Warning: Permanently added '10.128.10.62' (ECDSA) to the list of known hosts.
executing program
[ 34.892221][ T17] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 35.411614][ T17] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 35.421221][ T17] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 35.429299][ T17] usb 1-1: Product: syz
[ 35.433811][ T17] usb 1-1: Manufacturer: syz
[ 35.438723][ T17] usb 1-1: SerialNumber: syz
[ 35.492560][ T17] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 36.091302][ T17] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 36.531275][ C1] ==================================================================
[ 36.539583][ C1] BUG: KASAN: use-after-free in ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 36.547313][ C1] Read of size 48922 at addr ffff8881cce00000 by task swapper/1/0
[ 36.555719][ C1]
[ 36.558199][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.9.0-rc8-syzkaller #0
[ 36.566312][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 36.576768][ C1] Call Trace:
[ 36.580350][ C1]
[ 36.583259][ C1] dump_stack+0x107/0x16e
[ 36.587751][ C1] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 36.593244][ C1] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 36.598818][ C1] print_address_description.constprop.0+0x1c/0x210
[ 36.606052][ C1] ? ath9k_hif_usb_rx_cb+0x23e/0xf80
[ 36.611351][ C1] ? vprintk_func+0x93/0x133
[ 36.616530][ C1] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 36.622239][ C1] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 36.627533][ C1] kasan_report.cold+0x37/0x7c
[ 36.632596][ C1] ? spin_bug+0xf0/0x100
[ 36.637037][ C1] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 36.642601][ C1] check_memory_region+0xf4/0x1c0
[ 36.647922][ C1] memcpy+0x20/0x60
[ 36.651757][ C1] ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 36.657010][ C1] ? kcov_remote_start+0xce/0x400
[ 36.662325][ C1] ? hif_usb_start+0xa0/0xa0
[ 36.666944][ C1] ? lock_downgrade+0x740/0x740
[ 36.671815][ C1] __usb_hcd_giveback_urb+0x32d/0x560
executing program
[ 36.677652][ C1] usb_hcd_giveback_urb+0x367/0x410
[ 36.683200][ C1] dummy_timer+0x11f2/0x3240
[ 36.688116][ C1] ? lock_downgrade+0x740/0x740
[ 36.693559][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 36.698556][ C1] call_timer_fn+0x1ac/0x6e0
[ 36.703448][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 36.708445][ C1] ? timer_fixup_init+0x60/0x60
[ 36.713501][ T72] usb 1-1: USB disconnect, device number 2
[ 36.713572][ C1] ? lock_downgrade+0x740/0x740
[ 36.724254][ C1] ? _raw_spin_unlock_irq+0x1f/0x30
[ 36.729489][ C1] ? lockdep_hardirqs_on_prepare+0x19c/0x4f0
[ 36.735499][ C1] ? trace_hardirqs_on+0x5f/0x200
[ 36.740554][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 36.745424][ C1] __run_timers.part.0+0x67c/0xa60
[ 36.750808][ C1] ? call_timer_fn+0x6e0/0x6e0
[ 36.755582][ C1] ? clockevents_program_event+0x12b/0x350
[ 36.761382][ C1] ? tick_program_event+0xa8/0x130
[ 36.766924][ C1] run_timer_softirq+0x80/0x120
[ 36.771964][ C1] __do_softirq+0x1af/0x92c
[ 36.776850][ C1] asm_call_irq_on_stack+0xf/0x20
[ 36.781963][ C1]
[ 36.785181][ C1] do_softirq_own_stack+0x71/0x90
[ 36.790215][ C1] irq_exit_rcu+0x110/0x1a0
[ 36.794720][ C1] sysvec_apic_timer_interrupt+0x43/0x90
