Warning: Permanently added '10.128.0.186' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   24.445526][  T151] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   24.725535][  T151] usb 1-1: too many configurations: 160, using maximum allowed: 8
[   24.805349][  T151] usb 1-1: config index 0 descriptor too short (expected 65204, got 72)
[   24.895311][  T151] usb 1-1: config index 1 descriptor too short (expected 65204, got 72)
[   24.985249][  T151] usb 1-1: config index 2 descriptor too short (expected 65204, got 72)
[   25.075605][  T151] usb 1-1: config index 3 descriptor too short (expected 65204, got 72)
[   25.155210][  T151] usb 1-1: config index 4 descriptor too short (expected 65204, got 72)
[   25.245133][  T151] usb 1-1: config index 5 descriptor too short (expected 65204, got 72)
[   25.325043][  T151] usb 1-1: config index 6 descriptor too short (expected 65204, got 72)
[   25.405012][  T151] usb 1-1: config index 7 descriptor too short (expected 65204, got 72)
[   25.564934][  T151] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   25.573966][  T151] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   25.582012][  T151] usb 1-1: Product: syz
[   25.586211][  T151] usb 1-1: Manufacturer: syz
[   25.591128][  T151] usb 1-1: SerialNumber: syz
[   25.647364][  T151] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   26.294501][  T151] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
executing program
[   26.896098][   T67] usb 1-1: USB disconnect, device number 2
[   27.343934][  T151] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[   27.350975][  T151] ath9k_htc: Failed to initialize the device
[   27.357600][   T67] usb 1-1: ath9k_htc: USB layer deinitialized
[   27.723679][   T67] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   28.003618][   T67] usb 1-1: too many configurations: 160, using maximum allowed: 8
[   28.083534][   T67] usb 1-1: config index 0 descriptor too short (expected 65204, got 72)
[   28.163484][   T67] usb 1-1: config index 1 descriptor too short (expected 65204, got 72)
[   28.243431][   T67] usb 1-1: config index 2 descriptor too short (expected 65204, got 72)
[   28.323549][   T67] usb 1-1: config index 3 descriptor too short (expected 65204, got 72)
[   28.403362][   T67] usb 1-1: config index 4 descriptor too short (expected 65204, got 72)
[   28.483408][   T67] usb 1-1: config index 5 descriptor too short (expected 65204, got 72)
[   28.563683][   T67] usb 1-1: config index 6 descriptor too short (expected 65204, got 72)
[   28.643243][   T67] usb 1-1: config index 7 descriptor too short (expected 65204, got 72)
[   28.803193][   T67] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   28.812212][   T67] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   28.820210][   T67] usb 1-1: Product: syz
[   28.824405][   T67] usb 1-1: Manufacturer: syz
[   28.828971][   T67] usb 1-1: SerialNumber: syz
[   28.883643][   T67] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   29.452911][   T67] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   29.872794][    C0] ==================================================================
[   29.880980][    C0] BUG: KASAN: use-after-free in ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   29.888590][    C0] Read of size 47372 at addr ffff8881cd298000 by task swapper/0/0
[   29.896357][    C0] 
[   29.898658][    C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.8.0-rc7-syzkaller #0
