Warning: Permanently added '10.128.0.4' (ECDSA) to the list of known hosts.
executing program
[ 21.359508][ T83] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 21.879118][ T83] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 21.888244][ T83] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 21.896323][ T83] usb 1-1: Product: syz
[ 21.900597][ T83] usb 1-1: Manufacturer: syz
[ 21.905184][ T83] usb 1-1: SerialNumber: syz
[ 21.949890][ T83] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 22.588547][ T83] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 22.808345][ C1] ==================================================================
[ 22.816622][ C1] BUG: KASAN: slab-out-of-bounds in ath9k_htc_rx_msg+0xa25/0xaf0
[ 22.824329][ C1] Write of size 2 at addr ffff8881cc84cbf0 by task swapper/1/0
[ 22.831844][ C1]
[ 22.834157][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.7.0-rc6-syzkaller #0
[ 22.842024][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 22.852250][ C1] Call Trace:
[ 22.855531][ C1]
[ 22.858390][ C1] dump_stack+0xef/0x16e
[ 22.862631][ C1] print_address_description.constprop.0.cold+0xd3/0x415
[ 22.869654][ C1] ? vprintk_func+0x7d/0x113
[ 22.874231][ C1] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 22.879298][ C1] __kasan_report.cold+0x37/0x7d
[ 22.884233][ C1] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 22.889259][ C1] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 22.894297][ C1] kasan_report+0x33/0x50
[ 22.898614][ C1] ath9k_htc_rx_msg+0xa25/0xaf0
[ 22.903445][ C1] ath9k_hif_usb_reg_in_cb+0x1c0/0x630
[ 22.908908][ C1] ? _raw_read_unlock+0x1a/0x30
[ 22.913757][ C1] ? led_trigger_blink_oneshot+0xb4/0xe0
[ 22.919379][ C1] __usb_hcd_giveback_urb+0x1f2/0x470
[ 22.924729][ C1] usb_hcd_giveback_urb+0x368/0x420
[ 22.929916][ C1] dummy_timer+0x125e/0x32b4
[ 22.934485][ C1] ? dummy_udc_probe+0x980/0x980
[ 22.939402][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 22.944924][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 22.950186][ C1] call_timer_fn+0x1ac/0x700
[ 22.954754][ C1] ? dummy_udc_probe+0x980/0x980
[ 22.959681][ C1] ? timer_fixup_init+0x60/0x60
[ 22.964509][ C1] ? lock_downgrade+0x720/0x720
[ 22.969352][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 22.974877][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 22.980166][ C1] ? _raw_spin_unlock_irq+0x1f/0x30
[ 22.985355][ C1] ? dummy_udc_probe+0x980/0x980
[ 22.990282][ C1] run_timer_softirq+0x5f9/0x1500
[ 22.995328][ C1] ? add_timer+0x7a0/0x7a0
[ 22.999773][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 23.005319][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 23.010589][ C1] __do_softirq+0x21e/0x9aa
[ 23.015092][ C1] irq_exit+0x178/0x1a0
[ 23.019247][ C1] smp_apic_timer_interrupt+0x141/0x540
[ 23.024778][ C1] apic_timer_interrupt+0xf/0x20
[ 23.029718][ C1]
[ 23.032685][ C1] RIP: 0010:default_idle+0x28/0x300
[ 23.037878][ C1] Code: cc cc 41 56 41 55 65 44 8b 2d 94 3f 6b 7a 41 54 55 53 0f 1f 44 00 00 e8 06 27 af fb e9 07 00 00 00 0f 00 2d 7a e1 4b 00 fb f4 <65> 44 8b 2d 70 3f 6b 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
[ 23.057861][ C1] RSP: 0018:ffff8881da227da8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 23.066273][ C1] RAX: 0000000000000007 RBX: ffff8881da20b180 RCX: 0000000000000000
[ 23.074269][ C1] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffff8881da20b9fc
[ 23.082273][ C1] RBP: ffffed103b441630 R08: ffff8881da20b180 R09: 0000000000000000
[ 23.090236][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
[ 23.098193][ C1] R13: 0000000000000001 R14: ffffffff87e88e00 R15: 0000000000000000
[ 23.106168][ C1] ? default_idle+0x1a/0x300
[ 23.110746][ C1] do_idle+0x3e0/0x500
[ 23.114951][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 23.119962][ C1] cpu_startup_entry+0x14/0x20
[ 23.124713][ C1] start_secondary+0x2ae/0x390
[ 23.129464][ C1] ? set_cpu_sibling_map+0x1e90/0x1e90
[ 23.134912][ C1] secondary_startup_64+0xb6/0xc0
[ 23.139951][ C1]
[ 23.142282][ C1] Allocated by task 83:
[ 23.146424][ C1] save_stack+0x1b/0x40
[ 23.150572][ C1] __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 23.156195][ C1] ath9k_htc_hw_alloc+0x49/0x2e0
[ 23.161168][ C1] ath9k_hif_usb_firmware_cb+0x62/0x510
[ 23.166721][ C1] request_firmware_work_func+0x126/0x242
[ 23.172470][ C1] process_one_work+0x965/0x1630
[ 23.177394][ C1] worker_thread+0x96/0xe20
[ 23.181907][ C1] kthread+0x326/0x430
[ 23.185966][ C1] ret_from_fork+0x24/0x30
[ 23.190364][ C1]
[ 23.192687][ C1] Freed by task 0:
[ 23.196386][ C1] (stack is not available)
[ 23.201333][ C1]
[ 23.203644][ C1] The buggy address belongs to the object at ffff8881cc84c000