[ 36.800767][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 36.807014][ C1] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[ 36.813070][ C1] Code: 4d 6c 88 fb 84 db 75 ac e8 d4 73 88 fb e8 7f 11 8e fb e9 0c 00 00 00 e8 c5 73 88 fb 0f 00 2d 5e 2c 6d 00 e8 b9 73 88 fb fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 74 6c 88 fb 48 85 db
[ 36.833528][ C1] RSP: 0018:ffff8881da257d20 EFLAGS: 00000293
[ 36.840114][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff1016b89
[ 36.848565][ C1] RDX: ffff8881da23b280 RSI: ffffffff85b79e07 RDI: ffffffff85b79df1
[ 36.856681][ C1] RBP: ffff8881d8d62864 R08: 0000000000000001 R09: 0000000000000001
[ 36.864960][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[ 36.873238][ C1] R13: ffff8881d8d62800 R14: ffff8881d8d62864 R15: ffff8881d6f30804
[ 36.881220][ C1] ? acpi_idle_do_entry+0x1c7/0x250
[ 36.886423][ C1] ? acpi_idle_do_entry+0x1b1/0x250
[ 36.891816][ C1] acpi_idle_enter+0x337/0x490
[ 36.896779][ C1] cpuidle_enter_state+0x19e/0xa10
[ 36.902040][ C1] ? tick_nohz_idle_stop_tick+0x526/0xb10
[ 36.908034][ C1] cpuidle_enter+0x4a/0xa0
[ 36.912455][ C1] do_idle+0x3d5/0x580
[ 36.916607][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 36.921950][ C1] ? lockdep_hardirqs_on_prepare+0x322/0x4f0
[ 36.927930][ C1] ? trace_hardirqs_on+0x5f/0x200
[ 36.932961][ C1] cpu_startup_entry+0x14/0x20
[ 36.937913][ C1] start_secondary+0x25b/0x320
[ 36.943083][ C1] ? set_cpu_sibling_map+0x1ff0/0x1ff0
[ 36.948548][ C1] secondary_startup_64+0xb6/0xc0
[ 36.953568][ C1]
[ 36.956052][ C1] The buggy address belongs to the page:
[ 36.961972][ C1] page:000000000d37f4ae refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1cce00
[ 36.972211][ C1] head:000000000d37f4ae order:3 compound_mapcount:0 compound_pincount:0
[ 36.980964][ C1] flags: 0x200000000010000(head)
[ 36.985997][ C1] raw: 0200000000010000 dead000000000100 dead000000000122 0000000000000000
[ 36.994673][ C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 37.003642][ C1] page dumped because: kasan: bad access detected
[ 37.010621][ C1]
[ 37.013409][ C1] Memory state around the buggy address:
[ 37.019215][ C1] ffff8881cce07f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 37.027821][ C1] ffff8881cce07f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 37.035892][ C1] >ffff8881cce08000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 37.044088][ C1] ^
[ 37.048162][ C1] ffff8881cce08080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 37.056584][ C1] ffff8881cce08100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 37.064891][ C1] ==================================================================
[ 37.073365][ C1] Disabling lock debugging due to kernel taint
[ 37.079526][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 37.086276][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 5.9.0-rc8-syzkaller #0
[ 37.095738][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 37.106549][ C1] Call Trace:
[ 37.110109][ C1]
[ 37.113178][ C1] dump_stack+0x107/0x16e
[ 37.117882][ C1] ? ath9k_hif_usb_rx_cb+0x310/0xf80
[ 37.123558][ C1] panic+0x2cb/0x702
[ 37.127789][ C1] ? __warn_printk+0xf3/0xf3
[ 37.132651][ C1] ? do_raw_spin_unlock+0x50/0x1f0
[ 37.138323][ C1] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 37.143824][ C1] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 37.149203][ C1] end_report+0x4d/0x53
