------------[ cut here ]------------
WARNING: CPU: 0 PID: 5424 at kernel/kcov.c:871 kcov_remote_start+0x5a2/0x7e0 kernel/kcov.c:871
Modules linked in:
CPU: 0 UID: 0 PID: 5424 Comm: kworker/0:3 Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Workqueue: events request_firmware_work_func
RIP: 0010:kcov_remote_start+0x5a2/0x7e0 kernel/kcov.c:871
Code: 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 0f 85 a6 01 00 00 41 f7 c6 00 02 00 00 0f 84 93 fa ff ff fb e9 8d fa ff ff 90 <0f> 0b 90 e8 f6 61 22 0a 89 c0 48 c7 c7 c8 d4 02 00 48 03 3c c5 40
RSP: 0018:ffffc90000007150 EFLAGS: 00010002
RAX: 0000000000010101 RBX: ffff888027831e00 RCX: 0000000000000002
RDX: dffffc0000000000 RSI: ffffffff8c0ae6e0 RDI: ffffffff8c605f00
RBP: 0100000000000002 R08: ffffffff9372c877 R09: 1ffffffff26e590e
R10: dffffc0000000000 R11: fffffbfff26e590f R12: ffffffff8193809e
R13: ffff88805f7da900 R14: 0000000000000006 R15: ffff8880b922d4c8
FS:  0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002f40dff8 CR3: 000000002e8ba000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 kcov_remote_start_usb include/linux/kcov.h:55 [inline]
 kcov_remote_start_usb_softirq include/linux/kcov.h:89 [inline]
 __usb_hcd_giveback_urb+0x405/0x6e0 drivers/usb/core/hcd.c:1649
 dummy_timer+0x830/0x45a0 drivers/usb/gadget/udc/dummy_hcd.c:1987
 __run_hrtimer kernel/time/hrtimer.c:1689 [inline]
 __hrtimer_run_queues+0x59b/0xd50 kernel/time/hrtimer.c:1753
 hrtimer_interrupt+0x396/0x990 kernel/time/hrtimer.c:1815
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline]
 __sysvec_apic_timer_interrupt+0x110/0x3f0 arch/x86/kernel/apic/apic.c:1049
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1043
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:87 [inline]
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:104 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:129 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:161 [inline]
RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline]
RIP: 0010:kasan_check_range+0x86/0x290 mm/kasan/generic.c:189
Code: 00 fc ff df 4f 8d 3c 31 4c 89 fd 4c 29 dd 48 83 fd 10 7f 29 48 85 ed 0f 84 3e 01 00 00 4c 89 cd 48 f7 d5 48 01 dd 41 80 3b 00 <0f> 85 c9 01 00 00 49 ff c3 48 ff c5 75 ee e9 1e 01 00 00 45 89 dc
RSP: 0018:ffffc900000078f0 EFLAGS: 00000246
RAX: 0000000000000001 RBX: 1ffff1100556752e RCX: ffffffff8b21b199
RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff88802ab3a970
RBP: ffffffffffffffff R08: ffff88802ab3a977 R09: 1ffff1100556752e
R10: dffffc0000000000 R11: ffffed100556752e R12: 1ffff1100f664a48
R13: ffff88801f92a280 R14: dffffc0000000001 R15: ffffed100556752f
 instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
 test_and_clear_bit include/asm-generic/bitops/instrumented-atomic.h:85 [inline]
 ieee80211_scan_rx+0x139/0x9c0 net/mac80211/scan.c:283
 __ieee80211_rx_handle_packet net/mac80211/rx.c:5225 [inline]
 ieee80211_rx_list+0x2b02/0x3780 net/mac80211/rx.c:5462
 ieee80211_rx_napi+0x18a/0x3c0 net/mac80211/rx.c:5485
 ieee80211_rx include/net/mac80211.h:5124 [inline]
 ieee80211_handle_queued_frames+0xe7/0x1e0 net/mac80211/main.c:439
 tasklet_action_common+0x321/0x4d0 kernel/softirq.c:785
 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:prb_read kernel/printk/printk_ringbuffer.c:1919 [inline]
RIP: 0010:_prb_read_valid+0x21e/0xac0 kernel/printk/printk_ringbuffer.c:2113
Code: 00 00 e8 d5 28 86 00 48 89 d8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 48 89 df e8 45 26 86 00 48 8b 1b <48> b8 ff ff ff ff ff ff ff 3f 48 21 c3 48 8d 84 24 f0 00 00 00 49
RSP: 0018:ffffc90002d6f080 EFLAGS: 00000246
RAX: 1ffffffff1d03dbe RBX: 8000000100000722 RCX: ffffffff81748a1b
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8e81edf0
RBP: ffffc90002d6f230 R08: ffffffff8e81edf7 R09: 1ffffffff1d03dbe
R10: dffffc0000000000 R11: fffffbfff1d03dbf R12: dffffc0000000000
R13: 0000000000000722 R14: ffffffff8e877670 R15: ffffffff8e8142c0
 prb_read_valid+0xa9/0xf0 kernel/printk/printk_ringbuffer.c:2182
 printk_get_next_message+0x1ee/0xbe0 kernel/printk/printk.c:2895
 console_emit_next_record kernel/printk/printk.c:2950 [inline]
 console_flush_all+0x410/0xfd0 kernel/printk/printk.c:3049
 console_unlock+0x13b/0x4d0 kernel/printk/printk.c:3118
 vprintk_emit+0x5a6/0x770 kernel/printk/printk.c:2348
 _printk+0xd5/0x120 kernel/printk/printk.c:2373
 ath9k_htc_hw_init+0x6a/0x80 drivers/net/wireless/ath/ath9k/htc_hst.c:530
 ath9k_hif_usb_firmware_cb+0x255/0x4b0 drivers/net/wireless/ath/ath9k/hif_usb.c:1273
 request_firmware_work_func+0x1a4/0x280 drivers/base/firmware_loader/main.c:1167
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
----------------
Code disassembly (best guess), 3 bytes skipped:
   0:	df 4f 8d             	fisttps -0x73(%rdi)
   3:	3c 31                	cmp    $0x31,%al
   5:	4c 89 fd             	mov    %r15,%rbp
   8:	4c 29 dd             	sub    %r11,%rbp
   b:	48 83 fd 10          	cmp    $0x10,%rbp
   f:	7f 29                	jg     0x3a
  11:	48 85 ed             	test   %rbp,%rbp
  14:	0f 84 3e 01 00 00    	je     0x158
  1a:	4c 89 cd             	mov    %r9,%rbp
  1d:	48 f7 d5             	not    %rbp
  20:	48 01 dd             	add    %rbx,%rbp
  23:	41 80 3b 00          	cmpb   $0x0,(%r11)
* 27:	0f 85 c9 01 00 00    	jne    0x1f6 <-- trapping instruction
  2d:	49 ff c3             	inc    %r11
  30:	48 ff c5             	inc    %rbp
  33:	75 ee                	jne    0x23
  35:	e9 1e 01 00 00       	jmp    0x158
  3a:	45 89 dc             	mov    %r11d,%r12d