Warning: Permanently added '10.128.0.156' (ECDSA) to the list of known hosts.
executing program
[   53.486609][   T68] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   54.007281][   T68] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   54.016596][   T68] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   54.024570][   T68] usb 1-1: Product: syz
[   54.028783][   T68] usb 1-1: Manufacturer: syz
[   54.033379][   T68] usb 1-1: SerialNumber: syz
[   54.077674][   T68] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   54.676602][   T68] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   55.096592][    C1] ==================================================================
[   55.104800][    C1] BUG: KASAN: use-after-free in ath9k_hif_usb_rx_cb+0x3b1/0x1050
[   55.112511][    C1] Read of size 49108 at addr ffff8881cdb08000 by task swapper/1/0
[   55.120328][    C1] 
[   55.122640][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.8.0-rc1-syzkaller #0
[   55.130555][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.140645][    C1] Call Trace:
[   55.143945][    C1]  <IRQ>
[   55.146793][    C1]  dump_stack+0xf6/0x16e
[   55.151020][    C1]  ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[   55.159060][    C1]  ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[   55.164409][    C1]  print_address_description.constprop.0.cold+0xd3/0x415
[   55.171447][    C1]  ? ath9k_hif_usb_rx_cb+0x247/0x1050
[   55.176830][    C1]  ? vprintk_func+0x93/0x133
[   55.181400][    C1]  ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[   55.186748][    C1]  kasan_report.cold+0x37/0x7c
[   55.191492][    C1]  ? rwlock_bug.part.0+0x40/0x90
[   55.196428][    C1]  ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[   55.201786][    C1]  check_memory_region+0x173/0x1d0
[   55.206883][    C1]  memcpy+0x20/0x60
[   55.210694][    C1]  ath9k_hif_usb_rx_cb+0x3b1/0x1050
[   55.215889][    C1]  ? lock_acquire+0x18b/0x7c0
[   55.220572][    C1]  ? kcov_remote_start+0xd9/0x390
[   55.225583][    C1]  ? __usb_hcd_giveback_urb+0x26f/0x550
[   55.231125][    C1]  ? hif_usb_mgmt_cb+0x310/0x310
[   55.236052][    C1]  ? do_raw_spin_lock+0x120/0x290
[   55.241052][    C1]  ? lock_downgrade+0x720/0x720
[   55.245990][    C1]  ? trace_hardirqs_off+0x27/0x1f0
[   55.251450][    C1]  __usb_hcd_giveback_urb+0x29a/0x550
[   55.257435][    C1]  usb_hcd_giveback_urb+0x368/0x420
[   55.262620][    C1]  dummy_timer+0x125e/0x32b4
[   55.267383][    C1]  ? dummy_udc_probe+0x980/0x980
[   55.272322][    C1]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   55.277852][    C1]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   55.283226][    C1]  call_timer_fn+0x1ac/0x6e0
[   55.287940][    C1]  ? dummy_udc_probe+0x980/0x980
[   55.292962][    C1]  ? msleep_interruptible+0x130/0x130
[   55.298352][    C1]  ? lock_downgrade+0x720/0x720
[   55.304016][    C1]  ? _raw_spin_unlock_irq+0x1f/0x30
[   55.309198][    C1]  ? lockdep_hardirqs_on_prepare+0x1bc/0x550
[   55.315240][    C1]  ? dummy_udc_probe+0x980/0x980
[   55.320490][    C1]  run_timer_softirq+0x5e5/0x14c0
[   55.327478][    C1]  ? add_timer+0x7b0/0x7b0
[   55.332967][    C1]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   55.338512][    C1]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   55.345195][    C1]  ? lockdep_hardirqs_on_prepare+0x1bc/0x550
[   55.352383][    C1]  __do_softirq+0x21e/0x996
[   55.358067][    C1]  asm_call_on_stack+0xf/0x20
[   55.362998][    C1]  </IRQ>
[   55.365922][    C1]  do_softirq_own_stack+0x109/0x140
[   55.371105][    C1]  irq_exit_rcu+0x16f/0x1a0
[   55.375593][    C1]  sysvec_apic_timer_interrupt+0xd3/0x1b0
[   55.381290][    C1]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   55.387259][    C1] RIP: 0010:acpi_safe_halt+0x72/0x90
