[  409.755251][ T5859] UDC core: couldn't find an available UDC or it's busy: -16
[  409.762846][ T5859] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  409.839184][   T35] usb 2-1: USB disconnect, device number 93
[  409.855719][   T35] usb 2-1: ath9k_htc: USB layer deinitialized
[  409.874174][   T20] usb 3-1: new high-speed USB device number 94 using dummy_hcd
[  409.925373][ T5862] UDC core: couldn't find an available UDC or it's busy: -16
[  409.933200][ T5862] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  410.027329][ T3647] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  410.031442][ T2780] usb 4-1: USB disconnect, device number 93
[  410.058589][ T3647] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.060577][ T2780] usb 4-1: ath9k_htc: USB layer deinitialized
[  410.069617][ T3647] usb 5-1: Product: syz
[  410.079615][ T3647] usb 5-1: Manufacturer: syz
[  410.084526][ T3647] usb 5-1: SerialNumber: syz
[  410.127684][ T3647] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  410.224068][   T35] usb 2-1: new high-speed USB device number 94 using dummy_hcd
[  410.254041][ T3957] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  410.261084][ T3957] ath9k_htc: Failed to initialize the device
[  410.394097][   T20] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  410.403362][   T20] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.414054][ T3961] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  410.421127][ T3961] ath9k_htc: Failed to initialize the device
[  410.427275][ T2780] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[  410.435062][   T20] usb 3-1: Product: syz
[  410.439384][   T20] usb 3-1: Manufacturer: syz
[  410.444354][   T20] usb 3-1: SerialNumber: syz
[  410.484824][   T20] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  410.743991][ T3647] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  410.754767][   T35] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  410.763778][   T35] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.772097][   T35] usb 2-1: Product: syz
[  410.776601][   T35] usb 2-1: Manufacturer: syz
[  410.781169][   T35] usb 2-1: SerialNumber: syz
[  410.825438][   T35] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  410.963990][ T2780] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  410.973265][ T2780] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.981936][ T2780] usb 4-1: Product: syz
[  410.986249][ T2780] usb 4-1: Manufacturer: syz
[  410.990948][ T2780] usb 4-1: SerialNumber: syz
[  411.034851][ T2780] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  411.054408][   T20] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  411.295531][ T5865] UDC core: couldn't find an available UDC or it's busy: -16
[  411.303178][ T5865] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  411.397930][ T4208] usb 1-1: USB disconnect, device number 93
[  411.416017][ T4208] usb 1-1: ath9k_htc: USB layer deinitialized
[  411.711241][    T5] usb 6-1: USB disconnect, device number 93
[  411.718918][    T5] usb 6-1: ath9k_htc: USB layer deinitialized
[  411.726125][ T3913] syz-executor.1 (3913) used greatest stack depth: 22944 bytes left
[  411.733984][ T4175] usb 2-1: ath9k_htc: Firmware - ath9k_htc/htc_9271-1.4.0.fw download failed
[  411.734954][ T2942] usb 2-1: USB disconnect, device number 94
[  411.752697][ T2942] usb 2-1: ath9k_htc: USB layer deinitialized
[  411.757210][ T3649] usb 4-1: USB disconnect, device number 94
[  411.761435][ T4209] usb 5-1: USB disconnect, device number 92
[  411.766190][ T2780] usb 4-1: ath9k_htc: Firmware - ath9k_htc/htc_9271-1.4.0.fw download failed
[  411.773259][ T4656] usb 3-1: USB disconnect, device number 94
[  411.788486][ T3647] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  411.791594][ T3649] usb 4-1: ath9k_htc: USB layer deinitialized
[  411.798095][ T3647] ath9k_htc: Failed to initialize the device
[  411.814795][ T4209] usb 5-1: ath9k_htc: USB layer deinitialized
[  412.094086][   T20] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  412.101411][   T20] ath9k_htc: Failed to initialize the device
[  412.107744][ T4656] usb 3-1: ath9k_htc: USB layer deinitialized
[  412.415101][    T8] device hsr_slave_0 left promiscuous mode
[  412.421430][    T8] device hsr_slave_1 left promiscuous mode
[  412.427721][    T8] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  412.435588][    T8] batman_adv: batadv0: Removing interface: batadv_slave_0