[ 23.203644][ C1] which belongs to the cache kmalloc-2k of size 2048
[ 23.217682][ C1] The buggy address is located 1008 bytes to the right of
[ 23.217682][ C1] 2048-byte region [ffff8881cc84c000, ffff8881cc84c800)
[ 23.231670][ C1] The buggy address belongs to the page:
[ 23.237293][ C1] page:ffffea0007321200 refcount:1 mapcount:0 mapping:00000000df08c687 index:0x0 head:ffffea0007321200 order:3 compound_mapcount:0 compound_pincount:0
[ 23.252916][ C1] flags: 0x200000000010200(slab|head)
[ 23.258287][ C1] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da00c000
[ 23.267721][ C1] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 23.276286][ C1] page dumped because: kasan: bad access detected
[ 23.282719][ C1]
[ 23.285027][ C1] Memory state around the buggy address:
[ 23.290640][ C1] ffff8881cc84ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 23.298699][ C1] ffff8881cc84cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 23.306741][ C1] >ffff8881cc84cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 23.314820][ C1] ^
[ 23.322574][ C1] ffff8881cc84cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 23.330676][ C1] ffff8881cc84cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 23.338723][ C1] ==================================================================
[ 23.347140][ C1] Disabling lock debugging due to kernel taint
[ 23.353271][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 23.359840][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 5.7.0-rc6-syzkaller #0
[ 23.369094][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 23.379161][ C1] Call Trace:
[ 23.382449][ C1]
[ 23.385287][ C1] dump_stack+0xef/0x16e
[ 23.389537][ C1] panic+0x2aa/0x6e1
[ 23.393408][ C1] ? add_taint.cold+0x16/0x16
[ 23.398062][ C1] ? trace_hardirqs_off+0x50/0x200
[ 23.403151][ C1] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 23.408152][ C1] end_report+0x4d/0x53
[ 23.412284][ C1] __kasan_report.cold+0x72/0x7d
[ 23.417198][ C1] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 23.422208][ C1] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 23.427209][ C1] kasan_report+0x33/0x50
[ 23.431519][ C1] ath9k_htc_rx_msg+0xa25/0xaf0
[ 23.436347][ C1] ath9k_hif_usb_reg_in_cb+0x1c0/0x630
[ 23.441796][ C1] ? _raw_read_unlock+0x1a/0x30
[ 23.446665][ C1] ? led_trigger_blink_oneshot+0xb4/0xe0
[ 23.452276][ C1] __usb_hcd_giveback_urb+0x1f2/0x470
[ 23.457665][ C1] usb_hcd_giveback_urb+0x368/0x420
[ 23.462850][ C1] dummy_timer+0x125e/0x32b4
[ 23.467416][ C1] ? dummy_udc_probe+0x980/0x980
[ 23.472330][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 23.477851][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 23.483118][ C1] call_timer_fn+0x1ac/0x700
[ 23.487691][ C1] ? dummy_udc_probe+0x980/0x980
[ 23.492616][ C1] ? timer_fixup_init+0x60/0x60
[ 23.497489][ C1] ? lock_downgrade+0x720/0x720
[ 23.502493][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 23.508016][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 23.513279][ C1] ? _raw_spin_unlock_irq+0x1f/0x30
[ 23.518463][ C1] ? dummy_udc_probe+0x980/0x980
[ 23.523377][ C1] run_timer_softirq+0x5f9/0x1500
[ 23.528382][ C1] ? add_timer+0x7a0/0x7a0
[ 23.532799][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 23.538319][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 23.543669][ C1] __do_softirq+0x21e/0x9aa
[ 23.548169][ C1] irq_exit+0x178/0x1a0
[ 23.552304][ C1] smp_apic_timer_interrupt+0x141/0x540
[ 23.558889][ C1] apic_timer_interrupt+0xf/0x20
[ 23.563811][ C1]
[ 23.566730][ C1] RIP: 0010:default_idle+0x28/0x300
[ 23.571930][ C1] Code: cc cc 41 56 41 55 65 44 8b 2d 94 3f 6b 7a 41 54 55 53 0f 1f 44 00 00 e8 06 27 af fb e9 07 00 00 00 0f 00 2d 7a e1 4b 00 fb f4 <65> 44 8b 2d 70 3f 6b 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
[ 23.591541][ C1] RSP: 0018:ffff8881da227da8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 23.599939][ C1] RAX: 0000000000000007 RBX: ffff8881da20b180 RCX: 0000000000000000
[ 23.607896][ C1] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffff8881da20b9fc
[ 23.615890][ C1] RBP: ffffed103b441630 R08: ffff8881da20b180 R09: 0000000000000000
[ 23.623843][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
[ 23.631794][ C1] R13: 0000000000000001 R14: ffffffff87e88e00 R15: 0000000000000000
[ 23.639772][ C1] ? default_idle+0x1a/0x300
[ 23.644341][ C1] do_idle+0x3e0/0x500
[ 23.648389][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 23.653392][ C1] cpu_startup_entry+0x14/0x20
[ 23.658136][ C1] start_secondary+0x2ae/0x390
[ 23.662892][ C1] ? set_cpu_sibling_map+0x1e90/0x1e90
[ 23.668331][ C1] secondary_startup_64+0xb6/0xc0
[ 23.673822][ C1] Kernel Offset: disabled
[ 23.678155][ C1] Rebooting in 86400 seconds..