Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
[ 13.424520][ C0] random: crng init done
[ 13.428789][ C0] random: 7 urandom warning(s) missed due to ratelimiting
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.1.39' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 20.422689][ T95] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 20.941630][ T95] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 20.950759][ T95] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 20.958808][ T95] usb 1-1: Product: syz
[ 20.963034][ T95] usb 1-1: Manufacturer: syz
[ 20.967611][ T95] usb 1-1: SerialNumber: syz
[ 21.013000][ T95] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 21.620780][ T95] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 22.669627][ T95] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 22.676740][ T95] ath9k_htc: Failed to initialize the device
executing program
[ 22.851278][ T162] usb 1-1: USB disconnect, device number 2
[ 22.871219][ T162] usb 1-1: ath9k_htc: USB layer deinitialized
[ 23.238988][ T162] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 23.758622][ T162] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 23.767690][ T162] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 23.775738][ T162] usb 1-1: Product: syz
[ 23.779972][ T162] usb 1-1: Manufacturer: syz
[ 23.784545][ T162] usb 1-1: SerialNumber: syz
[ 23.829377][ T162] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 24.397984][ T162] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 25.466935][ T162] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 25.474021][ T162] ath9k_htc: Failed to initialize the device
executing program
[ 25.638423][ T95] usb 1-1: USB disconnect, device number 3
[ 25.658136][ T95] usb 1-1: ath9k_htc: USB layer deinitialized
[ 26.026539][ T95] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[ 26.546163][ T95] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 26.555389][ T95] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 26.563500][ T95] usb 1-1: Product: syz
[ 26.567782][ T95] usb 1-1: Manufacturer: syz
[ 26.572359][ T95] usb 1-1: SerialNumber: syz
[ 26.616788][ T95] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 27.185645][ T95] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 28.264768][ T95] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 28.271890][ T95] ath9k_htc: Failed to initialize the device
executing program
[ 28.415969][ T162] usb 1-1: USB disconnect, device number 4
[ 28.436071][ T162] usb 1-1: ath9k_htc: USB layer deinitialized
[ 28.784416][ T162] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[ 29.314102][ T162] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 29.323174][ T162] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 29.331234][ T162] usb 1-1: Product: syz
[ 29.335453][ T162] usb 1-1: Manufacturer: syz
[ 29.340023][ T162] usb 1-1: SerialNumber: syz
[ 29.384898][ T162] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 29.953659][ T162] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 30.983301][ T162] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 30.990280][ T162] ath9k_htc: Failed to initialize the device
[ 30.996514][ C1] ==================================================================
[ 30.996584][ C1] BUG: KASAN: use-after-free in ath9k_hif_usb_rx_cb+0xe64/0xf90
[ 30.996595][ C1] Read of size 4 at addr ffff8881ccf5c0d0 by task kworker/1:3/162
[ 30.996598][ C1]
[ 30.996611][ C1] CPU: 1 PID: 162 Comm: kworker/1:3 Not tainted 5.7.0-rc5-syzkaller #0