[  412.443816][    T8] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  412.451271][    T8] batman_adv: batadv0: Removing interface: batadv_slave_1
[  412.459516][    T8] device bridge_slave_1 left promiscuous mode
[  412.465968][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  412.474351][    T8] device bridge_slave_0 left promiscuous mode
[  412.480667][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  412.495717][    T8] device veth1_macvtap left promiscuous mode
[  412.502010][    T8] device veth0_macvtap left promiscuous mode
[  412.508202][    T8] device veth1_vlan left promiscuous mode
[  412.516435][    T8] device veth0_vlan left promiscuous mode
[  412.615491][    T8] team0 (unregistering): Port device team_slave_1 removed
[  412.628089][    T8] team0 (unregistering): Port device team_slave_0 removed
[  412.638561][    T8] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  412.650544][    T8] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  412.689504][    T8] bond0 (unregistering): Released all slaves
[  413.551290][    T8] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  413.607853][    T8] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  413.679317][    T8] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  413.736973][    T8] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  413.874266][    T8] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  413.935240][    T8] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  413.978595][    T8] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  414.059621][    T8] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  414.218124][    T8] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  414.272233][    T8] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  414.339477][    T8] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  414.389106][    T8] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  414.562626][    T8] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  414.609164][    T8] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  414.658838][    T8] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  414.699571][    T8] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
Warning: Permanently added '10.128.15.207' (ECDSA) to the list of known hosts.
[  414.887733][    T8] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  414.990389][    T8] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  415.069981][    T8] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  415.093256][   T10] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  415.112218][   T10] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.161179][    T8] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  415.179092][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  415.196256][   T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  415.205376][   T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.211220][   T10] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  415.220612][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  415.224323][   T10] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.238497][ T2942] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  415.253627][   T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  415.270480][   T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.283586][ T2780] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  415.311459][  T261] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  415.325699][   T10] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  415.333532][   T10] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.341310][ T5973] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  415.351168][ T2463] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  415.353709][ T5973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.372832][  T261] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.395548][ T2463] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.403081][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  415.413161][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  415.421359][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  415.439863][ T5973] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  415.441925][ T2463] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  