Warning: Permanently added '10.128.0.133' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 51.381406][ T3266] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 51.661728][ T3266] usb 1-1: too many configurations: 90, using maximum allowed: 8
[ 52.461876][ T3266] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 52.470948][ T3266] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 52.479596][ T3266] usb 1-1: Product: syz
[ 52.483858][ T3266] usb 1-1: Manufacturer: syz
[ 52.488463][ T3266] usb 1-1: SerialNumber: syz
[ 52.532823][ T3266] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 53.111490][ T3266] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 54.131443][ T3266] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 54.138581][ T3266] ath9k_htc: Failed to initialize the device
[ 54.211335][ C0] ==================================================================
[ 54.219418][ C0] BUG: KASAN: slab-out-of-bounds in ath9k_hif_usb_rx_cb+0x1120/0x1130
[ 54.227567][ C0] Read of size 4 at addr ffff8880739142f4 by task swapper/0/0
[ 54.234997][ C0]
[ 54.237302][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0
[ 54.246645][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[ 54.256677][ C0] Call Trace:
[ 54.259955][ C0]
[ 54.262781][ C0] dump_stack_lvl+0x1e3/0x2cb
[ 54.267449][ C0] ? io_notif_register+0x5e7/0x5e7
[ 54.272538][ C0] ? _printk+0xcf/0x10f
[ 54.276671][ C0] ? __wake_up_klogd+0xd6/0x100
[ 54.281500][ C0] ? __wake_up_klogd+0xcd/0x100
[ 54.286347][ C0] ? panic+0x76e/0x76e
[ 54.290407][ C0] ? _printk+0xcf/0x10f
[ 54.294539][ C0] print_address_description+0x65/0x4b0
[ 54.300067][ C0] print_report+0xf4/0x210
[ 54.304461][ C0] ? __lock_acquire+0x1f80/0x1f80
[ 54.309464][ C0] ? do_raw_spin_lock+0x148/0x360
[ 54.314468][ C0] ? ath9k_hif_usb_rx_cb+0x1120/0x1130
[ 54.319907][ C0] kasan_report+0xfb/0x130
[ 54.324303][ C0] ? ath9k_hif_usb_rx_cb+0x1120/0x1130
[ 54.329739][ C0] ath9k_hif_usb_rx_cb+0x1120/0x1130
[ 54.335015][ C0] ? do_raw_spin_lock+0x148/0x360
[ 54.340019][ C0] ? ath9k_hif_usb_alloc_urbs+0xe90/0xe90
[ 54.345719][ C0] __usb_hcd_giveback_urb+0x369/0x530
[ 54.351074][ C0] dummy_timer+0x86b/0x3110
[ 54.355558][ C0] ? cpufreq_update_util+0x8a/0x240
[ 54.360744][ C0] ? dummy_free_streams+0x320/0x320
[ 54.365922][ C0] ? trace_lock_release+0x7a/0x190
[ 54.371012][ C0] ? dummy_free_streams+0x320/0x320
[ 54.376188][ C0] call_timer_fn+0xf5/0x210
[ 54.380690][ C0] ? dummy_free_streams+0x320/0x320
[ 54.385864][ C0] ? dummy_free_streams+0x320/0x320
[ 54.391059][ C0] ? __run_timers+0x980/0x980
[ 54.395713][ C0] ? do_raw_spin_unlock+0x134/0x8a0
[ 54.400890][ C0] ? dummy_free_streams+0x320/0x320
[ 54.406064][ C0] ? _raw_spin_unlock_irq+0x1f/0x40
[ 54.411240][ C0] ? lockdep_hardirqs_on+0x95/0x140
[ 54.416414][ C0] ? dummy_free_streams+0x320/0x320
[ 54.421589][ C0] __run_timers+0x76a/0x980
[ 54.426075][ C0] ? trace_timer_cancel+0x210/0x210
[ 54.431269][ C0] ? print_irqtrace_events+0x220/0x220