[ 37.154066][ C1] kasan_report.cold+0x72/0x7c
[ 37.159055][ C1] ? spin_bug+0xf0/0x100
[ 37.163565][ C1] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 37.168868][ C1] check_memory_region+0xf4/0x1c0
[ 37.174112][ C1] memcpy+0x20/0x60
[ 37.177926][ C1] ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 37.183225][ C1] ? kcov_remote_start+0xce/0x400
[ 37.188508][ C1] ? hif_usb_start+0xa0/0xa0
[ 37.193264][ C1] ? lock_downgrade+0x740/0x740
[ 37.198299][ C1] __usb_hcd_giveback_urb+0x32d/0x560
[ 37.203891][ C1] usb_hcd_giveback_urb+0x367/0x410
[ 37.209265][ C1] dummy_timer+0x11f2/0x3240
[ 37.213856][ C1] ? lock_downgrade+0x740/0x740
[ 37.219042][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 37.223979][ C1] call_timer_fn+0x1ac/0x6e0
[ 37.228570][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 37.233648][ C1] ? timer_fixup_init+0x60/0x60
[ 37.238644][ C1] ? lock_downgrade+0x740/0x740
[ 37.243496][ C1] ? _raw_spin_unlock_irq+0x1f/0x30
[ 37.248690][ C1] ? lockdep_hardirqs_on_prepare+0x19c/0x4f0
[ 37.254832][ C1] ? trace_hardirqs_on+0x5f/0x200
[ 37.259861][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 37.264721][ C1] __run_timers.part.0+0x67c/0xa60
[ 37.269824][ C1] ? call_timer_fn+0x6e0/0x6e0
[ 37.274582][ C1] ? clockevents_program_event+0x12b/0x350
[ 37.280381][ C1] ? tick_program_event+0xa8/0x130
[ 37.285486][ C1] run_timer_softirq+0x80/0x120
[ 37.290443][ C1] __do_softirq+0x1af/0x92c
[ 37.295098][ C1] asm_call_irq_on_stack+0xf/0x20
[ 37.300516][ C1]
[ 37.303464][ C1] do_softirq_own_stack+0x71/0x90
[ 37.308651][ C1] irq_exit_rcu+0x110/0x1a0
[ 37.313255][ C1] sysvec_apic_timer_interrupt+0x43/0x90
[ 37.318883][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 37.325075][ C1] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[ 37.331046][ C1] Code: 4d 6c 88 fb 84 db 75 ac e8 d4 73 88 fb e8 7f 11 8e fb e9 0c 00 00 00 e8 c5 73 88 fb 0f 00 2d 5e 2c 6d 00 e8 b9 73 88 fb fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 74 6c 88 fb 48 85 db
[ 37.351283][ C1] RSP: 0018:ffff8881da257d20 EFLAGS: 00000293
[ 37.357348][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff1016b89
[ 37.365328][ C1] RDX: ffff8881da23b280 RSI: ffffffff85b79e07 RDI: ffffffff85b79df1
[ 37.373898][ C1] RBP: ffff8881d8d62864 R08: 0000000000000001 R09: 0000000000000001
[ 37.381940][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[ 37.390055][ C1] R13: ffff8881d8d62800 R14: ffff8881d8d62864 R15: ffff8881d6f30804
[ 37.398435][ C1] ? acpi_idle_do_entry+0x1c7/0x250
[ 37.403779][ C1] ? acpi_idle_do_entry+0x1b1/0x250
[ 37.409117][ C1] acpi_idle_enter+0x337/0x490
[ 37.414106][ C1] cpuidle_enter_state+0x19e/0xa10
[ 37.419216][ C1] ? tick_nohz_idle_stop_tick+0x526/0xb10
[ 37.424932][ C1] cpuidle_enter+0x4a/0xa0
[ 37.429347][ C1] do_idle+0x3d5/0x580
[ 37.433598][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 37.438621][ C1] ? lockdep_hardirqs_on_prepare+0x322/0x4f0
[ 37.444773][ C1] ? trace_hardirqs_on+0x5f/0x200
[ 37.449814][ C1] cpu_startup_entry+0x14/0x20
[ 37.454601][ C1] start_secondary+0x25b/0x320
[ 37.459362][ C1] ? set_cpu_sibling_map+0x1ff0/0x1ff0
[ 37.464815][ C1] secondary_startup_64+0xb6/0xc0
[ 37.469932][ C1] Kernel Offset: disabled
[ 37.474405][ C1] Rebooting in 86400 seconds..