Warning: Permanently added '10.128.0.16' (ECDSA) to the list of known hosts.
executing program
[ 23.597682][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 24.117220][ T12] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 24.126382][ T12] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 24.134419][ T12] usb 1-1: Product: syz
[ 24.138686][ T12] usb 1-1: Manufacturer: syz
[ 24.143530][ T12] usb 1-1: SerialNumber: syz
[ 24.188198][ T12] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 24.776550][ T12] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 25.206151][ C0] ==================================================================
[ 25.214317][ C0] BUG: KASAN: use-after-free in ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 25.221937][ C0] Read of size 49811 at addr ffff8881ccf40000 by task swapper/0/0
[ 25.229726][ C0]
[ 25.232033][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.9.0-syzkaller #0
[ 25.239570][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 25.249597][ C0] Call Trace:
[ 25.252856][ C0]
[ 25.255686][ C0] dump_stack+0x107/0x163
[ 25.260007][ C0] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 25.265298][ C0] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 25.270569][ C0] print_address_description.constprop.0+0x1c/0x210
[ 25.277139][ C0] ? lock_acquire+0x1a7/0x830
[ 25.281805][ C0] ? ath9k_hif_usb_rx_cb+0x23e/0xf80
[ 25.287079][ C0] ? vprintk_func+0x93/0x140
[ 25.291643][ C0] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 25.297009][ C0] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 25.302269][ C0] kasan_report.cold+0x37/0x7c
[ 25.307009][ C0] ? rwlock_bug.part.0+0x40/0x90
[ 25.311920][ C0] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 25.317196][ C0] check_memory_region+0xf4/0x1c0
[ 25.322193][ C0] memcpy+0x20/0x60
[ 25.325992][ C0] ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 25.331092][ C0] ? lock_acquire+0x1a7/0x830
[ 25.335743][ C0] ? kcov_remote_start+0xce/0x400
[ 25.340740][ C0] ? hif_usb_start+0xa0/0xa0
[ 25.345306][ C0] ? __usb_hcd_giveback_urb+0x302/0x560
[ 25.350827][ C0] ? lock_downgrade+0x6d0/0x6d0
[ 25.355658][ C0] __usb_hcd_giveback_urb+0x32d/0x560
[ 25.361003][ C0] usb_hcd_giveback_urb+0x367/0x410
[ 25.366176][ C0] dummy_timer+0x11f2/0x3240
[ 25.370755][ C0] ? __lock_acquire+0x16ae/0x5a60
[ 25.375753][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 25.380504][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 25.385252][ C0] call_timer_fn+0x1a5/0x630
[ 25.389817][ C0] ? timer_fixup_init+0x60/0x60
[ 25.394641][ C0] ? lock_downgrade+0x6d0/0x6d0
[ 25.399474][ C0] ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 25.405428][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 25.410164][ C0] __run_timers.part.0+0x67c/0xa10
[ 25.415267][ C0] ? call_timer_fn+0x630/0x630
[ 25.420019][ C0] ? lapic_next_event+0x4d/0x80
[ 25.424859][ C0] ? clockevents_program_event+0x12b/0x350
[ 25.430652][ C0] ? tick_program_event+0xa8/0x130
[ 25.435757][ C0] ? hrtimer_interrupt+0x6c0/0x8f0
[ 25.440841][ C0] run_timer_softirq+0x80/0x120
[ 25.445667][ C0] __do_softirq+0x1b1/0x8d1
[ 25.450167][ C0] asm_call_irq_on_stack+0xf/0x20
[ 25.455161][ C0]
