[ 37.168053][ T1045] bridge0: port 1(bridge_slave_0) entered disabled state
[ 37.176923][ T1045] device veth1_macvtap left promiscuous mode
[ 37.183131][ T1045] device veth0_macvtap left promiscuous mode
[ 37.189599][ T1045] device veth1_vlan left promiscuous mode
[ 37.195328][ T1045] device veth0_vlan left promiscuous mode
[ 37.242731][ T1045] team0 (unregistering): Port device team_slave_1 removed
[ 37.253643][ T1045] team0 (unregistering): Port device team_slave_0 removed
[ 37.263249][ T1045] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 37.274013][ T1045] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 37.297404][ T1045] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.0.152' (ECDSA) to the list of known hosts.
[ 51.539738][ T4040] cgroup: Unknown subsys name 'net'
[ 51.546702][ T4040] cgroup: Unknown subsys name 'rlimit'
[ 51.575675][ T1045] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 51.583751][ T1045] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 51.591868][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 51.600339][ T90] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 51.608300][ T90] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 51.615727][ T3602] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 51.905928][ T14] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 52.445997][ T14] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 52.456124][ T14] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 52.464087][ T14] usb 1-1: Product: syz
[ 52.468891][ T14] usb 1-1: Manufacturer: syz
[ 52.473474][ T14] usb 1-1: SerialNumber: syz
[ 52.526450][ T14] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 53.115898][ T14] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 53.325981][ C0] usb 1-1: ath: unknown panic pattern!
[ 53.332114][ T142] usb 1-1: USB disconnect, device number 2
[ 54.205904][ T14] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 54.213138][ T14] ath9k_htc: Failed to initialize the device
[ 54.219657][ T142] usb 1-1: ath9k_htc: USB layer deinitialized
[ 54.575861][ T142] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 55.095989][ T142] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 55.105324][ T142] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 55.113657][ T142] usb 1-1: Product: syz
[ 55.117888][ T142] usb 1-1: Manufacturer: syz
[ 55.122464][ T142] usb 1-1: SerialNumber: syz
[ 55.166352][ T142] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 55.735958][ T142] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 55.955957][ C0] usb 1-1: ath: unknown panic pattern!
[ 55.962055][ T14] usb 1-1: USB disconnect, device number 3
[ 56.765897][ T142] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 56.772897][ T142] ath9k_htc: Failed to initialize the device
[ 56.779327][ T14] usb 1-1: ath9k_htc: USB layer deinitialized
[ 57.135868][ T14] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[ 57.665953][ T14] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 57.675342][ T14] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 57.683482][ T14] usb 1-1: Product: syz
[ 57.688710][ T14] usb 1-1: Manufacturer: syz
[ 57.693309][ T14] usb 1-1: SerialNumber: syz
[ 57.736252][ T14] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 58.315962][ T14] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 58.535942][ C0] usb 1-1: ath: unknown panic pattern!
[ 58.541748][ T142] usb 1-1: USB disconnect, device number 4
[ 59.405844][ T14] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 59.412954][ T14] ath9k_htc: Failed to initialize the device
[ 59.419281][ T142] usb 1-1: ath9k_htc: USB layer deinitialized
[ 59.785856][ T142] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[ 60.316003][ T142] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 60.325134][ T142] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 60.333471][ T142] usb 1-1: Product: syz
[ 60.337961][ T142] usb 1-1: Manufacturer: syz
[ 60.342530][ T142] usb 1-1: SerialNumber: syz
[ 60.386287][ T142] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 60.956018][ T142] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 61.175964][ C0] usb 1-1: ath: unknown panic pattern!