[ 30.996618][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 30.996633][ C1] Workqueue: events request_firmware_work_func
[ 30.996639][ C1] Call Trace:
[ 30.996644][ C1]
[ 30.996657][ C1] dump_stack+0xef/0x16e
[ 30.996678][ C1] print_address_description.constprop.0.cold+0xd3/0x314
[ 30.996689][ C1] ? ath9k_hif_usb_rx_cb+0xe64/0xf90
[ 30.996699][ C1] __kasan_report.cold+0x37/0x92
[ 30.996711][ C1] ? ath9k_hif_usb_rx_cb+0xe64/0xf90
[ 30.996722][ C1] ? ath9k_hif_usb_rx_cb+0xe64/0xf90
[ 30.996732][ C1] kasan_report+0x33/0x50
[ 30.996744][ C1] ath9k_hif_usb_rx_cb+0xe64/0xf90
[ 30.996757][ C1] ? hif_usb_mgmt_cb+0x310/0x310
[ 30.996769][ C1] ? usb_hcd_unmap_urb_setup_for_dma+0x8a/0x470
[ 30.996781][ C1] ? do_raw_read_unlock+0x3b/0x70
[ 30.996794][ C1] ? _raw_read_unlock+0x1a/0x30
[ 30.996805][ C1] __usb_hcd_giveback_urb+0x1f2/0x470
[ 30.996816][ C1] usb_hcd_giveback_urb+0x368/0x420
[ 30.996841][ C1] dummy_timer+0x125e/0x32b4
[ 30.996855][ C1] ? dummy_udc_probe+0x980/0x980
[ 30.996868][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 30.996880][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 30.996892][ C1] call_timer_fn+0x1ac/0x700
[ 30.996904][ C1] ? dummy_udc_probe+0x980/0x980
[ 30.996915][ C1] ? timer_fixup_init+0x60/0x60
[ 30.996927][ C1] ? lock_downgrade+0x720/0x720
[ 30.996939][ C1] ? mark_held_locks+0x9f/0xe0
[ 30.996950][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 30.996960][ C1] ? _raw_spin_unlock_irq+0x1f/0x30
[ 30.996972][ C1] ? dummy_udc_probe+0x980/0x980
[ 30.996983][ C1] run_timer_softirq+0x5f9/0x1500
[ 30.996994][ C1] ? add_timer+0x7a0/0x7a0
[ 30.997007][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 30.997019][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 30.997029][ C1] ? mark_held_locks+0x9f/0xe0
[ 30.997042][ C1] __do_softirq+0x21e/0x9aa
[ 30.997055][ C1] irq_exit+0x178/0x1a0
[ 30.997067][ C1] smp_apic_timer_interrupt+0x141/0x540
[ 30.997080][ C1] apic_timer_interrupt+0xf/0x20
[ 30.997086][ C1]
[ 30.997101][ C1] RIP: 0010:console_unlock+0xa6b/0xca0
[ 30.997113][ C1] Code: 00 89 ee 48 c7 c7 20 d2 14 87 e8 50 cf 03 00 65 ff 0d f1 30 d8 7e e9 b5 f9 ff ff e8 4f 5f 16 00 e8 2a bb 1b 00 ff 74 24 30 9d 17 fe ff ff e8 3b 5f 16 00 48 8d 7d 08 48 89 f8 48 c1 e8 03 42
[ 30.997120][ C1] RSP: 0018:ffff8881ce3afa30 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 30.997132][ C1] RAX: 0000000000000007 RBX: 0000000000000200 RCX: 1ffffffff126c9bd
[ 30.997139][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881ce3a087c
[ 30.997146][ C1] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff126c8bd
[ 30.997154][ C1] R10: ffffffff893645e7 R11: fffffbfff126c8bc R12: ffffffff82aba0b0
[ 30.997161][ C1] R13: ffffffff874ee290 R14: 0000000000000042 R15: dffffc0000000000
[ 30.997174][ C1] ? netconsole_netdev_event+0x2a0/0x2a0
[ 30.997186][ C1] vprintk_emit+0x16d/0x3e0
[ 30.997197][ C1] vprintk_func+0x75/0x113
[ 30.997208][ C1] printk+0xba/0xed
[ 30.997219][ C1] ? kmsg_dump_rewind_nolock+0xd9/0xd9
[ 30.997232][ C1] ? usb_free_urb.part.0+0x52/0x110
[ 30.997244][ C1] ? ath9k_htc_hw_init.cold+0x5/0x2a
[ 30.997257][ C1] ? ath9k_htc_hw_init+0x3d/0x60
[ 30.997270][ C1] ath9k_htc_hw_init.cold+0x17/0x2a
[ 30.997283][ C1] ath9k_hif_usb_firmware_cb+0x274/0x510
[ 30.997297][ C1] ? ath9k_hif_usb_resume+0x320/0x320
[ 30.997309][ C1] request_firmware_work_func+0x126/0x242
[ 30.997322][ C1] ? request_firmware_into_buf+0x90/0x90
[ 30.997334][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 30.997347][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 30.997359][ C1] ? _raw_spin_unlock_irq+0x1f/0x30
