdf26d259a3
[ 46.784899][ C0] Code: 8b 15 d9 f4 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18
[ 46.804512][ C0] RSP: 002b:00007ffe57c1f998 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 46.812925][ C0] RAX: ffffffffffffffda RBX: 0000000000000074 RCX: 00007fdf26d259a3
[ 46.820906][ C0] RDX: 0000000000000074 RSI: 0000556870250640 RDI: 0000000000000004
[ 46.828879][ C0] RBP: 0000556870259410 R08: 0000000000000000 R09: 00007ffe57d07080
[ 46.836877][ C0] R10: 00007ffe57d070f0 R11: 0000000000000246 R12: 0000000000000004
[ 46.844855][ C0] R13: 0000000000000001 R14: 00007ffe57c1fa08 R15: 00007ffe57c1fa88
[ 46.852853][ C0] </TASK>
[ 46.855897][ C0]
[ 46.858214][ C0] The buggy address belongs to the physical page:
[ 46.866624][ C0] page:ffffea0001e06bc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x781af
[ 46.876774][ C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 46.883892][ C0] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 46.892667][ C0] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 46.901245][ C0] page dumped because: kasan: bad access detected
[ 46.907653][ C0] page_owner tracks the page as freed
[ 46.913009][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x2800(GFP_NOWAIT|__GFP_NOWARN), pid 3610, tgid 3610 (syz-executor369), ts 46289065833, free_ts 46289067130
[ 46.930293][ C0] get_page_from_freelist+0x1092/0x2d20
[ 46.935848][ C0] __alloc_pages+0x1c7/0x5a0
[ 46.940443][ C0] alloc_pages+0x1a6/0x270
[ 46.944883][ C0] __stack_depot_save+0x3e9/0x560
[ 46.949916][ C0] kasan_save_stack+0x31/0x40
[ 46.954618][ C0] kasan_set_track+0x21/0x30
[ 46.959218][ C0] kasan_save_free_info+0x2a/0x40
[ 46.964275][ C0] ____kasan_slab_free+0x160/0x1c0
[ 46.969401][ C0] slab_free_freelist_hook+0x8b/0x1c0
[ 46.974781][ C0] kmem_cache_free+0xea/0x5b0
[ 46.979469][ C0] kfree_skbmem+0xef/0x1b0
[ 46.983913][ C0] consume_skb+0xcf/0x160
[ 46.988255][ C0] kobject_uevent_env+0xc6c/0x1640
[ 46.993371][ C0] device_release_driver_internal+0x5c9/0x700
[ 46.999443][ C0] driver_detach+0xd5/0x1a0
[ 47.004038][ C0] bus_remove_driver+0x104/0x300
[ 47.008978][ C0] page last free stack trace:
[ 47.013641][ C0] free_pcp_prepare+0x65c/0xd90
[ 47.018527][ C0] free_unref_page+0x19/0x4d0
[ 47.023235][ C0] __stack_depot_save+0x169/0x560
[ 47.028269][ C0] kasan_save_stack+0x31/0x40
[ 47.032973][ C0] kasan_set_track+0x21/0x30
[ 47.037575][ C0] kasan_save_free_info+0x2a/0x40
[ 47.042605][ C0] ____kasan_slab_free+0x160/0x1c0
[ 47.047729][ C0] slab_free_freelist_hook+0x8b/0x1c0
[ 47.053112][ C0] kmem_cache_free+0xea/0x5b0
[ 47.057803][ C0] kfree_skbmem+0xef/0x1b0
[ 47.062236][ C0] consume_skb+0xcf/0x160
[ 47.066576][ C0] kobject_uevent_env+0xc6c/0x1640
[ 47.071690][ C0] device_release_driver_internal+0x5c9/0x700
[ 47.077763][ C0] driver_detach+0xd5/0x1a0
[ 47.082634][ C0] bus_remove_driver+0x104/0x300
[ 47.087572][ C0] driver_unregister+0x73/0xb0
[ 47.092356][ C0]
[ 47.094689][ C0] Memory state around the buggy address:
