Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   31.292577][    T5] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   31.572118][    T5] usb 1-1: too many configurations: 82, using maximum allowed: 8
[   32.411561][    T5] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   32.420643][    T5] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   32.428708][    T5] usb 1-1: Product: syz
[   32.432926][    T5] usb 1-1: Manufacturer: syz
[   32.437517][    T5] usb 1-1: SerialNumber: syz
[   32.482605][    T5] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   33.071284][    T5] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   33.491067][    C0] ==================================================================
[   33.499221][    C0] BUG: KASAN: use-after-free in ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   33.506849][    C0] Read of size 48828 at addr ffff8881ccda8000 by task swapper/0/0
[   33.514632][    C0] 
[   33.516952][    C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.9.0-rc8-syzkaller #0
[   33.524816][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.534858][    C0] Call Trace:
[   33.538126][    C0]  <IRQ>
[   33.540963][    C0]  dump_stack+0x107/0x16e
[   33.545287][    C0]  ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   33.550551][    C0]  ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   33.555841][    C0]  print_address_description.constprop.0+0x1c/0x210
[   33.562418][    C0]  ? ath9k_hif_usb_rx_cb+0x23e/0xf80
[   33.567685][    C0]  ? vprintk_func+0x93/0x133
[   33.572265][    C0]  ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   33.577544][    C0]  ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   33.582822][    C0]  kasan_report.cold+0x37/0x7c
[   33.587580][    C0]  ? spin_bug+0xf0/0x100
[   33.591799][    C0]  ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   33.597070][    C0]  check_memory_region+0xf4/0x1c0
[   33.602073][    C0]  memcpy+0x20/0x60
[   33.605861][    C0]  ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   33.610952][    C0]  ? kcov_remote_start+0xce/0x400
[   33.615954][    C0]  ? hif_usb_start+0xa0/0xa0
[   33.620531][    C0]  ? lock_downgrade+0x740/0x740
[   33.625357][    C0]  __usb_hcd_giveback_urb+0x32d/0x560
[   33.630707][    C0]  usb_hcd_giveback_urb+0x367/0x410
[   33.635883][    C0]  dummy_timer+0x11f2/0x3240
[   33.640451][    C0]  ? lock_downgrade+0x740/0x740
[   33.645290][    C0]  ? dummy_dequeue+0x4c0/0x4c0
[   33.650043][    C0]  call_timer_fn+0x1ac/0x6e0
[   33.654619][    C0]  ? dummy_dequeue+0x4c0/0x4c0
[   33.659373][    C0]  ? timer_fixup_init+0x60/0x60
[   33.664202][    C0]  ? lock_downgrade+0x740/0x740
[   33.669040][    C0]  ? _raw_spin_unlock_irq+0x1f/0x30
[   33.674215][    C0]  ? lockdep_hardirqs_on_prepare+0x19c/0x4f0
[   33.680183][    C0]  ? trace_hardirqs_on+0x5f/0x200
[   33.685197][    C0]  ? dummy_dequeue+0x4c0/0x4c0
[   33.689951][    C0]  __run_timers.part.0+0x67c/0xa60
[   33.695057][    C0]  ? call_timer_fn+0x6e0/0x6e0
[   33.699803][    C0]  ? clockevents_program_event+0x12b/0x350
[   33.705615][    C0]  ? tick_program_event+0xa8/0x130
[   33.710751][    C0]  run_timer_softirq+0x80/0x120
[   33.715608][    C0]  __do_softirq+0x1af/0x92c
[   33.720091][    C0]  asm_call_irq_on_stack+0xf/0x20
[   33.725087][    C0]  </IRQ>
[   33.728015][    C0]  do_softirq_own_stack+0x71/0x90
[   33.733016][    C0]  irq_exit_rcu+0x110/0x1a0