[ 30.997370][ C1] process_one_work+0x965/0x1630
[ 30.997383][ C1] ? lock_release+0x720/0x720
[ 30.997394][ C1] ? pwq_dec_nr_in_flight+0x310/0x310
[ 30.997405][ C1] ? rwlock_bug.part.0+0x90/0x90
[ 30.997416][ C1] worker_thread+0x96/0xe20
[ 30.997427][ C1] ? process_one_work+0x1630/0x1630
[ 30.997439][ C1] kthread+0x326/0x430
[ 30.997452][ C1] ? kthread_create_on_node+0xf0/0xf0
[ 30.997464][ C1] ret_from_fork+0x24/0x30
[ 30.997469][ C1]
[ 30.997498][ C1] general protection fault, probably for non-canonical address 0xdead000000000400: 0000 [#1] SMP KASAN
[ 30.997509][ C1] CPU: 1 PID: 162 Comm: kworker/1:3 Not tainted 5.7.0-rc5-syzkaller #0
[ 30.997515][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 30.997526][ C1] Workqueue: events request_firmware_work_func
[ 30.997541][ C1] RIP: 0010:print_address_description.constprop.0.cold+0x124/0x314
[ 30.997551][ C1] Code: 00 f6 c4 02 0f 84 0f ff ff ff 48 89 e9 48 2b 0d 1c 00 85 05 4c 89 e0 4c 8b 6d 18 48 c1 f9 06 48 c1 e1 0c 48 03 0d 16 00 85 05 <41> 8b 7d 18 48 29 c8 48 99 48 f7 ff 4c 89 e0 48 29 d0 48 89 c2 0f
[ 30.997557][ C1] RSP: 0018:ffff8881db309858 EFLAGS: 00010086
[ 30.997565][ C1] RAX: ffff8881ccf5c0d0 RBX: 0000000000000004 RCX: ffff8881ccf5c000
[ 30.997572][ C1] RDX: 0000000000000000 RSI: ffffffff812a31fd RDI: ffffed103b6612fd
[ 30.997578][ C1] RBP: ffffea000733d700 R08: 0000000000000000 R09: ffffed103b6643c9
[ 30.997585][ C1] R10: ffff8881db321e43 R11: ffffed103b6643c8 R12: ffff8881ccf5c0d0
[ 30.997591][ C1] R13: dead000000000400 R14: 0000000000000000 R15: ffff8881cccea000
[ 30.997597][ C1] FS: 0000000000000000(0000) GS:ffff8881db300000(0000) knlGS:0000000000000000
[ 30.997607][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 30.997613][ C1] CR2: 0000000000000000 CR3: 00000001d022e000 CR4: 00000000001406e0
[ 30.997619][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 30.997625][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 30.997628][ C1] Call Trace:
[ 30.997632][ C1]
[ 30.997643][ C1] ? ath9k_hif_usb_rx_cb+0xe64/0xf90
[ 30.997651][ C1] __kasan_report.cold+0x37/0x92
[ 30.997663][ C1] ? ath9k_hif_usb_rx_cb+0xe64/0xf90
[ 30.997673][ C1] ? ath9k_hif_usb_rx_cb+0xe64/0xf90
[ 30.997681][ C1] kasan_report+0x33/0x50
[ 30.997692][ C1] ath9k_hif_usb_rx_cb+0xe64/0xf90
[ 30.997704][ C1] ? hif_usb_mgmt_cb+0x310/0x310
[ 30.997714][ C1] ? usb_hcd_unmap_urb_setup_for_dma+0x8a/0x470
[ 30.997723][ C1] ? do_raw_read_unlock+0x3b/0x70
[ 30.997732][ C1] ? _raw_read_unlock+0x1a/0x30
[ 30.997742][ C1] __usb_hcd_giveback_urb+0x1f2/0x470
[ 30.997751][ C1] usb_hcd_giveback_urb+0x368/0x420
[ 30.997762][ C1] dummy_timer+0x125e/0x32b4
[ 30.997776][ C1] ? dummy_udc_probe+0x980/0x980
[ 30.997787][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 30.997798][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 30.997808][ C1] call_timer_fn+0x1ac/0x700
[ 30.997818][ C1] ? dummy_udc_probe+0x980/0x980
[ 30.997834][ C1] ? timer_fixup_init+0x60/0x60
[ 30.997843][ C1] ? lock_downgrade+0x720/0x720
[ 30.997853][ C1] ? mark_held_locks+0x9f/0xe0
[ 30.997862][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 30.997872][ C1] ? _raw_spin_unlock_irq+0x1f/0x30
[ 30.997883][ C1] ? dummy_udc_probe+0x980/0x980
[ 30.997893][ C1] run_timer_softirq+0x5f9/0x1500
[ 30.997903][ C1] ? add_timer+0x7a0/0x7a0
[ 30.997914][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 30.997924][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 30.997934][ C1] ? mark_held_locks+0x9f/0xe0
[ 30.997945][ C1] __do_softirq+0x21e/0x9aa
[ 30.997955][ C1] irq_exit+0x178/0x1a0
