==================================================================
BUG: KASAN: stack-out-of-bounds in ath9k_hif_usb_rx_stream drivers/net/wireless/ath/ath9k/hif_usb.c:626 [inline]
BUG: KASAN: stack-out-of-bounds in ath9k_hif_usb_rx_cb+0xdf6/0xf70 drivers/net/wireless/ath/ath9k/hif_usb.c:666
Write of size 8 at addr ffff8881da2078e8 by task ksoftirqd/0/9

CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xef/0x16e lib/dump_stack.c:118
 print_address_description.constprop.0.cold+0xd3/0x314 mm/kasan/report.c:374
 __kasan_report.cold+0x37/0x77 mm/kasan/report.c:506
 kasan_report+0xe/0x20 mm/kasan/common.c:641
 ath9k_hif_usb_rx_stream drivers/net/wireless/ath/ath9k/hif_usb.c:626 [inline]
 ath9k_hif_usb_rx_cb+0xdf6/0xf70 drivers/net/wireless/ath/ath9k/hif_usb.c:666
 __usb_hcd_giveback_urb+0x1f2/0x470 drivers/usb/core/hcd.c:1648
 usb_hcd_giveback_urb+0x368/0x420 drivers/usb/core/hcd.c:1713
 dummy_timer+0x1258/0x32ae drivers/usb/gadget/udc/dummy_hcd.c:1966
 call_timer_fn+0x195/0x6f0 kernel/time/timer.c:1404
 expire_timers kernel/time/timer.c:1449 [inline]
 __run_timers kernel/time/timer.c:1773 [inline]
 __run_timers kernel/time/timer.c:1740 [inline]
 run_timer_softirq+0x5f9/0x1500 kernel/time/timer.c:1786
 __do_softirq+0x21e/0x950 kernel/softirq.c:292
 run_ksoftirqd kernel/softirq.c:603 [inline]
 run_ksoftirqd+0x1f/0x40 kernel/softirq.c:595
 smpboot_thread_fn+0x3e8/0x870 kernel/smpboot.c:165
 kthread+0x318/0x420 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352

The buggy address belongs to the page:
page:ffffea00076881c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
flags: 0x200000000000000()
raw: 0200000000000000 ffffea00076881c8 ffffea00076881c8 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected

addr ffff8881da2078e8 is located in stack of task ksoftirqd/0/9 at offset 128 in frame:
 ath9k_hif_usb_rx_cb+0x0/0xf70 drivers/net/wireless/ath/ath9k/hif_usb.c:165

this frame has 1 object:
 [48, 128) 'skb_pool'

Memory state around the buggy address:
 ffff8881da207780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8881da207800: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1
>ffff8881da207880: f1 f1 f1 00 00 00 00 00 00 00 00 00 00 f3 f3 f3
                                                          ^
 ffff8881da207900: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8881da207980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================