[ 25.458079][ C0] do_softirq_own_stack+0x80/0xa0
[ 25.463076][ C0] irq_exit_rcu+0x110/0x1a0
[ 25.467555][ C0] sysvec_apic_timer_interrupt+0x43/0xa0
[ 25.473163][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 25.479117][ C0] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[ 25.484910][ C0] Code: 4d ce 83 fb 84 db 75 ac e8 d4 d5 83 fb e8 ff 69 89 fb e9 0c 00 00 00 e8 c5 d5 83 fb 0f 00 2d 9e ac 69 00 e8 b9 d5 83 fb fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 74 ce 83 fb 48 85 db
[ 25.504487][ C0] RSP: 0018:ffffffff87207d60 EFLAGS: 00000293
[ 25.510544][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff103af21
[ 25.518491][ C0] RDX: ffffffff872304c0 RSI: ffffffff85bb48e7 RDI: ffffffff85bb48d1
[ 25.526438][ C0] RBP: ffff8881d8d49864 R08: 0000000000000001 R09: 0000000000000001
[ 25.534384][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[ 25.542333][ C0] R13: ffff8881d8d49800 R14: ffff8881d8d49864 R15: ffff8881d6eb1004
[ 25.550282][ C0] ? acpi_idle_do_entry+0x1c7/0x250
[ 25.555467][ C0] ? acpi_idle_do_entry+0x1b1/0x250
[ 25.560647][ C0] acpi_idle_enter+0x337/0x490
[ 25.565386][ C0] cpuidle_enter_state+0x1a2/0xa80
[ 25.570489][ C0] cpuidle_enter+0x4a/0xa0
[ 25.574897][ C0] do_idle+0x3d5/0x580
[ 25.578943][ C0] ? arch_cpu_idle_exit+0x40/0x40
[ 25.583941][ C0] cpu_startup_entry+0x14/0x20
[ 25.588678][ C0] start_kernel+0x495/0x4b6
[ 25.593157][ C0] secondary_startup_64_no_verify+0xb8/0xbb
[ 25.599032][ C0]
[ 25.601333][ C0] The buggy address belongs to the page:
[ 25.606956][ C0] page:00000000aa74fc91 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ccf40
[ 25.617161][ C0] head:00000000aa74fc91 order:3 compound_mapcount:0 compound_pincount:0
[ 25.625457][ C0] flags: 0x200000000010000(head)
[ 25.630370][ C0] raw: 0200000000010000 dead000000000100 dead000000000122 0000000000000000
[ 25.638945][ C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 25.647498][ C0] page dumped because: kasan: bad access detected
[ 25.653895][ C0]
[ 25.656211][ C0] Memory state around the buggy address:
[ 25.661816][ C0] ffff8881ccf47f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 25.669866][ C0] ffff8881ccf47f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 25.677903][ C0] >ffff8881ccf48000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 25.685934][ C0] ^
[ 25.689976][ C0] ffff8881ccf48080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 25.698010][ C0] ffff8881ccf48100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 25.706041][ C0] ==================================================================
[ 25.714072][ C0] Disabling lock debugging due to kernel taint
[ 25.720192][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 25.726750][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 5.9.0-syzkaller #0
[ 25.735659][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 25.745681][ C0] Call Trace:
[ 25.748937][ C0]
[ 25.751763][ C0] dump_stack+0x107/0x163
[ 25.756065][ C0] ? ath9k_hif_usb_rx_cb+0x2c0/0xf80
[ 25.761422][ C0] panic+0x2cb/0x702
[ 25.765286][ C0] ? __warn_printk+0xf3/0xf3
[ 25.769850][ C0] ? do_raw_spin_unlock+0x50/0x1f0
[ 25.774949][ C0] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 25.780204][ C0] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 25.785457][ C0] end_report+0x58/0x5e