[ 47.100313][ C0] ffff8880781af300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 47.108406][ C0] ffff8880781af380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 47.116470][ C0] >ffff8880781af400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 47.124527][ C0] ^
[ 47.131193][ C0] ffff8880781af480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 47.139249][ C0] ffff8880781af500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 47.147303][ C0] ==================================================================
[ 47.155369][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 47.161947][ C0] CPU: 0 PID: 3604 Comm: sshd Not tainted 6.0.0-rc6-next-20220923-syzkaller #0
[ 47.170881][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[ 47.180962][ C0] Call Trace:
[ 47.184242][ C0] <IRQ>
[ 47.187094][ C0] dump_stack_lvl+0xcd/0x134
[ 47.191713][ C0] panic+0x2c8/0x622
[ 47.195611][ C0] ? panic_print_sys_info.part.0+0x110/0x110
[ 47.201620][ C0] end_report.part.0+0x3f/0x7c
[ 47.206416][ C0] ? ar5523_cmd_tx_cb+0x220/0x240
[ 47.211559][ C0] kasan_report.cold+0xa/0xf
[ 47.216161][ C0] ? ar5523_cmd_tx_cb+0x220/0x240
[ 47.221212][ C0] ar5523_cmd_tx_cb+0x220/0x240
[ 47.226097][ C0] __usb_hcd_giveback_urb+0x2b0/0x5c0
[ 47.231477][ C0] usb_hcd_giveback_urb+0x380/0x430
[ 47.236682][ C0] dummy_timer+0x11ff/0x32c0
[ 47.241286][ C0] ? do_raw_spin_unlock+0x171/0x230
[ 47.246514][ C0] ? rcu_read_lock_sched_held+0xd/0x70
[ 47.251987][ C0] ? rcu_read_lock_sched_held+0xd/0x70
[ 47.257472][ C0] ? lock_release+0x5cb/0x810
[ 47.262168][ C0] ? __queue_work+0x6d3/0x13b0
[ 47.267116][ C0] ? rcu_read_lock_sched_held+0xd/0x70
[ 47.272682][ C0] ? lock_acquire+0x4fc/0x630
[ 47.277366][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 47.282307][ C0] ? dummy_dequeue+0x500/0x500
[ 47.287093][ C0] call_timer_fn+0x1da/0x7c0
[ 47.291703][ C0] ? dummy_dequeue+0x500/0x500
[ 47.296475][ C0] ? lock_release+0x5cb/0x810
[ 47.301155][ C0] ? timer_fixup_activate+0x3e0/0x3e0
[ 47.306534][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 47.311388][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 47.316506][ C0] ? __next_timer_interrupt+0x234/0x2b0
[ 47.322072][ C0] ? dummy_dequeue+0x500/0x500
[ 47.326847][ C0] ? dummy_dequeue+0x500/0x500
[ 47.331643][ C0] ? dummy_dequeue+0x500/0x500
[ 47.336446][ C0] __run_timers.part.0+0x6a2/0xaf0
[ 47.341670][ C0] ? call_timer_fn+0x7c0/0x7c0
[ 47.346445][ C0] ? cpuacct_stats_show+0x5f0/0x5f0
[ 47.351667][ C0] ? kvm_sched_clock_read+0x14/0x40
[ 47.356870][ C0] ? sched_clock_cpu+0x69/0x2b0
[ 47.361813][ C0] ? tick_program_event+0xb4/0x140
[ 47.366929][ C0] run_timer_softirq+0xb3/0x1d0
[ 47.371790][ C0] __do_softirq+0x1f7/0xad8
[ 47.376299][ C0] do_softirq.part.0+0xde/0x130
[ 47.381180][ C0] </IRQ>
[ 47.384134][ C0] <TASK>
[ 47.387063][ C0] ? ip_finish_output2+0x7a2/0x2170
[ 47.392271][ C0] __local_bh_enable_ip+0x102/0x120
[ 47.397563][ C0] ip_finish_output2+0x7d0/0x2170
