[ 12.839722][ C1] random: crng init done
[ 12.840779][ C1] random: 7 urandom warning(s) missed due to ratelimiting
Debian GNU/Linux 9 syzkaller ttyS0
syzkaller login: [ 22.772700][ T381] can: request_module (can-proto-0) failed.
[ 23.123623][ T381] can: request_module (can-proto-0) failed.
[ 23.133769][ T381] can: request_module (can-proto-7) failed.
[ 23.143438][ T381] can: request_module (can-proto-0) failed.
Warning: Permanently added '10.128.0.185' (ECDSA) to the list of known hosts.
2020/04/03 00:42:29 parsed 1 programs
2020/04/03 00:42:29 executed programs: 0
[ 30.387075][ T523] cgroup: Unknown subsys name 'perf_event'
[ 30.392715][ T527] cgroup: Unknown subsys name 'perf_event'
[ 30.393397][ T523] cgroup: Unknown subsys name 'net_cls'
[ 30.400390][ T527] cgroup: Unknown subsys name 'net_cls'
[ 30.405729][ T525] cgroup: Unknown subsys name 'perf_event'
[ 30.417785][ T530] cgroup: Unknown subsys name 'perf_event'
[ 30.421076][ T525] cgroup: Unknown subsys name 'net_cls'
[ 30.424198][ T530] cgroup: Unknown subsys name 'net_cls'
[ 30.443107][ T533] cgroup: Unknown subsys name 'perf_event'
[ 30.458075][ T540] cgroup: Unknown subsys name 'perf_event'
[ 30.464362][ T540] cgroup: Unknown subsys name 'net_cls'
[ 30.473563][ T533] cgroup: Unknown subsys name 'net_cls'
[ 38.272136][ T5] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 38.491717][ T17] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 38.571790][ T159] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 38.681838][ T5] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 38.691139][ T5] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 38.699375][ T5] usb 6-1: Product: syz
[ 38.701743][ T102] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 38.703600][ T5] usb 6-1: Manufacturer: syz
[ 38.715840][ T5] usb 6-1: SerialNumber: syz
[ 38.720473][ T94] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 38.732440][ T3233] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 38.762877][ T5] haley: dev 0xffff8881d9954000. ath9k_hif_request_firmware, 1164
[ 38.770802][ T5] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 38.779124][ T5] ath9k_debug ath9k_hif_usb_probe, 1333
[ 38.823794][ T5] haley: dev 0xffff8881d9954000. ath9k_hif_usb_firmware_cb, 1184
[ 38.831698][ T5] ath9k_debug ath9k_hif_usb_firmware_cb, 1196
[ 38.837951][ T5] haley: dev 0xffff8881d9954000. htc 0xffff8881d8f19000, base 0xffff8881d8f19020, ath9k_hif_usb_firmware_cb, 1203
[ 38.892036][ T17] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 38.901131][ T17] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 38.909350][ T17] usb 5-1: Product: syz
[ 38.913629][ T17] usb 5-1: Manufacturer: syz
[ 38.918208][ T17] usb 5-1: SerialNumber: syz
[ 38.962832][ T17] haley: dev 0xffff8881d887e000. ath9k_hif_request_firmware, 1164
[ 38.970895][ T17] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 38.979288][ T17] ath9k_debug ath9k_hif_usb_probe, 1333
[ 38.987155][ T17] haley: dev 0xffff8881d887e000. ath9k_hif_usb_firmware_cb, 1184