[   29.906514][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.916563][    C0] Call Trace:
[   29.919924][    C0]  <IRQ>
[   29.922763][    C0]  dump_stack+0xf6/0x16e
[   29.926978][    C0]  ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   29.932251][    C0]  ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   29.937513][    C0]  print_address_description.constprop.0+0x1a/0x210
[   29.944071][    C0]  ? ath9k_hif_usb_rx_cb+0x23e/0xf80
[   29.949325][    C0]  ? vprintk_func+0x93/0x133
[   29.953885][    C0]  ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   29.959141][    C0]  kasan_report.cold+0x37/0x7c
[   29.963873][    C0]  ? rwlock_bug.part.0+0x70/0x90
[   29.968778][    C0]  ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   29.974053][    C0]  check_memory_region+0xf4/0x1c0
[   29.979044][    C0]  memcpy+0x20/0x60
[   29.982824][    C0]  ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   29.987925][    C0]  ? kcov_remote_start+0xd6/0x3d0
[   29.992920][    C0]  ? __usb_hcd_giveback_urb+0x302/0x560
[   29.998436][    C0]  ? hif_usb_start+0xa0/0xa0
[   30.002995][    C0]  ? lock_downgrade+0x730/0x730
[   30.007813][    C0]  ? trace_hardirqs_off+0x27/0x1f0
[   30.012895][    C0]  __usb_hcd_giveback_urb+0x32d/0x560
[   30.018243][    C0]  usb_hcd_giveback_urb+0x367/0x410
executing program
[   30.023410][    C0]  dummy_timer+0x11f2/0x3240
[   30.027981][    C0]  ? lock_downgrade+0x730/0x730
[   30.032824][    C0]  ? dummy_dequeue+0x490/0x490
[   30.037556][    C0]  call_timer_fn+0x1ac/0x6e0
[   30.042115][    C0]  ? dummy_dequeue+0x490/0x490
[   30.046845][    C0]  ? msleep_interruptible+0x130/0x130
[   30.052184][    C0]  ? lock_downgrade+0x730/0x730
[   30.056904][   T75] usb 1-1: USB disconnect, device number 3
[   30.057028][    C0]  ? _raw_spin_unlock_irq+0x1f/0x30
[   30.067986][    C0]  ? lockdep_hardirqs_on_prepare+0x1bc/0x550
[   30.073965][    C0]  ? trace_hardirqs_on+0x5f/0x200
[   30.078988][    C0]  ? dummy_dequeue+0x490/0x490
[   30.083736][    C0]  __run_timers.part.0+0x54c/0x9e0
[   30.088819][    C0]  ? call_timer_fn+0x6e0/0x6e0
[   30.093558][    C0]  ? clockevents_program_event+0x12b/0x350
[   30.099338][    C0]  ? tick_program_event+0xa8/0x130
[   30.104420][    C0]  run_timer_softirq+0x80/0x120
[   30.109316][    C0]  __do_softirq+0x222/0x95b
[   30.113796][    C0]  asm_call_on_stack+0xf/0x20
[   30.118445][    C0]  </IRQ>
[   30.121370][    C0]  do_softirq_own_stack+0xed/0x140
[   30.126451][    C0]  irq_exit_rcu+0x150/0x1f0
[   30.130925][    C0]  sysvec_apic_timer_interrupt+0x49/0xc0
[   30.136528][    C0]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   30.142486][    C0] RIP: 0010:acpi_safe_halt+0x72/0x90
[   30.147751][    C0] Code: 74 06 5b e9 e0 4c 8f fb e8 db 4c 8f fb e8 26 d8 94 fb e9 0c 00 00 00 e8 cc 4c 8f fb 0f 00 2d 05 63 74 00 e8 c0 4c 8f fb fb f4 <fa> e8 18 d2 94 fb 5b e9 b2 4c 8f fb 48 89 df e8 fa fb b8 fb eb ab
[   30.167325][    C0] RSP: 0018:ffffffff87207c80 EFLAGS: 00000293
[   30.173361][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   30.181302][    C0] RDX: ffffffff8722f840 RSI: ffffffff85b05d40 RDI: ffffffff85b05d2a
[   30.189244][    C0] RBP: ffff8881d8cca864 R08: 0000000000000000 R09: 0000000000000000
[   30.197815][    C0] R10: 0000000000000001 R11: 0000000000000000 R12: ffff8881d8cca864
[   30.205844][    C0] R13: 1ffffffff0e40f99 R14: ffff8881d8cca865 R15: 0000000000000001
[   30.213795][    C0]  ? acpi_safe_halt+0x70/0x90
[   30.218442][    C0]  ? acpi_safe_halt+0x5a/0x90
[   30.223091][    C0]  acpi_idle_do_entry+0x15c/0x1b0