[   33.737503][    C0]  sysvec_apic_timer_interrupt+0x43/0x90
[   33.743137][    C0]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   33.749114][    C0] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[   33.754914][    C0] Code: 4d 5c 88 fb 84 db 75 ac e8 d4 63 88 fb e8 7f 01 8e fb e9 0c 00 00 00 e8 c5 63 88 fb 0f 00 2d 5e 1c 6d 00 e8 b9 63 88 fb fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 74 5c 88 fb 48 85 db
[   33.774513][    C0] RSP: 0018:ffffffff87207d68 EFLAGS: 00000293
[   33.780583][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff1016c01
[   33.788544][    C0] RDX: ffffffff8722f240 RSI: ffffffff85b7ae07 RDI: ffffffff85b7adf1
[   33.796501][    C0] RBP: ffff8881d8d52064 R08: 0000000000000001 R09: 0000000000000001
[   33.804481][    C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[   33.812462][    C0] R13: ffff8881d8d52000 R14: ffff8881d8d52064 R15: ffff8881d6f30004
[   33.820429][    C0]  ? acpi_idle_do_entry+0x1c7/0x250
[   33.825625][    C0]  ? acpi_idle_do_entry+0x1b1/0x250
[   33.830809][    C0]  ? acpi_idle_do_entry+0x1c7/0x250
[   33.835990][    C0]  acpi_idle_enter+0x337/0x490
[   33.840738][    C0]  cpuidle_enter_state+0x19e/0xa10
[   33.845842][    C0]  cpuidle_enter+0x4a/0xa0
[   33.850239][    C0]  do_idle+0x3d5/0x580
[   33.854298][    C0]  ? arch_cpu_idle_exit+0x40/0x40
[   33.859308][    C0]  ? schedule+0xe1/0x2b0
[   33.863529][    C0]  cpu_startup_entry+0x14/0x20
[   33.868275][    C0]  start_kernel+0x495/0x4b6
[   33.872760][    C0]  secondary_startup_64+0xb6/0xc0
[   33.877760][    C0] 
[   33.880082][    C0] The buggy address belongs to the page:
[   33.885718][    C0] page:0000000014c9552e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ccda8
[   33.895933][    C0] head:0000000014c9552e order:3 compound_mapcount:0 compound_pincount:0
[   33.904238][    C0] flags: 0x200000000010000(head)
[   33.909344][    C0] raw: 0200000000010000 dead000000000100 dead000000000122 0000000000000000
[   33.917928][    C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   33.926502][    C0] page dumped because: kasan: bad access detected
[   33.932903][    C0] 
[   33.935222][    C0] Memory state around the buggy address:
[   33.940833][    C0]  ffff8881ccdaff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.949066][    C0]  ffff8881ccdaff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.957136][    C0] >ffff8881ccdb0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.965183][    C0]                    ^
[   33.969255][    C0]  ffff8881ccdb0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.977296][    C0]  ffff8881ccdb0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   33.985340][    C0] ==================================================================
[   33.993378][    C0] Disabling lock debugging due to kernel taint
[   33.999515][    C0] Kernel panic - not syncing: panic_on_warn set ...
[   34.006083][    C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G    B             5.9.0-rc8-syzkaller #0
[   34.015369][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.025438][    C0] Call Trace:
[   34.028697][    C0]  <IRQ>
[   34.032863][    C0]  dump_stack+0x107/0x16e
[   34.037173][    C0]  ? ath9k_hif_usb_rx_cb+0x310/0xf80
[   34.042437][    C0]  panic+0x2cb/0x702
[   34.046309][    C0]  ? __warn_printk+0xf3/0xf3
[   34.050890][    C0]  ? do_raw_spin_unlock+0x50/0x1f0
[   34.056032][    C0]  ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   34.061296][    C0]  ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   34.066602][    C0]  end_report+0x4d/0x53