[ 61.181728][ T14] usb 1-1: USB disconnect, device number 5
[ 62.045845][ T142] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 62.052872][ T142] ath9k_htc: Failed to initialize the device
[ 62.059565][ T14] usb 1-1: ath9k_htc: USB layer deinitialized
[ 62.415857][ T14] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[ 62.935865][ T14] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 62.945030][ T14] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 62.953137][ T14] usb 1-1: Product: syz
[ 62.957592][ T14] usb 1-1: Manufacturer: syz
[ 62.962189][ T14] usb 1-1: SerialNumber: syz
[ 63.006560][ T14] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 63.595946][ T14] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 63.816066][ C0] usb 1-1: ath: unknown panic pattern!
[ 63.821917][ T142] usb 1-1: USB disconnect, device number 6
[ 64.685965][ T14] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 64.693289][ T14] ath9k_htc: Failed to initialize the device
[ 64.699546][ T142] usb 1-1: ath9k_htc: USB layer deinitialized
[ 65.055879][ T142] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[ 65.585960][ T142] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 65.595071][ T142] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 65.603135][ T142] usb 1-1: Product: syz
[ 65.607692][ T142] usb 1-1: Manufacturer: syz
[ 65.612381][ T142] usb 1-1: SerialNumber: syz
[ 65.656783][ T142] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 66.255955][ T142] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 66.475982][ C0] usb 1-1: ath: unknown panic pattern!
[ 66.481857][ T14] usb 1-1: USB disconnect, device number 7
[ 67.325994][ T142] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 67.333176][ T142] ath9k_htc: Failed to initialize the device
[ 67.340062][ T14] usb 1-1: ath9k_htc: USB layer deinitialized
[ 67.705834][ T14] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[ 68.226034][ T14] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 68.235066][ T14] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 68.243334][ T14] usb 1-1: Product: syz
[ 68.247692][ T14] usb 1-1: Manufacturer: syz
[ 68.252573][ T14] usb 1-1: SerialNumber: syz
[ 68.296256][ T14] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 68.865885][ T14] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 69.085979][ C0] usb 1-1: ath: unknown panic pattern!
[ 69.091914][ T142] usb 1-1: USB disconnect, device number 8
[ 69.885867][ T14] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 69.892847][ T14] ath9k_htc: Failed to initialize the device
[ 69.899951][ T142] usb 1-1: ath9k_htc: USB layer deinitialized
[ 70.255862][ T142] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[ 70.775923][ T142] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 70.785192][ T142] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 70.793416][ T142] usb 1-1: Product: syz
[ 70.797682][ T142] usb 1-1: Manufacturer: syz
[ 70.802489][ T142] usb 1-1: SerialNumber: syz
[ 70.847555][ T142] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 71.166209][ T1138] cfg80211: failed to load regulatory.db
[ 71.435896][ T142] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 71.645953][ C0] usb 1-1: ath: unknown panic pattern!
[ 71.651900][ T14] usb 1-1: USB disconnect, device number 9
[ 72.445887][ T142] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 72.452845][ T142] ath9k_htc: Failed to initialize the device
[ 72.459186][ T14] usb 1-1: ath9k_htc: USB layer deinitialized
[ 72.815858][ T14] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[ 73.336033][ T14] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 73.345133][ T14] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 73.353294][ T14] usb 1-1: Product: syz
[ 73.357503][ T14] usb 1-1: Manufacturer: syz
[ 73.362208][ T14] usb 1-1: SerialNumber: syz
[ 73.406318][ T14] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 73.986037][ T14] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 74.205965][ C0] usb 1-1: ath: unknown panic pattern!