[   30.228085][    C0]  acpi_idle_enter+0x3f0/0xa50
[   30.232823][    C0]  ? acpi_idle_enter_s2idle+0x190/0x190
[   30.238340][    C0]  ? kvm_sched_clock_read+0x14/0x30
[   30.243507][    C0]  ? sched_clock+0x5/0x10
[   30.247805][    C0]  ? sched_clock_cpu+0x18/0x170
[   30.252629][    C0]  cpuidle_enter_state+0xff/0x870
[   30.257625][    C0]  ? rcu_read_lock_sched_held+0x3a/0x70
[   30.263143][    C0]  cpuidle_enter+0x4a/0xa0
[   30.267535][    C0]  do_idle+0x3d6/0x5a0
[   30.271573][    C0]  ? arch_cpu_idle_exit+0x40/0x40
[   30.276565][    C0]  ? schedule+0xe1/0x2b0
[   30.280778][    C0]  cpu_startup_entry+0x14/0x20
[   30.285655][    C0]  start_kernel+0xa1b/0xa56
[   30.290780][    C0]  ? mem_encrypt_init+0x5/0x5
[   30.295441][    C0]  ? x86_cpuid_vendor+0x84/0x90
[   30.300273][    C0]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   30.306155][    C0]  ? load_ucode_bsp+0x1b7/0x1f7
[   30.310993][    C0]  secondary_startup_64+0xb6/0xc0
[   30.315985][    C0] 
[   30.318284][    C0] The buggy address belongs to the page:
[   30.323891][    C0] page:ffffea000734a600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 head:ffffea000734a600 order:3 compound_mapcount:0 compound_pincount:0
[   30.339041][    C0] flags: 0x200000000010000(head)
[   30.343950][    C0] raw: 0200000000010000 dead000000000100 dead000000000122 0000000000000000
[   30.352500][    C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   30.361045][    C0] page dumped because: kasan: bad access detected
[   30.367447][    C0] 
[   30.369771][    C0] Memory state around the buggy address:
[   30.375480][    C0]  ffff8881cd29ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.383512][    C0]  ffff8881cd29ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.392100][    C0] >ffff8881cd2a0000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.400146][    C0]                    ^
[   30.404197][    C0]  ffff8881cd2a0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.412485][    C0]  ffff8881cd2a0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.420601][    C0] ==================================================================
[   30.428626][    C0] Disabling lock debugging due to kernel taint
[   30.434741][    C0] Kernel panic - not syncing: panic_on_warn set ...
[   30.441299][    C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G    B             5.8.0-rc7-syzkaller #0
[   30.450662][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.460686][    C0] Call Trace:
[   30.463939][    C0]  <IRQ>
[   30.466761][    C0]  dump_stack+0xf6/0x16e
[   30.470976][    C0]  ? ath9k_hif_usb_rx_cb+0x390/0xf80
[   30.476226][    C0]  panic+0x2aa/0x6e1
[   30.480180][    C0]  ? __warn_printk+0xf3/0xf3
[   30.484742][    C0]  ? _raw_spin_unlock_irqrestore+0x2a/0x40
[   30.490517][    C0]  ? trace_hardirqs_off+0x27/0x1f0
[   30.495597][    C0]  ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   30.500853][    C0]  ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   30.506109][    C0]  end_report+0x4d/0x53
[   30.510241][    C0]  kasan_report.cold+0x72/0x7c
[   30.514977][    C0]  ? rwlock_bug.part.0+0x70/0x90
[   30.519888][    C0]  ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   30.525143][    C0]  check_memory_region+0xf4/0x1c0
[   30.530137][    C0]  memcpy+0x20/0x60
[   30.533919][    C0]  ath9k_hif_usb_rx_cb+0x3a8/0xf80
[   30.539131][    C0]  ? kcov_remote_start+0xd6/0x3d0
[   30.544129][    C0]  ? __usb_hcd_giveback_urb+0x302/0x560
