usb 1-1: RX USB error -71.
usb 1-1: RX USB error -2.
usb 1-1: error -1 when submitting rx urb
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:71 [inline]
BUG: KASAN: null-ptr-deref in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
BUG: KASAN: null-ptr-deref in ar5523_cmd_tx_cb+0x144/0x240 drivers/net/wireless/ath/ar5523/ar5523.c:231
Read of size 8 at addr 0000000000000010 by task swapper/1/0
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
kasan_report+0xb1/0x1e0 mm/kasan/report.c:495
check_region_inline mm/kasan/generic.c:183 [inline]
kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189
instrument_atomic_read include/linux/instrumented.h:71 [inline]
_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
ar5523_cmd_tx_cb+0x144/0x240 drivers/net/wireless/ath/ar5523/ar5523.c:231
__usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1671
usb_hcd_giveback_urb+0x380/0x430 drivers/usb/core/hcd.c:1754
dummy_timer+0x11ff/0x32c0 drivers/usb/gadget/udc/dummy_hcd.c:1988
call_timer_fn+0x1a0/0x6b0 kernel/time/timer.c:1474
expire_timers kernel/time/timer.c:1519 [inline]
__run_timers.part.0+0x674/0xa80 kernel/time/timer.c:1790
__run_timers kernel/time/timer.c:1768 [inline]
run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803
__do_softirq+0x1d3/0x9c6 kernel/softirq.c:571
invoke_softirq kernel/softirq.c:445 [inline]
__irq_exit_rcu+0x123/0x180 kernel/softirq.c:650
irq_exit_rcu+0x5/0x20 kernel/softirq.c:662
sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1106
asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:29 [inline]
RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:70 [inline]
RIP: 0010:arch_irqs_disabled arch/x86/include/asm/irqflags.h:130 [inline]
RIP: 0010:acpi_safe_halt+0x6f/0xb0 drivers/acpi/processor_idle.c:113
Code: f7 84 db 74 06 5b e9 20 22 fa f7 e8 1b 22 fa f7 e8 46 99 00 f8 eb 0c e8 0f 22 fa f7 0f 00 2d 58 cf d2 00 e8 03 22 fa f7 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 ce 1e fa f7 48 85 db
RSP: 0018:ffffc90000177d20 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888011a81d80 RSI: ffffffff8981e50d RDI: 0000000000000000
RBP: ffff8880175e1864 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
R13: 0000000000000001 R14: ffff8880175e1800 R15: ffff888146413804
acpi_idle_do_entry drivers/acpi/processor_idle.c:555 [inline]
acpi_idle_enter+0x524/0x6a0 drivers/acpi/processor_idle.c:692
cpuidle_enter_state+0x1ab/0xd30 drivers/cpuidle/cpuidle.c:239
cpuidle_enter+0x4a/0xa0 drivers/cpuidle/cpuidle.c:356
call_cpuidle kernel/sched/idle.c:155 [inline]
cpuidle_idle_call kernel/sched/idle.c:236 [inline]
do_idle+0x3e8/0x590 kernel/sched/idle.c:303
cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:400
start_secondary+0x21d/0x2b0 arch/x86/kernel/smpboot.c:262
secondary_startup_64_no_verify+0xce/0xdb
==================================================================
----------------
Code disassembly (best guess):
0: f7 84 db 74 06 5b e9 testl $0xf7fa2220,-0x16a4f98c(%rbx,%rbx,8)
7: 20 22 fa f7
b: e8 1b 22 fa f7 callq 0xf7fa222b
10: e8 46 99 00 f8 callq 0xf800995b
15: eb 0c jmp 0x23
17: e8 0f 22 fa f7 callq 0xf7fa222b
1c: 0f 00 2d 58 cf d2 00 verw 0xd2cf58(%rip) # 0xd2cf7b
23: e8 03 22 fa f7 callq 0xf7fa222b
28: fb sti
29: f4 hlt
* 2a: 9c pushfq <-- trapping instruction
2b: 5b pop %rbx
2c: 81 e3 00 02 00 00 and $0x200,%ebx
32: fa cli
33: 31 ff xor %edi,%edi
35: 48 89 de mov %rbx,%rsi
38: e8 ce 1e fa f7 callq 0xf7fa1f0b
3d: 48 85 db test %rbx,%rbx