[ 74.211911][ T142] usb 1-1: USB disconnect, device number 10
[ 75.005896][ T14] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 75.013121][ T14] ath9k_htc: Failed to initialize the device
[ 75.019450][ T142] usb 1-1: ath9k_htc: USB layer deinitialized
[ 75.375893][ T142] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[ 75.895876][ T142] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 75.905096][ T142] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 75.913153][ T142] usb 1-1: Product: syz
[ 75.917864][ T142] usb 1-1: Manufacturer: syz
[ 75.922452][ T142] usb 1-1: SerialNumber: syz
[ 75.966427][ T142] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 76.535928][ T142] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 76.746655][ T3602] usb 1-1: USB disconnect, device number 11
[ 77.565872][ T142] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 77.572805][ T142] ath9k_htc: Failed to initialize the device
[ 77.579297][ T3602] usb 1-1: ath9k_htc: USB layer deinitialized
[ 77.945875][ T3602] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[ 78.465940][ T3602] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 78.475099][ T3602] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 78.483476][ T3602] usb 1-1: Product: syz
[ 78.487799][ T3602] usb 1-1: Manufacturer: syz
[ 78.492368][ T3602] usb 1-1: SerialNumber: syz
[ 78.536597][ T3602] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 79.135905][ T3602] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 79.355931][ C1] usb 1-1: ath: unknown panic pattern!
[ 79.363398][ T142] usb 1-1: USB disconnect, device number 12
[ 80.205878][ T3602] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 80.213097][ T3602] ath9k_htc: Failed to initialize the device
[ 80.219983][ T142] usb 1-1: ath9k_htc: USB layer deinitialized
[ 80.575848][ T142] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[ 81.135945][ T142] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 81.145414][ T142] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 81.153793][ T142] usb 1-1: Product: syz
[ 81.158017][ T142] usb 1-1: Manufacturer: syz
[ 81.162642][ T142] usb 1-1: SerialNumber: syz
[ 81.207439][ T142] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 81.775894][ T142] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 81.985929][ C0] usb 1-1: ath: unknown panic pattern!
[ 81.992829][ T14] usb 1-1: USB disconnect, device number 13
[ 82.845878][ T142] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 82.853247][ T142] ath9k_htc: Failed to initialize the device
[ 82.860007][ T14] usb 1-1: ath9k_htc: USB layer deinitialized
[ 83.225811][ T14] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[ 83.745953][ T14] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 83.755377][ T14] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 83.763629][ T14] usb 1-1: Product: syz
[ 83.767894][ T14] usb 1-1: Manufacturer: syz
[ 83.772476][ T14] usb 1-1: SerialNumber: syz
[ 83.817523][ T14] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 84.395940][ T14] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 84.615977][ C0] usb 1-1: ath: unknown panic pattern!
[ 84.621877][ T142] usb 1-1: USB disconnect, device number 14
[ 85.495854][ T14] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 85.503090][ T14] ath9k_htc: Failed to initialize the device
[ 85.510089][ T142] usb 1-1: ath9k_htc: USB layer deinitialized
[ 85.865829][ T142] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[ 86.385932][ T142] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 86.394980][ T142] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 86.403370][ T142] usb 1-1: Product: syz
[ 86.407723][ T142] usb 1-1: Manufacturer: syz
[ 86.412292][ T142] usb 1-1: SerialNumber: syz
[ 86.466241][ T142] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 87.105896][ T142] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 87.336121][ C0] usb 1-1: ath: unknown panic pattern!
[ 87.342113][ T14] usb 1-1: USB disconnect, device number 15
[ 88.125885][ T142] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 88.132948][ T142] ath9k_htc: Failed to initialize the device
[ 88.144053][ T14] usb 1-1: ath9k_htc: USB layer deinitialized
[ 88.495841][ T14] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[ 89.025971][ T14] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 89.035084][ T14] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 89.043391][ T14] usb 1-1: Product: syz
[ 89.047679][ T14] usb 1-1: Manufacturer: syz
[ 89.052254][ T14] usb 1-1: SerialNumber: syz
[ 89.096175][ T14] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 89.665945][ T14] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 89.875948][ C0] usb 1-1: ath: unknown panic pattern!
[ 89.881878][ T142] usb 1-1: USB disconnect, device number 16
[ 90.685874][ T14] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 90.693019][ T14] ath9k_htc: Failed to initialize the device
[ 90.699319][ T142] usb 1-1: ath9k_htc: USB layer deinitialized
[ 91.065844][ T142] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[ 91.596109][ T142] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 91.605159][ T142] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 91.613428][ T142] usb 1-1: Product: syz
[ 91.617950][ T142] usb 1-1: Manufacturer: syz
[ 91.622617][ T142] usb 1-1: SerialNumber: syz
[ 91.666227][ T142] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 92.256024][ T142] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 92.475971][ C0] usb 1-1: ath: unknown panic pattern!