[ 47.402604][ C0] ? ip_fragment.constprop.0+0x240/0x240
[ 47.408249][ C0] ? ip_mc_finish_output+0x5a0/0x5a0
[ 47.413637][ C0] ? lock_acquire+0x4fc/0x630
[ 47.418420][ C0] __ip_finish_output+0x396/0x650
[ 47.423460][ C0] ip_finish_output+0x2d/0x280
[ 47.428334][ C0] ip_output+0x19f/0x310
[ 47.432591][ C0] __ip_queue_xmit+0x8de/0x1be0
[ 47.437492][ C0] __tcp_transmit_skb+0x1967/0x3800
[ 47.442716][ C0] ? __tcp_select_window+0xde0/0xde0
[ 47.448031][ C0] ? lock_release+0x810/0x810
[ 47.452809][ C0] ? tcp_write_xmit+0x31/0x6050
[ 47.457700][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 47.462583][ C0] ? trace_hardirqs_on+0x2d/0x160
[ 47.467617][ C0] ? ktime_get+0x38a/0x470
[ 47.472061][ C0] tcp_write_xmit+0xd89/0x6050
[ 47.476844][ C0] __tcp_push_pending_frames+0xaa/0x380
[ 47.482396][ C0] tcp_push+0x499/0x720
[ 47.486566][ C0] ? tcp_tx_timestamp+0x5b/0x2d0
[ 47.491523][ C0] tcp_sendmsg_locked+0x2439/0x2f90
[ 47.496735][ C0] ? lock_release+0x5cb/0x810
[ 47.501412][ C0] ? tcp_sendpage+0xd0/0xd0
[ 47.506109][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 47.511085][ C0] ? __local_bh_enable_ip+0xa0/0x120
[ 47.516477][ C0] tcp_sendmsg+0x2b/0x40
[ 47.520739][ C0] inet_sendmsg+0x99/0xe0
[ 47.525086][ C0] ? inet_send_prepare+0x4e0/0x4e0
[ 47.530214][ C0] sock_sendmsg+0xcf/0x120
[ 47.534641][ C0] sock_write_iter+0x291/0x3d0
[ 47.539412][ C0] ? sock_sendmsg+0x120/0x120
[ 47.544094][ C0] ? ns_to_timespec64+0xc0/0xc0
[ 47.548991][ C0] ? bpf_lsm_file_permission+0x5/0x10
[ 47.554404][ C0] ? security_file_permission+0xab/0xd0
[ 47.559975][ C0] vfs_write+0x9e9/0xdd0
[ 47.564239][ C0] ? vfs_read+0x930/0x930
[ 47.568612][ C0] ? __ct_user_exit+0xff/0x150
[ 47.573518][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 47.578379][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 47.583238][ C0] ? __fget_light+0x20a/0x270
[ 47.587936][ C0] ksys_write+0x1e8/0x250
[ 47.592301][ C0] ? __ia32_sys_read+0xb0/0xb0
[ 47.597081][ C0] ? syscall_enter_from_user_mode+0x22/0xb0
[ 47.602985][ C0] ? trace_hardirqs_on+0x2d/0x160
[ 47.608017][ C0] do_syscall_64+0x35/0xb0
[ 47.612437][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 47.618346][ C0] RIP: 0033:0x7fdf26d259a3
[ 47.622763][ C0] Code: 8b 15 d9 f4 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18
[ 47.642399][ C0] RSP: 002b:00007ffe57c1f998 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 47.650834][ C0] RAX: ffffffffffffffda RBX: 0000000000000074 RCX: 00007fdf26d259a3
[ 47.658817][ C0] RDX: 0000000000000074 RSI: 0000556870250640 RDI: 0000000000000004
[ 47.666794][ C0] RBP: 0000556870259410 R08: 0000000000000000 R09: 00007ffe57d07080
[ 47.674787][ C0] R10: 00007ffe57d070f0 R11: 0000000000000246 R12: 0000000000000004
[ 47.682761][ C0] R13: 0000000000000001 R14: 00007ffe57c1fa08 R15: 00007ffe57c1fa88
[ 47.690743][ C0] </TASK>
[ 47.693906][ C0] Kernel Offset: disabled
[ 47.698222][ C0] Rebooting in 86400 seconds..