Warning: Permanently added '10.128.0.154' (ED25519) to the list of known hosts.
executing program
[   50.518254][   T26] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   51.048383][   T26] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   51.057613][   T26] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   51.065705][   T26] usb 1-1: Product: syz
[   51.069908][   T26] usb 1-1: Manufacturer: syz
[   51.074512][   T26] usb 1-1: SerialNumber: syz
[   51.131131][   T26] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   51.708163][ T2494] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   51.910496][ T2491] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   51.919630][ T2491] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   52.989032][ T2494] ath9k_htc 1-1:1.0: ath9k_htc: HTC initialized with 33 credits
[   52.997130][ T2494] ------------[ cut here ]------------
[   53.002841][ T2494] UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51
[   53.012480][ T2494] index 255 is out of range for type 'htc_endpoint [22]'
[   53.019781][ T2494] CPU: 1 PID: 2494 Comm: kworker/1:2 Not tainted 6.8.0-rc6-syzkaller-00190-ga788e53c05ae #0
[   53.029903][ T2494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[   53.039983][ T2494] Workqueue: events request_firmware_work_func
[   53.046208][ T2494] Call Trace:
[   53.049556][ T2494]  <TASK>
[   53.052530][ T2494]  dump_stack_lvl+0x125/0x1b0
[   53.057247][ T2494]  __ubsan_handle_out_of_bounds+0x111/0x150
[   53.063263][ T2494]  htc_issue_send.constprop.0+0x209/0x230
[   53.069020][ T2494]  ? _raw_spin_unlock_irqrestore+0x4e/0x70
[   53.074877][ T2494]  ath9k_wmi_cmd+0x424/0x630
[   53.079505][ T2494]  ath9k_regread+0xdb/0x160
[   53.084039][ T2494]  ? ath9k_multi_regread+0x3b0/0x3b0
[   53.089352][ T2494]  ? _raw_spin_unlock_irqrestore+0x4e/0x70
[   53.095220][ T2494]  ? lockdep_hardirqs_on+0x7d/0x110
[   53.100452][ T2494]  ? __debug_object_init+0x347/0x480
[   53.105777][ T2494]  ? _raw_spin_unlock_irqrestore+0x3b/0x70
[   53.111613][ T2494]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   53.117541][ T2494]  ? ath9k_multi_regread+0x3b0/0x3b0
[   53.122848][ T2494]  ath9k_hw_init+0xf02/0x2b30
[   53.127558][ T2494]  ? lockdep_init_map_type+0x16d/0x7d0
[   53.133043][ T2494]  ? ath9k_hw_fill_cap_info+0x2550/0x2550
[   53.138824][ T2494]  ? lockdep_init_map_type+0x16d/0x7d0
[   53.144317][ T2494]  ath9k_htc_probe_device+0xb37/0x25f0
[   53.149805][ T2494]  ? ath9k_init_htc_services.constprop.0+0x820/0x820
[   53.156514][ T2494]  ? usb_free_urb.part.0+0x52/0x110
[   53.161744][ T2494]  ? usb_free_urb+0x1f/0x30
[   53.166273][ T2494]  ? ath9k_hif_usb_alloc_urbs+0xbc5/0x1010
[   53.172144][ T2494]  ath9k_htc_hw_init+0x33/0x70
[   53.176939][ T2494]  ath9k_hif_usb_firmware_cb+0x272/0x620
[   53.182629][ T2494]  ? ath9k_hif_usb_alloc_urbs+0x1010/0x1010
[   53.188578][ T2494]  request_firmware_work_func+0x13a/0x240
[   53.194342][ T2494]  ? request_partial_firmware_into_buf+0xa0/0xa0
[   53.200721][ T2494]  process_one_work+0x886/0x15d0
[   53.205698][ T2494]  ? lock_sync+0x190/0x190
[   53.210147][ T2494]  ? workqueue_congested+0x300/0x300
[   53.215471][ T2494]  ? assign_work+0x1a0/0x250
[   53.220097][ T2494]  worker_thread+0x8b9/0x1290
[   53.224811][ T2494]  ? __kthread_parkme+0x14b/0x220
[   53.229865][ T2494]  ? process_one_work+0x15d0/0x15d0
[   53.235095][ T2494]  kthread+0x2c6/0x3a0
[   53.239191][ T2494]  ? _raw_spin_unlock_irq+0x23/0x50