[ 38.991863][ T159] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 38.994971][ T17] ath9k_debug ath9k_hif_usb_firmware_cb, 1196
[ 39.004038][ T159] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 39.004049][ T159] usb 1-1: Product: syz
[ 39.004060][ T159] usb 1-1: Manufacturer: syz
[ 39.004071][ T159] usb 1-1: SerialNumber: syz
[ 39.032193][ T17] haley: dev 0xffff8881d887e000. htc 0xffff8881d8f39000, base 0xffff8881d8f39020, ath9k_hif_usb_firmware_cb, 1203
[ 39.052889][ T159] haley: dev 0xffff8881d8af0000. ath9k_hif_request_firmware, 1164
[ 39.060898][ T159] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 39.069344][ T159] ath9k_debug ath9k_hif_usb_probe, 1333
[ 39.084219][ T159] haley: dev 0xffff8881d8af0000. ath9k_hif_usb_firmware_cb, 1184
[ 39.092119][ T159] ath9k_debug ath9k_hif_usb_firmware_cb, 1196
[ 39.098419][ T159] haley: dev 0xffff8881d8af0000. htc 0xffff8881d886c000, base 0xffff8881d886c020, ath9k_hif_usb_firmware_cb, 1203
[ 39.151794][ T102] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 39.160954][ T102] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 39.169228][ T102] usb 3-1: Product: syz
[ 39.173491][ T102] usb 3-1: Manufacturer: syz
[ 39.178087][ T102] usb 3-1: SerialNumber: syz
[ 39.181744][ T94] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 39.191654][ T3233] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 39.191822][ T94] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 39.200793][ T3233] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 39.208748][ T94] usb 4-1: Product: syz
[ 39.208759][ T94] usb 4-1: Manufacturer: syz
[ 39.208770][ T94] usb 4-1: SerialNumber: syz
[ 39.230268][ T3233] usb 2-1: Product: syz
[ 39.234521][ T3233] usb 2-1: Manufacturer: syz
[ 39.239241][ T3233] usb 2-1: SerialNumber: syz
[ 39.244642][ T102] haley: dev 0xffff8881d8ec5000. ath9k_hif_request_firmware, 1164
[ 39.252282][ T94] haley: dev 0xffff8881cc4c9000. ath9k_hif_request_firmware, 1164
[ 39.252687][ T102] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 39.260396][ T94] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 39.268546][ T102] ath9k_debug ath9k_hif_usb_probe, 1333
[ 39.271903][ T102] haley: dev 0xffff8881d8ec5000. ath9k_hif_usb_firmware_cb, 1184
[ 39.276672][ T94] ath9k_debug ath9k_hif_usb_probe, 1333
[ 39.282265][ T102] ath9k_debug ath9k_hif_usb_firmware_cb, 1196
[ 39.303292][ T102] haley: dev 0xffff8881d8ec5000. htc 0xffff8881d8ac6000, base 0xffff8881d8ac6020, ath9k_hif_usb_firmware_cb, 1203
[ 39.314860][ T94] haley: dev 0xffff8881cc4c9000. ath9k_hif_usb_firmware_cb, 1184
[ 39.323323][ T94] ath9k_debug ath9k_hif_usb_firmware_cb, 1196
[ 39.329635][ T94] haley: dev 0xffff8881cc4c9000. htc 0xffff8881d7ae4000, base 0xffff8881d7ae4020, ath9k_hif_usb_firmware_cb, 1203
[ 39.342185][ T3233] haley: dev 0xffff8881d8ac3000. ath9k_hif_request_firmware, 1164
[ 39.350173][ T3233] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 39.358468][ T3233] ath9k_debug ath9k_hif_usb_probe, 1333
[ 39.366235][ T3233] haley: dev 0xffff8881d8ac3000. ath9k_hif_usb_firmware_cb, 1184
[ 39.374154][ T3233] ath9k_debug ath9k_hif_usb_firmware_cb, 1196