415.456662][ T5976] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  415.464040][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  415.467705][ T5973] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.479617][ T5976] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.488278][ T2463] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.510660][  T261] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  415.519881][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  415.528836][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  415.536198][  T261] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.544815][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  415.553823][ T3961] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  415.575946][ T4656] usb 2-1: new high-speed USB device number 95 using dummy_hcd
[  415.834037][ T3961] usb 6-1: new high-speed USB device number 94 using dummy_hcd
[  415.844009][ T3649] usb 4-1: new high-speed USB device number 95 using dummy_hcd
[  415.865742][ T2780] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[  415.876167][ T3957] usb 5-1: new high-speed USB device number 93 using dummy_hcd
[  415.884159][ T3987] usb 3-1: new high-speed USB device number 95 using dummy_hcd
[  416.169065][ T4656] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  416.181354][ T4656] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.195734][ T4656] usb 2-1: Product: syz
[  416.200035][ T4656] usb 2-1: Manufacturer: syz
[  416.207391][ T4656] usb 2-1: SerialNumber: syz
[  416.244684][ T4656] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  416.364140][ T3961] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  416.373383][ T3961] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.382496][ T3649] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  416.392450][ T3649] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.400806][ T3957] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  416.410086][ T3649] usb 4-1: Product: syz
[  416.414550][ T3987] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  416.423795][ T3961] usb 6-1: Product: syz
[  416.428161][ T2780] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  416.437328][ T3957] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.445625][ T3987] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.453686][ T3649] usb 4-1: Manufacturer: syz
[  416.458505][ T2780] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.466753][ T3961] usb 6-1: Manufacturer: syz
[  416.471434][ T3649] usb 4-1: SerialNumber: syz
[  416.476369][ T3961] usb 6-1: SerialNumber: syz
[  416.481093][ T3957] usb 5-1: Product: syz
[  416.486218][ T3987] usb 3-1: Product: syz
[  416.490459][ T2780] usb 1-1: Product: syz
[  416.495920][ T3957] usb 5-1: Manufacturer: syz
[  416.509636][ T3987] usb 3-1: Manufacturer: syz
[  416.514961][ T2780] usb 1-1: Manufacturer: syz
[  416.519649][ T3957] usb 5-1: SerialNumber: syz
[  416.524872][ T3987] usb 3-1: SerialNumber: syz
[  416.529531][ T2780] usb 1-1: SerialNumber: syz
[  416.549650][ T3961] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  416.558818][ T3649] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  416.604932][ T3957] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  416.622098][ T2780] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  416.630716][ T3987] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  416.904243][ T4656] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  417.144073][   T35] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  417.153936][ T5866] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  417.186732][ T3957] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  417.199791][    T8] device hsr_slave_0 left promiscuous mode
[  417.211098][    T8] device hsr_slave_1 left promiscuous mode
[  417.219262][    T8] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  417.226826][    T8] batman_adv: batadv0: Removing interface: batadv_slave_0
[  417.234089][ T3987] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  417.243584][ T2780] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  417.245059][    T8] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  417.261526][    T8] batman_adv: batadv0: Removing interface: batadv_slave_1
[  417.272839][    T8] device bridge_slave_1 left promiscuous mode
