Warning: Permanently added '10.128.0.234' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   23.706728][  T160] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   24.226055][  T160] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   24.235188][  T160] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   24.243273][  T160] usb 1-1: Product: syz
[   24.247504][  T160] usb 1-1: Manufacturer: syz
[   24.252100][  T160] usb 1-1: SerialNumber: syz
[   24.296979][  T160] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   24.955148][  T160] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   25.174956][    C0] ==================================================================
[   25.183138][    C0] BUG: KASAN: stack-out-of-bounds in ath9k_hif_usb_rx_cb+0xe11/0xf90
[   25.191185][    C0] Write of size 8 at addr ffff8881db209a08 by task swapper/0/0
[   25.198707][    C0] 
[   25.201023][    C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.7.0-rc6-syzkaller #0
[   25.208897][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.218944][    C0] Call Trace:
[   25.222219][    C0]  <IRQ>
[   25.225061][    C0]  dump_stack+0xef/0x16e
[   25.229384][    C0]  print_address_description.constprop.0.cold+0xd3/0x415
[   25.236492][    C0]  ? __build_skb+0x21/0x60
[   25.240882][    C0]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   25.246988][    C0]  ? vprintk_func+0x7d/0x113
[   25.252829][    C0]  ? ath9k_hif_usb_rx_cb+0xe11/0xf90
[   25.258093][    C0]  __kasan_report.cold+0x37/0x7d
[   25.263034][    C0]  ? ath9k_hif_usb_rx_cb+0xe11/0xf90
[   25.268311][    C0]  ? ath9k_hif_usb_rx_cb+0xe11/0xf90
[   25.273732][    C0]  kasan_report+0x33/0x50
[   25.278064][    C0]  ath9k_hif_usb_rx_cb+0xe11/0xf90
[   25.283336][    C0]  ? hif_usb_mgmt_cb+0x310/0x310
[   25.288254][    C0]  ? do_raw_read_unlock+0x3b/0x70
[   25.293314][    C0]  ? _raw_read_unlock+0x1a/0x30
[   25.298138][    C0]  __usb_hcd_giveback_urb+0x1f2/0x470
[   25.303499][    C0]  usb_hcd_giveback_urb+0x368/0x420
[   25.308678][    C0]  dummy_timer+0x125e/0x32b4
[   25.313259][    C0]  ? dummy_udc_probe+0x980/0x980
[   25.318865][    C0]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   25.324396][    C0]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   25.329745][    C0]  call_timer_fn+0x1ac/0x700
[   25.334329][    C0]  ? dummy_udc_probe+0x980/0x980
[   25.339258][    C0]  ? timer_fixup_init+0x60/0x60
[   25.344082][    C0]  ? lock_downgrade+0x720/0x720
[   25.348904][    C0]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   25.354421][    C0]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   25.359710][    C0]  ? _raw_spin_unlock_irq+0x1f/0x30
[   25.364879][    C0]  ? dummy_udc_probe+0x980/0x980
[   25.369791][    C0]  run_timer_softirq+0x5f9/0x1500
[   25.374802][    C0]  ? add_timer+0x7a0/0x7a0
[   25.379209][    C0]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   25.384749][    C0]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   25.390006][    C0]  __do_softirq+0x21e/0x9aa
[   25.394483][    C0]  irq_exit+0x178/0x1a0
[   25.398614][    C0]  smp_apic_timer_interrupt+0x141/0x540
[   25.404145][    C0]  apic_timer_interrupt+0xf/0x20
[   25.409051][    C0]  </IRQ>
[   25.411964][    C0] RIP: 0010:default_idle+0x28/0x300
[   25.417139][    C0] Code: cc cc 41 56 41 55 65 44 8b 2d 94 3f 6b 7a 41 54 55 53 0f 1f 44 00 00 e8 06 27 af fb e9 07 00 00 00 0f 00 2d 7a e1 4b 00 fb f4 <65> 44 8b 2d 70 3f 6b 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
[   25.437118][    C0] RSP: 0018:ffffffff87007da0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[   25.446558][    C0] RAX: 0000000000000007 RBX: ffffffff8702f800 RCX: 0000000000000000
[   25.454607][    C0] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffffffff8703007c
[   25.462552][    C0] RBP: fffffbfff0e05f00 R08: ffffffff8702f800 R09: 0000000000000000
[   25.470494][    C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   25.479057][    C0] R13: 0000000000000000 R14: ffffffff87e88e00 R15: 0000000000000000
[   25.487011][    C0]  do_idle+0x3e0/0x500
[   25.491054][    C0]  ? rcu_read_lock_held+0x9c/0xb0
[   25.496059][    C0]  ? arch_cpu_idle_exit+0x40/0x40
[   25.501054][    C0]  ? schedule+0xe1/0x2b0
[   25.505278][    C0]  cpu_startup_entry+0x14/0x20
[   25.510013][    C0]  start_kernel+0x9bb/0x9f8
[   25.514490][    C0]  ? mem_encrypt_init+0x5/0x5
[   25.519145][    C0]  ? x86_family+0x3d/0x50
[   25.523455][    C0]  ? load_ucode_bsp+0x23d/0x27d
[   25.528276][    C0]  secondary_startup_64+0xb6/0xc0
[   25.533268][    C0] 
[   25.535587][    C0] The buggy address belongs to the page:
[   25.541201][    C0] page:ffffea00076c8240 refcount:1 mapcount:0 mapping:00000000610b4f7e index:0x0
[   25.550275][    C0] flags: 0x200000000001000(reserved)
[   25.555533][    C0] raw: 0200000000001000 ffffea00076c8248 ffffea00076c8248 0000000000000000
[   25.564100][    C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   25.572667][    C0] page dumped because: kasan: bad access detected
[   25.579059][    C0] 
[   25.581361][    C0] Memory state around the buggy address:
[   25.586962][    C0]  ffff8881db209900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.595002][    C0]  ffff8881db209980: 00 f1 f1 f1 f1 f1 f1 00 00 00 00 00 00 00 00 00
[   25.603046][    C0] >ffff8881db209a00: 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00
[   25.611099][    C0]                       ^
[   25.615407][    C0]  ffff8881db209a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.623523][    C0]  ffff8881db209b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.631562][    C0] ==================================================================
[   25.639590][    C0] Disabling lock debugging due to kernel taint
[   25.645794][    C0] Kernel panic - not syncing: panic_on_warn set ...
