[�[0;32m OK �[0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[�[0;32m OK �[0m] Started Getty on tty6.
[�[0;32m OK �[0m] Started Getty on tty5.
[�[0;32m OK �[0m] Started Getty on tty4.
[�[0;32m OK �[0m] Started Getty on tty3.
[�[0;32m OK �[0m] Started Getty on tty2.
[�[0;32m OK �[0m] Started Serial Getty on ttyS0.
[�[0;32m OK �[0m] Started Getty on tty1.
[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
Warning: Permanently added '10.128.1.11' (ECDSA) to the list of known hosts.
Debian GNU/Linux 9 syzkaller ttyS0
executing program
syzkaller login: [ 79.362373][ T35] audit: type=1400 audit(1613574520.663:8): avc: denied { execmem } for pid=8401 comm="syz-executor125" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[ 79.631947][ T2992] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 79.912292][ T2992] usb 1-1: too many configurations: 82, using maximum allowed: 8
[ 80.712041][ T2992] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 80.721139][ T2992] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 80.730358][ T2992] usb 1-1: Product: syz
[ 80.735284][ T2992] usb 1-1: Manufacturer: syz
[ 80.739878][ T2992] usb 1-1: SerialNumber: syz
[ 80.784655][ T2992] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 81.421858][ T2992] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 81.841836][ C0] ==================================================================
[ 81.850080][ C0] BUG: KASAN: slab-out-of-bounds in ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 81.858158][ C0] Read of size 48828 at addr ffff888035160000 by task swapper/0/0
[ 81.865949][ C0]
[ 81.868260][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.11.0-syzkaller #0
[ 81.875886][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 81.885941][ C0] Call Trace:
[ 81.889208][ C0]
[ 81.892052][ C0] dump_stack+0x107/0x163
[ 81.896378][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 81.901737][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 81.907108][ C0] print_address_description.constprop.0.cold+0x5b/0x2c6
[ 81.914128][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 81.919488][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 81.924845][ C0] kasan_report.cold+0x79/0xd5
[ 81.929627][ C0] ? rwlock_bug.part.0+0x10/0x90
[ 81.934576][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 81.939955][ C0] check_memory_region+0x13d/0x180
[ 81.945059][ C0] memcpy+0x20/0x60
[ 81.948857][ C0] ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 81.954053][ C0] ? hif_usb_start+0xa0/0xa0
[ 81.958645][ C0] ? __usb_hcd_giveback_urb+0x413/0x5c0
[ 81.964183][ C0] ? lock_downgrade+0x6d0/0x6d0
[ 81.969033][ C0] __usb_hcd_giveback_urb+0x2b0/0x5c0
[ 81.974413][ C0] usb_hcd_giveback_urb+0x367/0x410
[ 81.979624][ C0] dummy_timer+0x11f4/0x32a0
[ 81.984230][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 81.989001][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 81.993753][ C0] call_timer_fn+0x1a5/0x6b0
[ 81.998347][ C0] ? add_timer_on+0x4a0/0x4a0
[ 82.003023][ C0] ? lock_downgrade+0x6d0/0x6d0
[ 82.007864][ C0] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 82.014119][ C0] ? _raw_spin_unlock_irq+0x1f/0x40
[ 82.019323][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 82.024095][ C0] __run_timers.part.0+0x67c/0xa50
[ 82.029226][ C0] ? call_timer_fn+0x6b0/0x6b0
[ 82.033980][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 82.040221][ C0] ? kvm_sched_clock_read+0x14/0x40
[ 82.045406][ C0] ? sched_clock+0x2a/0x40
[ 82.049807][ C0] ? sched_clock_cpu+0x18/0x1f0
[ 82.054653][ C0] run_timer_softirq+0xb3/0x1d0
[ 82.059507][ C0] __do_softirq+0x29b/0x9f6
[ 82.064005][ C0] asm_call_irq_on_stack+0xf/0x20