[   30.549643][    C0]  ? hif_usb_start+0xa0/0xa0
[   30.554201][    C0]  ? lock_downgrade+0x730/0x730
[   30.559018][    C0]  ? trace_hardirqs_off+0x27/0x1f0
[   30.564097][    C0]  __usb_hcd_giveback_urb+0x32d/0x560
[   30.569441][    C0]  usb_hcd_giveback_urb+0x367/0x410
[   30.574607][    C0]  dummy_timer+0x11f2/0x3240
[   30.579166][    C0]  ? lock_downgrade+0x730/0x730
[   30.583982][    C0]  ? dummy_dequeue+0x490/0x490
[   30.588711][    C0]  call_timer_fn+0x1ac/0x6e0
[   30.593303][    C0]  ? dummy_dequeue+0x490/0x490
[   30.598034][    C0]  ? msleep_interruptible+0x130/0x130
[   30.603375][    C0]  ? lock_downgrade+0x730/0x730
[   30.608225][    C0]  ? _raw_spin_unlock_irq+0x1f/0x30
[   30.613392][    C0]  ? lockdep_hardirqs_on_prepare+0x1bc/0x550
[   30.619339][    C0]  ? trace_hardirqs_on+0x5f/0x200
[   30.624333][    C0]  ? dummy_dequeue+0x490/0x490
[   30.629068][    C0]  __run_timers.part.0+0x54c/0x9e0
[   30.634155][    C0]  ? call_timer_fn+0x6e0/0x6e0
[   30.638886][    C0]  ? clockevents_program_event+0x12b/0x350
[   30.644662][    C0]  ? tick_program_event+0xa8/0x130
[   30.649741][    C0]  run_timer_softirq+0x80/0x120
[   30.654560][    C0]  __do_softirq+0x222/0x95b
[   30.659031][    C0]  asm_call_on_stack+0xf/0x20
[   30.663814][    C0]  </IRQ>
[   30.666734][    C0]  do_softirq_own_stack+0xed/0x140
[   30.671816][    C0]  irq_exit_rcu+0x150/0x1f0
[   30.676289][    C0]  sysvec_apic_timer_interrupt+0x49/0xc0
[   30.681891][    C0]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   30.687849][    C0] RIP: 0010:acpi_safe_halt+0x72/0x90
[   30.693107][    C0] Code: 74 06 5b e9 e0 4c 8f fb e8 db 4c 8f fb e8 26 d8 94 fb e9 0c 00 00 00 e8 cc 4c 8f fb 0f 00 2d 05 63 74 00 e8 c0 4c 8f fb fb f4 <fa> e8 18 d2 94 fb 5b e9 b2 4c 8f fb 48 89 df e8 fa fb b8 fb eb ab
[   30.712789][    C0] RSP: 0018:ffffffff87207c80 EFLAGS: 00000293
[   30.718822][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   30.726804][    C0] RDX: ffffffff8722f840 RSI: ffffffff85b05d40 RDI: ffffffff85b05d2a
[   30.734748][    C0] RBP: ffff8881d8cca864 R08: 0000000000000000 R09: 0000000000000000
[   30.742689][    C0] R10: 0000000000000001 R11: 0000000000000000 R12: ffff8881d8cca864
[   30.750628][    C0] R13: 1ffffffff0e40f99 R14: ffff8881d8cca865 R15: 0000000000000001
[   30.758583][    C0]  ? acpi_safe_halt+0x70/0x90
[   30.763229][    C0]  ? acpi_safe_halt+0x5a/0x90
[   30.767876][    C0]  acpi_idle_do_entry+0x15c/0x1b0
[   30.772868][    C0]  acpi_idle_enter+0x3f0/0xa50
[   30.777599][    C0]  ? acpi_idle_enter_s2idle+0x190/0x190
[   30.783115][    C0]  ? kvm_sched_clock_read+0x14/0x30
[   30.788285][    C0]  ? sched_clock+0x5/0x10
[   30.793046][    C0]  ? sched_clock_cpu+0x18/0x170
[   30.797872][    C0]  cpuidle_enter_state+0xff/0x870
[   30.802869][    C0]  ? rcu_read_lock_sched_held+0x3a/0x70
[   30.808383][    C0]  cpuidle_enter+0x4a/0xa0
[   30.812769][    C0]  do_idle+0x3d6/0x5a0
[   30.816808][    C0]  ? arch_cpu_idle_exit+0x40/0x40
[   30.821798][    C0]  ? schedule+0xe1/0x2b0
[   30.826100][    C0]  cpu_startup_entry+0x14/0x20
[   30.830834][    C0]  start_kernel+0xa1b/0xa56
[   30.835307][    C0]  ? mem_encrypt_init+0x5/0x5
[   30.839960][    C0]  ? x86_cpuid_vendor+0x84/0x90
[   30.844780][    C0]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   30.850641][    C0]  ? load_ucode_bsp+0x1b7/0x1f7
[   30.855456][    C0]  secondary_startup_64+0xb6/0xc0
[   30.861098][    C0] Kernel Offset: disabled
[   30.865409][    C0] Rebooting in 86400 seconds..