[ 39.380243][ T3233] haley: dev 0xffff8881d8ac3000. htc 0xffff8881d476c000, base 0xffff8881d476c020, ath9k_hif_usb_firmware_cb, 1203
[ 39.501581][ T5] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 39.510948][ T5] ath9k_debug ath9k_hif_usb_alloc_urbs, 969
[ 39.516944][ T5] haley: dev 0xffff8881d9954000, urb 0xffff8881d90efb00. ath9k_hif_usb_alloc_tx_urbs, 819
[ 39.527195][ T5] haley: dev 0xffff8881d9954000, urb 0xffff8881d1078d00. ath9k_hif_usb_alloc_tx_urbs, 819
[ 39.537373][ T5] haley: dev 0xffff8881d9954000, urb 0xffff8881d1078c00. ath9k_hif_usb_alloc_tx_urbs, 819
[ 39.547509][ T5] haley: dev 0xffff8881d9954000, urb 0xffff8881d1078b00. ath9k_hif_usb_alloc_tx_urbs, 819
[ 39.557496][ T5] haley: dev 0xffff8881d9954000, urb 0xffff8881d1078a00. ath9k_hif_usb_alloc_tx_urbs, 819
[ 39.567658][ T5] haley: dev 0xffff8881d9954000, urb 0xffff8881d1078600. ath9k_hif_usb_alloc_tx_urbs, 819
[ 39.577660][ T5] haley: dev 0xffff8881d9954000, urb 0xffff8881d1078500. ath9k_hif_usb_alloc_tx_urbs, 819
[ 39.587875][ T5] haley: dev 0xffff8881d9954000, urb 0xffff8881d1078700. ath9k_hif_usb_alloc_tx_urbs, 819
[ 39.598064][ T5] haley: dev 0xffff8881d9954000, urb 0xffff8881d1078400. ath9k_hif_usb_alloc_rx_urbs, 879
[ 39.608839][ T5] haley: dev 0xffff8881d9954000, urb 0xffff8881d1078100. ath9k_hif_usb_alloc_rx_urbs, 879
[ 39.618912][ T5] haley: dev 0xffff8881d9954000, urb 0xffff8881d1078000. ath9k_hif_usb_alloc_rx_urbs, 879
[ 39.629552][ T5] haley: dev 0xffff8881d9954000, urb 0xffff8881c6931f00. ath9k_hif_usb_alloc_rx_urbs, 879
[ 39.639758][ T5] haley: dev 0xffff8881d9954000, urb 0xffff8881c6931e00. ath9k_hif_usb_alloc_rx_urbs, 879
[ 39.651090][ T5] haley: dev 0xffff8881d9954000, urb 0xffff8881c6931b00. ath9k_hif_usb_alloc_rx_urbs, 879
[ 39.661142][ T5] haley: dev 0xffff8881d9954000, urb 0xffff8881c6931a00. ath9k_hif_usb_alloc_rx_urbs, 879
[ 39.671207][ T5] haley: dev 0xffff8881d9954000, urb 0xffff8881c6931900. ath9k_hif_usb_alloc_rx_urbs, 879
[ 39.681214][ T5] ath9k_debug ath9k_hif_usb_alloc_reg_in_urbs, 911
[ 39.681561][ T17] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 39.688032][ T5] haley: dev 0xffff8881d9954000, urb 0xffff8881c6931600. ath9k_hif_usb_alloc_reg_in_urbs, 947
[ 39.696806][ T17] ath9k_debug ath9k_hif_usb_alloc_urbs, 969
[ 39.707227][ T5] haley: dev 0xffff8881d9954000, urb 0xffff8881c6931500. ath9k_hif_usb_alloc_reg_in_urbs, 947
[ 39.717666][ T17] haley: dev 0xffff8881d887e000, urb 0xffff8881be3b7c00. ath9k_hif_usb_alloc_tx_urbs, 819
[ 39.723763][ T159] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 39.735895][ T17] haley: dev 0xffff8881d887e000, urb 0xffff8881be3b7d00. ath9k_hif_usb_alloc_tx_urbs, 819
[ 39.742544][ T159] ath9k_debug ath9k_hif_usb_alloc_urbs, 969
[ 39.742728][ T5] haley: dev 0xffff8881d9954000, urb 0xffff8881c6931300. ath9k_hif_usb_alloc_reg_in_urbs, 947
[ 39.752662][ C0] haley: dev 0xffff8881d9954000, urb 0xffff8881c6931600. ath9k_hif_usb_reg_in_cb, 701
[ 39.752718][ C0] haley: catch 179. htc_process_conn_rsp, 119
[ 39.752725][ C0] haley: endpoint base 0xffff8881d8f19020, endpoint 0xffff8881d8f1b1b0.