[ 82.069033][ C0]
[ 82.071951][ C0] do_softirq_own_stack+0xaa/0xd0
[ 82.076980][ C0] irq_exit_rcu+0x134/0x200
[ 82.081472][ C0] sysvec_apic_timer_interrupt+0x4d/0x100
[ 82.087184][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 82.093155][ C0] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[ 82.098953][ C0] Code: 8d eb 74 f8 84 db 75 ac e8 a4 e3 74 f8 e8 ef b6 7a f8 e9 0c 00 00 00 e8 95 e3 74 f8 0f 00 2d 8e 92 ab 00 e8 89 e3 74 f8 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 04 ea 74 f8 48 85 db
[ 82.118562][ C0] RSP: 0018:ffffffff8ba07d60 EFLAGS: 00000293
[ 82.124642][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 82.132598][ C0] RDX: ffffffff8babc340 RSI: ffffffff88fdf497 RDI: 0000000000000000
[ 82.140574][ C0] RBP: ffff8881415a3864 R08: 0000000000000001 R09: 0000000000000001
[ 82.148541][ C0] R10: ffffffff8178aba8 R11: 0000000000000000 R12: 0000000000000001
[ 82.156496][ C0] R13: ffff8881415a3800 R14: ffff8881415a3864 R15: ffff888019577804
[ 82.164470][ C0] ? trace_hardirqs_on+0x38/0x1c0
[ 82.169490][ C0] ? acpi_idle_do_entry+0x1c7/0x250
[ 82.174684][ C0] acpi_idle_enter+0x361/0x500
[ 82.179453][ C0] cpuidle_enter_state+0x1b1/0xc80
[ 82.184575][ C0] cpuidle_enter+0x4a/0xa0
[ 82.189015][ C0] do_idle+0x3e1/0x590
[ 82.193081][ C0] ? arch_cpu_idle_exit+0x30/0x30
[ 82.198124][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe
[ 82.204379][ C0] cpu_startup_entry+0x14/0x20
[ 82.209142][ C0] start_kernel+0x46b/0x48c
[ 82.213655][ C0] secondary_startup_64_no_verify+0xb0/0xbb
[ 82.219555][ C0]
[ 82.221883][ C0] Allocated by task 2992:
[ 82.226193][ C0] kasan_save_stack+0x1b/0x40
[ 82.230875][ C0] ____kasan_kmalloc.constprop.0+0x7f/0xa0
[ 82.236685][ C0] __alloc_skb+0xae/0x5a0
[ 82.241003][ C0] ath9k_hif_usb_alloc_urbs+0x665/0x1040
[ 82.246629][ C0] ath9k_hif_usb_firmware_cb+0x148/0x530
[ 82.252256][ C0] request_firmware_work_func+0x12c/0x230
[ 82.257968][ C0] process_one_work+0x98d/0x15f0
[ 82.262898][ C0] worker_thread+0x64c/0x1120
[ 82.267576][ C0] kthread+0x3b1/0x4a0
[ 82.271646][ C0] ret_from_fork+0x1f/0x30
[ 82.276064][ C0]
[ 82.278368][ C0] The buggy address belongs to the object at ffff888035160000
[ 82.278368][ C0] which belongs to the cache kmalloc-32k of size 32768
[ 82.292589][ C0] The buggy address is located 0 bytes inside of
[ 82.292589][ C0] 32768-byte region [ffff888035160000, ffff888035168000)
[ 82.305866][ C0] The buggy address belongs to the page:
[ 82.311510][ C0] page:00000000ec4a9a24 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35160
[ 82.321666][ C0] head:00000000ec4a9a24 order:4 compound_mapcount:0 compound_pincount:0
[ 82.329977][ C0] flags: 0xfff00000010200(slab|head)
[ 82.335256][ C0] raw: 00fff00000010200 ffffea0000d44c08 ffffea0000d1d808 ffff888010c40c00
[ 82.343826][ C0] raw: 0000000000000000 ffff888035160000 0000000100000001 0000000000000000
[ 82.352404][ C0] page dumped because: kasan: bad access detected
[ 82.358818][ C0]
[ 82.361125][ C0] Memory state around the buggy address:
[ 82.366738][ C0] ffff888035167f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 82.374809][ C0] ffff888035167f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 82.382862][ C0] >ffff888035168000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 82.390912][ C0] ^
[ 82.394970][ C0] ffff888035168080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 82.403020][ C0] ffff888035168100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 82.411067][ C0] ==================================================================
[ 82.419119][ C0] Disabling lock debugging due to kernel taint
[ 82.425248][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 82.431838][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 5.11.0-syzkaller #0
