dhcpcd-9.4.0 starting
dev: loaded udev
DUID 00:04:08:8d:7f:22:61:cc:c3:77:b4:57:97:dd:f7:b3:90:2d
forked to background, child pid 1206
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   31.480669][   T70] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   32.020601][   T70] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   32.029770][   T70] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   32.037860][   T70] usb 1-1: Product: syz
[   32.042068][   T70] usb 1-1: Manufacturer: syz
[   32.046647][   T70] usb 1-1: SerialNumber: syz
[   32.092533][   T70] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   32.670618][   T70] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   33.720520][   T70] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[   33.727591][   T70] ath9k_htc: Failed to initialize the device
[   33.890510][    C0] ==================================================================
[   33.898594][    C0] BUG: KASAN: slab-out-of-bounds in ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   33.906685][    C0] Read of size 4 at addr ffff888108a5c348 by task swapper/0/0
[   33.914119][    C0] 
[   33.916426][    C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.18.0-rc1-syzkaller #0
[   33.924382][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.934416][    C0] Call Trace:
[   33.937677][    C0]  <IRQ>
[   33.940501][    C0]  dump_stack_lvl+0xcd/0x134
[   33.945090][    C0]  print_address_description.constprop.0.cold+0xeb/0x495
[   33.952098][    C0]  ? ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   33.957460][    C0]  kasan_report.cold+0xf4/0x1c6
[   33.962333][    C0]  ? ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   33.967697][    C0]  ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   33.972883][    C0]  ? __ia32_sys_membarrier+0x40/0x200
[   33.978243][    C0]  ? hif_usb_start+0xa0/0xa0
[   33.982817][    C0]  ? rwlock_bug.part.0+0x90/0x90
[   33.987745][    C0]  __usb_hcd_giveback_urb+0x2b0/0x5c0
[   33.993102][    C0]  usb_hcd_giveback_urb+0x367/0x410
[   33.998282][    C0]  dummy_timer+0x11f9/0x32b0
[   34.002856][    C0]  ? dummy_dequeue+0x500/0x500
[   34.007602][    C0]  ? dummy_dequeue+0x500/0x500
[   34.012344][    C0]  call_timer_fn+0x1a5/0x6b0
[   34.016918][    C0]  ? timer_fixup_activate+0x350/0x350
[   34.022272][    C0]  ? lock_downgrade+0x6e0/0x6e0
[   34.027111][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[   34.032300][    C0]  ? dummy_dequeue+0x500/0x500
[   34.037047][    C0]  __run_timers.part.0+0x67c/0xa30
[   34.042169][    C0]  ? call_timer_fn+0x6b0/0x6b0
[   34.046914][    C0]  ? lapic_next_event+0x4d/0x80
[   34.051749][    C0]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   34.057972][    C0]  ? clockevents_program_event+0x12b/0x370
[   34.063789][    C0]  run_timer_softirq+0xb3/0x1d0
[   34.068628][    C0]  __do_softirq+0x288/0x9a5
[   34.073119][    C0]  __irq_exit_rcu+0x113/0x170
[   34.077779][    C0]  irq_exit_rcu+0x5/0x20
[   34.082004][    C0]  sysvec_apic_timer_interrupt+0x8e/0xc0
[   34.087626][    C0]  </IRQ>
[   34.090542][    C0]  <TASK>
[   34.093454][    C0]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   34.099433][    C0] RIP: 0010:acpi_idle_do_entry+0x1c6/0x250
[   34.105227][    C0] Code: 89 de e8 bd 82 5a fb 84 db 75 ac e8 d4 7e 5a fb e8 ff bc 60 fb eb 0c e8 c8 7e 5a fb 0f 00 2d 31 1d 81 00 e8 bc 7e 5a fb fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 37 81 5a fb 48 85 db
[   34.124817][    C0] RSP: 0018:ffffffff87807d60 EFLAGS: 00000293
[   34.130869][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   34.138823][    C0] RDX: ffffffff878526c0 RSI: ffffffff85e9fa54 RDI: 0000000000000000
[   34.146787][    C0] RBP: ffff8881094a6864 R08: 0000000000000001 R09: 0000000000000001
[   34.154738][    C0] R10: ffffffff814ab778 R11: 0000000000000000 R12: 0000000000000001
[   34.162691][    C0] R13: ffff8881094a6800 R14: ffff8881094a6864 R15: ffff88810c898804
[   34.170647][    C0]  ? trace_hardirqs_on+0x38/0x1c0