[ 92.477453][ T3602] usb 1-1: USB disconnect, device number 17
[ 92.481478][ C0] ==================================================================
[ 92.495347][ C0] BUG: KASAN: use-after-free in kfree_skb_reason+0x28/0xb0
[ 92.502694][ C0] Read of size 4 at addr ffff88801e3e8d54 by task swapper/0/0
[ 92.510188][ C0]
[ 92.512575][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 5.17.0-syzkaller #0
[ 92.521569][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 92.531690][ C0] Call Trace:
[ 92.534945][ C0]
[ 92.537775][ C0] dump_stack_lvl+0x57/0x7d
[ 92.542248][ C0] print_address_description.constprop.0.cold+0xeb/0x495
[ 92.549251][ C0] ? kfree_skb_reason+0x28/0xb0
[ 92.554082][ C0] kasan_report.cold+0xf4/0x1c6
[ 92.558991][ C0] ? kfree_skb_reason+0x28/0xb0
[ 92.563808][ C0] kasan_check_range+0x13d/0x180
[ 92.568718][ C0] kfree_skb_reason+0x28/0xb0
[ 92.573539][ C0] ath9k_hif_usb_reg_in_cb+0x470/0x600
[ 92.579230][ C0] ? led_trigger_blink_setup.part.0+0xee/0x1a0
[ 92.585506][ C0] __usb_hcd_giveback_urb+0x238/0x3f0
[ 92.590863][ C0] dummy_timer+0xeb8/0x2eb0
[ 92.595339][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 92.600163][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 92.605250][ C0] ? dummy_dequeue+0x4a0/0x4a0
[ 92.609985][ C0] ? dummy_dequeue+0x4a0/0x4a0
[ 92.614715][ C0] call_timer_fn+0x163/0x4a0
[ 92.619283][ C0] ? lock_release+0x522/0x720
[ 92.623929][ C0] ? timer_fixup_activate+0x240/0x240
[ 92.629275][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 92.634347][ C0] ? __next_timer_interrupt+0xd0/0x1f0
[ 92.639773][ C0] ? dummy_dequeue+0x4a0/0x4a0
[ 92.644689][ C0] __run_timers.part.0+0x52e/0x8a0
[ 92.649768][ C0] ? call_timer_fn+0x4a0/0x4a0
[ 92.654584][ C0] ? kvm_sched_clock_read+0x14/0x40
[ 92.659838][ C0] ? sched_clock_cpu+0x15/0x1f0
[ 92.665091][ C0] ? clockevents_program_event+0x1cf/0x290
[ 92.671052][ C0] run_timer_softirq+0x9c/0x190
[ 92.676046][ C0] __do_softirq+0x29b/0x9c2
[ 92.680876][ C0] __irq_exit_rcu+0x123/0x180
[ 92.685535][ C0] irq_exit_rcu+0x5/0x20
[ 92.689750][ C0] sysvec_apic_timer_interrupt+0x93/0xc0
[ 92.695439][ C0]
[ 92.698346][ C0]
[ 92.701253][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 92.707216][ C0] RIP: 0010:acpi_idle_do_entry+0x15e/0x1c0
[ 92.713000][ C0] Code: 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 75 6a 48 8b 45 00 a8 08 75 c9 e8 ad 21 e2 f8 eb 07 0f 00 2d 34 4d bd 00 fb f4 <9c> 58 fa f6 c4 02 74 b1 5d e9 84 20 e2 f8 48 89 ef 5d e9 ab f9 ff
[ 92.732662][ C0] RSP: 0018:ffffffff8aa07d88 EFLAGS: 00000246
[ 92.738714][ C0] RAX: 0000000000000007 RBX: ffff888145e6d065 RCX: 1ffffffff194e04d
[ 92.747349][ C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff889018c3
