DUID 00:04:48:2f:83:80:5e:82:2f:af:2e:03:8c:bf:d4:14:8e:03
forked to background, child pid 3186
[   25.392316][ T3187] 8021q: adding VLAN 0 to HW filter on device bond0
[   25.406486][ T3187] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.201' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   46.197486][    T6] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   46.717661][    T6] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   46.726785][    T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   46.735298][    T6] usb 1-1: Product: syz
[   46.739612][    T6] usb 1-1: Manufacturer: syz
[   46.744202][    T6] usb 1-1: SerialNumber: syz
[   46.802003][    T6] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   47.377581][    T6] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   47.597872][    C0] usb 1-1: ath9k_htc: over RX MAX_PKT_NUM
[   47.797571][    C0] usb 1-1: ath9k_htc: over RX MAX_PKT_NUM
[   47.997556][    C0] usb 1-1: ath9k_htc: over RX MAX_PKT_NUM
[   48.197535][    C0] usb 1-1: ath9k_htc: over RX MAX_PKT_NUM
[   48.397526][    C0] usb 1-1: ath9k_htc: over RX MAX_PKT_NUM
[   48.417501][    T6] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[   48.424703][    T6] ath9k_htc: Failed to initialize the device
[   48.597448][    C0] ==================================================================
[   48.605525][    C0] BUG: KASAN: slab-out-of-bounds in ath9k_hif_usb_rx_cb+0xa65/0x1130
[   48.613591][    C0] Read of size 4 at addr ffff8880760ec2e8 by task swapper/0/0
[   48.621027][    C0] 
[   48.623339][    C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.19.0-rc5-syzkaller-00250-gd9919d43cbf6 #0
[   48.633031][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[   48.643069][    C0] Call Trace:
[   48.646332][    C0]  <IRQ>
[   48.649163][    C0]  dump_stack_lvl+0x1e3/0x2cb
[   48.653869][    C0]  ? bfq_pos_tree_add_move+0x436/0x436
[   48.659313][    C0]  ? _printk+0xcf/0x10f
[   48.663455][    C0]  ? __wake_up_klogd+0xd6/0x100
[   48.668292][    C0]  ? __wake_up_klogd+0xcd/0x100
[   48.673123][    C0]  ? panic+0x76e/0x76e
[   48.677171][    C0]  ? _printk+0xcf/0x10f
[   48.681316][    C0]  print_address_description+0x65/0x4b0
[   48.686850][    C0]  print_report+0xf4/0x210
[   48.691260][    C0]  ? __netdev_alloc_skb+0x103/0x4d0
[   48.696494][    C0]  ? ath9k_hif_usb_rx_cb+0xa65/0x1130
[   48.701858][    C0]  kasan_report+0xfb/0x130
[   48.706270][    C0]  ? ath9k_hif_usb_rx_cb+0xa65/0x1130
[   48.711633][    C0]  ath9k_hif_usb_rx_cb+0xa65/0x1130
[   48.716827][    C0]  ? ath9k_hif_usb_alloc_urbs+0xe90/0xe90
[   48.722546][    C0]  __usb_hcd_giveback_urb+0x369/0x530
[   48.727908][    C0]  dummy_timer+0x86b/0x3110
[   48.732426][    C0]  ? dummy_free_streams+0x320/0x320
[   48.737611][    C0]  ? trace_lock_release+0x7a/0x190
[   48.742718][    C0]  ? dummy_free_streams+0x320/0x320
[   48.747908][    C0]  call_timer_fn+0xf5/0x210
[   48.752403][    C0]  ? dummy_free_streams+0x320/0x320
[   48.757594][    C0]  ? dummy_free_streams+0x320/0x320
[   48.762785][    C0]  ? __run_timers+0x980/0x980
[   48.767483][    C0]  ? do_raw_spin_unlock+0x134/0x8a0
[   48.772676][    C0]  ? dummy_free_streams+0x320/0x320
[   48.777861][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[   48.783048][    C0]  ? lockdep_hardirqs_on+0x95/0x140