[ 54.436705][ C0] run_timer_softirq+0x63/0xf0
[ 54.441458][ C0] __do_softirq+0x382/0x793
[ 54.445940][ C0] ? __irq_exit_rcu+0xec/0x170
[ 54.450683][ C0] ? __entry_text_end+0x1feacb/0x1feacb
[ 54.456210][ C0] __irq_exit_rcu+0xec/0x170
[ 54.460777][ C0] ? irq_exit_rcu+0x20/0x20
[ 54.465260][ C0] irq_exit_rcu+0x5/0x20
[ 54.469482][ C0] sysvec_apic_timer_interrupt+0x91/0xb0
[ 54.475528][ C0]
[ 54.478443][ C0]
[ 54.481353][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 54.487311][ C0] RIP: 0010:acpi_idle_enter+0x43d/0x7a0
[ 54.492838][ C0] Code: ff e8 07 1b 53 f7 48 83 e3 08 44 8b 7c 24 04 0f 85 10 01 00 00 e8 c3 c2 59 f7 66 90 e8 2c 16 53 f7 0f 00 2d 55 7c c0 00 fb f4 <4c> 89 e3 48 c1 eb 03 42 80 3c 2b 00 74 08 4c 89 e7 e8 4d e2 a5 f7
[ 54.512429][ C0] RSP: 0018:ffffffff8c807ba0 EFLAGS: 000002d3
[ 54.518476][ C0] RAX: ffffffff8a350a84 RBX: 0000000000000000 RCX: ffffffff8c8bb8c0
[ 54.526442][ C0] RDX: 0000000000000000 RSI: ffffffff8a8d2fe0 RDI: ffffffff8ae9a7c0
[ 54.534392][ C0] RBP: ffffffff8c807c50 R08: ffffffff8a350a69 R09: fffffbfff1917719
[ 54.542366][ C0] R10: fffffbfff1917719 R11: 1ffffffff1917718 R12: ffffffff8c807be0
[ 54.550317][ C0] R13: dffffc0000000000 R14: ffff8881459a9000 R15: 0000000000000001
[ 54.558269][ C0] ? acpi_idle_enter+0x419/0x7a0
[ 54.563189][ C0] ? acpi_idle_enter+0x434/0x7a0
[ 54.568113][ C0] ? intel_idle_xstate+0x90/0x90
[ 54.573030][ C0] cpuidle_enter_state+0x517/0xed0
[ 54.578124][ C0] ? cpuidle_enter_s2idle+0x6b0/0x6b0
[ 54.583474][ C0] ? menu_enable_device+0x370/0x370
[ 54.588652][ C0] cpuidle_enter+0x59/0x90
[ 54.593067][ C0] do_idle+0x3d2/0x640
[ 54.597135][ C0] ? idle_inject_timer_fn+0x60/0x60
[ 54.602312][ C0] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 54.608204][ C0] cpu_startup_entry+0x15/0x20
[ 54.612944][ C0] rest_init+0x24f/0x270
[ 54.617164][ C0] ? time_init+0x33/0x33
[ 54.621389][ C0] arch_call_rest_init+0xa/0xa
[ 54.626133][ C0] start_kernel+0x4ac/0x55b
[ 54.630612][ C0] secondary_startup_64_no_verify+0xcf/0xdb
[ 54.636488][ C0]
[ 54.639487][ C0]
[ 54.641789][ C0] Allocated by task 0:
[ 54.645828][ C0] (stack is not available)
[ 54.650213][ C0]
[ 54.652515][ C0] The buggy address belongs to the object at ffff888073914000
[ 54.652515][ C0] which belongs to the cache kmalloc-4k of size 4096
[ 54.666545][ C0] The buggy address is located 756 bytes inside of
[ 54.666545][ C0] 4096-byte region [ffff888073914000, ffff888073915000)
[ 54.679907][ C0]
[ 54.682220][ C0] The buggy address belongs to the physical page:
[ 54.688606][ C0] page:ffffea0001ce4400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x73910
[ 54.698730][ C0] head:ffffea0001ce4400 order:3 compound_mapcount:0 compound_pincount:0
[ 54.707032][ C0] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 54.714996][ C0] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888011c42140
[ 54.723557][ C0] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[ 54.732137][ C0] page dumped because: kasan: bad access detected