[ 92.755380][ C0] RBP: ffffffff8aabb4c0 R08: 0000000000000000 R09: 0000000000000000
[ 92.763412][ C0] R10: fffffbfff1557698 R11: 0000000000000001 R12: 0000000000000001
[ 92.771353][ C0] R13: ffff888145e6d064 R14: ffffffff8b738420 R15: ffff88801783d804
[ 92.779559][ C0] ? acpi_idle_do_entry+0x153/0x1c0
[ 92.784731][ C0] ? acpi_idle_do_entry+0x153/0x1c0
[ 92.789997][ C0] acpi_idle_enter+0x2c0/0x4b0
[ 92.794734][ C0] cpuidle_enter_state+0x152/0xb40
[ 92.799864][ C0] ? kvm_clock_get_cycles+0x10/0x30
[ 92.805208][ C0] ? ktime_get+0x117/0x2f0
[ 92.809855][ C0] cpuidle_enter+0x45/0xa0
[ 92.814331][ C0] do_idle+0x3e8/0x590
[ 92.818546][ C0] ? arch_cpu_idle_exit+0x30/0x30
[ 92.824148][ C0] cpu_startup_entry+0x14/0x20
[ 92.828973][ C0] start_kernel+0x343/0x361
[ 92.833448][ C0] secondary_startup_64_no_verify+0xc3/0xcb
[ 92.839750][ C0]
[ 92.842744][ C0]
[ 92.845100][ C0] Allocated by task 142:
[ 92.849574][ C0] kasan_save_stack+0x1e/0x40
[ 92.854486][ C0] __kasan_slab_alloc+0x90/0xc0
[ 92.859512][ C0] kmem_cache_alloc_node+0x255/0x3f0
[ 92.864788][ C0] __alloc_skb+0x151/0x270
[ 92.869204][ C0] ath9k_hif_usb_alloc_urbs+0x877/0xef0
[ 92.874725][ C0] ath9k_hif_usb_firmware_cb+0x121/0x4d0
[ 92.880414][ C0] request_firmware_work_func+0x126/0x230
[ 92.886110][ C0] process_one_work+0x865/0x13d0
[ 92.891032][ C0] worker_thread+0x598/0xec0
[ 92.895702][ C0] kthread+0x299/0x340
[ 92.900095][ C0] ret_from_fork+0x1f/0x30
[ 92.904482][ C0]
[ 92.906871][ C0] Freed by task 0:
[ 92.910586][ C0] kasan_save_stack+0x1e/0x40
[ 92.915241][ C0] kasan_set_track+0x21/0x30
[ 92.919975][ C0] kasan_set_free_info+0x20/0x30
[ 92.924903][ C0] ____kasan_slab_free+0x166/0x1a0
[ 92.930215][ C0] slab_free_freelist_hook+0x8b/0x1c0
[ 92.935579][ C0] kmem_cache_free+0xdd/0x5a0
[ 92.940320][ C0] ath9k_hif_usb_reg_in_cb+0x178/0x600
[ 92.946017][ C0] __usb_hcd_giveback_urb+0x238/0x3f0
[ 92.951539][ C0] dummy_timer+0xeb8/0x2eb0
[ 92.956120][ C0] call_timer_fn+0x163/0x4a0
[ 92.960678][ C0] __run_timers.part.0+0x52e/0x8a0
[ 92.965767][ C0] run_timer_softirq+0x9c/0x190
[ 92.970671][ C0] __do_softirq+0x29b/0x9c2
[ 92.975148][ C0]
[ 92.977448][ C0] The buggy address belongs to the object at ffff88801e3e8c80
[ 92.977448][ C0] which belongs to the cache skbuff_head_cache of size 224
[ 92.992168][ C0] The buggy address is located 212 bytes inside of
[ 92.992168][ C0] 224-byte region [ffff88801e3e8c80, ffff88801e3e8d60)
[ 93.005500][ C0]
[ 93.007858][ C0] The buggy address belongs to the physical page:
[ 93.014237][ C0] page:ffffea000078fa00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e3e8
[ 93.024516][ C0] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 93.032034][ C0] raw: 00fff00000000200 0000000000000000 dead000000000001 ffff888014c10500