[   48.788233][    C0]  ? dummy_free_streams+0x320/0x320
[   48.793420][    C0]  __run_timers+0x76a/0x980
[   48.797917][    C0]  ? trace_timer_cancel+0x210/0x210
[   48.803107][    C0]  ? print_irqtrace_events+0x220/0x220
[   48.808583][    C0]  run_timer_softirq+0x63/0xf0
[   48.813334][    C0]  __do_softirq+0x382/0x793
[   48.817829][    C0]  ? __irq_exit_rcu+0xec/0x170
[   48.822582][    C0]  ? __entry_text_end+0x1fec88/0x1fec88
[   48.828124][    C0]  __irq_exit_rcu+0xec/0x170
[   48.832704][    C0]  ? irq_exit_rcu+0x20/0x20
[   48.837196][    C0]  irq_exit_rcu+0x5/0x20
[   48.841431][    C0]  sysvec_apic_timer_interrupt+0x91/0xb0
[   48.847052][    C0]  </IRQ>
[   48.850064][    C0]  <TASK>
[   48.852982][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   48.858957][    C0] RIP: 0010:acpi_idle_enter+0x43d/0x7a0
[   48.864505][    C0] Code: ff e8 47 4b f4 fc 48 83 e3 08 44 8b 7c 24 04 0f 85 10 01 00 00 e8 83 f2 fa fc 66 90 e8 6c 46 f4 fc 0f 00 2d e5 3b 62 06 fb f4 <4c> 89 e3 48 c1 eb 03 42 80 3c 2b 00 74 08 4c 89 e7 e8 9d fa 46 fd
[   48.884205][    C0] RSP: 0018:ffffffff8c807ba0 EFLAGS: 000002d3
[   48.890284][    C0] RAX: ffffffff84933774 RBX: 0000000000000000 RCX: ffffffff8c8bb8c0
[   48.898259][    C0] RDX: 0000000000000000 RSI: ffffffff8a8d22c0 RDI: ffffffff8ae99700
[   48.906222][    C0] RBP: ffffffff8c807c50 R08: ffffffff84933759 R09: fffffbfff1917719
[   48.914185][    C0] R10: fffffbfff1917719 R11: 1ffffffff1917718 R12: ffffffff8c807be0
[   48.922145][    C0] R13: dffffc0000000000 R14: ffff888012b74800 R15: 0000000000000001
[   48.930112][    C0]  ? acpi_idle_enter+0x419/0x7a0
[   48.935044][    C0]  ? acpi_idle_enter+0x434/0x7a0
[   48.939985][    C0]  ? acpi_idle_lpi_enter+0xe0/0xe0
[   48.945112][    C0]  cpuidle_enter_state+0x517/0xed0
[   48.950224][    C0]  ? cpuidle_enter_s2idle+0x6b0/0x6b0
[   48.955589][    C0]  cpuidle_enter+0x59/0x90
[   48.959998][    C0]  do_idle+0x3d2/0x640
[   48.964065][    C0]  ? idle_inject_timer_fn+0x60/0x60
[   48.969255][    C0]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   48.975164][    C0]  cpu_startup_entry+0x15/0x20
[   48.979921][    C0]  rest_init+0x24f/0x270
[   48.984153][    C0]  ? time_init+0x33/0x33
[   48.988387][    C0]  arch_call_rest_init+0xa/0xa
[   48.993142][    C0]  start_kernel+0x4ac/0x55b
[   48.997634][    C0]  secondary_startup_64_no_verify+0xcf/0xdb
[   49.003522][    C0]  </TASK>
[   49.006534][    C0] 
[   49.008847][    C0] Allocated by task 0:
[   49.012898][    C0] (stack is not available)
[   49.017299][    C0] 
[   49.019614][    C0] The buggy address belongs to the object at ffff8880760ec000
[   49.019614][    C0]  which belongs to the cache kmalloc-1k of size 1024
[   49.033653][    C0] The buggy address is located 744 bytes inside of
[   49.033653][    C0]  1024-byte region [ffff8880760ec000, ffff8880760ec400)
[   49.047001][    C0] 
[   49.049313][    C0] The buggy address belongs to the physical page:
[   49.055711][    C0] page:ffffea0001d83a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x760e8
[   49.065851][    C0] head:ffffea0001d83a00 order:3 compound_mapcount:0 compound_pincount:0
[   49.074161][    C0] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   49.082150][    C0] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888011c41dc0
