Warning: Permanently added '10.128.0.154' (ED25519) to the list of known hosts.
executing program
[ 50.518254][ T26] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 51.048383][ T26] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 51.057613][ T26] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 51.065705][ T26] usb 1-1: Product: syz
[ 51.069908][ T26] usb 1-1: Manufacturer: syz
[ 51.074512][ T26] usb 1-1: SerialNumber: syz
[ 51.131131][ T26] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 51.708163][ T2494] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 51.910496][ T2491] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 51.919630][ T2491] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 52.989032][ T2494] ath9k_htc 1-1:1.0: ath9k_htc: HTC initialized with 33 credits
[ 52.997130][ T2494] ------------[ cut here ]------------
[ 53.002841][ T2494] UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51
[ 53.012480][ T2494] index 255 is out of range for type 'htc_endpoint [22]'
[ 53.019781][ T2494] CPU: 1 PID: 2494 Comm: kworker/1:2 Not tainted 6.8.0-rc6-syzkaller-00190-ga788e53c05ae #0
[ 53.029903][ T2494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 53.039983][ T2494] Workqueue: events request_firmware_work_func
[ 53.046208][ T2494] Call Trace:
[ 53.049556][ T2494]
[ 53.052530][ T2494] dump_stack_lvl+0x125/0x1b0
[ 53.057247][ T2494] __ubsan_handle_out_of_bounds+0x111/0x150
[ 53.063263][ T2494] htc_issue_send.constprop.0+0x209/0x230
[ 53.069020][ T2494] ? _raw_spin_unlock_irqrestore+0x4e/0x70
[ 53.074877][ T2494] ath9k_wmi_cmd+0x424/0x630
[ 53.079505][ T2494] ath9k_regread+0xdb/0x160
[ 53.084039][ T2494] ? ath9k_multi_regread+0x3b0/0x3b0
[ 53.089352][ T2494] ? _raw_spin_unlock_irqrestore+0x4e/0x70
[ 53.095220][ T2494] ? lockdep_hardirqs_on+0x7d/0x110
[ 53.100452][ T2494] ? __debug_object_init+0x347/0x480
[ 53.105777][ T2494] ? _raw_spin_unlock_irqrestore+0x3b/0x70
[ 53.111613][ T2494] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 53.117541][ T2494] ? ath9k_multi_regread+0x3b0/0x3b0
[ 53.122848][ T2494] ath9k_hw_init+0xf02/0x2b30
[ 53.127558][ T2494] ? lockdep_init_map_type+0x16d/0x7d0
[ 53.133043][ T2494] ? ath9k_hw_fill_cap_info+0x2550/0x2550
[ 53.138824][ T2494] ? lockdep_init_map_type+0x16d/0x7d0
[ 53.144317][ T2494] ath9k_htc_probe_device+0xb37/0x25f0
[ 53.149805][ T2494] ? ath9k_init_htc_services.constprop.0+0x820/0x820
[ 53.156514][ T2494] ? usb_free_urb.part.0+0x52/0x110
[ 53.161744][ T2494] ? usb_free_urb+0x1f/0x30
[ 53.166273][ T2494] ? ath9k_hif_usb_alloc_urbs+0xbc5/0x1010
[ 53.172144][ T2494] ath9k_htc_hw_init+0x33/0x70
[ 53.176939][ T2494] ath9k_hif_usb_firmware_cb+0x272/0x620
[ 53.182629][ T2494] ? ath9k_hif_usb_alloc_urbs+0x1010/0x1010
[ 53.188578][ T2494] request_firmware_work_func+0x13a/0x240
[ 53.194342][ T2494] ? request_partial_firmware_into_buf+0xa0/0xa0
[ 53.200721][ T2494] process_one_work+0x886/0x15d0
[ 53.205698][ T2494] ? lock_sync+0x190/0x190
[ 53.210147][ T2494] ? workqueue_congested+0x300/0x300
[ 53.215471][ T2494] ? assign_work+0x1a0/0x250
[ 53.220097][ T2494] worker_thread+0x8b9/0x1290
[ 53.224811][ T2494] ? __kthread_parkme+0x14b/0x220
[ 53.229865][ T2494] ? process_one_work+0x15d0/0x15d0
[ 53.235095][ T2494] kthread+0x2c6/0x3a0
[ 53.239191][ T2494] ? _raw_spin_unlock_irq+0x23/0x50