[ 93.040761][ C0] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 93.049618][ C0] page dumped because: kasan: bad access detected
[ 93.056137][ C0] page_owner tracks the page as allocated
[ 93.061862][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 2923, tgid 2923 (kworker/1:3), ts 40636175040, free_ts 40350842458
[ 93.081618][ C0] get_page_from_freelist+0x178d/0x3da0
[ 93.087140][ C0] __alloc_pages+0x1b2/0x500
[ 93.091801][ C0] allocate_slab+0x26c/0x3c0
[ 93.096360][ C0] ___slab_alloc+0x8e1/0xf20
[ 93.100924][ C0] __slab_alloc.constprop.0+0x4d/0xa0
[ 93.106265][ C0] kmem_cache_alloc_node+0x122/0x3f0
[ 93.111606][ C0] __alloc_skb+0x151/0x270
[ 93.116018][ C0] nsim_dev_trap_report_work+0x25f/0xb20
[ 93.121641][ C0] process_one_work+0x865/0x13d0
[ 93.126659][ C0] worker_thread+0x598/0xec0
[ 93.131222][ C0] kthread+0x299/0x340
[ 93.135285][ C0] ret_from_fork+0x1f/0x30
[ 93.139675][ C0] page last free stack trace:
[ 93.144328][ C0] free_pcp_prepare+0x549/0xd20
[ 93.149174][ C0] free_unref_page+0x19/0x690
[ 93.153833][ C0] __mmdrop+0xb9/0x350
[ 93.157878][ C0] finish_task_switch.isra.0+0x792/0xb40
[ 93.163571][ C0] __schedule+0xa62/0x4900
[ 93.168044][ C0] schedule+0xd2/0x1f0
[ 93.172172][ C0] schedule_hrtimeout_range_clock+0x148/0x300
[ 93.178226][ C0] do_epoll_wait+0xebc/0x14e0
[ 93.182959][ C0] __x64_sys_epoll_wait+0x126/0x240
[ 93.188129][ C0] do_syscall_64+0x35/0x80
[ 93.192518][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 93.198386][ C0]
[ 93.200687][ C0] Memory state around the buggy address:
[ 93.206432][ C0] ffff88801e3e8c00: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[ 93.214464][ C0] ffff88801e3e8c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 93.222504][ C0] >ffff88801e3e8d00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 93.230533][ C0] ^
[ 93.237200][ C0] ffff88801e3e8d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 93.246029][ C0] ffff88801e3e8e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 93.254077][ C0] ==================================================================
[ 93.262115][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 93.268674][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 5.17.0-syzkaller #0
[ 93.277665][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 93.287691][ C0] Call Trace:
[ 93.291730][ C0]
[ 93.294550][ C0] dump_stack_lvl+0x57/0x7d
[ 93.299041][ C0] panic+0x227/0x466
[ 93.303007][ C0] ? panic_print_sys_info.part.0+0x69/0x69
[ 93.308789][ C0] ? kfree_skb_reason+0x28/0xb0
[ 93.313611][ C0] end_report.part.0+0x3f/0x7c
[ 93.318431][ C0] kasan_report.cold+0x93/0x1c6
[ 93.324128][ C0] ? kfree_skb_reason+0x28/0xb0
[ 93.328950][ C0] kasan_check_range+0x13d/0x180
[ 93.333864][ C0] kfree_skb_reason+0x28/0xb0
