Warning: Permanently added '10.128.0.196' (ECDSA) to the list of known hosts.
executing program
[ 46.096712][ T145] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 46.616789][ T145] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 46.616806][ T145] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 46.616826][ T145] usb 1-1: Product: syz
[ 46.616833][ T145] usb 1-1: Manufacturer: syz
[ 46.616839][ T145] usb 1-1: SerialNumber: syz
[ 46.658301][ T145] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 47.226707][ T145] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 48.246707][ T145] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 48.247004][ T145] ath9k_htc: Failed to initialize the device
[ 48.436640][ C1] ==================================================================
[ 48.436649][ C1] BUG: KASAN: slab-out-of-bounds in ath9k_hif_usb_rx_cb+0xa65/0x1130
[ 48.436677][ C1] Read of size 4 at addr ffff888074acc2e8 by task swapper/1/0
[ 48.436685][ C1]
[ 48.436689][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.19.0-rc2-syzkaller #0
[ 48.436698][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 48.436704][ C1] Call Trace:
[ 48.436707][ C1]
[ 48.436711][ C1] dump_stack_lvl+0x1e3/0x2cb
[ 48.436728][ C1] ? bfq_pos_tree_add_move+0x436/0x436
[ 48.436737][ C1] ? _printk+0xcf/0x10f
[ 48.436744][ C1] ? __wake_up_klogd+0xd6/0x100
[ 48.436755][ C1] ? __wake_up_klogd+0xcd/0x100
[ 48.436763][ C1] ? panic+0x76e/0x76e
[ 48.436771][ C1] ? _printk+0xcf/0x10f
[ 48.436779][ C1] print_address_description+0x65/0x4b0
[ 48.436791][ C1] print_report+0xf4/0x210
[ 48.436800][ C1] ? __netdev_alloc_skb+0x103/0x4d0
[ 48.436810][ C1] ? ath9k_hif_usb_rx_cb+0xa65/0x1130
[ 48.436819][ C1] kasan_report+0xfb/0x130
[ 48.436828][ C1] ? ath9k_hif_usb_rx_cb+0xa65/0x1130
[ 48.436837][ C1] ath9k_hif_usb_rx_cb+0xa65/0x1130
[ 48.436849][ C1] ? ath9k_hif_usb_alloc_urbs+0xe90/0xe90
[ 48.436861][ C1] __usb_hcd_giveback_urb+0x369/0x530
[ 48.436872][ C1] dummy_timer+0x86b/0x3110
[ 48.436894][ C1] ? dummy_free_streams+0x320/0x320
[ 48.436902][ C1] ? trace_lock_release+0x7a/0x190
[ 48.436914][ C1] ? dummy_free_streams+0x320/0x320
[ 48.436922][ C1] call_timer_fn+0xf5/0x210
[ 48.436930][ C1] ? dummy_free_streams+0x320/0x320
[ 48.436939][ C1] ? dummy_free_streams+0x320/0x320
[ 48.436947][ C1] ? __run_timers+0x980/0x980
[ 48.436956][ C1] ? do_raw_spin_unlock+0x134/0x8a0
[ 48.436965][ C1] ? dummy_free_streams+0x320/0x320
[ 48.436973][ C1] ? _raw_spin_unlock_irq+0x1f/0x40
[ 48.436985][ C1] ? lockdep_hardirqs_on+0x95/0x140
[ 48.436993][ C1] ? dummy_free_streams+0x320/0x320
[ 48.437002][ C1] __run_timers+0x76a/0x980
[ 48.437012][ C1] ? trace_timer_cancel+0x210/0x210
[ 48.437021][ C1] ? print_irqtrace_events+0x220/0x220
[ 48.437032][ C1] run_timer_softirq+0x63/0xf0
[ 48.437040][ C1] __do_softirq+0x382/0x793
