forked to background, child pid 3170
no interfaces have a carrier
[   27.707335][ T3171] 8021q: adding VLAN 0 to HW filter on device bond0
[   27.720933][ T3171] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.213' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   49.404114][    T6] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   49.924197][    T6] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   49.933346][    T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   49.941935][    T6] usb 1-1: Product: syz
[   49.946175][    T6] usb 1-1: Manufacturer: syz
[   49.950772][    T6] usb 1-1: SerialNumber: syz
[   49.996301][    T6] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   50.574200][    T6] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   51.604113][    T6] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[   51.611303][    T6] ath9k_htc: Failed to initialize the device
[   51.734200][    C0] ==================================================================
[   51.742273][    C0] BUG: KASAN: slab-out-of-bounds in ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   51.750349][    C0] Read of size 4 at addr ffff8880731e4348 by task swapper/0/0
[   51.757789][    C0] 
[   51.760095][    C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.18.0-rc3-next-20220420-syzkaller #0
[   51.769302][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.779350][    C0] Call Trace:
[   51.782616][    C0]  <IRQ>
[   51.785443][    C0]  dump_stack_lvl+0xcd/0x134
[   51.790043][    C0]  print_address_description.constprop.0.cold+0xeb/0x495
[   51.797080][    C0]  ? ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   51.802461][    C0]  kasan_report.cold+0xf4/0x1c6
[   51.807315][    C0]  ? ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   51.812686][    C0]  ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   51.817887][    C0]  ? down_read_non_owner+0x3a0/0x4a0
[   51.823184][    C0]  ? hif_usb_start+0xa0/0xa0
[   51.827773][    C0]  ? rwlock_bug.part.0+0x90/0x90
[   51.832700][    C0]  __usb_hcd_giveback_urb+0x2b0/0x5c0
[   51.838071][    C0]  usb_hcd_giveback_urb+0x367/0x410
[   51.843280][    C0]  dummy_timer+0x11f9/0x32b0
[   51.847895][    C0]  ? dummy_dequeue+0x500/0x500
[   51.852660][    C0]  ? dummy_dequeue+0x500/0x500
[   51.857420][    C0]  call_timer_fn+0x1a5/0x6b0
[   51.862004][    C0]  ? timer_fixup_activate+0x350/0x350
[   51.867379][    C0]  ? lock_downgrade+0x6e0/0x6e0
[   51.872240][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[   51.877434][    C0]  ? dummy_dequeue+0x500/0x500
[   51.882198][    C0]  __run_timers.part.0+0x679/0xa80
[   51.887321][    C0]  ? call_timer_fn+0x6b0/0x6b0
[   51.892096][    C0]  ? kvm_sched_clock_read+0x14/0x40
[   51.897326][    C0]  ? sched_clock_cpu+0x15/0x1f0
[   51.902195][    C0]  run_timer_softirq+0xb3/0x1d0
[   51.907048][    C0]  __do_softirq+0x29b/0x9c2
[   51.911554][    C0]  __irq_exit_rcu+0x123/0x180
[   51.916226][    C0]  irq_exit_rcu+0x5/0x20
[   51.920460][    C0]  sysvec_apic_timer_interrupt+0x93/0xc0
[   51.926098][    C0]  </IRQ>
[   51.929018][    C0]  <TASK>
[   51.931938][    C0]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   51.937918][    C0] RIP: 0010:acpi_idle_do_entry+0x1c6/0x250
[   51.943719][    C0] Code: 89 de e8 2d 38 09 f8 84 db 75 ac e8 44 34 09 f8 e8 3f 86 0f f8 eb 0c e8 38 34 09 f8 0f 00 2d 41 3f c2 00 e8 2c 34 09 f8 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 a7 36 09 f8 48 85 db
[   51.963321][    C0] RSP: 0018:ffffffff8ba07d60 EFLAGS: 00000293
[   51.969378][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   51.977337][    C0] RDX: ffffffff8babc880 RSI: ffffffff8970d984 RDI: 0000000000000000
[   51.985299][    C0] RBP: ffff888140784064 R08: 0000000000000001 R09: 0000000000000001
[   51.993262][    C0] R10: ffffffff81805fe8 R11: 0000000000000000 R12: 0000000000000001
[   52.001223][    C0] R13: ffff888140784000 R14: ffff888140784064 R15: ffff88814743b004
[   52.009190][    C0]  ? trace_hardirqs_on+0x38/0x1c0
