dhcpcd-9.4.0 starting
dev: loaded udev
DUID 00:04:60:53:42:71:88:b7:f6:77:35:a2:41:23:0b:7b:f3:52
forked to background, child pid 1217
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.78' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   26.067717][   T24] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   26.587817][   T24] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   26.596936][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   26.604995][   T24] usb 1-1: Product: syz
[   26.609217][   T24] usb 1-1: Manufacturer: syz
[   26.613799][   T24] usb 1-1: SerialNumber: syz
[   26.658744][   T24] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   27.247766][   T24] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   28.287744][   T24] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[   28.294858][   T24] ath9k_htc: Failed to initialize the device
[   28.457660][    C1] ==================================================================
[   28.465741][    C1] BUG: KASAN: slab-out-of-bounds in ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   28.473843][    C1] Read of size 4 at addr ffff88811e6cc2e8 by task swapper/1/0
[   28.481295][    C1] 
[   28.483606][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.19.0-rc4-syzkaller-00099-g90557fa89d3e #0
[   28.493311][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[   28.503363][    C1] Call Trace:
[   28.506634][    C1]  <IRQ>
[   28.509464][    C1]  dump_stack_lvl+0xcd/0x134
[   28.514058][    C1]  print_address_description.constprop.0.cold+0xeb/0x495
[   28.521085][    C1]  ? ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   28.526535][    C1]  kasan_report.cold+0xf4/0x1c6
[   28.531457][    C1]  ? ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   28.536822][    C1]  ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   28.542117][    C1]  ? partition_sched_domains_locked+0x440/0x880
[   28.548375][    C1]  ? hif_usb_start+0xa0/0xa0
[   28.552961][    C1]  ? rwlock_bug.part.0+0x90/0x90
[   28.557937][    C1]  __usb_hcd_giveback_urb+0x2b0/0x5c0
[   28.563364][    C1]  usb_hcd_giveback_urb+0x367/0x410
[   28.568560][    C1]  dummy_timer+0x11f9/0x32b0
[   28.573160][    C1]  ? dummy_dequeue+0x500/0x500
[   28.578028][    C1]  ? dummy_dequeue+0x500/0x500
[   28.582800][    C1]  call_timer_fn+0x1a5/0x6b0
[   28.587389][    C1]  ? timer_fixup_activate+0x350/0x350
[   28.592756][    C1]  ? lock_downgrade+0x6e0/0x6e0
[   28.597646][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[   28.602831][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[   28.608021][    C1]  ? dummy_dequeue+0x500/0x500
[   28.612774][    C1]  __run_timers.part.0+0x679/0xa80
[   28.617881][    C1]  ? call_timer_fn+0x6b0/0x6b0
[   28.622631][    C1]  ? lapic_next_event+0x4d/0x80
[   28.627473][    C1]  ? clockevents_program_event+0x12b/0x370
[   28.633283][    C1]  run_timer_softirq+0xb3/0x1d0
[   28.638121][    C1]  __do_softirq+0x288/0x9a5
[   28.642608][    C1]  __irq_exit_rcu+0x113/0x170
[   28.647267][    C1]  irq_exit_rcu+0x5/0x20
[   28.651494][    C1]  sysvec_apic_timer_interrupt+0x8e/0xc0
[   28.657112][    C1]  </IRQ>
[   28.660024][    C1]  <TASK>
[   28.662937][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   28.668902][    C1] RIP: 0010:acpi_idle_do_entry+0x1c9/0x240
[   28.674693][    C1] Code: 89 de e8 aa 1f 55 fb 84 db 75 98 e8 a1 23 55 fb e8 8c 67 5b fb 66 90 e8 95 23 55 fb 0f 00 2d de d6 7b 00 e8 89 23 55 fb fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 d4 1f 55 fb 48 85 db
[   28.694334][    C1] RSP: 0018:ffffc9000010fd20 EFLAGS: 00000293
[   28.700388][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   28.708364][    C1] RDX: ffff8881002cd580 RSI: ffffffff85efefa7 RDI: 0000000000000000
[   28.716324][    C1] RBP: ffff88810967a064 R08: 0000000000000001 R09: 0000000000000001
[   28.724288][    C1] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[   28.732254][    C1] R13: ffff88810967a000 R14: ffff88810967a064 R15: ffff88810b1cd804
[   28.740214][    C1]  ? acpi_idle_do_entry+0x1c7/0x240