[ 48.437049][ C1] ? __irq_exit_rcu+0xec/0x170
[ 48.437059][ C1] ? __entry_text_end+0x1fec88/0x1fec88
[ 48.437069][ C1] __irq_exit_rcu+0xec/0x170
[ 48.437077][ C1] ? irq_exit_rcu+0x20/0x20
[ 48.437087][ C1] irq_exit_rcu+0x5/0x20
[ 48.437094][ C1] sysvec_apic_timer_interrupt+0x91/0xb0
[ 48.437103][ C1]
[ 48.437105][ C1]
[ 48.437108][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 48.437117][ C1] RIP: 0010:acpi_idle_enter+0x43d/0x7a0
[ 48.437128][ C1] Code: ff e8 c7 a2 f4 fc 48 83 e3 08 44 8b 7c 24 04 0f 85 10 01 00 00 e8 33 4a fb fc eb 0c e8 ec 9d f4 fc 0f 00 2d 15 6d 62 06 fb f4 <4c> 89 e3 48 c1 eb 03 42 80 3c 2b 00 74 08 4c 89 e7 e8 dd 88 47 fd
[ 48.437136][ C1] RSP: 0018:ffffc90000187c00 EFLAGS: 00000286
[ 48.437145][ C1] RAX: b7883739ca2ee400 RBX: 0000000000000000 RCX: ffffffff9153de03
[ 48.437151][ C1] RDX: dffffc0000000000 RSI: ffffffff8a8d2120 RDI: ffffffff8ae98a60
[ 48.437158][ C1] RBP: ffffc90000187cb0 R08: ffffffff8492f889 R09: ffffed10023fc761
[ 48.437164][ C1] R10: ffffed10023fc761 R11: 1ffff110023fc760 R12: ffffc90000187c40
[ 48.437170][ C1] R13: dffffc0000000000 R14: ffff8881459eb000 R15: 0000000000000001
[ 48.437178][ C1] ? acpi_idle_enter+0x419/0x7a0
[ 48.437189][ C1] ? acpi_idle_lpi_enter+0xe0/0xe0
[ 48.437200][ C1] cpuidle_enter_state+0x517/0xed0
[ 48.437213][ C1] ? cpuidle_enter_s2idle+0x6b0/0x6b0
[ 48.437223][ C1] ? menu_enable_device+0x370/0x370
[ 48.437233][ C1] cpuidle_enter+0x59/0x90
[ 48.437242][ C1] do_idle+0x3d2/0x640
[ 48.437252][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 48.437263][ C1] cpu_startup_entry+0x15/0x20
[ 48.437271][ C1] start_secondary+0xe4/0xf0
[ 48.437282][ C1] secondary_startup_64_no_verify+0xcf/0xdb
[ 48.437296][ C1]
[ 48.437298][ C1]
[ 48.437300][ C1] Allocated by task 0:
[ 48.437303][ C1] (stack is not available)
[ 48.437305][ C1]
[ 48.437306][ C1] The buggy address belongs to the object at ffff888074acc000
[ 48.437306][ C1] which belongs to the cache kmalloc-4k of size 4096
[ 48.437313][ C1] The buggy address is located 744 bytes inside of
[ 48.437313][ C1] 4096-byte region [ffff888074acc000, ffff888074acd000)
[ 48.437321][ C1]
[ 48.437323][ C1] The buggy address belongs to the physical page:
[ 48.437327][ C1] page:ffffea0001d2b200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x74ac8
[ 48.437337][ C1] head:ffffea0001d2b200 order:3 compound_mapcount:0 compound_pincount:0
[ 48.437344][ C1] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 48.437356][ C1] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888011c42140
[ 48.437364][ C1] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[ 48.437367][ C1] page dumped because: kasan: bad access detected
[ 48.437372][ C1] page_owner tracks the page as allocated
[ 48.437375][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2960, tgid 2960 (syslogd), ts 48257796874, free_ts 48246976268
