Warning: Permanently added '10.128.0.224' (ECDSA) to the list of known hosts.
executing program
[ 53.918439][ T3695] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 54.298494][ T3695] usb 1-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[ 54.308772][ T3695] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 6
[ 54.488431][ T3695] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 54.497469][ T3695] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 54.505939][ T3695] usb 1-1: Product: syz
[ 54.510202][ T3695] usb 1-1: Manufacturer: syz
[ 54.514787][ T3695] usb 1-1: SerialNumber: syz
[ 54.563860][ T3695] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 55.198867][ T3695] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 55.638047][ C1] ==================================================================
[ 55.646285][ C1] BUG: KASAN: slab-out-of-bounds in ath9k_hif_usb_rx_cb+0x2ab/0x1010
[ 55.654347][ C1] Read of size 40655 at addr ffff88801b760000 by task swapper/1/0
[ 55.662127][ C1]
[ 55.664431][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.11.0-rc5-syzkaller #0
[ 55.672384][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 55.682429][ C1] Call Trace:
[ 55.685691][ C1]
[ 55.688534][ C1] dump_stack+0x137/0x1be
[ 55.692854][ C1] print_address_description+0x5f/0x3a0
[ 55.698390][ C1] kasan_report+0x15e/0x200
[ 55.702872][ C1] ? ath9k_hif_usb_rx_cb+0x2ab/0x1010
[ 55.708240][ C1] check_memory_region+0x2b5/0x2f0
[ 55.713330][ C1] ? ath9k_hif_usb_rx_cb+0x2ab/0x1010
[ 55.718692][ C1] memcpy+0x25/0x60
[ 55.722480][ C1] ath9k_hif_usb_rx_cb+0x2ab/0x1010
[ 55.727663][ C1] ? do_raw_spin_unlock+0x134/0x8a0
[ 55.732857][ C1] ? _raw_spin_unlock_irqrestore+0x40/0x60
[ 55.738651][ C1] ? kcov_remote_start+0x10f/0x420
[ 55.743759][ C1] __usb_hcd_giveback_urb+0x375/0x520
[ 55.749118][ C1] dummy_timer+0xa22/0x2e70
[ 55.753633][ C1] ? rcu_read_lock_sched_held+0x41/0xb0
[ 55.759156][ C1] ? dummy_free_streams+0x310/0x310
[ 55.764342][ C1] call_timer_fn+0x91/0x160
[ 55.768857][ C1] ? dummy_free_streams+0x310/0x310
[ 55.774053][ C1] __run_timers+0x6c0/0x8a0
[ 55.778548][ C1] run_timer_softirq+0x63/0xf0
[ 55.783300][ C1] __do_softirq+0x318/0x714
[ 55.787797][ C1] ? asm_call_irq_on_stack+0xf/0x20
[ 55.794040][ C1] asm_call_irq_on_stack+0xf/0x20
[ 55.799045][ C1]
[ 55.801968][ C1] do_softirq_own_stack+0x9a/0xe0
[ 55.806974][ C1] __irq_exit_rcu+0x1d8/0x200
[ 55.811634][ C1] irq_exit_rcu+0x5/0x20
[ 55.815855][ C1] sysvec_apic_timer_interrupt+0xe0/0xf0
[ 55.821465][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 55.827437][ C1] RIP: 0010:acpi_idle_enter+0x3c9/0x700
[ 55.832985][ C1] Code: 08 31 ff e8 59 d9 60 fd 48 83 e3 08 0f 85 06 01 00 00 e8 ca d0 66 fd e9 0c 00 00 00 e8 90 d4 60 fd 0f 00 2d 49 22 03 06 fb f4 <9c> 8f 44 24 10 48 8d 44 24 10 48 c1 e8 03 42 80 3c 38 00 74 0a 48
[ 55.852572][ C1] RSP: 0018:ffffc90000d47dc0 EFLAGS: 00000282
[ 55.858622][ C1] RAX: d4ffdc09d0d50600 RBX: 0000000000000000 RCX: ffffffff8f55ba03
[ 55.866585][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 55.874544][ C1] RBP: ffff888015198000 R08: ffffffff817dc360 R09: ffffed10022316f1
[ 55.882493][ C1] R10: ffffed10022316f1 R11: 0000000000000000 R12: ffff888143887004
[ 55.890442][ C1] R13: ffff888015198064 R14: 1ffff11028710e00 R15: dffffc0000000000
[ 55.898398][ C1] ? trace_hardirqs_on+0x30/0x80
[ 55.903328][ C1] cpuidle_enter_state+0x486/0xd50
[ 55.908427][ C1] cpuidle_enter+0x59/0x90
[ 55.912830][ C1] do_idle+0x315/0x530
[ 55.916904][ C1] cpu_startup_entry+0x15/0x20
[ 55.921656][ C1] secondary_startup_64_no_verify+0xb0/0xbb
[ 55.927539][ C1]
[ 55.929868][ C1] The buggy address belongs to the page:
[ 55.935485][ C1] page:000000004dbe8db0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1b760