[  417.285050][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  417.293266][    T8] device bridge_slave_0 left promiscuous mode
[  417.303105][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  417.321108][    T8] device hsr_slave_0 left promiscuous mode
[  417.330973][    T8] device hsr_slave_1 left promiscuous mode
[  417.337541][    T8] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  417.345321][    T8] batman_adv: batadv0: Removing interface: batadv_slave_0
[  417.355925][    T8] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  417.363286][    T8] batman_adv: batadv0: Removing interface: batadv_slave_1
[  417.373849][    T8] device bridge_slave_1 left promiscuous mode
[  417.380420][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  417.388944][    T8] device bridge_slave_0 left promiscuous mode
[  417.395317][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  417.409858][    T8] device hsr_slave_0 left promiscuous mode
[  417.416411][    T8] device hsr_slave_1 left promiscuous mode
[  417.422797][    T8] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  417.435376][    T8] batman_adv: batadv0: Removing interface: batadv_slave_0
[  417.451436][    T8] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  417.459467][ T6094] UDC core: couldn't find an available UDC or it's busy: -16
[  417.464199][    T8] batman_adv: batadv0: Removing interface: batadv_slave_1
[  417.470920][ T6094] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  417.483813][    T8] device bridge_slave_1 left promiscuous mode
[  417.490367][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  417.498642][    T8] device bridge_slave_0 left promiscuous mode
[  417.506120][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  417.523624][    T8] device hsr_slave_0 left promiscuous mode
[  417.529937][    T8] device hsr_slave_1 left promiscuous mode
[  417.539685][    T8] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  417.547284][    T8] batman_adv: batadv0: Removing interface: batadv_slave_0
[  417.556325][    T8] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  417.563832][    T8] batman_adv: batadv0: Removing interface: batadv_slave_1
[  417.579202][    T8] device bridge_slave_1 left promiscuous mode
[  417.585625][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  417.593527][    T8] device bridge_slave_0 left promiscuous mode
[  417.600602][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  417.612039][    T8] device hsr_slave_0 left promiscuous mode
[  417.622165][    T8] device hsr_slave_1 left promiscuous mode
[  417.629064][    T8] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  417.637083][    T8] batman_adv: batadv0: Removing interface: batadv_slave_0
[  417.645756][    T8] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  417.653194][    T8] batman_adv: batadv0: Removing interface: batadv_slave_1
[  417.661612][    T8] device bridge_slave_1 left promiscuous mode
[  417.667787][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  417.676026][    T8] device bridge_slave_0 left promiscuous mode
[  417.682114][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  417.699863][    T8] device veth1_macvtap left promiscuous mode
[  417.707107][    T8] device veth0_macvtap left promiscuous mode
[  417.707382][ T6101] UDC core: couldn't find an available UDC or it's busy: -16
[  417.713559][    T8] device veth1_vlan left promiscuous mode
[  417.725634][ T6101] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  417.726846][ T6102] UDC core: couldn't find an available UDC or it's busy: -16
[  417.739058][ T6103] UDC core: couldn't find an available UDC or it's busy: -16
[  417.741190][ T6102] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  417.752238][ T6103] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  417.756745][    T8] device veth0_vlan left promiscuous mode
[  417.770004][    T8] device veth1_macvtap left promiscuous mode
[  417.776414][    T8] device veth0_macvtap left promiscuous mode
[  417.782422][    T8] device veth1_vlan left promiscuous mode
[  417.788595][    T8] device veth0_vlan left promiscuous mode
[  417.788708][ T6105] UDC core: couldn't find an available UDC or it's busy: -16
[  417.794769][ T6104] UDC core: couldn't find an available UDC or it's busy: -16
[  417.809427][ T6104] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  417.813342][ T6105] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  417.828598][    T8] device veth1_macvtap left promiscuous mode