[ 54.738521][ C0] page_owner tracks the page as allocated
[ 54.744209][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3603, tgid 3603 (syz-executor349), ts 54191663101, free_ts 54138553636
[ 54.765014][ C0] get_page_from_freelist+0x72b/0x7a0
[ 54.770367][ C0] __alloc_pages+0x259/0x560
[ 54.774935][ C0] alloc_slab_page+0x70/0xf0
[ 54.779520][ C0] allocate_slab+0x5e/0x520
[ 54.783998][ C0] ___slab_alloc+0x42e/0xce0
[ 54.788563][ C0] __kmalloc+0x2bd/0x370
[ 54.792784][ C0] tomoyo_realpath_from_path+0xd8/0x5f0
[ 54.798320][ C0] tomoyo_path_number_perm+0x219/0x7b0
[ 54.803755][ C0] security_file_ioctl+0x55/0xb0
[ 54.808673][ C0] __se_sys_ioctl+0x48/0x170
[ 54.813238][ C0] do_syscall_64+0x2b/0x70
[ 54.817630][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.823513][ C0] page last free stack trace:
[ 54.828170][ C0] free_pcp_prepare+0x812/0x900
[ 54.833010][ C0] free_unref_page+0x7d/0x390
[ 54.837676][ C0] free_large_kmalloc+0xeb/0x1a0
[ 54.842599][ C0] kfree+0x182/0x210
[ 54.846487][ C0] device_release+0x98/0x1c0
[ 54.851075][ C0] kobject_cleanup+0x235/0x470
[ 54.855822][ C0] ath9k_htc_probe_device+0xfe8/0x2090
[ 54.861272][ C0] ath9k_htc_hw_init+0x30/0x70
[ 54.866024][ C0] ath9k_hif_usb_firmware_cb+0x250/0x4d0
[ 54.871640][ C0] request_firmware_work_func+0x198/0x270
[ 54.877337][ C0] process_one_work+0x81c/0xd10
[ 54.882168][ C0] worker_thread+0xb14/0x1330
[ 54.886821][ C0] kthread+0x266/0x300
[ 54.890884][ C0] ret_from_fork+0x1f/0x30
[ 54.895288][ C0]
[ 54.897597][ C0] Memory state around the buggy address:
[ 54.903209][ C0] ffff888073914180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.911258][ C0] ffff888073914200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.919327][ C0] >ffff888073914280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.927364][ C0] ^
[ 54.935062][ C0] ffff888073914300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.943111][ C0] ffff888073914380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.951146][ C0] ==================================================================
[ 54.959185][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 54.965742][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0
[ 54.975098][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[ 54.985185][ C0] Call Trace:
[ 54.988449][ C0]
[ 54.991284][ C0] dump_stack_lvl+0x1e3/0x2cb
[ 54.995948][ C0] ? io_notif_register+0x5e7/0x5e7
[ 55.001039][ C0] ? panic+0x76e/0x76e
[ 55.005094][ C0] ? vscnprintf+0x59/0x80
[ 55.009413][ C0] panic+0x312/0x76e
[ 55.013292][ C0] ? fb_is_primary_device+0xcc/0xcc
[ 55.018467][ C0] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 55.024344][ C0] ? ath9k_hif_usb_rx_cb+0x1120/0x1130
[ 55.029796][ C0] end_report+0x91/0xa0
[ 55.033941][ C0] kasan_report+0x108/0x130
[ 55.038429][ C0] ? ath9k_hif_usb_rx_cb+0x1120/0x1130
[ 55.043872][ C0] ath9k_hif_usb_rx_cb+0x1120/0x1130
[ 55.049144][ C0] ? do_raw_spin_lock+0x148/0x360
[ 55.054165][ C0] ? ath9k_hif_usb_alloc_urbs+0xe90/0xe90