[ 25.789582][ C0] kasan_report.cold+0x72/0x7c
[ 25.794319][ C0] ? rwlock_bug.part.0+0x40/0x90
[ 25.799226][ C0] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 25.804482][ C0] check_memory_region+0xf4/0x1c0
[ 25.809475][ C0] memcpy+0x20/0x60
[ 25.813256][ C0] ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 25.818352][ C0] ? lock_acquire+0x1a7/0x830
[ 25.822999][ C0] ? kcov_remote_start+0xce/0x400
[ 25.827994][ C0] ? hif_usb_start+0xa0/0xa0
[ 25.832554][ C0] ? __usb_hcd_giveback_urb+0x302/0x560
[ 25.838068][ C0] ? lock_downgrade+0x6d0/0x6d0
[ 25.842891][ C0] __usb_hcd_giveback_urb+0x32d/0x560
[ 25.848234][ C0] usb_hcd_giveback_urb+0x367/0x410
[ 25.853418][ C0] dummy_timer+0x11f2/0x3240
[ 25.857993][ C0] ? __lock_acquire+0x16ae/0x5a60
[ 25.862987][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 25.867722][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 25.872457][ C0] call_timer_fn+0x1a5/0x630
[ 25.877018][ C0] ? timer_fixup_init+0x60/0x60
[ 25.881850][ C0] ? lock_downgrade+0x6d0/0x6d0
[ 25.886671][ C0] ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 25.892621][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 25.897355][ C0] __run_timers.part.0+0x67c/0xa10
[ 25.902438][ C0] ? call_timer_fn+0x630/0x630
[ 25.907172][ C0] ? lapic_next_event+0x4d/0x80
[ 25.911993][ C0] ? clockevents_program_event+0x12b/0x350
[ 25.917770][ C0] ? tick_program_event+0xa8/0x130
[ 25.922851][ C0] ? hrtimer_interrupt+0x6c0/0x8f0
[ 25.928018][ C0] run_timer_softirq+0x80/0x120
[ 25.932842][ C0] __do_softirq+0x1b1/0x8d1
[ 25.937314][ C0] asm_call_irq_on_stack+0xf/0x20
[ 25.942318][ C0]
[ 25.945331][ C0] do_softirq_own_stack+0x80/0xa0
[ 25.950326][ C0] irq_exit_rcu+0x110/0x1a0
[ 25.954800][ C0] sysvec_apic_timer_interrupt+0x43/0xa0
[ 25.960403][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 25.966355][ C0] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[ 25.972129][ C0] Code: 4d ce 83 fb 84 db 75 ac e8 d4 d5 83 fb e8 ff 69 89 fb e9 0c 00 00 00 e8 c5 d5 83 fb 0f 00 2d 9e ac 69 00 e8 b9 d5 83 fb fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 74 ce 83 fb 48 85 db
[ 25.991715][ C0] RSP: 0018:ffffffff87207d60 EFLAGS: 00000293
[ 25.997753][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff103af21
[ 26.005699][ C0] RDX: ffffffff872304c0 RSI: ffffffff85bb48e7 RDI: ffffffff85bb48d1
[ 26.013641][ C0] RBP: ffff8881d8d49864 R08: 0000000000000001 R09: 0000000000000001
[ 26.021730][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[ 26.029690][ C0] R13: ffff8881d8d49800 R14: ffff8881d8d49864 R15: ffff8881d6eb1004
[ 26.037638][ C0] ? acpi_idle_do_entry+0x1c7/0x250
[ 26.042804][ C0] ? acpi_idle_do_entry+0x1b1/0x250
[ 26.047992][ C0] acpi_idle_enter+0x337/0x490
[ 26.052728][ C0] cpuidle_enter_state+0x1a2/0xa80
[ 26.057808][ C0] cpuidle_enter+0x4a/0xa0
[ 26.062195][ C0] do_idle+0x3d5/0x580
[ 26.066234][ C0] ? arch_cpu_idle_exit+0x40/0x40
[ 26.071236][ C0] cpu_startup_entry+0x14/0x20
[ 26.075969][ C0] start_kernel+0x495/0x4b6
[ 26.080444][ C0] secondary_startup_64_no_verify+0xb8/0xbb
[ 26.086811][ C0] Kernel Offset: disabled
[ 26.091128][ C0] Rebooting in 86400 seconds..