[  417.834704][    T8] device veth0_macvtap left promiscuous mode
[  417.840779][    T8] device veth1_vlan left promiscuous mode
[  417.847087][    T8] device veth0_vlan left promiscuous mode
[  417.853758][    T8] device veth1_macvtap left promiscuous mode
[  417.859832][    T8] device veth0_macvtap left promiscuous mode
[  417.866317][    T8] device veth1_vlan left promiscuous mode
[  417.872179][    T8] device veth0_vlan left promiscuous mode
[  417.878714][    T8] device veth1_macvtap left promiscuous mode
[  417.887503][    T8] device veth0_macvtap left promiscuous mode
[  417.893747][    T8] device veth1_vlan left promiscuous mode
[  417.899602][    T8] device veth0_vlan left promiscuous mode
[  417.933969][ T4656] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  417.941463][ T4656] ath9k_htc: Failed to initialize the device
[  418.174363][ T5866] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  418.181573][   T35] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  418.192125][ T5866] ath9k_htc: Failed to initialize the device
[  418.198367][    C1] ==================================================================
[  418.198405][    C1] BUG: KASAN: use-after-free in ath9k_hif_usb_rx_cb+0xd4d/0x1010
[  418.198415][    C1] Read of size 4 at addr ffff88807d3dc278 by task kworker/1:6/5866
[  418.198419][    C1] 
[  418.198422][    C1] CPU: 1 PID: 5866 Comm: kworker/1:6 Not tainted 5.16.0-rc5-syzkaller #0
[  418.198426][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  418.198430][    C1] Workqueue: events request_firmware_work_func
[  418.198437][    C1] Call Trace:
[  418.198439][    C1]  <IRQ>
[  418.198442][    C1]  dump_stack_lvl+0x57/0x7d
[  418.198449][    C1]  print_address_description.constprop.0.cold+0x8d/0x320
[  418.198456][    C1]  ? ath9k_hif_usb_rx_cb+0xd4d/0x1010
[  418.198459][    C1]  ? ath9k_hif_usb_rx_cb+0xd4d/0x1010
[  418.198463][    C1]  kasan_report.cold+0x83/0xdf
[  418.198468][    C1]  ? build_skb+0x110/0x130
[  418.198473][    C1]  ? ath9k_hif_usb_rx_cb+0xd4d/0x1010
[  418.198479][    C1]  ath9k_hif_usb_rx_cb+0xd4d/0x1010
[  418.198488][    C1]  ? hif_usb_start+0xa0/0xa0
[  418.198493][    C1]  ? led_trigger_blink_setup.part.0+0xe9/0x1a0
[  418.198500][    C1]  ? lock_downgrade+0x6e0/0x6e0
[  418.198512][    C1]  ? led_trigger_blink_setup.part.0+0xee/0x1a0
[  418.198522][    C1]  __usb_hcd_giveback_urb+0x238/0x3f0
[  418.198532][    C1]  dummy_timer+0xeb8/0x2eb0
[  418.198545][    C1]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  418.198568][    C1]  ? lock_chain_count+0x20/0x20
[  418.198574][    C1]  ? dummy_dequeue+0x4a0/0x4a0
[  418.198586][    C1]  ? dummy_dequeue+0x4a0/0x4a0
[  418.198592][    C1]  call_timer_fn+0x163/0x4a0
[  418.198600][    C1]  ? add_timer_on+0x410/0x410
[  418.198610][    C1]  ? rwlock_bug.part.0+0x90/0x90
[  418.198619][    C1]  ? dummy_dequeue+0x4a0/0x4a0
[  418.198623][    C1]  ? lockdep_hardirqs_on_prepare+0x17b/0x400
[  418.198631][    C1]  ? dummy_dequeue+0x4a0/0x4a0
[  418.198638][    C1]  __run_timers.part.0+0x524/0x890
[  418.198651][    C1]  ? call_timer_fn+0x4a0/0x4a0
[  418.198663][    C1]  ? mark_held_locks+0x9f/0xe0
[  418.198674][    C1]  run_timer_softirq+0x9c/0x190
[  418.198681][    C1]  __do_softirq+0x29b/0x9c2
[  418.198696][    C1]  __irq_exit_rcu+0x123/0x180
[  418.198705][    C1]  irq_exit_rcu+0x5/0x20
[  418.198711][    C1]  sysvec_apic_timer_interrupt+0x93/0xc0
[  418.198718][    C1]  </IRQ>
[  418.198721][    C1]  <TASK>
[  418.198724][    C1]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[  418.198730][    C1] RIP: 0010:console_unlock+0x4df/0x870
[  418.198736][    C1] Code: 77 2a fe ff e8 a2 29 00 00 48 83 3c 24 00 0f 85 e0 01 00 00 9c 58 f6 c4 02 0f 85 d3 02 00 00 48 83 3c 24 00 74 01 fb 45 85 e4 <0f> 85 27 02 00 00 8b 54 24 30 85 d2 0f 84 70 fc ff ff 31 d2 be a0
[  418.198742][    C1] RSP: 0018:ffffc9000470f9b8 EFLAGS: 00000246
[  418.198749][    C1] RAX: 0000000000000006 RBX: dffffc0000000000 RCX: 1ffffffff1dcd416
[  418.198752][    C1] RDX: 0000000000000000 RSI: ffffffff88cb54a0 RDI: ffffffff89216520
[  418.198756][    C1] RBP: ffffc9000470fa10 R08: 0000000000000001 R09: ffffffff8ee69947
[  418.198759][    C1] R10: 0000000000000001 R11: 74685f6b39687461 R12: 0000000000000000
[  418.198761][    C1] R13: ffffffff8b7ee168 R14: ffffffff8b7ee130 R15: 0000000000000000