[ 53.244420][ T2494] ? kthread_complete_and_exit+0x40/0x40
[ 53.250083][ T2494] ret_from_fork+0x45/0x80
[ 53.254539][ T2494] ? kthread_complete_and_exit+0x40/0x40
[ 53.260213][ T2494] ret_from_fork_asm+0x11/0x20
[ 53.265027][ T2494]
[ 53.268234][ T2494] ---[ end trace ]---
[ 53.271909][ T8] usb 1-1: USB disconnect, device number 2
[ 53.272227][ T2494] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[ 53.272242][ T2494] CPU: 1 PID: 2494 Comm: kworker/1:2 Not tainted 6.8.0-rc6-syzkaller-00190-ga788e53c05ae #0
[ 53.272274][ T2494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 53.272294][ T2494] Workqueue: events request_firmware_work_func
[ 53.272349][ T2494] Call Trace:
[ 53.272359][ T2494]
[ 53.272369][ T2494] dump_stack_lvl+0xd9/0x1b0
[ 53.272411][ T2494] panic+0x6dc/0x790
[ 53.272450][ T2494] ? mark_held_locks+0x9f/0xe0
[ 53.272486][ T2494] ? panic_smp_self_stop+0xa0/0xa0
[ 53.272528][ T2494] ? kmsg_dump_get_line+0x350/0x350
[ 53.272567][ T2494] ? check_panic_on_warn+0x1f/0xb0
[ 53.272609][ T2494] check_panic_on_warn+0xab/0xb0
[ 53.272651][ T2494] __ubsan_handle_out_of_bounds+0x139/0x150
[ 53.272697][ T2494] htc_issue_send.constprop.0+0x209/0x230
[ 53.272745][ T2494] ? _raw_spin_unlock_irqrestore+0x4e/0x70
[ 53.272788][ T2494] ath9k_wmi_cmd+0x424/0x630
[ 53.272837][ T2494] ath9k_regread+0xdb/0x160
[ 53.272872][ T2494] ? ath9k_multi_regread+0x3b0/0x3b0
[ 53.272906][ T2494] ? _raw_spin_unlock_irqrestore+0x4e/0x70
[ 53.272946][ T2494] ? lockdep_hardirqs_on+0x7d/0x110
[ 53.272989][ T2494] ? __debug_object_init+0x347/0x480
[ 53.273037][ T2494] ? _raw_spin_unlock_irqrestore+0x3b/0x70
[ 53.273078][ T2494] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 53.273126][ T2494] ? ath9k_multi_regread+0x3b0/0x3b0
[ 53.273160][ T2494] ath9k_hw_init+0xf02/0x2b30
[ 53.273199][ T2494] ? lockdep_init_map_type+0x16d/0x7d0
[ 53.273237][ T2494] ? ath9k_hw_fill_cap_info+0x2550/0x2550
[ 53.273274][ T2494] ? lockdep_init_map_type+0x16d/0x7d0
[ 53.273315][ T2494] ath9k_htc_probe_device+0xb37/0x25f0
[ 53.273354][ T2494] ? ath9k_init_htc_services.constprop.0+0x820/0x820
[ 53.273397][ T2494] ? usb_free_urb.part.0+0x52/0x110
[ 53.273434][ T2494] ? usb_free_urb+0x1f/0x30
[ 53.273467][ T2494] ? ath9k_hif_usb_alloc_urbs+0xbc5/0x1010
[ 53.273516][ T2494] ath9k_htc_hw_init+0x33/0x70
[ 53.273562][ T2494] ath9k_hif_usb_firmware_cb+0x272/0x620
[ 53.273614][ T2494] ? ath9k_hif_usb_alloc_urbs+0x1010/0x1010
[ 53.273662][ T2494] request_firmware_work_func+0x13a/0x240
[ 53.273713][ T2494] ? request_partial_firmware_into_buf+0xa0/0xa0
[ 53.273768][ T2494] process_one_work+0x886/0x15d0
[ 53.273813][ T2494] ? lock_sync+0x190/0x190
[ 53.273847][ T2494] ? workqueue_congested+0x300/0x300
[ 53.273891][ T2494] ? assign_work+0x1a0/0x250
[ 53.273930][ T2494] worker_thread+0x8b9/0x1290
[ 53.273974][ T2494] ? __kthread_parkme+0x14b/0x220
[ 53.274007][ T2494] ? process_one_work+0x15d0/0x15d0
[ 53.274054][ T2494] kthread+0x2c6/0x3a0
[ 53.274089][ T2494] ? _raw_spin_unlock_irq+0x23/0x50
[ 53.274127][ T2494] ? kthread_complete_and_exit+0x40/0x40
[ 53.274166][ T2494] ret_from_fork+0x45/0x80
[ 53.274194][ T2494] ? kthread_complete_and_exit+0x40/0x40
[ 53.274233][ T2494] ret_from_fork_asm+0x11/0x20
[ 53.274275][ T2494]
[ 53.278359][ T2494] Kernel Offset: disabled