[ 48.437390][ C1] get_page_from_freelist+0x72b/0x7a0
[ 48.437400][ C1] __alloc_pages+0x259/0x560
[ 48.437407][ C1] alloc_slab_page+0x70/0xf0
[ 48.437415][ C1] allocate_slab+0x5e/0x520
[ 48.437421][ C1] ___slab_alloc+0x41e/0xcd0
[ 48.437428][ C1] __kmalloc+0x2ba/0x370
[ 48.437434][ C1] tomoyo_realpath_from_path+0xd8/0x5f0
[ 48.437456][ C1] tomoyo_path_perm+0x270/0x6b0
[ 48.437465][ C1] security_inode_getattr+0xc0/0x140
[ 48.437476][ C1] vfs_getattr+0x26/0x360
[ 48.437484][ C1] vfs_statx+0x183/0x3f0
[ 48.437491][ C1] __se_sys_newfstatat+0xf6/0x790
[ 48.437500][ C1] do_syscall_64+0x2b/0x70
[ 48.437508][ C1] entry_SYSCALL_64_after_hwframe+0x46/0xb0
[ 48.437519][ C1] page last free stack trace:
[ 48.437521][ C1] free_pcp_prepare+0x812/0x900
[ 48.437530][ C1] free_unref_page+0x7d/0x390
[ 48.437537][ C1] free_large_kmalloc+0xeb/0x1a0
[ 48.437544][ C1] kfree+0x188/0x210
[ 48.437550][ C1] device_release+0x98/0x1c0
[ 48.437558][ C1] kobject_cleanup+0x235/0x470
[ 48.437567][ C1] ath9k_htc_probe_device+0xfe8/0x2090
[ 48.437576][ C1] ath9k_htc_hw_init+0x30/0x70
[ 48.437583][ C1] ath9k_hif_usb_firmware_cb+0x250/0x4d0
[ 48.437590][ C1] request_firmware_work_func+0x198/0x270
[ 48.437600][ C1] process_one_work+0x81c/0xd10
[ 48.437609][ C1] worker_thread+0xb14/0x1330
[ 48.437616][ C1] kthread+0x266/0x300
[ 48.437623][ C1] ret_from_fork+0x1f/0x30
[ 48.437631][ C1]
[ 48.437632][ C1] Memory state around the buggy address:
[ 48.437636][ C1] ffff888074acc180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 48.437641][ C1] ffff888074acc200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 48.437646][ C1] >ffff888074acc280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 48.437650][ C1] ^
[ 48.437654][ C1] ffff888074acc300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 48.437659][ C1] ffff888074acc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 48.437662][ C1] ==================================================================
[ 48.437666][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 49.158104][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.19.0-rc2-syzkaller #0
[ 49.166060][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 49.176106][ C1] Call Trace:
[ 49.179368][ C1]
[ 49.182197][ C1] dump_stack_lvl+0x1e3/0x2cb
[ 49.186860][ C1] ? bfq_pos_tree_add_move+0x436/0x436
[ 49.192302][ C1] ? panic+0x76e/0x76e
[ 49.196348][ C1] ? vscnprintf+0x59/0x80
[ 49.200659][ C1] panic+0x312/0x76e
[ 49.204547][ C1] ? fb_is_primary_device+0xcc/0xcc
[ 49.209728][ C1] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 49.215606][ C1] ? ath9k_hif_usb_rx_cb+0xa65/0x1130
[ 49.220957][ C1] end_report+0x91/0xa0
[ 49.225093][ C1] kasan_report+0x108/0x130
[ 49.229578][ C1] ? ath9k_hif_usb_rx_cb+0xa65/0x1130