[  418.198775][    C1]  ? devkmsg_read+0x670/0x670
[  418.198780][    C1]  ? lock_release+0x720/0x720
[  418.198790][    C1]  ? _printk+0xad/0xde
[  418.198797][    C1]  vprintk_emit+0x99/0x2f0
[  418.198803][    C1]  _printk+0xad/0xde
[  418.198807][    C1]  ? record_print_text.cold+0x11/0x11
[  418.198811][    C1]  ? _raw_spin_unlock_irqrestore+0x50/0x70
[  418.198816][    C1]  ? usb_free_urb+0x13/0xb0
[  418.198820][    C1]  ? ath9k_hif_usb_alloc_urbs+0xa3a/0xee0
[  418.198828][    C1]  ath9k_htc_hw_init.cold+0xc/0x12
[  418.198833][    C1]  ath9k_hif_usb_firmware_cb+0x23b/0x4d0
[  418.198840][    C1]  ? ath9k_hif_usb_alloc_urbs+0xee0/0xee0
[  418.198843][    C1]  request_firmware_work_func+0x126/0x230
[  418.198848][    C1]  ? request_partial_firmware_into_buf+0x90/0x90
[  418.198856][    C1]  process_one_work+0x87f/0x1450
[  418.198863][    C1]  ? lock_release+0x720/0x720
[  418.198867][    C1]  ? pwq_dec_nr_in_flight+0x230/0x230
[  418.198873][    C1]  ? rwlock_bug.part.0+0x90/0x90
[  418.198877][    C1]  ? _raw_spin_lock_irq+0x41/0x50
[  418.198884][    C1]  worker_thread+0x598/0x1040
[  418.198893][    C1]  ? process_one_work+0x1450/0x1450
[  418.198898][    C1]  kthread+0x3ab/0x480
[  418.198901][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[  418.198905][    C1]  ? set_kthread_struct+0x100/0x100
[  418.198910][    C1]  ret_from_fork+0x1f/0x30
[  418.198922][    C1]  </TASK>
[  418.198924][    C1] 
[  418.198926][    C1] The buggy address belongs to the page:
[  418.198929][    C1] page:ffffea0001f4f700 refcount:0 mapcount:0 mapping:0000000000000000 index:0x100 pfn:0x7d3dc
[  418.198933][    C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  418.198940][    C1] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  418.198943][    C1] raw: 0000000000000100 0000000000000000 00000000ffffffff 0000000000000000
[  418.198945][    C1] page dumped because: kasan: bad access detected
[  418.198948][    C1] page_owner tracks the page as freed
[  418.198950][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x140dc0(GFP_USER|__GFP_COMP|__GFP_ZERO), pid 5866, ts 417166482976, free_ts 418192107660
[  418.198956][    C1]  get_page_from_freelist+0xa6f/0x2f10
[  418.198961][    C1]  __alloc_pages+0x1b2/0x500
[  418.198965][    C1]  kmalloc_order+0x34/0xf0
[  418.198968][    C1]  kmalloc_order_trace+0x14/0x120
[  418.198971][    C1]  wiphy_new_nm+0x63a/0x1d70
[  418.198975][    C1]  ieee80211_alloc_hw_nm+0x2f5/0x1fd0
[  418.198980][    C1]  ath9k_htc_probe_device+0x91/0x1e30
[  418.198983][    C1]  ath9k_htc_hw_init+0x8/0x20
[  418.198986][    C1]  ath9k_hif_usb_firmware_cb+0x23b/0x4d0
[  418.198990][    C1]  request_firmware_work_func+0x126/0x230
[  418.198993][    C1]  process_one_work+0x87f/0x1450
[  418.198996][    C1]  worker_thread+0x598/0x1040
[  418.198998][    C1]  kthread+0x3ab/0x480
[  418.199002][    C1]  ret_from_fork+0x1f/0x30
[  418.199005][    C1] page last free stack trace:
[  418.199007][    C1]  free_pcp_prepare+0x374/0x870
[  418.199010][    C1]  free_unref_page+0x19/0x690
[  418.199013][    C1]  device_release+0x93/0x200
[  418.199018][    C1]  kobject_put+0x139/0x410
[  418.199023][    C1]  ath9k_htc_probe_device+0x1ab/0x1e30
[  418.199026][    C1]  ath9k_htc_hw_init+0x8/0x20
[  418.199029][    C1]  ath9k_hif_usb_firmware_cb+0x23b/0x4d0
[  418.199032][    C1]  request_firmware_work_func+0x126/0x230
[  418.199035][    C1]  process_one_work+0x87f/0x1450
[  418.199038][    C1]  worker_thread+0x598/0x1040
[  418.199041][    C1]  kthread+0x3ab/0x480
[  418.199044][    C1]  ret_from_fork+0x1f/0x30
[  418.199047][    C1] 
[  418.199049][    C1] Memory state around the buggy address:
[  418.199051][    C1]  ffff88807d3dc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  418.199054][    C1]  ffff88807d3dc180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  418.199056][    C1] >ffff88807d3dc200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  418.199058][    C1]                                                                 ^
[  418.199061][    C1]  ffff88807d3dc280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  418.199063][    C1]  ffff88807d3dc300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  418.199065][    C1] ==================================================================
[  418.199067][    C1] Disabling lock debugging due to kernel taint
[  418.199069][    C1] Kernel panic - not syncing: panic_on_warn set ...
