==================================================================
BUG: KASAN: stack-out-of-bounds in ath9k_hif_usb_rx_stream drivers/net/wireless/ath/ath9k/hif_usb.c:626 [inline]
BUG: KASAN: stack-out-of-bounds in ath9k_hif_usb_rx_cb+0xe11/0xf90 drivers/net/wireless/ath/ath9k/hif_usb.c:666
Write of size 8 at addr ffff8881da2578c8 by task ksoftirqd/1/16

CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.7.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xef/0x16e lib/dump_stack.c:118
 print_address_description.constprop.0.cold+0xd3/0x314 mm/kasan/report.c:382
 __kasan_report.cold+0x37/0x92 mm/kasan/report.c:511
 kasan_report+0x33/0x50 mm/kasan/common.c:625
 ath9k_hif_usb_rx_stream drivers/net/wireless/ath/ath9k/hif_usb.c:626 [inline]
 ath9k_hif_usb_rx_cb+0xe11/0xf90 drivers/net/wireless/ath/ath9k/hif_usb.c:666
 __usb_hcd_giveback_urb+0x1f2/0x470 drivers/usb/core/hcd.c:1648
 usb_hcd_giveback_urb+0x368/0x420 drivers/usb/core/hcd.c:1713
 dummy_timer+0x125e/0x32b4 drivers/usb/gadget/udc/dummy_hcd.c:1966
 call_timer_fn+0x1ac/0x700 kernel/time/timer.c:1405
 expire_timers kernel/time/timer.c:1450 [inline]
 __run_timers kernel/time/timer.c:1774 [inline]
 __run_timers kernel/time/timer.c:1741 [inline]
 run_timer_softirq+0x5f9/0x1500 kernel/time/timer.c:1787
 __do_softirq+0x21e/0x9aa kernel/softirq.c:292
 run_ksoftirqd kernel/softirq.c:604 [inline]
 run_ksoftirqd+0x1f/0x40 kernel/softirq.c:596
 smpboot_thread_fn+0x3e8/0x870 kernel/smpboot.c:165
 kthread+0x326/0x430 kernel/kthread.c:268
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352

The buggy address belongs to the page:
page:ffffea00076895c0 refcount:0 mapcount:0 mapping:00000000aabb68ae index:0x0
flags: 0x200000000000000()
raw: 0200000000000000 ffffea00076895c8 ffffea00076895c8 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected

addr ffff8881da2578c8 is located in stack of task ksoftirqd/1/16 at offset 128 in frame:
 ath9k_hif_usb_rx_cb+0x0/0xf90 drivers/net/wireless/ath/ath9k/hif_usb.c:165

this frame has 1 object:
 [48, 128) 'skb_pool'

Memory state around the buggy address:
 ffff8881da257780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8881da257800: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00
>ffff8881da257880: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00
                                              ^
 ffff8881da257900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8881da257980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================