Warning: Permanently added '10.128.0.156' (ECDSA) to the list of known hosts.
executing program
[ 53.486609][ T68] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 54.007281][ T68] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 54.016596][ T68] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 54.024570][ T68] usb 1-1: Product: syz
[ 54.028783][ T68] usb 1-1: Manufacturer: syz
[ 54.033379][ T68] usb 1-1: SerialNumber: syz
[ 54.077674][ T68] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 54.676602][ T68] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 55.096592][ C1] ==================================================================
[ 55.104800][ C1] BUG: KASAN: use-after-free in ath9k_hif_usb_rx_cb+0x3b1/0x1050
[ 55.112511][ C1] Read of size 49108 at addr ffff8881cdb08000 by task swapper/1/0
[ 55.120328][ C1]
[ 55.122640][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.8.0-rc1-syzkaller #0
[ 55.130555][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 55.140645][ C1] Call Trace:
[ 55.143945][ C1]
[ 55.146793][ C1] dump_stack+0xf6/0x16e
[ 55.151020][ C1] ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[ 55.159060][ C1] ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[ 55.164409][ C1] print_address_description.constprop.0.cold+0xd3/0x415
[ 55.171447][ C1] ? ath9k_hif_usb_rx_cb+0x247/0x1050
[ 55.176830][ C1] ? vprintk_func+0x93/0x133
[ 55.181400][ C1] ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[ 55.186748][ C1] kasan_report.cold+0x37/0x7c
[ 55.191492][ C1] ? rwlock_bug.part.0+0x40/0x90
[ 55.196428][ C1] ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[ 55.201786][ C1] check_memory_region+0x173/0x1d0
[ 55.206883][ C1] memcpy+0x20/0x60
[ 55.210694][ C1] ath9k_hif_usb_rx_cb+0x3b1/0x1050
[ 55.215889][ C1] ? lock_acquire+0x18b/0x7c0
[ 55.220572][ C1] ? kcov_remote_start+0xd9/0x390
[ 55.225583][ C1] ? __usb_hcd_giveback_urb+0x26f/0x550
[ 55.231125][ C1] ? hif_usb_mgmt_cb+0x310/0x310
[ 55.236052][ C1] ? do_raw_spin_lock+0x120/0x290
[ 55.241052][ C1] ? lock_downgrade+0x720/0x720
[ 55.245990][ C1] ? trace_hardirqs_off+0x27/0x1f0
[ 55.251450][ C1] __usb_hcd_giveback_urb+0x29a/0x550
[ 55.257435][ C1] usb_hcd_giveback_urb+0x368/0x420
[ 55.262620][ C1] dummy_timer+0x125e/0x32b4
[ 55.267383][ C1] ? dummy_udc_probe+0x980/0x980
[ 55.272322][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 55.277852][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 55.283226][ C1] call_timer_fn+0x1ac/0x6e0
[ 55.287940][ C1] ? dummy_udc_probe+0x980/0x980
[ 55.292962][ C1] ? msleep_interruptible+0x130/0x130
[ 55.298352][ C1] ? lock_downgrade+0x720/0x720
[ 55.304016][ C1] ? _raw_spin_unlock_irq+0x1f/0x30
[ 55.309198][ C1] ? lockdep_hardirqs_on_prepare+0x1bc/0x550
[ 55.315240][ C1] ? dummy_udc_probe+0x980/0x980
[ 55.320490][ C1] run_timer_softirq+0x5e5/0x14c0
[ 55.327478][ C1] ? add_timer+0x7b0/0x7b0
[ 55.332967][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 55.338512][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 55.345195][ C1] ? lockdep_hardirqs_on_prepare+0x1bc/0x550
[ 55.352383][ C1] __do_softirq+0x21e/0x996
[ 55.358067][ C1] asm_call_on_stack+0xf/0x20
[ 55.362998][ C1]
[ 55.365922][ C1] do_softirq_own_stack+0x109/0x140
[ 55.371105][ C1] irq_exit_rcu+0x16f/0x1a0
[ 55.375593][ C1] sysvec_apic_timer_interrupt+0xd3/0x1b0
[ 55.381290][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 55.387259][ C1] RIP: 0010:acpi_safe_halt+0x72/0x90