[  418.199071][    C1] CPU: 1 PID: 5866 Comm: kworker/1:6 Tainted: G    B             5.16.0-rc5-syzkaller #0
[  418.199075][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  418.199077][    C1] Workqueue: events request_firmware_work_func
[  418.199080][    C1] Call Trace:
[  418.199081][    C1]  <IRQ>
[  418.199083][    C1]  dump_stack_lvl+0x57/0x7d
[  418.199086][    C1]  panic+0x214/0x49f
[  418.199090][    C1]  ? __warn_printk+0xee/0xee
[  418.199095][    C1]  ? ath9k_hif_usb_rx_cb+0xd4d/0x1010
[  418.199098][    C1]  ? ath9k_hif_usb_rx_cb+0xd4d/0x1010
[  418.199101][    C1]  end_report.cold+0x63/0x6f
[  418.199104][    C1]  kasan_report.cold+0x71/0xdf
[  418.199108][    C1]  ? build_skb+0x110/0x130
[  418.199111][    C1]  ? ath9k_hif_usb_rx_cb+0xd4d/0x1010
[  418.199115][    C1]  ath9k_hif_usb_rx_cb+0xd4d/0x1010
[  418.199120][    C1]  ? hif_usb_start+0xa0/0xa0
[  418.199123][    C1]  ? led_trigger_blink_setup.part.0+0xe9/0x1a0
[  418.199127][    C1]  ? lock_downgrade+0x6e0/0x6e0
[  418.199131][    C1]  ? led_trigger_blink_setup.part.0+0xee/0x1a0
[  418.199134][    C1]  __usb_hcd_giveback_urb+0x238/0x3f0
[  418.199138][    C1]  dummy_timer+0xeb8/0x2eb0
[  418.199142][    C1]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  418.199147][    C1]  ? lock_chain_count+0x20/0x20
[  418.199150][    C1]  ? dummy_dequeue+0x4a0/0x4a0
[  418.199154][    C1]  ? dummy_dequeue+0x4a0/0x4a0
[  418.199156][    C1]  call_timer_fn+0x163/0x4a0
[  418.199159][    C1]  ? add_timer_on+0x410/0x410
[  418.199162][    C1]  ? rwlock_bug.part.0+0x90/0x90
[  418.199165][    C1]  ? dummy_dequeue+0x4a0/0x4a0
[  418.199167][    C1]  ? lockdep_hardirqs_on_prepare+0x17b/0x400
[  418.199170][    C1]  ? dummy_dequeue+0x4a0/0x4a0
[  418.199173][    C1]  __run_timers.part.0+0x524/0x890
[  418.199177][    C1]  ? call_timer_fn+0x4a0/0x4a0
[  418.199180][    C1]  ? mark_held_locks+0x9f/0xe0
[  418.199183][    C1]  run_timer_softirq+0x9c/0x190
[  418.199186][    C1]  __do_softirq+0x29b/0x9c2
[  418.199190][    C1]  __irq_exit_rcu+0x123/0x180
[  418.199194][    C1]  irq_exit_rcu+0x5/0x20
[  418.199197][    C1]  sysvec_apic_timer_interrupt+0x93/0xc0
[  418.199200][    C1]  </IRQ>
[  418.199201][    C1]  <TASK>
[  418.199202][    C1]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[  418.199206][    C1] RIP: 0010:console_unlock+0x4df/0x870