[   34.175662][    C0]  ? acpi_idle_do_entry+0x1c4/0x250
[   34.180849][    C0]  acpi_idle_enter+0x361/0x500
[   34.185594][    C0]  cpuidle_enter_state+0x1b1/0xc80
[   34.190690][    C0]  cpuidle_enter+0x4a/0xa0
[   34.195108][    C0]  do_idle+0x3e8/0x590
[   34.199176][    C0]  ? arch_cpu_idle_exit+0x30/0x30
[   34.204184][    C0]  ? trace_init_perf_perm_irq_work_exit+0xe/0xe
[   34.210411][    C0]  cpu_startup_entry+0x14/0x20
[   34.215181][    C0]  start_kernel+0x47f/0x4a0
[   34.219667][    C0]  secondary_startup_64_no_verify+0xc3/0xcb
[   34.225544][    C0]  </TASK>
[   34.228543][    C0] 
[   34.230846][    C0] Allocated by task 0:
[   34.234889][    C0] (stack is not available)
[   34.239278][    C0] 
[   34.241584][    C0] The buggy address belongs to the object at ffff888108a5c000
[   34.241584][    C0]  which belongs to the cache kmalloc-4k of size 4096
[   34.255635][    C0] The buggy address is located 840 bytes inside of
[   34.255635][    C0]  4096-byte region [ffff888108a5c000, ffff888108a5d000)
[   34.268971][    C0] 
[   34.271274][    C0] The buggy address belongs to the physical page:
[   34.277657][    C0] page:ffffea0004229600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108a58
[   34.287870][    C0] head:ffffea0004229600 order:3 compound_mapcount:0 compound_pincount:0
[   34.296170][    C0] flags: 0x200000000010200(slab|head|node=0|zone=2)
[   34.302744][    C0] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100042140
[   34.311310][    C0] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[   34.319879][    C0] page dumped because: kasan: bad access detected
[   34.326266][    C0] page_owner tracks the page as allocated
[   34.331959][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1276, tgid 1276 (syz-executor343), ts 33871880672, free_ts 33727566773
[   34.352779][    C0]  get_page_from_freelist+0x1373/0x2780
[   34.358317][    C0]  __alloc_pages+0x1b2/0x500
[   34.362889][    C0]  alloc_pages+0x1aa/0x310
[   34.367288][    C0]  allocate_slab+0x26c/0x3c0
[   34.371854][    C0]  ___slab_alloc+0x95a/0x1010
[   34.376513][    C0]  __slab_alloc.constprop.0+0x4d/0xa0
[   34.381865][    C0]  __kmalloc+0x306/0x320
[   34.386084][    C0]  tomoyo_realpath_from_path+0xc3/0x620
[   34.391609][    C0]  tomoyo_path_number_perm+0x1d5/0x590
[   34.397056][    C0]  security_file_ioctl+0x50/0xb0
[   34.401977][    C0]  __x64_sys_ioctl+0xb3/0x200
[   34.406633][    C0]  do_syscall_64+0x35/0xb0
[   34.411030][    C0]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   34.416905][    C0] page last free stack trace:
[   34.421555][    C0]  free_pcp_prepare+0x537/0xb80
[   34.426387][    C0]  free_unref_page+0x19/0x580
[   34.431045][    C0]  device_release+0x9f/0x240
[   34.435621][    C0]  kobject_put+0x1c8/0x540
[   34.440018][    C0]  put_device+0x1b/0x30
[   34.444151][    C0]  ath9k_htc_probe_device+0x1c7/0x1f00
[   34.449594][    C0]  ath9k_htc_hw_init+0x31/0x60
[   34.454342][    C0]  ath9k_hif_usb_firmware_cb+0x274/0x530
[   34.459958][    C0]  request_firmware_work_func+0x12c/0x230
[   34.465660][    C0]  process_one_work+0x996/0x1610
[   34.470579][    C0]  worker_thread+0x665/0x1080
[   34.475238][    C0]  kthread+0x2ef/0x3a0
[   34.479291][    C0]  ret_from_fork+0x1f/0x30
[   34.483700][    C0] 
[   34.486011][    C0] Memory state around the buggy address:
[   34.491624][    C0]  ffff888108a5c200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.499661][    C0]  ffff888108a5c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.507699][    C0] >ffff888108a5c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.515741][    C0]                                               ^
[   34.522144][    C0]  ffff888108a5c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.530184][    C0]  ffff888108a5c400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.538218][    C0] ==================================================================
[   34.546251][    C0] Kernel panic - not syncing: panic_on_warn set ...
