Warning: Permanently added '10.128.0.168' (ECDSA) to the list of known hosts.
syzkaller login: [ 52.839174][ T8402] IPVS: ftp: loaded support on port[0] = 21
executing program
[ 53.193386][ T4100] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 53.713359][ T4100] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 53.722740][ T4100] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 53.732106][ T4100] usb 1-1: Product: syz
[ 53.736947][ T4100] usb 1-1: Manufacturer: syz
[ 53.741556][ T4100] usb 1-1: SerialNumber: syz
[ 53.785300][ T4100] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 54.393148][ T4100] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 54.812966][ C1] ==================================================================
[ 54.821343][ C1] BUG: KASAN: slab-out-of-bounds in ath9k_hif_usb_rx_cb+0x2ab/0x1010
[ 54.829419][ C1] Read of size 49126 at addr ffff8880191f8000 by task swapper/1/0
[ 54.837203][ C1]
[ 54.839523][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.11.0-syzkaller #0
[ 54.847131][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 54.857169][ C1] Call Trace:
[ 54.860436][ C1]
[ 54.863275][ C1] dump_stack+0x137/0x1be
[ 54.867594][ C1] print_address_description+0x5f/0x3a0
[ 54.873124][ C1] kasan_report+0x15e/0x200
[ 54.877642][ C1] ? ath9k_hif_usb_rx_cb+0x2ab/0x1010
[ 54.883010][ C1] check_memory_region+0x2b5/0x2f0
[ 54.889001][ C1] ? ath9k_hif_usb_rx_cb+0x2ab/0x1010
[ 54.894376][ C1] memcpy+0x25/0x60
[ 54.898169][ C1] ath9k_hif_usb_rx_cb+0x2ab/0x1010
[ 54.903352][ C1] ? do_raw_spin_unlock+0x134/0x8a0
[ 54.908541][ C1] ? _raw_spin_unlock_irqrestore+0x40/0x60
[ 54.914328][ C1] ? kcov_remote_start+0x10f/0x420
[ 54.919421][ C1] ? do_raw_read_unlock+0x42/0xf0
[ 54.924441][ C1] __usb_hcd_giveback_urb+0x375/0x520
[ 54.929816][ C1] dummy_timer+0xa22/0x2e70
[ 54.934330][ C1] ? rcu_read_lock_sched_held+0x41/0xb0
[ 54.939868][ C1] ? dummy_free_streams+0x310/0x310
[ 54.945042][ C1] call_timer_fn+0x91/0x160
[ 54.949528][ C1] ? dummy_free_streams+0x310/0x310
[ 54.954771][ C1] __run_timers+0x6c0/0x8a0
[ 54.959283][ C1] run_timer_softirq+0x63/0xf0
[ 54.964202][ C1] __do_softirq+0x318/0x714
[ 54.968884][ C1] ? asm_call_irq_on_stack+0xf/0x20
[ 54.974069][ C1] asm_call_irq_on_stack+0xf/0x20
[ 54.979097][ C1]
[ 54.982034][ C1] do_softirq_own_stack+0x9a/0xe0
[ 54.987054][ C1] __irq_exit_rcu+0x1d8/0x200
[ 54.991716][ C1] irq_exit_rcu+0x5/0x20
[ 54.995936][ C1] sysvec_apic_timer_interrupt+0xe0/0xf0
[ 55.001561][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 55.007518][ C1] RIP: 0010:acpi_idle_enter+0x3c9/0x700
[ 55.013043][ C1] Code: 08 31 ff e8 79 5f 60 fd 48 83 e3 08 0f 85 06 01 00 00 e8 0a 57 66 fd e9 0c 00 00 00 e8 b0 5a 60 fd 0f 00 2d 39 8e 02 06 fb f4 <9c> 8f 44 24 10 48 8d 44 24 10 48 c1 e8 03 42 80 3c 38 00 74 0a 48
[ 55.032678][ C1] RSP: 0018:ffffc90000d47dc0 EFLAGS: 00000282
[ 55.038756][ C1] RAX: aba4ab126157c300 RBX: 0000000000000000 RCX: ffffffff8ff5ca03
[ 55.046728][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 55.054684][ C1] RBP: ffff888015842800 R08: ffffffff817ddd30 R09: ffffed10023b46f1
[ 55.062639][ C1] R10: ffffed10023b46f1 R11: 0000000000000000 R12: ffff8880180c7004
[ 55.070598][ C1] R13: ffff888015842864 R14: 1ffff11003018e00 R15: dffffc0000000000
[ 55.078566][ C1] ? trace_hardirqs_on+0x30/0x80
[ 55.083516][ C1] cpuidle_enter_state+0x486/0xd50
[ 55.088617][ C1] cpuidle_enter+0x59/0x90
[ 55.093034][ C1] do_idle+0x315/0x530
[ 55.097090][ C1] cpu_startup_entry+0x15/0x20
[ 55.101830][ C1] secondary_startup_64_no_verify+0xb0/0xbb
[ 55.107710][ C1]
[ 55.110015][ C1] The buggy address belongs to the page:
[ 55.115631][ C1] page:00000000f3d37e67 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x191f8
[ 55.125853][ C1] head:00000000f3d37e67 order:3 compound_mapcount:0 compound_pincount:0