[ 55.392520][ C1] Code: 74 06 5b e9 c0 32 9f fb e8 bb 32 9f fb e8 c6 96 a4 fb e9 0c 00 00 00 e8 ac 32 9f fb 0f 00 2d 45 6e 84 00 e8 a0 32 9f fb fb f4 e8 b8 94 a4 fb 5b e9 92 32 9f fb 48 89 df e8 7a e1 c8 fb eb ab
[ 55.412549][ C1] RSP: 0018:ffff8881da22fc60 EFLAGS: 00000293
[ 55.418615][ C1] RAX: ffff8881da213200 RBX: 0000000000000000 RCX: 1ffffffff1014efa
[ 55.428931][ C1] RDX: 0000000000000000 RSI: ffffffff85a03aa0 RDI: ffff8881da213a38
[ 55.436889][ C1] RBP: ffff8881d8cca864 R08: 0000000000000000 R09: 0000000000000001
[ 55.444837][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881d8cca864
[ 55.452803][ C1] R13: 1ffff1103b445f96 R14: ffff8881d8cca865 R15: 0000000000000001
[ 55.460784][ C1] ? acpi_safe_halt+0x70/0x90
[ 55.465445][ C1] acpi_idle_do_entry+0xa9/0xe0
[ 55.470276][ C1] acpi_idle_enter+0x42b/0xac0
[ 55.475035][ C1] ? acpi_idle_enter_s2idle+0x190/0x190
[ 55.480765][ C1] ? kvm_sched_clock_read+0x14/0x30
[ 55.485948][ C1] ? sched_clock+0x5/0x10
[ 55.490373][ C1] ? sched_clock_cpu+0x18/0x170
[ 55.495221][ C1] cpuidle_enter_state+0xdb/0xc20
[ 55.500316][ C1] ? tick_nohz_idle_stop_tick+0x54f/0xb50
[ 55.506106][ C1] cpuidle_enter+0x4a/0xa0
[ 55.510702][ C1] do_idle+0x3c2/0x500
[ 55.514770][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 55.519861][ C1] ? do_idle+0x310/0x500
[ 55.524100][ C1] cpu_startup_entry+0x14/0x20
[ 55.528885][ C1] start_secondary+0x294/0x370
[ 55.533638][ C1] ? set_cpu_sibling_map+0x1e90/0x1e90
[ 55.539239][ C1] secondary_startup_64+0xb6/0xc0
[ 55.544236][ C1]
[ 55.546542][ C1] The buggy address belongs to the page:
[ 55.552157][ C1] page:ffffea000736c200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 head:ffffea000736c200 order:3 compound_mapcount:0 compound_pincount:0
[ 55.567315][ C1] flags: 0x200000000010000(head)
[ 55.572242][ C1] raw: 0200000000010000 dead000000000100 dead000000000122 0000000000000000
[ 55.580804][ C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 55.589364][ C1] page dumped because: kasan: bad access detected
[ 55.595922][ C1]
[ 55.598225][ C1] Memory state around the buggy address:
[ 55.603841][ C1] ffff8881cdb0ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 55.611896][ C1] ffff8881cdb0ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 55.620092][ C1] >ffff8881cdb10000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.628135][ C1] ^
[ 55.632198][ C1] ffff8881cdb10080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.640270][ C1] ffff8881cdb10100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.648325][ C1] ==================================================================
[ 55.656375][ C1] Disabling lock debugging due to kernel taint
[ 55.662513][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 55.669080][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 5.8.0-rc1-syzkaller #0
[ 55.678341][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 55.688715][ C1] Call Trace:
[ 55.691974][ C1]
[ 55.694812][ C1] dump_stack+0xf6/0x16e
[ 55.699033][ C1] ? ath9k_hif_usb_rx_cb+0x330/0x1050
[ 55.704388][ C1] panic+0x2aa/0x6e1
[ 55.708255][ C1] ? __warn_printk+0xf3/0xf3
[ 55.712816][ C1] ? _raw_spin_unlock_irqrestore+0x2a/0x40
[ 55.718608][ C1] ? trace_hardirqs_off+0x27/0x1f0
[ 55.723703][ C1] ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[ 55.729061][ C1] ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[ 55.734512][ C1] end_report+0x4d/0x53
[ 55.738658][ C1] kasan_report.cold+0x72/0x7c
[ 55.743395][ C1] ? rwlock_bug.part.0+0x40/0x90
