Warning: Permanently added '10.128.1.12' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 22.587186][ T83] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 22.956993][ T83] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 22.966504][ T83] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 22.974573][ T83] usb 1-1: Product: syz
[ 22.978852][ T83] usb 1-1: Manufacturer: syz
[ 22.983427][ T83] usb 1-1: SerialNumber: syz
[ 23.027747][ T83] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 23.616666][ T83] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 24.036480][ C1] ==================================================================
[ 24.044821][ C1] BUG: KASAN: use-after-free in ath9k_hif_usb_rx_cb+0x3be/0xf70
[ 24.052449][ C1] Read of size 49151 at addr ffff8881ceee0000 by task swapper/1/0
[ 24.060222][ C1]
[ 24.062531][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.6.0-rc5-syzkaller #0
[ 24.070411][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.080440][ C1] Call Trace:
[ 24.083794][ C1]
[ 24.086622][ C1] dump_stack+0xef/0x16e
[ 24.090863][ C1] ? ath9k_hif_usb_rx_cb+0x3be/0xf70
[ 24.096121][ C1] ? ath9k_hif_usb_rx_cb+0x3be/0xf70
[ 24.101384][ C1] print_address_description.constprop.0.cold+0xd3/0x314
[ 24.108381][ C1] ? ath9k_hif_usb_rx_cb+0x3be/0xf70
[ 24.117199][ C1] ? ath9k_hif_usb_rx_cb+0x3be/0xf70
[ 24.122478][ C1] __kasan_report.cold+0x37/0x77
[ 24.127401][ C1] ? ath9k_hif_usb_rx_cb+0x3be/0xf70
[ 24.132691][ C1] kasan_report+0xe/0x20
[ 24.136924][ C1] check_memory_region+0x152/0x1c0
[ 24.142097][ C1] memcpy+0x20/0x50
[ 24.145887][ C1] ath9k_hif_usb_rx_cb+0x3be/0xf70
[ 24.151018][ C1] ? find_held_lock+0x2d/0x110
[ 24.155762][ C1] ? hif_usb_mgmt_cb+0x300/0x300
[ 24.160730][ C1] ? do_raw_spin_lock+0x129/0x290
[ 24.165731][ C1] ? lock_downgrade+0x6e0/0x6e0
[ 24.170560][ C1] ? trace_hardirqs_off+0x50/0x200
[ 24.175653][ C1] __usb_hcd_giveback_urb+0x29a/0x550
[ 24.181022][ C1] usb_hcd_giveback_urb+0x368/0x420
[ 24.186218][ C1] dummy_timer+0x1258/0x32ae
[ 24.190788][ C1] ? dummy_udc_probe+0x930/0x930
[ 24.195735][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 24.201273][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 24.206558][ C1] call_timer_fn+0x195/0x6f0
[ 24.211193][ C1] ? dummy_udc_probe+0x930/0x930
[ 24.216125][ C1] ? msleep_interruptible+0x130/0x130
[ 24.221484][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 24.227005][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 24.232271][ C1] ? _raw_spin_unlock_irq+0x1f/0x30
[ 24.237449][ C1] ? dummy_udc_probe+0x930/0x930
[ 24.242371][ C1] run_timer_softirq+0x5f9/0x1500
[ 24.248249][ C1] ? add_timer+0x7a0/0x7a0
[ 24.252652][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 24.258174][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 24.263433][ C1] __do_softirq+0x21e/0x950
[ 24.267914][ C1] irq_exit+0x178/0x1a0
[ 24.272045][ C1] smp_apic_timer_interrupt+0x141/0x540
[ 24.277576][ C1] apic_timer_interrupt+0xf/0x20
[ 24.282484][ C1]
[ 24.285400][ C1] RIP: 0010:default_idle+0x28/0x300
[ 24.290760][ C1] Code: cc cc 41 56 41 55 65 44 8b 2d 44 77 72 7a 41 54 55 53 0f 1f 44 00 00 e8 b6 62 b5 fb e9 07 00 00 00 0f 00 2d ea 0c 53 00 fb f4 <65> 44 8b 2d 20 77 72 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
[ 24.310353][ C1] RSP: 0018:ffff8881da22fda8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 24.318888][ C1] RAX: 0000000000000007 RBX: ffff8881da213100 RCX: 0000000000000000
[ 24.326834][ C1] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffff8881da21394c
[ 24.334802][ C1] RBP: ffffed103b442620 R08: ffff8881da213100 R09: 0000000000000000
[ 24.342767][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
[ 24.350734][ C1] R13: 0000000000000001 R14: ffffffff87e607c0 R15: 0000000000000000
[ 24.358697][ C1] ? default_idle+0x1a/0x300
[ 24.363268][ C1] do_idle+0x3e0/0x500
[ 24.367315][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 24.372318][ C1] cpu_startup_entry+0x14/0x20
[ 24.377078][ C1] start_secondary+0x2a4/0x390
[ 24.381884][ C1] ? set_cpu_sibling_map+0x1e90/0x1e90
[ 24.387346][ C1] secondary_startup_64+0xb6/0xc0
[ 24.392347][ C1]
[ 24.394651][ C1] The buggy address belongs to the page:
[ 24.400263][ C1] page:ffffea00073bb800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 compound_mapcount: 0
[ 24.411178][ C1] flags: 0x200000000010000(head)