[ 49.234930][ C1] ath9k_hif_usb_rx_cb+0xa65/0x1130
[ 49.240110][ C1] ? ath9k_hif_usb_alloc_urbs+0xe90/0xe90
[ 49.245824][ C1] __usb_hcd_giveback_urb+0x369/0x530
[ 49.251195][ C1] dummy_timer+0x86b/0x3110
[ 49.255700][ C1] ? dummy_free_streams+0x320/0x320
[ 49.260877][ C1] ? trace_lock_release+0x7a/0x190
[ 49.265983][ C1] ? dummy_free_streams+0x320/0x320
[ 49.271163][ C1] call_timer_fn+0xf5/0x210
[ 49.275659][ C1] ? dummy_free_streams+0x320/0x320
[ 49.280837][ C1] ? dummy_free_streams+0x320/0x320
[ 49.286012][ C1] ? __run_timers+0x980/0x980
[ 49.290674][ C1] ? do_raw_spin_unlock+0x134/0x8a0
[ 49.295856][ C1] ? dummy_free_streams+0x320/0x320
[ 49.301033][ C1] ? _raw_spin_unlock_irq+0x1f/0x40
[ 49.306216][ C1] ? lockdep_hardirqs_on+0x95/0x140
[ 49.311397][ C1] ? dummy_free_streams+0x320/0x320
[ 49.316576][ C1] __run_timers+0x76a/0x980
[ 49.321062][ C1] ? trace_timer_cancel+0x210/0x210
[ 49.326241][ C1] ? print_irqtrace_events+0x220/0x220
[ 49.331679][ C1] run_timer_softirq+0x63/0xf0
[ 49.336421][ C1] __do_softirq+0x382/0x793
[ 49.340903][ C1] ? __irq_exit_rcu+0xec/0x170
[ 49.345646][ C1] ? __entry_text_end+0x1fec88/0x1fec88
[ 49.351187][ C1] __irq_exit_rcu+0xec/0x170
[ 49.355755][ C1] ? irq_exit_rcu+0x20/0x20
[ 49.360236][ C1] irq_exit_rcu+0x5/0x20
[ 49.364455][ C1] sysvec_apic_timer_interrupt+0x91/0xb0
[ 49.370069][ C1]
[ 49.372997][ C1]
[ 49.375909][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 49.381870][ C1] RIP: 0010:acpi_idle_enter+0x43d/0x7a0
[ 49.387397][ C1] Code: ff e8 c7 a2 f4 fc 48 83 e3 08 44 8b 7c 24 04 0f 85 10 01 00 00 e8 33 4a fb fc eb 0c e8 ec 9d f4 fc 0f 00 2d 15 6d 62 06 fb f4 <4c> 89 e3 48 c1 eb 03 42 80 3c 2b 00 74 08 4c 89 e7 e8 dd 88 47 fd
[ 49.406979][ C1] RSP: 0018:ffffc90000187c00 EFLAGS: 00000286
[ 49.413024][ C1] RAX: b7883739ca2ee400 RBX: 0000000000000000 RCX: ffffffff9153de03
[ 49.420973][ C1] RDX: dffffc0000000000 RSI: ffffffff8a8d2120 RDI: ffffffff8ae98a60
[ 49.428922][ C1] RBP: ffffc90000187cb0 R08: ffffffff8492f889 R09: ffffed10023fc761
[ 49.436887][ C1] R10: ffffed10023fc761 R11: 1ffff110023fc760 R12: ffffc90000187c40
[ 49.444850][ C1] R13: dffffc0000000000 R14: ffff8881459eb000 R15: 0000000000000001
[ 49.452804][ C1] ? acpi_idle_enter+0x419/0x7a0
[ 49.457742][ C1] ? acpi_idle_lpi_enter+0xe0/0xe0
[ 49.462834][ C1] cpuidle_enter_state+0x517/0xed0
[ 49.467930][ C1] ? cpuidle_enter_s2idle+0x6b0/0x6b0
[ 49.473295][ C1] ? menu_enable_device+0x370/0x370
[ 49.478473][ C1] cpuidle_enter+0x59/0x90
[ 49.482871][ C1] do_idle+0x3d2/0x640
[ 49.486921][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 49.492122][ C1] cpu_startup_entry+0x15/0x20
[ 49.496866][ C1] start_secondary+0xe4/0xf0
[ 49.501440][ C1] secondary_startup_64_no_verify+0xcf/0xdb
[ 49.507314][ C1]
[ 49.510401][ C1] Kernel Offset: disabled
[ 49.514723][ C1] Rebooting in 86400 seconds..