[   52.014222][    C0]  ? acpi_idle_do_entry+0x1c4/0x250
[   52.019421][    C0]  acpi_idle_enter+0x369/0x510
[   52.024188][    C0]  cpuidle_enter_state+0x1b1/0xc80
[   52.029316][    C0]  cpuidle_enter+0x4a/0xa0
[   52.033744][    C0]  do_idle+0x3e8/0x590
[   52.037807][    C0]  ? arch_cpu_idle_exit+0x30/0x30
[   52.042835][    C0]  ? trace_init_perf_perm_irq_work_exit+0xe/0xe
[   52.049080][    C0]  cpu_startup_entry+0x14/0x20
[   52.053860][    C0]  start_kernel+0x47f/0x4a0
[   52.058368][    C0]  secondary_startup_64_no_verify+0xce/0xdb
[   52.064286][    C0]  </TASK>
[   52.067301][    C0] 
[   52.069639][    C0] Allocated by task 0:
[   52.073684][    C0] (stack is not available)
[   52.078075][    C0] 
[   52.080379][    C0] The buggy address belongs to the object at ffff8880731e3300
[   52.080379][    C0]  which belongs to the cache names_cache of size 4096
[   52.094590][    C0] The buggy address is located 72 bytes to the right of
[   52.094590][    C0]  4096-byte region [ffff8880731e3300, ffff8880731e4300)
[   52.108377][    C0] 
[   52.110688][    C0] The buggy address belongs to the physical page:
[   52.117077][    C0] page:ffffea0001cc7800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x731e0
[   52.127215][    C0] head:ffffea0001cc7800 order:3 compound_mapcount:0 compound_pincount:0
[   52.135534][    C0] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   52.143511][    C0] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888140007500
[   52.152085][    C0] raw: 0000000000000000 0000000080070007 00000001ffffffff 0000000000000000
[   52.160649][    C0] page dumped because: kasan: bad access detected
[   52.167038][    C0] page_owner tracks the page as allocated
[   52.172730][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2942, tgid 2942 (syslogd), ts 51617769195, free_ts 51611281760
[   52.193652][    C0]  get_page_from_freelist+0xba2/0x3e00
[   52.199108][    C0]  __alloc_pages+0x1b2/0x500
[   52.203690][    C0]  alloc_pages+0x1aa/0x310
[   52.208105][    C0]  allocate_slab+0x26c/0x3c0
[   52.212694][    C0]  ___slab_alloc+0x985/0xd90
[   52.217284][    C0]  __slab_alloc.constprop.0+0x4d/0xa0
[   52.222656][    C0]  kmem_cache_alloc+0x360/0x3b0
[   52.227504][    C0]  getname_flags.part.0+0x50/0x4f0
[   52.232605][    C0]  getname+0x8e/0xd0
[   52.236499][    C0]  do_sys_openat2+0xf5/0x4c0
[   52.241094][    C0]  __x64_sys_openat+0x13f/0x1f0
[   52.245936][    C0]  do_syscall_64+0x35/0xb0
[   52.250350][    C0]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   52.256242][    C0] page last free stack trace:
[   52.260891][    C0]  free_pcp_prepare+0x549/0xd20
[   52.265746][    C0]  free_unref_page+0x19/0x6a0
[   52.270411][    C0]  device_release+0x9f/0x240
[   52.275006][    C0]  kobject_put+0x1c8/0x540
[   52.279413][    C0]  put_device+0x1b/0x30
[   52.283559][    C0]  ath9k_htc_probe_device+0x1c7/0x1f00
[   52.289018][    C0]  ath9k_htc_hw_init+0x31/0x60
[   52.293798][    C0]  ath9k_hif_usb_firmware_cb+0x274/0x530
[   52.299443][    C0]  request_firmware_work_func+0x12c/0x230
[   52.305168][    C0]  process_one_work+0x996/0x1610
[   52.310103][    C0]  worker_thread+0x665/0x1080
[   52.314779][    C0]  kthread+0x2e9/0x3a0
[   52.318836][    C0]  ret_from_fork+0x1f/0x30
[   52.323369][    C0] 
[   52.325682][    C0] Memory state around the buggy address:
[   52.331300][    C0]  ffff8880731e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.339356][    C0]  ffff8880731e4280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.347407][    C0] >ffff8880731e4300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.355451][    C0]                                               ^
[   52.361843][    C0]  ffff8880731e4380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.369887][    C0]  ffff8880731e4400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.377927][    C0] ==================================================================
[   52.385965][    C0] Kernel panic - not syncing: panic_on_warn set ...