[ 39.752879][ C0] ==================================================================
[ 39.752931][ C0] BUG: KASAN: use-after-free in ath9k_htc_rx_msg.cold+0x70b/0x760
[ 39.752939][ C0] Write of size 2 at addr ffff8881d8f1b1b0 by task kworker/0:0/5
[ 39.752941][ C0]
[ 39.752951][ C0] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.6.0-rc7-syzkaller #0
[ 39.752957][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 39.752972][ C0] Workqueue: events request_firmware_work_func
[ 39.752979][ C0] Call Trace:
[ 39.752984][ C0]
[ 39.752996][ C0] dump_stack+0xef/0x16e
[ 39.753006][ C0] ? ath9k_htc_rx_msg.cold+0x70b/0x760
[ 39.753020][ C0] ? ath9k_htc_rx_msg.cold+0x70b/0x760
[ 39.753038][ C0] print_address_description.constprop.0.cold+0xd3/0x314
[ 39.753051][ C0] ? ath9k_htc_rx_msg.cold+0x70b/0x760
[ 39.753063][ C0] ? ath9k_htc_rx_msg.cold+0x70b/0x760
[ 39.753078][ C0] __kasan_report.cold+0x37/0x77
[ 39.753091][ C0] ? ath9k_htc_rx_msg.cold+0x70b/0x760
[ 39.753104][ C0] kasan_report+0xe/0x20
[ 39.753117][ C0] ath9k_htc_rx_msg.cold+0x70b/0x760
[ 39.753130][ C0] ath9k_hif_usb_reg_in_cb+0x1d6/0x650
[ 39.753144][ C0] ? _raw_read_unlock+0x1a/0x30
[ 39.753160][ C0] ? led_trigger_blink_oneshot+0xb4/0xe0
[ 39.753175][ C0] __usb_hcd_giveback_urb+0x1f2/0x470
[ 39.753188][ C0] usb_hcd_giveback_urb+0x368/0x420
[ 39.753201][ C0] dummy_timer+0x1258/0x32ae
[ 39.753214][ C0] ? dummy_udc_probe+0x930/0x930
[ 39.753229][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 39.753242][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 39.753256][ C0] call_timer_fn+0x195/0x6f0
[ 39.753268][ C0] ? dummy_udc_probe+0x930/0x930
[ 39.753281][ C0] ? msleep_interruptible+0x130/0x130
[ 39.753294][ C0] ? mark_held_locks+0x9f/0xe0
[ 39.753308][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 39.753321][ C0] ? _raw_spin_unlock_irq+0x1f/0x30
[ 39.753333][ C0] ? dummy_udc_probe+0x930/0x930
[ 39.753346][ C0] run_timer_softirq+0x5f9/0x1500
[ 39.753358][ C0] ? add_timer+0x7a0/0x7a0
[ 39.753372][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 39.753385][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 39.753398][ C0] ? mark_held_locks+0x9f/0xe0
[ 39.753412][ C0] __do_softirq+0x21e/0x950
[ 39.753436][ C0] irq_exit+0x178/0x1a0
[ 39.753450][ C0] smp_apic_timer_interrupt+0x141/0x540
[ 39.753464][ C0] apic_timer_interrupt+0xf/0x20
[ 39.753472][ C0]
[ 39.753487][ C0] RIP: 0010:vprintk_emit+0x3c8/0x3d0
[ 39.753501][ C0] Code: 00 83 fb ff 75 d6 e9 e0 fc ff ff e8 42 02 16 00 e8 3d 4a 1b 00 41 56 9d e9 b6 fd ff ff e8 30 02 16 00 e8 2b 4a 1b 00 41 56 9d 2a ff ff ff 0f 1f 00 55 48 89 f5 53 48 89 fb e8 13 02 16 00 49
[ 39.753511][ C0] RSP: 0018:ffff8881da1dfac0 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 39.753529][ C0] RAX: 0000000000000007 RBX: 0000000000000200 RCX: 0000000000000006
[ 39.753539][ C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff8881da196a4c
[ 39.753549][ C0] RBP: ffff8881da1dfb08 R08: ffff8881da196200 R09: fffffbfff1267090
[ 39.753560][ C0] R10: fffffbfff126708f R11: ffffffff8933847f R12: 000000000000005b
[ 39.753570][ C0] R13: ffff8881da24b100 R14: 0000000000000293 R15: 0000000000000000
[ 39.753584][ C0] vprintk_func+0x75/0x113
[ 39.753597][ C0] printk+0xba/0xed
[ 39.753612][ C0] ? kmsg_dump_rewind_nolock+0xd9/0xd9
[ 39.753626][ C0] ? usb_submit_urb+0x6ed/0x1460
[ 39.753639][ C0] ath9k_hif_usb_alloc_urbs+0x764/0xa57
[ 39.753653][ C0] ? ath9k_hif_usb_disconnect.cold+0xb9/0xb9
[ 39.753666][ C0] ath9k_hif_usb_firmware_cb+0x247/0x53f
[ 39.753679][ C0] ? ath9k_hif_usb_disconnect.cold+0xb9/0xb9