[   55.392520][    C1] Code: 74 06 5b e9 c0 32 9f fb e8 bb 32 9f fb e8 c6 96 a4 fb e9 0c 00 00 00 e8 ac 32 9f fb 0f 00 2d 45 6e 84 00 e8 a0 32 9f fb fb f4 <fa> e8 b8 94 a4 fb 5b e9 92 32 9f fb 48 89 df e8 7a e1 c8 fb eb ab
[   55.412549][    C1] RSP: 0018:ffff8881da22fc60 EFLAGS: 00000293
[   55.418615][    C1] RAX: ffff8881da213200 RBX: 0000000000000000 RCX: 1ffffffff1014efa
[   55.428931][    C1] RDX: 0000000000000000 RSI: ffffffff85a03aa0 RDI: ffff8881da213a38
[   55.436889][    C1] RBP: ffff8881d8cca864 R08: 0000000000000000 R09: 0000000000000001
[   55.444837][    C1] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881d8cca864
[   55.452803][    C1] R13: 1ffff1103b445f96 R14: ffff8881d8cca865 R15: 0000000000000001
[   55.460784][    C1]  ? acpi_safe_halt+0x70/0x90
[   55.465445][    C1]  acpi_idle_do_entry+0xa9/0xe0
[   55.470276][    C1]  acpi_idle_enter+0x42b/0xac0
[   55.475035][    C1]  ? acpi_idle_enter_s2idle+0x190/0x190
[   55.480765][    C1]  ? kvm_sched_clock_read+0x14/0x30
[   55.485948][    C1]  ? sched_clock+0x5/0x10
[   55.490373][    C1]  ? sched_clock_cpu+0x18/0x170
[   55.495221][    C1]  cpuidle_enter_state+0xdb/0xc20
[   55.500316][    C1]  ? tick_nohz_idle_stop_tick+0x54f/0xb50
[   55.506106][    C1]  cpuidle_enter+0x4a/0xa0
[   55.510702][    C1]  do_idle+0x3c2/0x500
[   55.514770][    C1]  ? arch_cpu_idle_exit+0x40/0x40
[   55.519861][    C1]  ? do_idle+0x310/0x500
[   55.524100][    C1]  cpu_startup_entry+0x14/0x20
[   55.528885][    C1]  start_secondary+0x294/0x370
[   55.533638][    C1]  ? set_cpu_sibling_map+0x1e90/0x1e90
[   55.539239][    C1]  secondary_startup_64+0xb6/0xc0
[   55.544236][    C1] 
[   55.546542][    C1] The buggy address belongs to the page:
[   55.552157][    C1] page:ffffea000736c200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 head:ffffea000736c200 order:3 compound_mapcount:0 compound_pincount:0
[   55.567315][    C1] flags: 0x200000000010000(head)
[   55.572242][    C1] raw: 0200000000010000 dead000000000100 dead000000000122 0000000000000000
[   55.580804][    C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   55.589364][    C1] page dumped because: kasan: bad access detected
[   55.595922][    C1] 
[   55.598225][    C1] Memory state around the buggy address:
[   55.603841][    C1]  ffff8881cdb0ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   55.611896][    C1]  ffff8881cdb0ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   55.620092][    C1] >ffff8881cdb10000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   55.628135][    C1]                    ^
[   55.632198][    C1]  ffff8881cdb10080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   55.640270][    C1]  ffff8881cdb10100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   55.648325][    C1] ==================================================================
[   55.656375][    C1] Disabling lock debugging due to kernel taint
[   55.662513][    C1] Kernel panic - not syncing: panic_on_warn set ...
[   55.669080][    C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B             5.8.0-rc1-syzkaller #0
[   55.678341][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.688715][    C1] Call Trace:
[   55.691974][    C1]  <IRQ>
[   55.694812][    C1]  dump_stack+0xf6/0x16e
[   55.699033][    C1]  ? ath9k_hif_usb_rx_cb+0x330/0x1050
[   55.704388][    C1]  panic+0x2aa/0x6e1
[   55.708255][    C1]  ? __warn_printk+0xf3/0xf3
[   55.712816][    C1]  ? _raw_spin_unlock_irqrestore+0x2a/0x40
[   55.718608][    C1]  ? trace_hardirqs_off+0x27/0x1f0
[   55.723703][    C1]  ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[   55.729061][    C1]  ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[   55.734512][    C1]  end_report+0x4d/0x53
[   55.738658][    C1]  kasan_report.cold+0x72/0x7c
[   55.743395][    C1]  ? rwlock_bug.part.0+0x40/0x90