[   34.070782][    C0]  kasan_report.cold+0x72/0x7c
[   34.075533][    C0]  ? spin_bug+0xf0/0x100
[   34.079761][    C0]  ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   34.085038][    C0]  check_memory_region+0xf4/0x1c0
[   34.090155][    C0]  memcpy+0x20/0x60
[   34.093966][    C0]  ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   34.099072][    C0]  ? kcov_remote_start+0xce/0x400
[   34.104091][    C0]  ? hif_usb_start+0xa0/0xa0
[   34.108659][    C0]  ? lock_downgrade+0x740/0x740
[   34.113488][    C0]  __usb_hcd_giveback_urb+0x32d/0x560
[   34.118869][    C0]  usb_hcd_giveback_urb+0x367/0x410
[   34.124057][    C0]  dummy_timer+0x11f2/0x3240
[   34.128625][    C0]  ? lock_downgrade+0x740/0x740
[   34.133468][    C0]  ? dummy_dequeue+0x4c0/0x4c0
[   34.138210][    C0]  call_timer_fn+0x1ac/0x6e0
[   34.142790][    C0]  ? dummy_dequeue+0x4c0/0x4c0
[   34.147545][    C0]  ? timer_fixup_init+0x60/0x60
[   34.152375][    C0]  ? lock_downgrade+0x740/0x740
[   34.157212][    C0]  ? _raw_spin_unlock_irq+0x1f/0x30
[   34.162413][    C0]  ? lockdep_hardirqs_on_prepare+0x19c/0x4f0
[   34.168386][    C0]  ? trace_hardirqs_on+0x5f/0x200
[   34.173391][    C0]  ? dummy_dequeue+0x4c0/0x4c0
[   34.178150][    C0]  __run_timers.part.0+0x67c/0xa60
[   34.183241][    C0]  ? call_timer_fn+0x6e0/0x6e0
[   34.188000][    C0]  ? clockevents_program_event+0x12b/0x350
[   34.193783][    C0]  ? tick_program_event+0xa8/0x130
[   34.198911][    C0]  run_timer_softirq+0x80/0x120
[   34.203747][    C0]  __do_softirq+0x1af/0x92c
[   34.208258][    C0]  asm_call_irq_on_stack+0xf/0x20
[   34.213291][    C0]  </IRQ>
[   34.216210][    C0]  do_softirq_own_stack+0x71/0x90
[   34.221224][    C0]  irq_exit_rcu+0x110/0x1a0
[   34.225703][    C0]  sysvec_apic_timer_interrupt+0x43/0x90
[   34.231329][    C0]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   34.237290][    C0] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[   34.243071][    C0] Code: 4d 5c 88 fb 84 db 75 ac e8 d4 63 88 fb e8 7f 01 8e fb e9 0c 00 00 00 e8 c5 63 88 fb 0f 00 2d 5e 1c 6d 00 e8 b9 63 88 fb fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 74 5c 88 fb 48 85 db
[   34.262672][    C0] RSP: 0018:ffffffff87207d68 EFLAGS: 00000293
[   34.268719][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff1016c01
[   34.276695][    C0] RDX: ffffffff8722f240 RSI: ffffffff85b7ae07 RDI: ffffffff85b7adf1
[   34.284821][    C0] RBP: ffff8881d8d52064 R08: 0000000000000001 R09: 0000000000000001
[   34.292794][    C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[   34.300751][    C0] R13: ffff8881d8d52000 R14: ffff8881d8d52064 R15: ffff8881d6f30004
[   34.308708][    C0]  ? acpi_idle_do_entry+0x1c7/0x250
[   34.313885][    C0]  ? acpi_idle_do_entry+0x1b1/0x250
[   34.319063][    C0]  ? acpi_idle_do_entry+0x1c7/0x250
[   34.324251][    C0]  acpi_idle_enter+0x337/0x490
[   34.328990][    C0]  cpuidle_enter_state+0x19e/0xa10
[   34.334075][    C0]  cpuidle_enter+0x4a/0xa0
[   34.338466][    C0]  do_idle+0x3d5/0x580
[   34.342526][    C0]  ? arch_cpu_idle_exit+0x40/0x40
[   34.347525][    C0]  ? schedule+0xe1/0x2b0
[   34.351743][    C0]  cpu_startup_entry+0x14/0x20
[   34.356483][    C0]  start_kernel+0x495/0x4b6
[   34.360963][    C0]  secondary_startup_64+0xb6/0xc0
[   34.366441][    C0] Kernel Offset: disabled
[   34.370757][    C0] Rebooting in 86400 seconds..