[   52.392533][    C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.18.0-rc3-next-20220420-syzkaller #0
[   52.401716][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.411754][    C0] Call Trace:
[   52.415019][    C0]  <IRQ>
[   52.417859][    C0]  dump_stack_lvl+0xcd/0x134
[   52.422474][    C0]  panic+0x2d7/0x636
[   52.426383][    C0]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   52.432379][    C0]  ? ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   52.437758][    C0]  end_report.part.0+0x3f/0x7c
[   52.442534][    C0]  kasan_report.cold+0x93/0x1c6
[   52.447391][    C0]  ? ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   52.452763][    C0]  ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   52.457964][    C0]  ? down_read_non_owner+0x3a0/0x4a0
[   52.463253][    C0]  ? hif_usb_start+0xa0/0xa0
[   52.467839][    C0]  ? rwlock_bug.part.0+0x90/0x90
[   52.472777][    C0]  __usb_hcd_giveback_urb+0x2b0/0x5c0
[   52.478143][    C0]  usb_hcd_giveback_urb+0x367/0x410
[   52.483339][    C0]  dummy_timer+0x11f9/0x32b0
[   52.487942][    C0]  ? dummy_dequeue+0x500/0x500
[   52.492705][    C0]  ? dummy_dequeue+0x500/0x500
[   52.497463][    C0]  call_timer_fn+0x1a5/0x6b0
[   52.502050][    C0]  ? timer_fixup_activate+0x350/0x350
[   52.507414][    C0]  ? lock_downgrade+0x6e0/0x6e0
[   52.512273][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[   52.517465][    C0]  ? dummy_dequeue+0x500/0x500
[   52.522243][    C0]  __run_timers.part.0+0x679/0xa80
[   52.527351][    C0]  ? call_timer_fn+0x6b0/0x6b0
[   52.532113][    C0]  ? kvm_sched_clock_read+0x14/0x40
[   52.537304][    C0]  ? sched_clock_cpu+0x15/0x1f0
[   52.542164][    C0]  run_timer_softirq+0xb3/0x1d0
[   52.547009][    C0]  __do_softirq+0x29b/0x9c2
[   52.551518][    C0]  __irq_exit_rcu+0x123/0x180
[   52.556190][    C0]  irq_exit_rcu+0x5/0x20
[   52.560421][    C0]  sysvec_apic_timer_interrupt+0x93/0xc0
[   52.566060][    C0]  </IRQ>
[   52.568974][    C0]  <TASK>
[   52.571889][    C0]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   52.577870][    C0] RIP: 0010:acpi_idle_do_entry+0x1c6/0x250
[   52.583676][    C0] Code: 89 de e8 2d 38 09 f8 84 db 75 ac e8 44 34 09 f8 e8 3f 86 0f f8 eb 0c e8 38 34 09 f8 0f 00 2d 41 3f c2 00 e8 2c 34 09 f8 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 a7 36 09 f8 48 85 db
[   52.603274][    C0] RSP: 0018:ffffffff8ba07d60 EFLAGS: 00000293
[   52.609329][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   52.617294][    C0] RDX: ffffffff8babc880 RSI: ffffffff8970d984 RDI: 0000000000000000
[   52.625253][    C0] RBP: ffff888140784064 R08: 0000000000000001 R09: 0000000000000001
[   52.633209][    C0] R10: ffffffff81805fe8 R11: 0000000000000000 R12: 0000000000000001
[   52.641176][    C0] R13: ffff888140784000 R14: ffff888140784064 R15: ffff88814743b004
[   52.649137][    C0]  ? trace_hardirqs_on+0x38/0x1c0
[   52.654165][    C0]  ? acpi_idle_do_entry+0x1c4/0x250
[   52.659360][    C0]  acpi_idle_enter+0x369/0x510
[   52.664128][    C0]  cpuidle_enter_state+0x1b1/0xc80
[   52.669260][    C0]  cpuidle_enter+0x4a/0xa0
[   52.673698][    C0]  do_idle+0x3e8/0x590
[   52.677774][    C0]  ? arch_cpu_idle_exit+0x30/0x30
[   52.682814][    C0]  ? trace_init_perf_perm_irq_work_exit+0xe/0xe
[   52.689076][    C0]  cpu_startup_entry+0x14/0x20
[   52.693850][    C0]  start_kernel+0x47f/0x4a0
[   52.698353][    C0]  secondary_startup_64_no_verify+0xce/0xdb
[   52.704255][    C0]  </TASK>
[   52.707420][    C0] Kernel Offset: disabled
[   52.711734][    C0] Rebooting in 86400 seconds..