[ 93.339378][ C0] ath9k_hif_usb_reg_in_cb+0x470/0x600
[ 93.344809][ C0] ? led_trigger_blink_setup.part.0+0xee/0x1a0
[ 93.350952][ C0] __usb_hcd_giveback_urb+0x238/0x3f0
[ 93.356299][ C0] dummy_timer+0xeb8/0x2eb0
[ 93.360860][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 93.365686][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 93.370593][ C0] ? dummy_dequeue+0x4a0/0x4a0
[ 93.375422][ C0] ? dummy_dequeue+0x4a0/0x4a0
[ 93.380157][ C0] call_timer_fn+0x163/0x4a0
[ 93.384842][ C0] ? lock_release+0x522/0x720
[ 93.389666][ C0] ? timer_fixup_activate+0x240/0x240
[ 93.395006][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 93.399828][ C0] ? __next_timer_interrupt+0xd0/0x1f0
[ 93.405252][ C0] ? dummy_dequeue+0x4a0/0x4a0
[ 93.410070][ C0] __run_timers.part.0+0x52e/0x8a0
[ 93.415419][ C0] ? call_timer_fn+0x4a0/0x4a0
[ 93.420153][ C0] ? kvm_sched_clock_read+0x14/0x40
[ 93.425319][ C0] ? sched_clock_cpu+0x15/0x1f0
[ 93.430818][ C0] ? clockevents_program_event+0x1cf/0x290
[ 93.436595][ C0] run_timer_softirq+0x9c/0x190
[ 93.441503][ C0] __do_softirq+0x29b/0x9c2
[ 93.446085][ C0] __irq_exit_rcu+0x123/0x180
[ 93.450819][ C0] irq_exit_rcu+0x5/0x20
[ 93.455119][ C0] sysvec_apic_timer_interrupt+0x93/0xc0
[ 93.460823][ C0]
[ 93.463731][ C0]
[ 93.466640][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 93.472611][ C0] RIP: 0010:acpi_idle_do_entry+0x15e/0x1c0
[ 93.478391][ C0] Code: 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 75 6a 48 8b 45 00 a8 08 75 c9 e8 ad 21 e2 f8 eb 07 0f 00 2d 34 4d bd 00 fb f4 <9c> 58 fa f6 c4 02 74 b1 5d e9 84 20 e2 f8 48 89 ef 5d e9 ab f9 ff
[ 93.498581][ C0] RSP: 0018:ffffffff8aa07d88 EFLAGS: 00000246
[ 93.504638][ C0] RAX: 0000000000000007 RBX: ffff888145e6d065 RCX: 1ffffffff194e04d
[ 93.512678][ C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff889018c3
[ 93.520643][ C0] RBP: ffffffff8aabb4c0 R08: 0000000000000000 R09: 0000000000000000
[ 93.528587][ C0] R10: fffffbfff1557698 R11: 0000000000000001 R12: 0000000000000001
[ 93.536887][ C0] R13: ffff888145e6d064 R14: ffffffff8b738420 R15: ffff88801783d804
[ 93.544927][ C0] ? acpi_idle_do_entry+0x153/0x1c0
[ 93.550103][ C0] ? acpi_idle_do_entry+0x153/0x1c0
[ 93.558310][ C0] acpi_idle_enter+0x2c0/0x4b0
[ 93.563136][ C0] cpuidle_enter_state+0x152/0xb40
[ 93.568218][ C0] ? kvm_clock_get_cycles+0x10/0x30
[ 93.573386][ C0] ? ktime_get+0x117/0x2f0
[ 93.577814][ C0] cpuidle_enter+0x45/0xa0
[ 93.582209][ C0] do_idle+0x3e8/0x590
[ 93.586273][ C0] ? arch_cpu_idle_exit+0x30/0x30
[ 93.591273][ C0] cpu_startup_entry+0x14/0x20
[ 93.596027][ C0] start_kernel+0x343/0x361
[ 93.600502][ C0] secondary_startup_64_no_verify+0xc3/0xcb
[ 93.606462][ C0]
[ 93.609749][ C0] Kernel Offset: disabled
[ 93.614050][ C0] Rebooting in 86400 seconds..