Warning: Permanently added '10.128.0.207' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   23.757027][   T67] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   24.116646][   T67] usb 1-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[   24.127026][   T67] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 6
[   24.296452][   T67] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   24.305742][   T67] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   24.313885][   T67] usb 1-1: Product: syz
[   24.318144][   T67] usb 1-1: Manufacturer: syz
[   24.322768][   T67] usb 1-1: SerialNumber: syz
[   24.367478][   T67] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   25.005628][   T67] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   25.425126][    C1] ==================================================================
[   25.433388][    C1] BUG: KASAN: use-after-free in ath9k_hif_usb_rx_cb+0x3b1/0x1050
[   25.441192][    C1] Read of size 48644 at addr ffff8881cde98000 by task swapper/1/0
[   25.452209][    C1] 
[   25.454630][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.8.0-rc1-syzkaller #0
[   25.462731][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.473813][    C1] Call Trace:
[   25.477171][    C1]  <IRQ>
[   25.480098][    C1]  dump_stack+0xf6/0x16e
[   25.484333][    C1]  ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[   25.490646][    C1]  ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[   25.496110][    C1]  print_address_description.constprop.0.cold+0xd3/0x415
[   25.503127][    C1]  ? ath9k_hif_usb_rx_cb+0x247/0x1050
[   25.508511][    C1]  ? vprintk_func+0x93/0x133
[   25.513112][    C1]  ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[   25.518557][    C1]  kasan_report.cold+0x37/0x7c
[   25.523314][    C1]  ? rwlock_bug.part.0+0x40/0x90
[   25.528264][    C1]  ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[   25.533659][    C1]  check_memory_region+0x173/0x1d0
[   25.538800][    C1]  memcpy+0x20/0x60
[   25.542614][    C1]  ath9k_hif_usb_rx_cb+0x3b1/0x1050
[   25.547806][    C1]  ? lock_acquire+0x18b/0x7c0
[   25.552464][    C1]  ? kcov_remote_start+0xd9/0x390
[   25.558962][    C1]  ? __usb_hcd_giveback_urb+0x26f/0x550
[   25.564697][    C1]  ? hif_usb_mgmt_cb+0x310/0x310
[   25.569630][    C1]  ? do_raw_spin_lock+0x120/0x290
[   25.574656][    C1]  ? lock_downgrade+0x720/0x720
[   25.579504][    C1]  ? trace_hardirqs_off+0x27/0x1f0
[   25.584686][    C1]  __usb_hcd_giveback_urb+0x29a/0x550
[   25.590160][    C1]  usb_hcd_giveback_urb+0x368/0x420
[   25.595366][    C1]  dummy_timer+0x125e/0x32b4
[   25.600028][    C1]  ? dummy_udc_probe+0x980/0x980
[   25.604968][    C1]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   25.610522][    C1]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   25.615950][    C1]  call_timer_fn+0x1ac/0x6e0
[   25.620574][    C1]  ? dummy_udc_probe+0x980/0x980
[   25.625490][    C1]  ? msleep_interruptible+0x130/0x130
[   25.631070][    C1]  ? lock_downgrade+0x720/0x720
[   25.635926][    C1]  ? _raw_spin_unlock_irq+0x1f/0x30
[   25.641101][    C1]  ? lockdep_hardirqs_on_prepare+0x1bc/0x550
[   25.647075][    C1]  ? dummy_udc_probe+0x980/0x980
[   25.652002][    C1]  run_timer_softirq+0x5e5/0x14c0
[   25.657102][    C1]  ? add_timer+0x7b0/0x7b0
[   25.661508][    C1]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   25.667062][    C1]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   25.672357][    C1]  ? lockdep_hardirqs_on_prepare+0x1bc/0x550
[   25.678347][    C1]  __do_softirq+0x21e/0x996
[   25.682902][    C1]  asm_call_on_stack+0xf/0x20
[   25.688387][    C1]  </IRQ>
[   25.691453][    C1]  do_softirq_own_stack+0x109/0x140
[   25.696723][    C1]  irq_exit_rcu+0x16f/0x1a0
[   25.701230][    C1]  sysvec_apic_timer_interrupt+0xd3/0x1b0