[   55.748303][    C1]  ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[   55.753645][    C1]  check_memory_region+0x173/0x1d0
[   55.758833][    C1]  memcpy+0x20/0x60
[   55.762625][    C1]  ath9k_hif_usb_rx_cb+0x3b1/0x1050
[   55.767797][    C1]  ? lock_acquire+0x18b/0x7c0
[   55.772459][    C1]  ? kcov_remote_start+0xd9/0x390
[   55.777454][    C1]  ? __usb_hcd_giveback_urb+0x26f/0x550
[   55.782988][    C1]  ? hif_usb_mgmt_cb+0x310/0x310
[   55.787910][    C1]  ? do_raw_spin_lock+0x120/0x290
[   55.792919][    C1]  ? lock_downgrade+0x720/0x720
[   55.797755][    C1]  ? trace_hardirqs_off+0x27/0x1f0
[   55.802839][    C1]  __usb_hcd_giveback_urb+0x29a/0x550
[   55.808200][    C1]  usb_hcd_giveback_urb+0x368/0x420
[   55.813374][    C1]  dummy_timer+0x125e/0x32b4
[   55.817939][    C1]  ? dummy_udc_probe+0x980/0x980
[   55.822883][    C1]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   55.828400][    C1]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   55.833655][    C1]  call_timer_fn+0x1ac/0x6e0
[   55.838233][    C1]  ? dummy_udc_probe+0x980/0x980
[   55.843144][    C1]  ? msleep_interruptible+0x130/0x130
[   55.848487][    C1]  ? lock_downgrade+0x720/0x720
[   55.853307][    C1]  ? _raw_spin_unlock_irq+0x1f/0x30
[   55.858488][    C1]  ? lockdep_hardirqs_on_prepare+0x1bc/0x550
[   55.864455][    C1]  ? dummy_udc_probe+0x980/0x980
[   55.869377][    C1]  run_timer_softirq+0x5e5/0x14c0
[   55.874373][    C1]  ? add_timer+0x7b0/0x7b0
[   55.878762][    C1]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   55.884287][    C1]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   55.889556][    C1]  ? lockdep_hardirqs_on_prepare+0x1bc/0x550
[   55.895506][    C1]  __do_softirq+0x21e/0x996
[   55.899982][    C1]  asm_call_on_stack+0xf/0x20
[   55.904625][    C1]  </IRQ>
[   55.907560][    C1]  do_softirq_own_stack+0x109/0x140
[   55.912743][    C1]  irq_exit_rcu+0x16f/0x1a0
[   55.917219][    C1]  sysvec_apic_timer_interrupt+0xd3/0x1b0
[   55.922912][    C1]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   55.928863][    C1] RIP: 0010:acpi_safe_halt+0x72/0x90
[   55.934131][    C1] Code: 74 06 5b e9 c0 32 9f fb e8 bb 32 9f fb e8 c6 96 a4 fb e9 0c 00 00 00 e8 ac 32 9f fb 0f 00 2d 45 6e 84 00 e8 a0 32 9f fb fb f4 <fa> e8 b8 94 a4 fb 5b e9 92 32 9f fb 48 89 df e8 7a e1 c8 fb eb ab
[   55.953834][    C1] RSP: 0018:ffff8881da22fc60 EFLAGS: 00000293
[   55.959891][    C1] RAX: ffff8881da213200 RBX: 0000000000000000 RCX: 1ffffffff1014efa
[   55.967859][    C1] RDX: 0000000000000000 RSI: ffffffff85a03aa0 RDI: ffff8881da213a38
[   55.975805][    C1] RBP: ffff8881d8cca864 R08: 0000000000000000 R09: 0000000000000001
[   55.983768][    C1] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881d8cca864
[   55.991713][    C1] R13: 1ffff1103b445f96 R14: ffff8881d8cca865 R15: 0000000000000001
[   55.999682][    C1]  ? acpi_safe_halt+0x70/0x90
[   56.004379][    C1]  acpi_idle_do_entry+0xa9/0xe0
[   56.009210][    C1]  acpi_idle_enter+0x42b/0xac0
[   56.013974][    C1]  ? acpi_idle_enter_s2idle+0x190/0x190
[   56.019495][    C1]  ? kvm_sched_clock_read+0x14/0x30
[   56.024686][    C1]  ? sched_clock+0x5/0x10
[   56.029112][    C1]  ? sched_clock_cpu+0x18/0x170
[   56.033951][    C1]  cpuidle_enter_state+0xdb/0xc20
[   56.038955][    C1]  ? tick_nohz_idle_stop_tick+0x54f/0xb50
[   56.044667][    C1]  cpuidle_enter+0x4a/0xa0
[   56.049063][    C1]  do_idle+0x3c2/0x500
[   56.053111][    C1]  ? arch_cpu_idle_exit+0x40/0x40
[   56.058203][    C1]  ? do_idle+0x310/0x500
[   56.062421][    C1]  cpu_startup_entry+0x14/0x20
[   56.067189][    C1]  start_secondary+0x294/0x370
[   56.072010][    C1]  ? set_cpu_sibling_map+0x1e90/0x1e90
[   56.077711][    C1]  secondary_startup_64+0xb6/0xc0
[   56.083476][    C1] Kernel Offset: disabled
[   56.087906][    C1] Rebooting in 86400 seconds..