[ 55.748303][ C1] ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[ 55.753645][ C1] check_memory_region+0x173/0x1d0
[ 55.758833][ C1] memcpy+0x20/0x60
[ 55.762625][ C1] ath9k_hif_usb_rx_cb+0x3b1/0x1050
[ 55.767797][ C1] ? lock_acquire+0x18b/0x7c0
[ 55.772459][ C1] ? kcov_remote_start+0xd9/0x390
[ 55.777454][ C1] ? __usb_hcd_giveback_urb+0x26f/0x550
[ 55.782988][ C1] ? hif_usb_mgmt_cb+0x310/0x310
[ 55.787910][ C1] ? do_raw_spin_lock+0x120/0x290
[ 55.792919][ C1] ? lock_downgrade+0x720/0x720
[ 55.797755][ C1] ? trace_hardirqs_off+0x27/0x1f0
[ 55.802839][ C1] __usb_hcd_giveback_urb+0x29a/0x550
[ 55.808200][ C1] usb_hcd_giveback_urb+0x368/0x420
[ 55.813374][ C1] dummy_timer+0x125e/0x32b4
[ 55.817939][ C1] ? dummy_udc_probe+0x980/0x980
[ 55.822883][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 55.828400][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 55.833655][ C1] call_timer_fn+0x1ac/0x6e0
[ 55.838233][ C1] ? dummy_udc_probe+0x980/0x980
[ 55.843144][ C1] ? msleep_interruptible+0x130/0x130
[ 55.848487][ C1] ? lock_downgrade+0x720/0x720
[ 55.853307][ C1] ? _raw_spin_unlock_irq+0x1f/0x30
[ 55.858488][ C1] ? lockdep_hardirqs_on_prepare+0x1bc/0x550
[ 55.864455][ C1] ? dummy_udc_probe+0x980/0x980
[ 55.869377][ C1] run_timer_softirq+0x5e5/0x14c0
[ 55.874373][ C1] ? add_timer+0x7b0/0x7b0
[ 55.878762][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 55.884287][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 55.889556][ C1] ? lockdep_hardirqs_on_prepare+0x1bc/0x550
[ 55.895506][ C1] __do_softirq+0x21e/0x996
[ 55.899982][ C1] asm_call_on_stack+0xf/0x20
[ 55.904625][ C1]
[ 55.907560][ C1] do_softirq_own_stack+0x109/0x140
[ 55.912743][ C1] irq_exit_rcu+0x16f/0x1a0
[ 55.917219][ C1] sysvec_apic_timer_interrupt+0xd3/0x1b0
[ 55.922912][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 55.928863][ C1] RIP: 0010:acpi_safe_halt+0x72/0x90
[ 55.934131][ C1] Code: 74 06 5b e9 c0 32 9f fb e8 bb 32 9f fb e8 c6 96 a4 fb e9 0c 00 00 00 e8 ac 32 9f fb 0f 00 2d 45 6e 84 00 e8 a0 32 9f fb fb f4 e8 b8 94 a4 fb 5b e9 92 32 9f fb 48 89 df e8 7a e1 c8 fb eb ab
[ 55.953834][ C1] RSP: 0018:ffff8881da22fc60 EFLAGS: 00000293
[ 55.959891][ C1] RAX: ffff8881da213200 RBX: 0000000000000000 RCX: 1ffffffff1014efa
[ 55.967859][ C1] RDX: 0000000000000000 RSI: ffffffff85a03aa0 RDI: ffff8881da213a38
[ 55.975805][ C1] RBP: ffff8881d8cca864 R08: 0000000000000000 R09: 0000000000000001
[ 55.983768][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881d8cca864
[ 55.991713][ C1] R13: 1ffff1103b445f96 R14: ffff8881d8cca865 R15: 0000000000000001
[ 55.999682][ C1] ? acpi_safe_halt+0x70/0x90
[ 56.004379][ C1] acpi_idle_do_entry+0xa9/0xe0
[ 56.009210][ C1] acpi_idle_enter+0x42b/0xac0
[ 56.013974][ C1] ? acpi_idle_enter_s2idle+0x190/0x190
[ 56.019495][ C1] ? kvm_sched_clock_read+0x14/0x30
[ 56.024686][ C1] ? sched_clock+0x5/0x10
[ 56.029112][ C1] ? sched_clock_cpu+0x18/0x170
[ 56.033951][ C1] cpuidle_enter_state+0xdb/0xc20
[ 56.038955][ C1] ? tick_nohz_idle_stop_tick+0x54f/0xb50
[ 56.044667][ C1] cpuidle_enter+0x4a/0xa0
[ 56.049063][ C1] do_idle+0x3c2/0x500
[ 56.053111][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 56.058203][ C1] ? do_idle+0x310/0x500
[ 56.062421][ C1] cpu_startup_entry+0x14/0x20
[ 56.067189][ C1] start_secondary+0x294/0x370
[ 56.072010][ C1] ? set_cpu_sibling_map+0x1e90/0x1e90
[ 56.077711][ C1] secondary_startup_64+0xb6/0xc0
[ 56.083476][ C1] Kernel Offset: disabled
[ 56.087906][ C1] Rebooting in 86400 seconds..