[   28.745413][    C1]  acpi_idle_enter+0x369/0x510
[   28.750173][    C1]  cpuidle_enter_state+0x1b1/0xc80
[   28.755271][    C1]  cpuidle_enter+0x4a/0xa0
[   28.759673][    C1]  do_idle+0x3e8/0x590
[   28.763730][    C1]  ? arch_cpu_idle_exit+0x30/0x30
[   28.768742][    C1]  cpu_startup_entry+0x14/0x20
[   28.773579][    C1]  start_secondary+0x21d/0x2b0
[   28.778333][    C1]  ? set_cpu_sibling_map+0x1ef0/0x1ef0
[   28.784044][    C1]  secondary_startup_64_no_verify+0xce/0xdb
[   28.789923][    C1]  </TASK>
[   28.792925][    C1] 
[   28.795248][    C1] Allocated by task 0:
[   28.799295][    C1] (stack is not available)
[   28.803683][    C1] 
[   28.806002][    C1] The buggy address belongs to the object at ffff88811e6cc000
[   28.806002][    C1]  which belongs to the cache kmalloc-cg-4k of size 4096
[   28.820381][    C1] The buggy address is located 744 bytes inside of
[   28.820381][    C1]  4096-byte region [ffff88811e6cc000, ffff88811e6cd000)
[   28.833721][    C1] 
[   28.836031][    C1] The buggy address belongs to the physical page:
[   28.842429][    C1] page:ffffea000479b200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11e6c8
[   28.852661][    C1] head:ffffea000479b200 order:3 compound_mapcount:0 compound_pincount:0
[   28.860966][    C1] flags: 0x200000000010200(slab|head|node=0|zone=2)
[   28.867543][    C1] raw: 0200000000010200 0000000000000000 dead000000000122 ffff88810004c280
[   28.876107][    C1] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[   28.884665][    C1] page dumped because: kasan: bad access detected
[   28.891053][    C1] page_owner tracks the page as allocated
[   28.896747][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1282, tgid 1282 (udevd), ts 28369549787, free_ts 28294822366
[   28.917475][    C1]  get_page_from_freelist+0x138c/0x27a0
[   28.923021][    C1]  __alloc_pages+0x1c7/0x510
[   28.927615][    C1]  alloc_pages+0x1aa/0x310
[   28.932014][    C1]  allocate_slab+0x26c/0x3c0
[   28.936592][    C1]  ___slab_alloc+0x98f/0xda0
[   28.941426][    C1]  __slab_alloc.constprop.0+0x4d/0xa0
[   28.946790][    C1]  __kmalloc_node+0x12a/0x360
[   28.951448][    C1]  kvmalloc_node+0x3e/0x190
[   28.955930][    C1]  seq_read_iter+0x7f7/0x1280
[   28.960589][    C1]  kernfs_fop_read_iter+0x506/0x6e0
[   28.965772][    C1]  new_sync_read+0x384/0x5f0
[   28.970344][    C1]  vfs_read+0x492/0x5d0
[   28.974482][    C1]  ksys_read+0x127/0x250
[   28.978709][    C1]  do_syscall_64+0x35/0xb0
[   28.983192][    C1]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   28.989087][    C1] page last free stack trace:
[   28.993763][    C1]  free_pcp_prepare+0x537/0xb80
[   28.998606][    C1]  free_unref_page+0x19/0x5a0
[   29.003267][    C1]  device_release+0x9f/0x240
[   29.007839][    C1]  kobject_put+0x1c8/0x540
[   29.012235][    C1]  put_device+0x1b/0x30
[   29.016378][    C1]  ath9k_htc_probe_device+0x1c7/0x1f00
[   29.021833][    C1]  ath9k_htc_hw_init+0x31/0x60
[   29.026596][    C1]  ath9k_hif_usb_firmware_cb+0x274/0x530
[   29.032221][    C1]  request_firmware_work_func+0x12c/0x230
[   29.037932][    C1]  process_one_work+0x996/0x1610
[   29.042857][    C1]  worker_thread+0x665/0x1080
[   29.047520][    C1]  kthread+0x2ef/0x3a0
[   29.051578][    C1]  ret_from_fork+0x1f/0x30
[   29.055984][    C1] 
[   29.058306][    C1] Memory state around the buggy address:
[   29.063928][    C1]  ffff88811e6cc180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.071972][    C1]  ffff88811e6cc200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.080012][    C1] >ffff88811e6cc280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.088058][    C1]                                                           ^
[   29.095491][    C1]  ffff88811e6cc300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.103532][    C1]  ffff88811e6cc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.111567][    C1] ==================================================================
[   29.119635][    C1] Kernel panic - not syncing: panic_on_warn set ...