[ 24.416098][ C1] raw: 0200000000010000 dead000000000100 dead000000000122 0000000000000000
[ 24.424660][ C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 24.433357][ C1] page dumped because: kasan: bad access detected
[ 24.439740][ C1]
[ 24.442042][ C1] Memory state around the buggy address:
[ 24.447649][ C1] ffff8881ceee7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 24.455787][ C1] ffff8881ceee7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 24.463834][ C1] >ffff8881ceee8000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.471866][ C1] ^
[ 24.475920][ C1] ffff8881ceee8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.483953][ C1] ffff8881ceee8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.491994][ C1] ==================================================================
[ 24.500029][ C1] Disabling lock debugging due to kernel taint
[ 24.506149][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 24.512720][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 5.6.0-rc5-syzkaller #0
[ 24.521970][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.532012][ C1] Call Trace:
[ 24.535278][ C1]
[ 24.538109][ C1] dump_stack+0xef/0x16e
[ 24.542326][ C1] panic+0x2aa/0x6e1
[ 24.546196][ C1] ? add_taint.cold+0x16/0x16
[ 24.550848][ C1] ? print_shadow_for_address+0xb8/0x114
[ 24.556453][ C1] ? trace_hardirqs_off+0x50/0x200
[ 24.561540][ C1] ? ath9k_hif_usb_rx_cb+0x3be/0xf70
[ 24.566808][ C1] end_report+0x43/0x49
[ 24.570937][ C1] ? ath9k_hif_usb_rx_cb+0x3be/0xf70
[ 24.576206][ C1] __kasan_report.cold+0x55/0x77
[ 24.581117][ C1] ? ath9k_hif_usb_rx_cb+0x3be/0xf70
[ 24.586388][ C1] kasan_report+0xe/0x20
[ 24.590716][ C1] check_memory_region+0x152/0x1c0
[ 24.595811][ C1] memcpy+0x20/0x50
[ 24.599591][ C1] ath9k_hif_usb_rx_cb+0x3be/0xf70
[ 24.604675][ C1] ? find_held_lock+0x2d/0x110
[ 24.609415][ C1] ? hif_usb_mgmt_cb+0x300/0x300
[ 24.614336][ C1] ? do_raw_spin_lock+0x129/0x290
[ 24.619342][ C1] ? lock_downgrade+0x6e0/0x6e0
[ 24.624168][ C1] ? trace_hardirqs_off+0x50/0x200
[ 24.629250][ C1] __usb_hcd_giveback_urb+0x29a/0x550
[ 24.634606][ C1] usb_hcd_giveback_urb+0x368/0x420
[ 24.639786][ C1] dummy_timer+0x1258/0x32ae
[ 24.644367][ C1] ? dummy_udc_probe+0x930/0x930
[ 24.649283][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 24.654806][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 24.660065][ C1] call_timer_fn+0x195/0x6f0
[ 24.664635][ C1] ? dummy_udc_probe+0x930/0x930
[ 24.669549][ C1] ? msleep_interruptible+0x130/0x130
[ 24.674899][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 24.680508][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 24.685807][ C1] ? _raw_spin_unlock_irq+0x1f/0x30
[ 24.691001][ C1] ? dummy_udc_probe+0x930/0x930
[ 24.695934][ C1] run_timer_softirq+0x5f9/0x1500
[ 24.700937][ C1] ? add_timer+0x7a0/0x7a0
[ 24.705350][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 24.710881][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 24.716153][ C1] __do_softirq+0x21e/0x950
[ 24.720634][ C1] irq_exit+0x178/0x1a0
[ 24.724768][ C1] smp_apic_timer_interrupt+0x141/0x540
[ 24.730333][ C1] apic_timer_interrupt+0xf/0x20
[ 24.735277][ C1]
[ 24.738205][ C1] RIP: 0010:default_idle+0x28/0x300
[ 24.743390][ C1] Code: cc cc 41 56 41 55 65 44 8b 2d 44 77 72 7a 41 54 55 53 0f 1f 44 00 00 e8 b6 62 b5 fb e9 07 00 00 00 0f 00 2d ea 0c 53 00 fb f4 <65> 44 8b 2d 20 77 72 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
[ 24.763001][ C1] RSP: 0018:ffff8881da22fda8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 24.771399][ C1] RAX: 0000000000000007 RBX: ffff8881da213100 RCX: 0000000000000000
[ 24.779364][ C1] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffff8881da21394c
[ 24.787580][ C1] RBP: ffffed103b442620 R08: ffff8881da213100 R09: 0000000000000000
[ 24.795530][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
[ 24.803488][ C1] R13: 0000000000000001 R14: ffffffff87e607c0 R15: 0000000000000000
[ 24.811454][ C1] ? default_idle+0x1a/0x300
[ 24.816023][ C1] do_idle+0x3e0/0x500
[ 24.820068][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 24.825066][ C1] cpu_startup_entry+0x14/0x20
[ 24.829802][ C1] start_secondary+0x2a4/0x390
[ 24.834537][ C1] ? set_cpu_sibling_map+0x1e90/0x1e90
[ 24.839967][ C1] secondary_startup_64+0xb6/0xc0
[ 24.845828][ C1] Kernel Offset: disabled
[ 24.854915][ C1] Rebooting in 86400 seconds..