[ 39.753694][ C0] request_firmware_work_func+0x126/0x242
[ 39.753708][ C0] ? request_firmware_into_buf+0x90/0x90
[ 39.753722][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 39.753735][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 39.753750][ C0] process_one_work+0x94b/0x1620
[ 39.753777][ C0] ? pwq_dec_nr_in_flight+0x310/0x310
[ 39.753794][ C0] ? do_raw_spin_lock+0x129/0x290
[ 39.753805][ C0] worker_thread+0x96/0xe20
[ 39.753819][ C0] ? process_one_work+0x1620/0x1620
[ 39.753838][ C0] kthread+0x318/0x420
[ 39.753850][ C0] ? kthread_create_on_node+0xf0/0xf0
[ 39.753861][ C0] ret_from_fork+0x24/0x30
[ 39.753865][ C0]
[ 39.753875][ C0] Allocated by task 151:
[ 39.753888][ C0] save_stack+0x1b/0x80
[ 39.753901][ C0] __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 39.753915][ C0] sk_prot_alloc+0x1f6/0x2c0
[ 39.753927][ C0] sk_alloc+0x36/0x710
[ 39.753941][ C0] __netlink_create+0x63/0x280
[ 39.753958][ C0] netlink_create+0x3a1/0x5d0
[ 39.753972][ C0] __sock_create+0x3d1/0x740
[ 39.753985][ C0] __sys_socket+0xef/0x200
[ 39.753998][ C0] __x64_sys_socket+0x6f/0xb0
[ 39.754011][ C0] do_syscall_64+0xb6/0x5a0
[ 39.754025][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 39.754032][ C0]
[ 39.754041][ C0] Freed by task 0:
[ 39.754053][ C0] save_stack+0x1b/0x80
[ 39.754066][ C0] __kasan_slab_free+0x117/0x160
[ 39.754078][ C0] kfree+0xd5/0x300
[ 39.754091][ C0] __sk_destruct+0x545/0x740
[ 39.754104][ C0] sk_destruct+0xc6/0x100
[ 39.754115][ C0] __sk_free+0xef/0x3d0
[ 39.754127][ C0] sk_free+0x78/0xa0
[ 39.754140][ C0] deferred_put_nlk_sk+0x151/0x2e0
[ 39.754151][ C0] rcu_core+0x5ae/0x1b00
[ 39.754164][ C0] __do_softirq+0x21e/0x950
[ 39.754171][ C0]
[ 39.754183][ C0] The buggy address belongs to the object at ffff8881d8f1b000
[ 39.754183][ C0] which belongs to the cache kmalloc-2k of size 2048
[ 39.754195][ C0] The buggy address is located 432 bytes inside of
[ 39.754195][ C0] 2048-byte region [ffff8881d8f1b000, ffff8881d8f1b800)
[ 39.754203][ C0] The buggy address belongs to the page:
[ 39.754216][ C0] page:ffffea000763c600 refcount:1 mapcount:0 mapping:ffff8881da00c000 index:0x0 compound_mapcount: 0
[ 39.754228][ C0] flags: 0x200000000010200(slab|head)
[ 39.754246][ C0] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da00c000
[ 39.754264][ C0] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 39.754272][ C0] page dumped because: kasan: bad access detected
[ 39.754279][ C0]
[ 39.754287][ C0] Memory state around the buggy address:
[ 39.754297][ C0] ffff8881d8f1b080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.754307][ C0] ffff8881d8f1b100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.754318][ C0] >ffff8881d8f1b180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.754326][ C0] ^
[ 39.754336][ C0] ffff8881d8f1b200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.754347][ C0] ffff8881d8f1b280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 39.754355][ C0] ==================================================================
[ 39.754362][ C0] Disabling lock debugging due to kernel taint
[ 39.754370][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 39.754383][ C0] CPU: 0 PID: 5 Comm: kworker/0:0 Tainted: G B 5.6.0-rc7-syzkaller #0
[ 39.754392][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 39.754405][ C0] Workqueue: events request_firmware_work_func
[ 39.754419][ C0] Call Trace:
[ 39.754428][ C0]
[ 39.754440][ C0] dump_stack+0xef/0x16e
[ 39.754452][ C0] panic+0x2aa/0x6e1
[ 39.754463][ C0] ? add_taint.cold+0x16/0x16
[ 39.754477][ C0] ? print_shadow_for_address+0xb8/0x114