[   49.090742][    C0] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   49.099312][    C0] page dumped because: kasan: bad access detected
[   49.105708][    C0] page_owner tracks the page as allocated
[   49.111409][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2965, tgid 2965 (klogd), ts 48430968203, free_ts 48424676502
[   49.132150][    C0]  get_page_from_freelist+0x72b/0x7a0
[   49.137519][    C0]  __alloc_pages+0x259/0x560
[   49.142102][    C0]  alloc_slab_page+0x70/0xf0
[   49.146685][    C0]  allocate_slab+0x5e/0x520
[   49.151179][    C0]  ___slab_alloc+0x42e/0xce0
[   49.155754][    C0]  kmem_cache_alloc_trace+0x25c/0x310
[   49.161115][    C0]  syslog_print+0x10c/0x620
[   49.165609][    C0]  do_syslog+0x853/0x950
[   49.169839][    C0]  __x64_sys_syslog+0x78/0x90
[   49.174507][    C0]  do_syscall_64+0x2b/0x70
[   49.178911][    C0]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   49.184797][    C0] page last free stack trace:
[   49.189455][    C0]  free_pcp_prepare+0x812/0x900
[   49.194299][    C0]  free_unref_page+0x7d/0x390
[   49.198974][    C0]  free_large_kmalloc+0xeb/0x1a0
[   49.203901][    C0]  kfree+0x188/0x210
[   49.207785][    C0]  device_release+0x98/0x1c0
[   49.212367][    C0]  kobject_cleanup+0x235/0x470
[   49.217121][    C0]  ath9k_htc_probe_device+0xfe8/0x2090
[   49.222570][    C0]  ath9k_htc_hw_init+0x30/0x70
[   49.227331][    C0]  ath9k_hif_usb_firmware_cb+0x250/0x4d0
[   49.232960][    C0]  request_firmware_work_func+0x198/0x270
[   49.238761][    C0]  process_one_work+0x81c/0xd10
[   49.243610][    C0]  worker_thread+0xb14/0x1330
[   49.248277][    C0]  kthread+0x266/0x300
[   49.252335][    C0]  ret_from_fork+0x1f/0x30
[   49.256759][    C0] 
[   49.259082][    C0] Memory state around the buggy address:
[   49.264725][    C0]  ffff8880760ec180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   49.272805][    C0]  ffff8880760ec200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   49.280875][    C0] >ffff8880760ec280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   49.288941][    C0]                                                           ^
[   49.296397][    C0]  ffff8880760ec300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   49.304449][    C0]  ffff8880760ec380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   49.312497][    C0] ==================================================================
[   49.320563][    C0] Kernel panic - not syncing: panic_on_warn set ...
[   49.327147][    C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.19.0-rc5-syzkaller-00250-gd9919d43cbf6 #0
[   49.336863][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[   49.346913][    C0] Call Trace:
[   49.350187][    C0]  <IRQ>
[   49.353026][    C0]  dump_stack_lvl+0x1e3/0x2cb
[   49.357701][    C0]  ? bfq_pos_tree_add_move+0x436/0x436
[   49.363156][    C0]  ? panic+0x76e/0x76e
[   49.367232][    C0]  ? vscnprintf+0x59/0x80
[   49.371553][    C0]  panic+0x312/0x76e
[   49.375467][    C0]  ? fb_is_primary_device+0xcc/0xcc
[   49.380656][    C0]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   49.386558][    C0]  ? ath9k_hif_usb_rx_cb+0xa65/0x1130
[   49.391922][    C0]  end_report+0x91/0xa0
[   49.396072][    C0]  kasan_report+0x108/0x130
[   49.400570][    C0]  ? ath9k_hif_usb_rx_cb+0xa65/0x1130