[   25.652352][    C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G    B             5.7.0-rc6-syzkaller #0
[   25.661605][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.671644][    C0] Call Trace:
[   25.674898][    C0]  <IRQ>
[   25.677732][    C0]  dump_stack+0xef/0x16e
[   25.681945][    C0]  panic+0x2aa/0x6e1
[   25.685822][    C0]  ? add_taint.cold+0x16/0x16
[   25.690468][    C0]  ? trace_hardirqs_off+0x50/0x200
[   25.695561][    C0]  ? ath9k_hif_usb_rx_cb+0xe11/0xf90
[   25.700822][    C0]  end_report+0x4d/0x53
[   25.704946][    C0]  __kasan_report.cold+0x72/0x7d
[   25.709859][    C0]  ? ath9k_hif_usb_rx_cb+0xe11/0xf90
[   25.715114][    C0]  ? ath9k_hif_usb_rx_cb+0xe11/0xf90
[   25.720374][    C0]  kasan_report+0x33/0x50
[   25.724671][    C0]  ath9k_hif_usb_rx_cb+0xe11/0xf90
[   25.729758][    C0]  ? hif_usb_mgmt_cb+0x310/0x310
[   25.734675][    C0]  ? do_raw_read_unlock+0x3b/0x70
[   25.739668][    C0]  ? _raw_read_unlock+0x1a/0x30
[   25.744513][    C0]  __usb_hcd_giveback_urb+0x1f2/0x470
[   25.749854][    C0]  usb_hcd_giveback_urb+0x368/0x420
[   25.755030][    C0]  dummy_timer+0x125e/0x32b4
[   25.759617][    C0]  ? dummy_udc_probe+0x980/0x980
[   25.764535][    C0]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   25.770049][    C0]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   25.775475][    C0]  call_timer_fn+0x1ac/0x700
[   25.780034][    C0]  ? dummy_udc_probe+0x980/0x980
[   25.784949][    C0]  ? timer_fixup_init+0x60/0x60
[   25.789768][    C0]  ? lock_downgrade+0x720/0x720
[   25.794587][    C0]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   25.800115][    C0]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   25.805368][    C0]  ? _raw_spin_unlock_irq+0x1f/0x30
[   25.813613][    C0]  ? dummy_udc_probe+0x980/0x980
[   25.818532][    C0]  run_timer_softirq+0x5f9/0x1500
[   25.823526][    C0]  ? add_timer+0x7a0/0x7a0
[   25.827955][    C0]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   25.833568][    C0]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   25.838826][    C0]  __do_softirq+0x21e/0x9aa
[   25.843314][    C0]  irq_exit+0x178/0x1a0
[   25.847454][    C0]  smp_apic_timer_interrupt+0x141/0x540
[   25.852986][    C0]  apic_timer_interrupt+0xf/0x20
[   25.857898][    C0]  </IRQ>
[   25.860808][    C0] RIP: 0010:default_idle+0x28/0x300
[   25.865991][    C0] Code: cc cc 41 56 41 55 65 44 8b 2d 94 3f 6b 7a 41 54 55 53 0f 1f 44 00 00 e8 06 27 af fb e9 07 00 00 00 0f 00 2d 7a e1 4b 00 fb f4 <65> 44 8b 2d 70 3f 6b 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
[   25.885565][    C0] RSP: 0018:ffffffff87007da0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[   25.893943][    C0] RAX: 0000000000000007 RBX: ffffffff8702f800 RCX: 0000000000000000
[   25.901905][    C0] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffffffff8703007c
[   25.909843][    C0] RBP: fffffbfff0e05f00 R08: ffffffff8702f800 R09: 0000000000000000
[   25.917796][    C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   25.926353][    C0] R13: 0000000000000000 R14: ffffffff87e88e00 R15: 0000000000000000
[   25.934921][    C0]  do_idle+0x3e0/0x500
[   25.938959][    C0]  ? rcu_read_lock_held+0x9c/0xb0
[   25.943954][    C0]  ? arch_cpu_idle_exit+0x40/0x40
[   25.948960][    C0]  ? schedule+0xe1/0x2b0
[   25.953182][    C0]  cpu_startup_entry+0x14/0x20
[   25.957926][    C0]  start_kernel+0x9bb/0x9f8
[   25.962399][    C0]  ? mem_encrypt_init+0x5/0x5
[   25.967056][    C0]  ? x86_family+0x3d/0x50
[   25.971442][    C0]  ? load_ucode_bsp+0x23d/0x27d
[   25.976317][    C0]  secondary_startup_64+0xb6/0xc0
[   25.982010][    C0] Kernel Offset: disabled
[   25.986323][    C0] Rebooting in 86400 seconds..