[ 39.754491][ C0] ? trace_hardirqs_off+0x50/0x200
[ 39.754504][ C0] ? ath9k_htc_rx_msg.cold+0x70b/0x760
[ 39.754516][ C0] end_report+0x43/0x49
[ 39.754529][ C0] ? ath9k_htc_rx_msg.cold+0x70b/0x760
[ 39.754542][ C0] __kasan_report.cold+0x55/0x77
[ 39.754554][ C0] ? ath9k_htc_rx_msg.cold+0x70b/0x760
[ 39.754573][ C0] kasan_report+0xe/0x20
[ 39.754586][ C0] ath9k_htc_rx_msg.cold+0x70b/0x760
[ 39.754600][ C0] ath9k_hif_usb_reg_in_cb+0x1d6/0x650
[ 39.754609][ C0] ? _raw_read_unlock+0x1a/0x30
[ 39.754621][ C0] ? led_trigger_blink_oneshot+0xb4/0xe0
[ 39.754631][ C0] __usb_hcd_giveback_urb+0x1f2/0x470
[ 39.754642][ C0] usb_hcd_giveback_urb+0x368/0x420
[ 39.754651][ C0] dummy_timer+0x1258/0x32ae
[ 39.754662][ C0] ? dummy_udc_probe+0x930/0x930
[ 39.754672][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 39.754683][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 39.754692][ C0] call_timer_fn+0x195/0x6f0
[ 39.754701][ C0] ? dummy_udc_probe+0x930/0x930
[ 39.754710][ C0] ? msleep_interruptible+0x130/0x130
[ 39.754720][ C0] ? mark_held_locks+0x9f/0xe0
[ 39.754730][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 39.754739][ C0] ? _raw_spin_unlock_irq+0x1f/0x30
[ 39.754748][ C0] ? dummy_udc_probe+0x930/0x930
[ 39.754757][ C0] run_timer_softirq+0x5f9/0x1500
[ 39.754765][ C0] ? add_timer+0x7a0/0x7a0
[ 39.754778][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 39.754791][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 39.754804][ C0] ? mark_held_locks+0x9f/0xe0
[ 39.754817][ C0] __do_softirq+0x21e/0x950
[ 39.754829][ C0] irq_exit+0x178/0x1a0
[ 39.754843][ C0] smp_apic_timer_interrupt+0x141/0x540
[ 39.754856][ C0] apic_timer_interrupt+0xf/0x20
[ 39.754864][ C0]
[ 39.754877][ C0] RIP: 0010:vprintk_emit+0x3c8/0x3d0
[ 39.754889][ C0] Code: 00 83 fb ff 75 d6 e9 e0 fc ff ff e8 42 02 16 00 e8 3d 4a 1b 00 41 56 9d e9 b6 fd ff ff e8 30 02 16 00 e8 2b 4a 1b 00 41 56 9d 2a ff ff ff 0f 1f 00 55 48 89 f5 53 48 89 fb e8 13 02 16 00 49
[ 39.754898][ C0] RSP: 0018:ffff8881da1dfac0 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 39.754915][ C0] RAX: 0000000000000007 RBX: 0000000000000200 RCX: 0000000000000006
[ 39.754925][ C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff8881da196a4c
[ 39.754936][ C0] RBP: ffff8881da1dfb08 R08: ffff8881da196200 R09: fffffbfff1267090
[ 39.754946][ C0] R10: fffffbfff126708f R11: ffffffff8933847f R12: 000000000000005b
[ 39.754955][ C0] R13: ffff8881da24b100 R14: 0000000000000293 R15: 0000000000000000
[ 39.754969][ C0] vprintk_func+0x75/0x113
[ 39.754981][ C0] printk+0xba/0xed
[ 39.754995][ C0] ? kmsg_dump_rewind_nolock+0xd9/0xd9
[ 39.755007][ C0] ? usb_submit_urb+0x6ed/0x1460
[ 39.755020][ C0] ath9k_hif_usb_alloc_urbs+0x764/0xa57
[ 39.755033][ C0] ? ath9k_hif_usb_disconnect.cold+0xb9/0xb9
[ 39.755046][ C0] ath9k_hif_usb_firmware_cb+0x247/0x53f
[ 39.755058][ C0] ? ath9k_hif_usb_disconnect.cold+0xb9/0xb9
[ 39.755072][ C0] request_firmware_work_func+0x126/0x242
[ 39.755085][ C0] ? request_firmware_into_buf+0x90/0x90
[ 39.755098][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 39.755111][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 39.755124][ C0] process_one_work+0x94b/0x1620
[ 39.755137][ C0] ? pwq_dec_nr_in_flight+0x310/0x310
[ 39.755150][ C0] ? do_raw_spin_lock+0x129/0x290
[ 39.755163][ C0] worker_thread+0x96/0xe20
[ 39.755176][ C0] ? process_one_work+0x1620/0x1620
[ 39.755188][ C0] kthread+0x318/0x420
[ 39.755201][ C0] ? kthread_create_on_node+0xf0/0xf0
[ 39.755213][ C0] ret_from_fork+0x24/0x30
[ 39.755954][ C0] Kernel Offset: disabled
[ 40.874977][ C0] Rebooting in 86400 seconds..