[   34.552812][    C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.18.0-rc1-syzkaller #0
[   34.560768][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.570804][    C0] Call Trace:
[   34.574064][    C0]  <IRQ>
[   34.576888][    C0]  dump_stack_lvl+0xcd/0x134
[   34.581463][    C0]  panic+0x2d7/0x636
[   34.585348][    C0]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   34.591334][    C0]  ? ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   34.596695][    C0]  end_report.part.0+0x3f/0x7c
[   34.601457][    C0]  kasan_report.cold+0x93/0x1c6
[   34.606304][    C0]  ? ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   34.611666][    C0]  ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   34.616855][    C0]  ? __ia32_sys_membarrier+0x40/0x200
[   34.622217][    C0]  ? hif_usb_start+0xa0/0xa0
[   34.626791][    C0]  ? rwlock_bug.part.0+0x90/0x90
[   34.631714][    C0]  __usb_hcd_giveback_urb+0x2b0/0x5c0
[   34.637199][    C0]  usb_hcd_giveback_urb+0x367/0x410
[   34.642394][    C0]  dummy_timer+0x11f9/0x32b0
[   34.646977][    C0]  ? dummy_dequeue+0x500/0x500
[   34.651746][    C0]  ? dummy_dequeue+0x500/0x500
[   34.656502][    C0]  call_timer_fn+0x1a5/0x6b0
[   34.661102][    C0]  ? timer_fixup_activate+0x350/0x350
[   34.666477][    C0]  ? lock_downgrade+0x6e0/0x6e0
[   34.671348][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[   34.676561][    C0]  ? dummy_dequeue+0x500/0x500
[   34.681309][    C0]  __run_timers.part.0+0x67c/0xa30
[   34.686415][    C0]  ? call_timer_fn+0x6b0/0x6b0
[   34.691173][    C0]  ? lapic_next_event+0x4d/0x80
[   34.696009][    C0]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   34.702239][    C0]  ? clockevents_program_event+0x12b/0x370
[   34.708034][    C0]  run_timer_softirq+0xb3/0x1d0
[   34.712875][    C0]  __do_softirq+0x288/0x9a5
[   34.717368][    C0]  __irq_exit_rcu+0x113/0x170
[   34.722033][    C0]  irq_exit_rcu+0x5/0x20
[   34.726258][    C0]  sysvec_apic_timer_interrupt+0x8e/0xc0
[   34.731883][    C0]  </IRQ>
[   34.734808][    C0]  <TASK>
[   34.737719][    C0]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   34.743682][    C0] RIP: 0010:acpi_idle_do_entry+0x1c6/0x250
[   34.749474][    C0] Code: 89 de e8 bd 82 5a fb 84 db 75 ac e8 d4 7e 5a fb e8 ff bc 60 fb eb 0c e8 c8 7e 5a fb 0f 00 2d 31 1d 81 00 e8 bc 7e 5a fb fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 37 81 5a fb 48 85 db
[   34.769078][    C0] RSP: 0018:ffffffff87807d60 EFLAGS: 00000293
[   34.775126][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   34.783078][    C0] RDX: ffffffff878526c0 RSI: ffffffff85e9fa54 RDI: 0000000000000000
[   34.791028][    C0] RBP: ffff8881094a6864 R08: 0000000000000001 R09: 0000000000000001
[   34.798978][    C0] R10: ffffffff814ab778 R11: 0000000000000000 R12: 0000000000000001
[   34.806928][    C0] R13: ffff8881094a6800 R14: ffff8881094a6864 R15: ffff88810c898804
[   34.814883][    C0]  ? trace_hardirqs_on+0x38/0x1c0
[   34.819894][    C0]  ? acpi_idle_do_entry+0x1c4/0x250
[   34.825080][    C0]  acpi_idle_enter+0x361/0x500
[   34.829829][    C0]  cpuidle_enter_state+0x1b1/0xc80
[   34.834927][    C0]  cpuidle_enter+0x4a/0xa0
[   34.839326][    C0]  do_idle+0x3e8/0x590
[   34.843376][    C0]  ? arch_cpu_idle_exit+0x30/0x30
[   34.848381][    C0]  ? trace_init_perf_perm_irq_work_exit+0xe/0xe
[   34.854619][    C0]  cpu_startup_entry+0x14/0x20
[   34.859369][    C0]  start_kernel+0x47f/0x4a0
[   34.863855][    C0]  secondary_startup_64_no_verify+0xc3/0xcb
[   34.869732][    C0]  </TASK>
[   34.872888][    C0] Kernel Offset: disabled
[   34.877195][    C0] Rebooting in 86400 seconds..