[   25.706958][    C1]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   25.713021][    C1] RIP: 0010:acpi_safe_halt+0x72/0x90
[   25.718584][    C1] Code: 74 06 5b e9 c0 32 9f fb e8 bb 32 9f fb e8 c6 96 a4 fb e9 0c 00 00 00 e8 ac 32 9f fb 0f 00 2d 45 6e 84 00 e8 a0 32 9f fb fb f4 <fa> e8 b8 94 a4 fb 5b e9 92 32 9f fb 48 89 df e8 7a e1 c8 fb eb ab
[   25.738287][    C1] RSP: 0018:ffff8881da22fc60 EFLAGS: 00000293
[   25.744335][    C1] RAX: ffff8881da213200 RBX: 0000000000000000 RCX: 1ffffffff1014efa
[   25.753096][    C1] RDX: 0000000000000000 RSI: ffffffff85a03aa0 RDI: ffff8881da213a38
[   25.761064][    C1] RBP: ffff8881d8cca864 R08: 0000000000000000 R09: 0000000000000001
[   25.769142][    C1] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881d8cca864
[   25.777106][    C1] R13: 1ffff1103b445f96 R14: ffff8881d8cca865 R15: 0000000000000001
[   25.785062][    C1]  ? acpi_safe_halt+0x70/0x90
[   25.789716][    C1]  acpi_idle_do_entry+0xa9/0xe0
[   25.794566][    C1]  acpi_idle_enter+0x42b/0xac0
[   25.799381][    C1]  ? acpi_idle_enter_s2idle+0x190/0x190
[   25.804910][    C1]  ? kvm_sched_clock_read+0x14/0x30
[   25.810127][    C1]  ? sched_clock+0x5/0x10
[   25.814531][    C1]  ? sched_clock_cpu+0x18/0x170
[   25.819360][    C1]  cpuidle_enter_state+0xdb/0xc20
[   25.824383][    C1]  ? tick_nohz_idle_stop_tick+0x54f/0xb50
[   25.830201][    C1]  cpuidle_enter+0x4a/0xa0
[   25.834616][    C1]  do_idle+0x3c2/0x500
[   25.838662][    C1]  ? arch_cpu_idle_exit+0x40/0x40
[   25.843749][    C1]  cpu_startup_entry+0x14/0x20
[   25.848509][    C1]  start_secondary+0x294/0x370
[   25.853561][    C1]  ? set_cpu_sibling_map+0x1e90/0x1e90
[   25.859025][    C1]  secondary_startup_64+0xb6/0xc0
[   25.864028][    C1] 
[   25.866570][    C1] The buggy address belongs to the page:
[   25.872218][    C1] page:ffffea000737a600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 head:ffffea000737a600 order:3 compound_mapcount:0 compound_pincount:0
[   25.889469][    C1] flags: 0x200000000010000(head)
[   25.894721][    C1] raw: 0200000000010000 dead000000000100 dead000000000122 0000000000000000
[   25.903675][    C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   25.912439][    C1] page dumped because: kasan: bad access detected
[   25.919291][    C1] 
[   25.921708][    C1] Memory state around the buggy address:
[   25.927320][    C1]  ffff8881cde9ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.935502][    C1]  ffff8881cde9ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.943724][    C1] >ffff8881cdea0000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.951782][    C1]                    ^
[   25.955898][    C1]  ffff8881cdea0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.964043][    C1]  ffff8881cdea0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.972252][    C1] ==================================================================
[   25.980326][    C1] Disabling lock debugging due to kernel taint
[   25.986674][    C1] Kernel panic - not syncing: panic_on_warn set ...
[   25.993345][    C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B             5.8.0-rc1-syzkaller #0
[   26.002649][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.013111][    C1] Call Trace:
[   26.016673][    C1]  <IRQ>
[   26.019611][    C1]  dump_stack+0xf6/0x16e
[   26.023843][    C1]  ? ath9k_hif_usb_rx_cb+0x330/0x1050
[   26.029195][    C1]  panic+0x2aa/0x6e1
[   26.033082][    C1]  ? __warn_printk+0xf3/0xf3
[   26.037671][    C1]  ? _raw_spin_unlock_irqrestore+0x2a/0x40
[   26.043451][    C1]  ? trace_hardirqs_off+0x27/0x1f0
[   26.048552][    C1]  ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[   26.054069][    C1]  ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[   26.059413][    C1]  end_report+0x4d/0x53
[   26.063802][    C1]  kasan_report.cold+0x72/0x7c