[ 30.997966][ C1] smp_apic_timer_interrupt+0x141/0x540
[ 30.997977][ C1] apic_timer_interrupt+0xf/0x20
[ 30.997982][ C1]
[ 30.997993][ C1] RIP: 0010:console_unlock+0xa6b/0xca0
[ 30.998004][ C1] Code: 00 89 ee 48 c7 c7 20 d2 14 87 e8 50 cf 03 00 65 ff 0d f1 30 d8 7e e9 b5 f9 ff ff e8 4f 5f 16 00 e8 2a bb 1b 00 ff 74 24 30 9d 17 fe ff ff e8 3b 5f 16 00 48 8d 7d 08 48 89 f8 48 c1 e8 03 42
[ 30.998009][ C1] RSP: 0018:ffff8881ce3afa30 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 30.998019][ C1] RAX: 0000000000000007 RBX: 0000000000000200 RCX: 1ffffffff126c9bd
[ 30.998025][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881ce3a087c
[ 30.998031][ C1] RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff126c8bd
[ 30.998037][ C1] R10: ffffffff893645e7 R11: fffffbfff126c8bc R12: ffffffff82aba0b0
[ 30.998044][ C1] R13: ffffffff874ee290 R14: 0000000000000042 R15: dffffc0000000000
[ 30.998054][ C1] ? netconsole_netdev_event+0x2a0/0x2a0
[ 30.998064][ C1] vprintk_emit+0x16d/0x3e0
[ 30.998072][ C1] vprintk_func+0x75/0x113
[ 30.998080][ C1] printk+0xba/0xed
[ 30.998090][ C1] ? kmsg_dump_rewind_nolock+0xd9/0xd9
[ 30.998100][ C1] ? usb_free_urb.part.0+0x52/0x110
[ 30.998110][ C1] ? ath9k_htc_hw_init.cold+0x5/0x2a
[ 30.998121][ C1] ? ath9k_htc_hw_init+0x3d/0x60
[ 30.998131][ C1] ath9k_htc_hw_init.cold+0x17/0x2a
[ 30.998143][ C1] ath9k_hif_usb_firmware_cb+0x274/0x510
[ 30.998154][ C1] ? ath9k_hif_usb_resume+0x320/0x320
[ 30.998164][ C1] request_firmware_work_func+0x126/0x242
[ 30.998175][ C1] ? request_firmware_into_buf+0x90/0x90
[ 30.998185][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 30.998196][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 30.998206][ C1] ? _raw_spin_unlock_irq+0x1f/0x30
[ 30.998216][ C1] process_one_work+0x965/0x1630
[ 30.998226][ C1] ? lock_release+0x720/0x720
[ 30.998235][ C1] ? pwq_dec_nr_in_flight+0x310/0x310
[ 30.998245][ C1] ? rwlock_bug.part.0+0x90/0x90
[ 30.998252][ C1] worker_thread+0x96/0xe20
[ 30.998261][ C1] ? process_one_work+0x1630/0x1630
[ 30.998269][ C1] kthread+0x326/0x430
[ 30.998278][ C1] ? kthread_create_on_node+0xf0/0xf0
[ 30.998286][ C1] ret_from_fork+0x24/0x30
[ 30.998290][ C1] Modules linked in:
[ 30.998304][ C1] ---[ end trace 8fd099558e40893a ]---
[ 30.998316][ C1] RIP: 0010:print_address_description.constprop.0.cold+0x124/0x314
[ 30.998327][ C1] Code: 00 f6 c4 02 0f 84 0f ff ff ff 48 89 e9 48 2b 0d 1c 00 85 05 4c 89 e0 4c 8b 6d 18 48 c1 f9 06 48 c1 e1 0c 48 03 0d 16 00 85 05 <41> 8b 7d 18 48 29 c8 48 99 48 f7 ff 4c 89 e0 48 29 d0 48 89 c2 0f
[ 30.998332][ C1] RSP: 0018:ffff8881db309858 EFLAGS: 00010086
[ 30.998340][ C1] RAX: ffff8881ccf5c0d0 RBX: 0000000000000004 RCX: ffff8881ccf5c000
[ 30.998346][ C1] RDX: 0000000000000000 RSI: ffffffff812a31fd RDI: ffffed103b6612fd
[ 30.998352][ C1] RBP: ffffea000733d700 R08: 0000000000000000 R09: ffffed103b6643c9
[ 30.998359][ C1] R10: ffff8881db321e43 R11: ffffed103b6643c8 R12: ffff8881ccf5c0d0
[ 30.998364][ C1] R13: dead000000000400 R14: 0000000000000000 R15: ffff8881cccea000
[ 30.998373][ C1] FS: 0000000000000000(0000) GS:ffff8881db300000(0000) knlGS:0000000000000000
[ 30.998382][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 30.998396][ C1] CR2: 0000000000000000 CR3: 00000001d022e000 CR4: 00000000001406e0
[ 30.998402][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 30.998409][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 30.998414][ C1] Kernel panic - not syncing: Fatal exception in interrupt
[ 30.999234][ C1] Kernel Offset: disabled
[ 32.093193][ C1] Rebooting in 86400 seconds..