[   29.126198][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.19.0-rc4-syzkaller-00099-g90557fa89d3e #0
[   29.135892][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[   29.145928][    C1] Call Trace:
[   29.149191][    C1]  <IRQ>
[   29.152020][    C1]  dump_stack_lvl+0xcd/0x134
[   29.156603][    C1]  panic+0x2d7/0x636
[   29.160484][    C1]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   29.166450][    C1]  ? ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   29.171806][    C1]  end_report.part.0+0x3f/0x7c
[   29.176567][    C1]  kasan_report.cold+0x93/0x1c6
[   29.181400][    C1]  ? ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   29.186778][    C1]  ath9k_hif_usb_rx_cb+0xea7/0x10d0
[   29.191968][    C1]  ? partition_sched_domains_locked+0x440/0x880
[   29.198195][    C1]  ? hif_usb_start+0xa0/0xa0
[   29.202802][    C1]  ? rwlock_bug.part.0+0x90/0x90
[   29.207736][    C1]  __usb_hcd_giveback_urb+0x2b0/0x5c0
[   29.213094][    C1]  usb_hcd_giveback_urb+0x367/0x410
[   29.218276][    C1]  dummy_timer+0x11f9/0x32b0
[   29.222855][    C1]  ? dummy_dequeue+0x500/0x500
[   29.227603][    C1]  ? dummy_dequeue+0x500/0x500
[   29.232349][    C1]  call_timer_fn+0x1a5/0x6b0
[   29.236925][    C1]  ? timer_fixup_activate+0x350/0x350
[   29.242279][    C1]  ? lock_downgrade+0x6e0/0x6e0
[   29.247111][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[   29.252295][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[   29.257480][    C1]  ? dummy_dequeue+0x500/0x500
[   29.262244][    C1]  __run_timers.part.0+0x679/0xa80
[   29.267351][    C1]  ? call_timer_fn+0x6b0/0x6b0
[   29.272101][    C1]  ? lapic_next_event+0x4d/0x80
[   29.276951][    C1]  ? clockevents_program_event+0x12b/0x370
[   29.282752][    C1]  run_timer_softirq+0xb3/0x1d0
[   29.287590][    C1]  __do_softirq+0x288/0x9a5
[   29.292079][    C1]  __irq_exit_rcu+0x113/0x170
[   29.296749][    C1]  irq_exit_rcu+0x5/0x20
[   29.300976][    C1]  sysvec_apic_timer_interrupt+0x8e/0xc0
[   29.306603][    C1]  </IRQ>
[   29.309517][    C1]  <TASK>
[   29.312436][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   29.318409][    C1] RIP: 0010:acpi_idle_do_entry+0x1c9/0x240
[   29.324247][    C1] Code: 89 de e8 aa 1f 55 fb 84 db 75 98 e8 a1 23 55 fb e8 8c 67 5b fb 66 90 e8 95 23 55 fb 0f 00 2d de d6 7b 00 e8 89 23 55 fb fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 d4 1f 55 fb 48 85 db
[   29.343841][    C1] RSP: 0018:ffffc9000010fd20 EFLAGS: 00000293
[   29.349891][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   29.357843][    C1] RDX: ffff8881002cd580 RSI: ffffffff85efefa7 RDI: 0000000000000000
[   29.365800][    C1] RBP: ffff88810967a064 R08: 0000000000000001 R09: 0000000000000001
[   29.373752][    C1] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[   29.381730][    C1] R13: ffff88810967a000 R14: ffff88810967a064 R15: ffff88810b1cd804
[   29.389691][    C1]  ? acpi_idle_do_entry+0x1c7/0x240
[   29.394887][    C1]  acpi_idle_enter+0x369/0x510
[   29.399643][    C1]  cpuidle_enter_state+0x1b1/0xc80
[   29.404744][    C1]  cpuidle_enter+0x4a/0xa0
[   29.409149][    C1]  do_idle+0x3e8/0x590
[   29.413210][    C1]  ? arch_cpu_idle_exit+0x30/0x30
[   29.418233][    C1]  cpu_startup_entry+0x14/0x20
[   29.422990][    C1]  start_secondary+0x21d/0x2b0
[   29.427751][    C1]  ? set_cpu_sibling_map+0x1ef0/0x1ef0
[   29.433197][    C1]  secondary_startup_64_no_verify+0xce/0xdb
[   29.439079][    C1]  </TASK>
[   29.442328][    C1] Kernel Offset: disabled
[   29.446643][    C1] Rebooting in 86400 seconds..