[  418.199209][    C1] Code: 77 2a fe ff e8 a2 29 00 00 48 83 3c 24 00 0f 85 e0 01 00 00 9c 58 f6 c4 02 0f 85 d3 02 00 00 48 83 3c 24 00 74 01 fb 45 85 e4 <0f> 85 27 02 00 00 8b 54 24 30 85 d2 0f 84 70 fc ff ff 31 d2 be a0
[  418.199211][    C1] RSP: 0018:ffffc9000470f9b8 EFLAGS: 00000246
[  418.199214][    C1] RAX: 0000000000000006 RBX: dffffc0000000000 RCX: 1ffffffff1dcd416
[  418.199216][    C1] RDX: 0000000000000000 RSI: ffffffff88cb54a0 RDI: ffffffff89216520
[  418.199218][    C1] RBP: ffffc9000470fa10 R08: 0000000000000001 R09: ffffffff8ee69947
[  418.199220][    C1] R10: 0000000000000001 R11: 74685f6b39687461 R12: 0000000000000000
[  418.199222][    C1] R13: ffffffff8b7ee168 R14: ffffffff8b7ee130 R15: 0000000000000000
[  418.199227][    C1]  ? devkmsg_read+0x670/0x670
[  418.199230][    C1]  ? lock_release+0x720/0x720
[  418.199234][    C1]  ? _printk+0xad/0xde
[  418.199238][    C1]  vprintk_emit+0x99/0x2f0
[  418.199241][    C1]  _printk+0xad/0xde
[  418.199244][    C1]  ? record_print_text.cold+0x11/0x11
[  418.199247][    C1]  ? _raw_spin_unlock_irqrestore+0x50/0x70
[  418.199250][    C1]  ? usb_free_urb+0x13/0xb0
[  418.199253][    C1]  ? ath9k_hif_usb_alloc_urbs+0xa3a/0xee0
[  418.199258][    C1]  ath9k_htc_hw_init.cold+0xc/0x12
[  418.199260][    C1]  ath9k_hif_usb_firmware_cb+0x23b/0x4d0
[  418.199264][    C1]  ? ath9k_hif_usb_alloc_urbs+0xee0/0xee0
[  418.199267][    C1]  request_firmware_work_func+0x126/0x230
[  418.199270][    C1]  ? request_partial_firmware_into_buf+0x90/0x90
[  418.199274][    C1]  process_one_work+0x87f/0x1450
[  418.199277][    C1]  ? lock_release+0x720/0x720
[  418.199280][    C1]  ? pwq_dec_nr_in_flight+0x230/0x230
[  418.199283][    C1]  ? rwlock_bug.part.0+0x90/0x90
[  418.199286][    C1]  ? _raw_spin_lock_irq+0x41/0x50
[  418.199290][    C1]  worker_thread+0x598/0x1040
[  418.199293][    C1]  ? process_one_work+0x1450/0x1450
[  418.199296][    C1]  kthread+0x3ab/0x480
[  418.199299][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[  418.199302][    C1]  ? set_kthread_struct+0x100/0x100
[  418.199305][    C1]  ret_from_fork+0x1f/0x30
[  418.199310][    C1]  </TASK>
[  418.200350][    C1] Kernel Offset: disabled
[  419.323007][    C1] Rebooting in 86400 seconds..