[ 55.945615][ C1] head:000000004dbe8db0 order:3 compound_mapcount:0 compound_pincount:0
[ 55.953923][ C1] flags: 0xfff00000010000(head)
[ 55.958769][ C1] raw: 00fff00000010000 dead000000000100 dead000000000122 0000000000000000
[ 55.967337][ C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 55.975908][ C1] page dumped because: kasan: bad access detected
[ 55.982295][ C1]
[ 55.984596][ C1] Memory state around the buggy address:
[ 55.990205][ C1] ffff88801b767f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 55.998241][ C1] ffff88801b767f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 56.006289][ C1] >ffff88801b768000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 56.014334][ C1] ^
[ 56.021516][ C1] ffff88801b768080: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 56.029553][ C1] ffff88801b768100: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 56.037587][ C1] ==================================================================
[ 56.045619][ C1] Disabling lock debugging due to kernel taint
[ 56.051750][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 56.058319][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 5.11.0-rc5-syzkaller #0
[ 56.067662][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 56.077697][ C1] Call Trace:
[ 56.080957][ C1]
[ 56.083777][ C1] dump_stack+0x137/0x1be
[ 56.088114][ C1] ? panic+0x1f3/0x800
[ 56.092172][ C1] panic+0x291/0x800
[ 56.096055][ C1] kasan_report+0x1fb/0x200
[ 56.100533][ C1] ? ath9k_hif_usb_rx_cb+0x2ab/0x1010
[ 56.106851][ C1] check_memory_region+0x2b5/0x2f0
[ 56.111946][ C1] ? ath9k_hif_usb_rx_cb+0x2ab/0x1010
[ 56.117293][ C1] memcpy+0x25/0x60
[ 56.121094][ C1] ath9k_hif_usb_rx_cb+0x2ab/0x1010
[ 56.126280][ C1] ? do_raw_spin_unlock+0x134/0x8a0
[ 56.131467][ C1] ? _raw_spin_unlock_irqrestore+0x40/0x60
[ 56.137249][ C1] ? kcov_remote_start+0x10f/0x420
[ 56.142352][ C1] __usb_hcd_giveback_urb+0x375/0x520
[ 56.147702][ C1] dummy_timer+0xa22/0x2e70
[ 56.152208][ C1] ? rcu_read_lock_sched_held+0x41/0xb0
[ 56.157734][ C1] ? dummy_free_streams+0x310/0x310
[ 56.162933][ C1] call_timer_fn+0x91/0x160
[ 56.167428][ C1] ? dummy_free_streams+0x310/0x310
[ 56.172597][ C1] __run_timers+0x6c0/0x8a0
[ 56.177093][ C1] run_timer_softirq+0x63/0xf0
[ 56.181838][ C1] __do_softirq+0x318/0x714
[ 56.186336][ C1] ? asm_call_irq_on_stack+0xf/0x20
[ 56.191511][ C1] asm_call_irq_on_stack+0xf/0x20
[ 56.196512][ C1]
[ 56.199435][ C1] do_softirq_own_stack+0x9a/0xe0
[ 56.204436][ C1] __irq_exit_rcu+0x1d8/0x200
[ 56.209108][ C1] irq_exit_rcu+0x5/0x20
[ 56.213336][ C1] sysvec_apic_timer_interrupt+0xe0/0xf0
[ 56.218986][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 56.224952][ C1] RIP: 0010:acpi_idle_enter+0x3c9/0x700
[ 56.230506][ C1] Code: 08 31 ff e8 59 d9 60 fd 48 83 e3 08 0f 85 06 01 00 00 e8 ca d0 66 fd e9 0c 00 00 00 e8 90 d4 60 fd 0f 00 2d 49 22 03 06 fb f4 <9c> 8f 44 24 10 48 8d 44 24 10 48 c1 e8 03 42 80 3c 38 00 74 0a 48
[ 56.250088][ C1] RSP: 0018:ffffc90000d47dc0 EFLAGS: 00000282
[ 56.256146][ C1] RAX: d4ffdc09d0d50600 RBX: 0000000000000000 RCX: ffffffff8f55ba03
[ 56.264095][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 56.272051][ C1] RBP: ffff888015198000 R08: ffffffff817dc360 R09: ffffed10022316f1
[ 56.280030][ C1] R10: ffffed10022316f1 R11: 0000000000000000 R12: ffff888143887004
[ 56.287993][ C1] R13: ffff888015198064 R14: 1ffff11028710e00 R15: dffffc0000000000
[ 56.295942][ C1] ? trace_hardirqs_on+0x30/0x80
[ 56.300864][ C1] cpuidle_enter_state+0x486/0xd50
[ 56.305966][ C1] cpuidle_enter+0x59/0x90
[ 56.310378][ C1] do_idle+0x315/0x530
[ 56.314426][ C1] cpu_startup_entry+0x15/0x20
[ 56.319164][ C1] secondary_startup_64_no_verify+0xb0/0xbb
[ 56.325595][ C1] Kernel Offset: disabled
[ 56.329925][ C1] Rebooting in 86400 seconds..