[   53.244420][ T2494]  ? kthread_complete_and_exit+0x40/0x40
[   53.250083][ T2494]  ret_from_fork+0x45/0x80
[   53.254539][ T2494]  ? kthread_complete_and_exit+0x40/0x40
[   53.260213][ T2494]  ret_from_fork_asm+0x11/0x20
[   53.265027][ T2494]  </TASK>
[   53.268234][ T2494] ---[ end trace ]---
[   53.271909][    T8] usb 1-1: USB disconnect, device number 2
[   53.272227][ T2494] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[   53.272242][ T2494] CPU: 1 PID: 2494 Comm: kworker/1:2 Not tainted 6.8.0-rc6-syzkaller-00190-ga788e53c05ae #0
[   53.272274][ T2494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[   53.272294][ T2494] Workqueue: events request_firmware_work_func
[   53.272349][ T2494] Call Trace:
[   53.272359][ T2494]  <TASK>
[   53.272369][ T2494]  dump_stack_lvl+0xd9/0x1b0
[   53.272411][ T2494]  panic+0x6dc/0x790
[   53.272450][ T2494]  ? mark_held_locks+0x9f/0xe0
[   53.272486][ T2494]  ? panic_smp_self_stop+0xa0/0xa0
[   53.272528][ T2494]  ? kmsg_dump_get_line+0x350/0x350
[   53.272567][ T2494]  ? check_panic_on_warn+0x1f/0xb0
[   53.272609][ T2494]  check_panic_on_warn+0xab/0xb0
[   53.272651][ T2494]  __ubsan_handle_out_of_bounds+0x139/0x150
[   53.272697][ T2494]  htc_issue_send.constprop.0+0x209/0x230
[   53.272745][ T2494]  ? _raw_spin_unlock_irqrestore+0x4e/0x70
[   53.272788][ T2494]  ath9k_wmi_cmd+0x424/0x630
[   53.272837][ T2494]  ath9k_regread+0xdb/0x160
[   53.272872][ T2494]  ? ath9k_multi_regread+0x3b0/0x3b0
[   53.272906][ T2494]  ? _raw_spin_unlock_irqrestore+0x4e/0x70
[   53.272946][ T2494]  ? lockdep_hardirqs_on+0x7d/0x110
[   53.272989][ T2494]  ? __debug_object_init+0x347/0x480
[   53.273037][ T2494]  ? _raw_spin_unlock_irqrestore+0x3b/0x70
[   53.273078][ T2494]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   53.273126][ T2494]  ? ath9k_multi_regread+0x3b0/0x3b0
[   53.273160][ T2494]  ath9k_hw_init+0xf02/0x2b30
[   53.273199][ T2494]  ? lockdep_init_map_type+0x16d/0x7d0
[   53.273237][ T2494]  ? ath9k_hw_fill_cap_info+0x2550/0x2550
[   53.273274][ T2494]  ? lockdep_init_map_type+0x16d/0x7d0
[   53.273315][ T2494]  ath9k_htc_probe_device+0xb37/0x25f0
[   53.273354][ T2494]  ? ath9k_init_htc_services.constprop.0+0x820/0x820
[   53.273397][ T2494]  ? usb_free_urb.part.0+0x52/0x110
[   53.273434][ T2494]  ? usb_free_urb+0x1f/0x30
[   53.273467][ T2494]  ? ath9k_hif_usb_alloc_urbs+0xbc5/0x1010
[   53.273516][ T2494]  ath9k_htc_hw_init+0x33/0x70
[   53.273562][ T2494]  ath9k_hif_usb_firmware_cb+0x272/0x620
[   53.273614][ T2494]  ? ath9k_hif_usb_alloc_urbs+0x1010/0x1010
[   53.273662][ T2494]  request_firmware_work_func+0x13a/0x240
[   53.273713][ T2494]  ? request_partial_firmware_into_buf+0xa0/0xa0
[   53.273768][ T2494]  process_one_work+0x886/0x15d0
[   53.273813][ T2494]  ? lock_sync+0x190/0x190
[   53.273847][ T2494]  ? workqueue_congested+0x300/0x300
[   53.273891][ T2494]  ? assign_work+0x1a0/0x250
[   53.273930][ T2494]  worker_thread+0x8b9/0x1290
[   53.273974][ T2494]  ? __kthread_parkme+0x14b/0x220
[   53.274007][ T2494]  ? process_one_work+0x15d0/0x15d0
[   53.274054][ T2494]  kthread+0x2c6/0x3a0
[   53.274089][ T2494]  ? _raw_spin_unlock_irq+0x23/0x50
[   53.274127][ T2494]  ? kthread_complete_and_exit+0x40/0x40
[   53.274166][ T2494]  ret_from_fork+0x45/0x80
[   53.274194][ T2494]  ? kthread_complete_and_exit+0x40/0x40
[   53.274233][ T2494]  ret_from_fork_asm+0x11/0x20
[   53.274275][ T2494]  </TASK>
[   53.278359][ T2494] Kernel Offset: disabled