[   49.405937][    C0]  ath9k_hif_usb_rx_cb+0xa65/0x1130
[   49.411130][    C0]  ? ath9k_hif_usb_alloc_urbs+0xe90/0xe90
[   49.416847][    C0]  __usb_hcd_giveback_urb+0x369/0x530
[   49.422217][    C0]  dummy_timer+0x86b/0x3110
[   49.426737][    C0]  ? dummy_free_streams+0x320/0x320
[   49.431928][    C0]  ? trace_lock_release+0x7a/0x190
[   49.437034][    C0]  ? dummy_free_streams+0x320/0x320
[   49.442226][    C0]  call_timer_fn+0xf5/0x210
[   49.446724][    C0]  ? dummy_free_streams+0x320/0x320
[   49.451913][    C0]  ? dummy_free_streams+0x320/0x320
[   49.457104][    C0]  ? __run_timers+0x980/0x980
[   49.461773][    C0]  ? do_raw_spin_unlock+0x134/0x8a0
[   49.466964][    C0]  ? dummy_free_streams+0x320/0x320
[   49.472149][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[   49.477341][    C0]  ? lockdep_hardirqs_on+0x95/0x140
[   49.482534][    C0]  ? dummy_free_streams+0x320/0x320
[   49.487728][    C0]  __run_timers+0x76a/0x980
[   49.492226][    C0]  ? trace_timer_cancel+0x210/0x210
[   49.497417][    C0]  ? print_irqtrace_events+0x220/0x220
[   49.502868][    C0]  run_timer_softirq+0x63/0xf0
[   49.507621][    C0]  __do_softirq+0x382/0x793
[   49.512120][    C0]  ? __irq_exit_rcu+0xec/0x170
[   49.516879][    C0]  ? __entry_text_end+0x1fec88/0x1fec88
[   49.522418][    C0]  __irq_exit_rcu+0xec/0x170
[   49.527000][    C0]  ? irq_exit_rcu+0x20/0x20
[   49.531513][    C0]  irq_exit_rcu+0x5/0x20
[   49.535759][    C0]  sysvec_apic_timer_interrupt+0x91/0xb0
[   49.541400][    C0]  </IRQ>
[   49.544331][    C0]  <TASK>
[   49.547259][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   49.553232][    C0] RIP: 0010:acpi_idle_enter+0x43d/0x7a0
[   49.558855][    C0] Code: ff e8 47 4b f4 fc 48 83 e3 08 44 8b 7c 24 04 0f 85 10 01 00 00 e8 83 f2 fa fc 66 90 e8 6c 46 f4 fc 0f 00 2d e5 3b 62 06 fb f4 <4c> 89 e3 48 c1 eb 03 42 80 3c 2b 00 74 08 4c 89 e7 e8 9d fa 46 fd
[   49.578557][    C0] RSP: 0018:ffffffff8c807ba0 EFLAGS: 000002d3
[   49.584623][    C0] RAX: ffffffff84933774 RBX: 0000000000000000 RCX: ffffffff8c8bb8c0
[   49.592585][    C0] RDX: 0000000000000000 RSI: ffffffff8a8d22c0 RDI: ffffffff8ae99700
[   49.600546][    C0] RBP: ffffffff8c807c50 R08: ffffffff84933759 R09: fffffbfff1917719
[   49.608507][    C0] R10: fffffbfff1917719 R11: 1ffffffff1917718 R12: ffffffff8c807be0
[   49.616471][    C0] R13: dffffc0000000000 R14: ffff888012b74800 R15: 0000000000000001
[   49.624436][    C0]  ? acpi_idle_enter+0x419/0x7a0
[   49.629456][    C0]  ? acpi_idle_enter+0x434/0x7a0
[   49.634393][    C0]  ? acpi_idle_lpi_enter+0xe0/0xe0
[   49.639500][    C0]  cpuidle_enter_state+0x517/0xed0
[   49.644607][    C0]  ? cpuidle_enter_s2idle+0x6b0/0x6b0
[   49.649972][    C0]  cpuidle_enter+0x59/0x90
[   49.654379][    C0]  do_idle+0x3d2/0x640
[   49.658441][    C0]  ? idle_inject_timer_fn+0x60/0x60
[   49.663630][    C0]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[   49.669517][    C0]  cpu_startup_entry+0x15/0x20
[   49.674270][    C0]  rest_init+0x24f/0x270
[   49.678502][    C0]  ? time_init+0x33/0x33
[   49.682739][    C0]  arch_call_rest_init+0xa/0xa
[   49.687507][    C0]  start_kernel+0x4ac/0x55b
[   49.691999][    C0]  secondary_startup_64_no_verify+0xcf/0xdb
[   49.697886][    C0]  </TASK>
[   49.701060][    C0] Kernel Offset: disabled
[   49.705383][    C0] Rebooting in 86400 seconds..