[ 82.440850][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 82.450903][ C0] Call Trace:
[ 82.454173][ C0]
[ 82.457001][ C0] dump_stack+0x107/0x163
[ 82.461320][ C0] ? ath9k_hif_usb_rx_cb+0x350/0x1050
[ 82.466691][ C0] panic+0x306/0x73d
[ 82.470570][ C0] ? __warn_printk+0xf3/0xf3
[ 82.475157][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 82.480530][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 82.485888][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 82.491257][ C0] end_report+0x58/0x5e
[ 82.495416][ C0] kasan_report.cold+0x67/0xd5
[ 82.500175][ C0] ? rwlock_bug.part.0+0x10/0x90
[ 82.505099][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 82.510484][ C0] check_memory_region+0x13d/0x180
[ 82.515642][ C0] memcpy+0x20/0x60
[ 82.519445][ C0] ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 82.524646][ C0] ? hif_usb_start+0xa0/0xa0
[ 82.529221][ C0] ? __usb_hcd_giveback_urb+0x413/0x5c0
[ 82.534765][ C0] ? lock_downgrade+0x6d0/0x6d0
[ 82.539621][ C0] __usb_hcd_giveback_urb+0x2b0/0x5c0
[ 82.544987][ C0] usb_hcd_giveback_urb+0x367/0x410
[ 82.550181][ C0] dummy_timer+0x11f4/0x32a0
[ 82.554772][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 82.559531][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 82.564285][ C0] call_timer_fn+0x1a5/0x6b0
[ 82.568870][ C0] ? add_timer_on+0x4a0/0x4a0
[ 82.573567][ C0] ? lock_downgrade+0x6d0/0x6d0
[ 82.578401][ C0] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 82.584639][ C0] ? _raw_spin_unlock_irq+0x1f/0x40
[ 82.589860][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 82.594610][ C0] __run_timers.part.0+0x67c/0xa50
[ 82.599707][ C0] ? call_timer_fn+0x6b0/0x6b0
[ 82.604451][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 82.610687][ C0] ? kvm_sched_clock_read+0x14/0x40
[ 82.615865][ C0] ? sched_clock+0x2a/0x40
[ 82.620263][ C0] ? sched_clock_cpu+0x18/0x1f0
[ 82.625097][ C0] run_timer_softirq+0xb3/0x1d0
[ 82.629940][ C0] __do_softirq+0x29b/0x9f6
[ 82.634426][ C0] asm_call_irq_on_stack+0xf/0x20
[ 82.639431][ C0]
[ 82.642344][ C0] do_softirq_own_stack+0xaa/0xd0
[ 82.647354][ C0] irq_exit_rcu+0x134/0x200
[ 82.651852][ C0] sysvec_apic_timer_interrupt+0x4d/0x100
[ 82.657567][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 82.663542][ C0] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[ 82.669336][ C0] Code: 8d eb 74 f8 84 db 75 ac e8 a4 e3 74 f8 e8 ef b6 7a f8 e9 0c 00 00 00 e8 95 e3 74 f8 0f 00 2d 8e 92 ab 00 e8 89 e3 74 f8 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 04 ea 74 f8 48 85 db
[ 82.688930][ C0] RSP: 0018:ffffffff8ba07d60 EFLAGS: 00000293
[ 82.694987][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 82.702942][ C0] RDX: ffffffff8babc340 RSI: ffffffff88fdf497 RDI: 0000000000000000
[ 82.710906][ C0] RBP: ffff8881415a3864 R08: 0000000000000001 R09: 0000000000000001
[ 82.718859][ C0] R10: ffffffff8178aba8 R11: 0000000000000000 R12: 0000000000000001
[ 82.726811][ C0] R13: ffff8881415a3800 R14: ffff8881415a3864 R15: ffff888019577804
[ 82.734777][ C0] ? trace_hardirqs_on+0x38/0x1c0
[ 82.739789][ C0] ? acpi_idle_do_entry+0x1c7/0x250
[ 82.744972][ C0] acpi_idle_enter+0x361/0x500
[ 82.749730][ C0] cpuidle_enter_state+0x1b1/0xc80
[ 82.754824][ C0] cpuidle_enter+0x4a/0xa0
[ 82.759260][ C0] do_idle+0x3e1/0x590
[ 82.763315][ C0] ? arch_cpu_idle_exit+0x30/0x30
[ 82.768329][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe
[ 82.774562][ C0] cpu_startup_entry+0x14/0x20
[ 82.779343][ C0] start_kernel+0x46b/0x48c
[ 82.783829][ C0] secondary_startup_64_no_verify+0xb0/0xbb
[ 82.790267][ C0] Kernel Offset: disabled
[ 82.794585][ C0] Rebooting in 86400 seconds..