[   26.068554][    C1]  ? rwlock_bug.part.0+0x40/0x90
[   26.073819][    C1]  ? ath9k_hif_usb_rx_cb+0x3b1/0x1050
[   26.079163][    C1]  check_memory_region+0x173/0x1d0
[   26.084781][    C1]  memcpy+0x20/0x60
[   26.088589][    C1]  ath9k_hif_usb_rx_cb+0x3b1/0x1050
[   26.094204][    C1]  ? lock_acquire+0x18b/0x7c0
[   26.098877][    C1]  ? kcov_remote_start+0xd9/0x390
[   26.104351][    C1]  ? __usb_hcd_giveback_urb+0x26f/0x550
[   26.109886][    C1]  ? hif_usb_mgmt_cb+0x310/0x310
[   26.114798][    C1]  ? do_raw_spin_lock+0x120/0x290
[   26.119805][    C1]  ? lock_downgrade+0x720/0x720
[   26.124634][    C1]  ? trace_hardirqs_off+0x27/0x1f0
[   26.129738][    C1]  __usb_hcd_giveback_urb+0x29a/0x550
[   26.135094][    C1]  usb_hcd_giveback_urb+0x368/0x420
[   26.140296][    C1]  dummy_timer+0x125e/0x32b4
[   26.144906][    C1]  ? dummy_udc_probe+0x980/0x980
[   26.149920][    C1]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   26.155448][    C1]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   26.160723][    C1]  call_timer_fn+0x1ac/0x6e0
[   26.165322][    C1]  ? dummy_udc_probe+0x980/0x980
[   26.170345][    C1]  ? msleep_interruptible+0x130/0x130
[   26.175875][    C1]  ? lock_downgrade+0x720/0x720
[   26.180818][    C1]  ? _raw_spin_unlock_irq+0x1f/0x30
[   26.186187][    C1]  ? lockdep_hardirqs_on_prepare+0x1bc/0x550
[   26.192299][    C1]  ? dummy_udc_probe+0x980/0x980
[   26.197325][    C1]  run_timer_softirq+0x5e5/0x14c0
[   26.202391][    C1]  ? add_timer+0x7b0/0x7b0
[   26.209057][    C1]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   26.214754][    C1]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   26.220024][    C1]  ? lockdep_hardirqs_on_prepare+0x1bc/0x550
[   26.225979][    C1]  __do_softirq+0x21e/0x996
[   26.230477][    C1]  asm_call_on_stack+0xf/0x20
[   26.235136][    C1]  </IRQ>
[   26.238061][    C1]  do_softirq_own_stack+0x109/0x140
[   26.243595][    C1]  irq_exit_rcu+0x16f/0x1a0
[   26.248512][    C1]  sysvec_apic_timer_interrupt+0xd3/0x1b0
[   26.254213][    C1]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   26.260167][    C1] RIP: 0010:acpi_safe_halt+0x72/0x90
[   26.265533][    C1] Code: 74 06 5b e9 c0 32 9f fb e8 bb 32 9f fb e8 c6 96 a4 fb e9 0c 00 00 00 e8 ac 32 9f fb 0f 00 2d 45 6e 84 00 e8 a0 32 9f fb fb f4 <fa> e8 b8 94 a4 fb 5b e9 92 32 9f fb 48 89 df e8 7a e1 c8 fb eb ab
[   26.285754][    C1] RSP: 0018:ffff8881da22fc60 EFLAGS: 00000293
[   26.291789][    C1] RAX: ffff8881da213200 RBX: 0000000000000000 RCX: 1ffffffff1014efa
[   26.300036][    C1] RDX: 0000000000000000 RSI: ffffffff85a03aa0 RDI: ffff8881da213a38
[   26.307998][    C1] RBP: ffff8881d8cca864 R08: 0000000000000000 R09: 0000000000000001
[   26.316473][    C1] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881d8cca864
[   26.324609][    C1] R13: 1ffff1103b445f96 R14: ffff8881d8cca865 R15: 0000000000000001
[   26.332572][    C1]  ? acpi_safe_halt+0x70/0x90
[   26.337649][    C1]  acpi_idle_do_entry+0xa9/0xe0
[   26.342568][    C1]  acpi_idle_enter+0x42b/0xac0
[   26.347311][    C1]  ? acpi_idle_enter_s2idle+0x190/0x190
[   26.353327][    C1]  ? kvm_sched_clock_read+0x14/0x30
[   26.358503][    C1]  ? sched_clock+0x5/0x10
[   26.362827][    C1]  ? sched_clock_cpu+0x18/0x170
[   26.367700][    C1]  cpuidle_enter_state+0xdb/0xc20
[   26.372713][    C1]  ? tick_nohz_idle_stop_tick+0x54f/0xb50
[   26.378688][    C1]  cpuidle_enter+0x4a/0xa0
[   26.383094][    C1]  do_idle+0x3c2/0x500
[   26.387167][    C1]  ? arch_cpu_idle_exit+0x40/0x40
[   26.392174][    C1]  cpu_startup_entry+0x14/0x20
[   26.396910][    C1]  start_secondary+0x294/0x370
[   26.401685][    C1]  ? set_cpu_sibling_map+0x1e90/0x1e90
[   26.407113][    C1]  secondary_startup_64+0xb6/0xc0
[   26.413268][    C1] Kernel Offset: disabled
[   26.417704][    C1] Rebooting in 86400 seconds..