[ 55.059872][ C0] __usb_hcd_giveback_urb+0x369/0x530
[ 55.065229][ C0] dummy_timer+0x86b/0x3110
[ 55.069715][ C0] ? cpufreq_update_util+0x8a/0x240
[ 55.074906][ C0] ? dummy_free_streams+0x320/0x320
[ 55.080086][ C0] ? trace_lock_release+0x7a/0x190
[ 55.085179][ C0] ? dummy_free_streams+0x320/0x320
[ 55.090357][ C0] call_timer_fn+0xf5/0x210
[ 55.094839][ C0] ? dummy_free_streams+0x320/0x320
[ 55.100015][ C0] ? dummy_free_streams+0x320/0x320
[ 55.105191][ C0] ? __run_timers+0x980/0x980
[ 55.109850][ C0] ? do_raw_spin_unlock+0x134/0x8a0
[ 55.115027][ C0] ? dummy_free_streams+0x320/0x320
[ 55.120202][ C0] ? _raw_spin_unlock_irq+0x1f/0x40
[ 55.125383][ C0] ? lockdep_hardirqs_on+0x95/0x140
[ 55.130563][ C0] ? dummy_free_streams+0x320/0x320
[ 55.135742][ C0] __run_timers+0x76a/0x980
[ 55.140230][ C0] ? trace_timer_cancel+0x210/0x210
[ 55.145410][ C0] ? print_irqtrace_events+0x220/0x220
[ 55.150864][ C0] run_timer_softirq+0x63/0xf0
[ 55.155606][ C0] __do_softirq+0x382/0x793
[ 55.160094][ C0] ? __irq_exit_rcu+0xec/0x170
[ 55.164834][ C0] ? __entry_text_end+0x1feacb/0x1feacb
[ 55.170358][ C0] __irq_exit_rcu+0xec/0x170
[ 55.174929][ C0] ? irq_exit_rcu+0x20/0x20
[ 55.179411][ C0] irq_exit_rcu+0x5/0x20
[ 55.183635][ C0] sysvec_apic_timer_interrupt+0x91/0xb0
[ 55.189248][ C0]
[ 55.192161][ C0]
[ 55.195073][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 55.201033][ C0] RIP: 0010:acpi_idle_enter+0x43d/0x7a0
[ 55.206572][ C0] Code: ff e8 07 1b 53 f7 48 83 e3 08 44 8b 7c 24 04 0f 85 10 01 00 00 e8 c3 c2 59 f7 66 90 e8 2c 16 53 f7 0f 00 2d 55 7c c0 00 fb f4 <4c> 89 e3 48 c1 eb 03 42 80 3c 2b 00 74 08 4c 89 e7 e8 4d e2 a5 f7
[ 55.226179][ C0] RSP: 0018:ffffffff8c807ba0 EFLAGS: 000002d3
[ 55.232228][ C0] RAX: ffffffff8a350a84 RBX: 0000000000000000 RCX: ffffffff8c8bb8c0
[ 55.240181][ C0] RDX: 0000000000000000 RSI: ffffffff8a8d2fe0 RDI: ffffffff8ae9a7c0
[ 55.248135][ C0] RBP: ffffffff8c807c50 R08: ffffffff8a350a69 R09: fffffbfff1917719
[ 55.256084][ C0] R10: fffffbfff1917719 R11: 1ffffffff1917718 R12: ffffffff8c807be0
[ 55.264140][ C0] R13: dffffc0000000000 R14: ffff8881459a9000 R15: 0000000000000001
[ 55.272096][ C0] ? acpi_idle_enter+0x419/0x7a0
[ 55.277021][ C0] ? acpi_idle_enter+0x434/0x7a0
[ 55.281941][ C0] ? intel_idle_xstate+0x90/0x90
[ 55.286862][ C0] cpuidle_enter_state+0x517/0xed0
[ 55.291956][ C0] ? cpuidle_enter_s2idle+0x6b0/0x6b0
[ 55.297308][ C0] ? menu_enable_device+0x370/0x370
[ 55.302503][ C0] cpuidle_enter+0x59/0x90
[ 55.306899][ C0] do_idle+0x3d2/0x640
[ 55.310951][ C0] ? idle_inject_timer_fn+0x60/0x60
[ 55.316131][ C0] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 55.322020][ C0] cpu_startup_entry+0x15/0x20
[ 55.326764][ C0] rest_init+0x24f/0x270
[ 55.330999][ C0] ? time_init+0x33/0x33
[ 55.335224][ C0] arch_call_rest_init+0xa/0xa
[ 55.339966][ C0] start_kernel+0x4ac/0x55b
[ 55.344446][ C0] secondary_startup_64_no_verify+0xcf/0xdb
[ 55.350325][ C0]
[ 55.353498][ C0] Kernel Offset: disabled
[ 55.357812][ C0] Rebooting in 86400 seconds..