[ 55.134152][ C1] flags: 0xfff00000010000(head)
[ 55.138982][ C1] raw: 00fff00000010000 dead000000000100 dead000000000122 0000000000000000
[ 55.147542][ C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 55.156097][ C1] page dumped because: kasan: bad access detected
[ 55.162480][ C1]
[ 55.164784][ C1] Memory state around the buggy address:
[ 55.170388][ C1] ffff888019200000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 55.178426][ C1] ffff888019200080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 55.186471][ C1] >ffff888019200100: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 55.194537][ C1] ^
[ 55.199116][ C1] ffff888019200180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 55.207153][ C1] ffff888019200200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 55.215188][ C1] ==================================================================
[ 55.223222][ C1] Disabling lock debugging due to kernel taint
[ 55.229359][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 55.235930][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 5.11.0-syzkaller #0
[ 55.244921][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 55.254952][ C1] Call Trace:
[ 55.258209][ C1]
[ 55.261031][ C1] dump_stack+0x137/0x1be
[ 55.265338][ C1] ? panic+0x1f3/0x800
[ 55.269406][ C1] panic+0x291/0x800
[ 55.273628][ C1] kasan_report+0x1fb/0x200
[ 55.278105][ C1] ? ath9k_hif_usb_rx_cb+0x2ab/0x1010
[ 55.283450][ C1] check_memory_region+0x2b5/0x2f0
[ 55.288537][ C1] ? ath9k_hif_usb_rx_cb+0x2ab/0x1010
[ 55.293881][ C1] memcpy+0x25/0x60
[ 55.297662][ C1] ath9k_hif_usb_rx_cb+0x2ab/0x1010
[ 55.302835][ C1] ? do_raw_spin_unlock+0x134/0x8a0
[ 55.308009][ C1] ? _raw_spin_unlock_irqrestore+0x40/0x60
[ 55.313788][ C1] ? kcov_remote_start+0x10f/0x420
[ 55.318871][ C1] ? do_raw_read_unlock+0x42/0xf0
[ 55.323870][ C1] __usb_hcd_giveback_urb+0x375/0x520
[ 55.329217][ C1] dummy_timer+0xa22/0x2e70
[ 55.333704][ C1] ? rcu_read_lock_sched_held+0x41/0xb0
[ 55.339383][ C1] ? dummy_free_streams+0x310/0x310
[ 55.344570][ C1] call_timer_fn+0x91/0x160
[ 55.349056][ C1] ? dummy_free_streams+0x310/0x310
[ 55.354244][ C1] __run_timers+0x6c0/0x8a0
[ 55.358729][ C1] run_timer_softirq+0x63/0xf0
[ 55.363468][ C1] __do_softirq+0x318/0x714
[ 55.367951][ C1] ? asm_call_irq_on_stack+0xf/0x20
[ 55.373126][ C1] asm_call_irq_on_stack+0xf/0x20
[ 55.378145][ C1]
[ 55.381054][ C1] do_softirq_own_stack+0x9a/0xe0
[ 55.386058][ C1] __irq_exit_rcu+0x1d8/0x200
[ 55.390715][ C1] irq_exit_rcu+0x5/0x20
[ 55.394932][ C1] sysvec_apic_timer_interrupt+0xe0/0xf0
[ 55.400557][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 55.406522][ C1] RIP: 0010:acpi_idle_enter+0x3c9/0x700
[ 55.412049][ C1] Code: 08 31 ff e8 79 5f 60 fd 48 83 e3 08 0f 85 06 01 00 00 e8 0a 57 66 fd e9 0c 00 00 00 e8 b0 5a 60 fd 0f 00 2d 39 8e 02 06 fb f4 <9c> 8f 44 24 10 48 8d 44 24 10 48 c1 e8 03 42 80 3c 38 00 74 0a 48
[ 55.431742][ C1] RSP: 0018:ffffc90000d47dc0 EFLAGS: 00000282
[ 55.437795][ C1] RAX: aba4ab126157c300 RBX: 0000000000000000 RCX: ffffffff8ff5ca03
[ 55.445762][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 55.453714][ C1] RBP: ffff888015842800 R08: ffffffff817ddd30 R09: ffffed10023b46f1
[ 55.461662][ C1] R10: ffffed10023b46f1 R11: 0000000000000000 R12: ffff8880180c7004
[ 55.469615][ C1] R13: ffff888015842864 R14: 1ffff11003018e00 R15: dffffc0000000000
[ 55.477569][ C1] ? trace_hardirqs_on+0x30/0x80
[ 55.482495][ C1] cpuidle_enter_state+0x486/0xd50
[ 55.487586][ C1] cpuidle_enter+0x59/0x90
[ 55.491983][ C1] do_idle+0x315/0x530
[ 55.496048][ C1] cpu_startup_entry+0x15/0x20
[ 55.500786][ C1] secondary_startup_64_no_verify+0xb0/0xbb
[ 55.507437][ C1] Kernel Offset: disabled
[ 55.511750][ C1] Rebooting in 86400 seconds..