[�[0;32m OK �[0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
Debian GNU/Linux 9 syzkaller ttyS0
syzkaller login: [ 14.967844][ C1] random: crng init done
[ 14.972211][ C1] random: 7 urandom warning(s) missed due to ratelimiting
Warning: Permanently added '10.128.0.160' (ECDSA) to the list of known hosts.
executing program
[ 21.764617][ T68] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 22.283768][ T68] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 22.292883][ T68] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 22.300939][ T68] usb 1-1: Product: syz
[ 22.305178][ T68] usb 1-1: Manufacturer: syz
[ 22.309749][ T68] usb 1-1: SerialNumber: syz
[ 22.354562][ T68] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 22.953244][ T68] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 24.002426][ T68] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 24.009463][ T68] ath9k_htc: Failed to initialize the device
[ 24.112490][ C1] ==================================================================
[ 24.120680][ C1] BUG: KASAN: use-after-free in ath9k_hif_usb_rx_cb+0xdb4/0x1050
[ 24.128405][ C1] Read of size 4 at addr ffff8881cd34c090 by task swapper/1/0
[ 24.135839][ C1]
[ 24.138158][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.8.0-rc1-syzkaller #0
[ 24.146067][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.156093][ C1] Call Trace:
[ 24.159352][ C1]
[ 24.162183][ C1] dump_stack+0xf6/0x16e
[ 24.166474][ C1] ? ath9k_hif_usb_rx_cb+0xdb4/0x1050
[ 24.171823][ C1] ? ath9k_hif_usb_rx_cb+0xdb4/0x1050
[ 24.177182][ C1] print_address_description.constprop.0.cold+0xd3/0x415
[ 24.184179][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 24.189436][ C1] ? __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 24.195221][ C1] ? vprintk_func+0x93/0x133
[ 24.199783][ C1] ? ath9k_hif_usb_rx_cb+0xdb4/0x1050
[ 24.205135][ C1] kasan_report.cold+0x37/0x7c
[ 24.209878][ C1] ? ath9k_hif_usb_rx_cb+0xdb4/0x1050
[ 24.215221][ C1] ath9k_hif_usb_rx_cb+0xdb4/0x1050
[ 24.220391][ C1] ? hif_usb_mgmt_cb+0x310/0x310
[ 24.225302][ C1] ? do_raw_spin_lock+0x120/0x290
[ 24.230297][ C1] ? lock_downgrade+0x720/0x720
[ 24.235207][ C1] ? trace_hardirqs_off+0x27/0x1f0
[ 24.240305][ C1] __usb_hcd_giveback_urb+0x29a/0x550
[ 24.245670][ C1] usb_hcd_giveback_urb+0x368/0x420
[ 24.250867][ C1] dummy_timer+0x125e/0x32b4
[ 24.255442][ C1] ? dummy_udc_probe+0x980/0x980
[ 24.260361][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 24.265887][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 24.271156][ C1] call_timer_fn+0x1ac/0x6e0
[ 24.275721][ C1] ? dummy_udc_probe+0x980/0x980
[ 24.280641][ C1] ? msleep_interruptible+0x130/0x130
[ 24.285995][ C1] ? lock_downgrade+0x720/0x720
[ 24.290845][ C1] ? _raw_spin_unlock_irq+0x1f/0x30
[ 24.296018][ C1] ? lockdep_hardirqs_on_prepare+0x1bc/0x550
[ 24.301976][ C1] ? dummy_udc_probe+0x980/0x980
[ 24.306890][ C1] run_timer_softirq+0x5e5/0x14c0
[ 24.311907][ C1] ? add_timer+0x7b0/0x7b0
[ 24.316298][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 24.321852][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 24.327115][ C1] ? lockdep_hardirqs_on_prepare+0x1bc/0x550
[ 24.333095][ C1] __do_softirq+0x21e/0x996
[ 24.337598][ C1] asm_call_on_stack+0xf/0x20
[ 24.342245][ C1]
[ 24.345182][ C1] do_softirq_own_stack+0x109/0x140
[ 24.350368][ C1] irq_exit_rcu+0x16f/0x1a0
[ 24.354862][ C1] sysvec_apic_timer_interrupt+0xd3/0x1b0
[ 24.360558][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 24.366513][ C1] RIP: 0010:acpi_safe_halt+0x72/0x90
[ 24.371980][ C1] Code: 74 06 5b e9 c0 32 9f fb e8 bb 32 9f fb e8 c6 96 a4 fb e9 0c 00 00 00 e8 ac 32 9f fb 0f 00 2d 45 6e 84 00 e8 a0 32 9f fb fb f4 e8 b8 94 a4 fb 5b e9 92 32 9f fb 48 89 df e8 7a e1 c8 fb eb ab
[ 24.391575][ C1] RSP: 0018:ffff8881da22fc60 EFLAGS: 00000293
[ 24.397615][ C1] RAX: ffff8881da213200 RBX: 0000000000000000 RCX: 1ffffffff1014efa
[ 24.405562][ C1] RDX: 0000000000000000 RSI: ffffffff85a03aa0 RDI: ffff8881da213a38
[ 24.413518][ C1] RBP: ffff8881d8ccb064 R08: 0000000000000000 R09: 0000000000000001
[ 24.421473][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881d8ccb064
[ 24.429423][ C1] R13: 1ffff1103b445f96 R14: ffff8881d8ccb065 R15: 0000000000000001
[ 24.437398][ C1] ? acpi_safe_halt+0x70/0x90
[ 24.442070][ C1] acpi_idle_do_entry+0xa9/0xe0
[ 24.446901][ C1] acpi_idle_enter+0x42b/0xac0
[ 24.451645][ C1] ? nr_iowait_cpu+0x47/0x90
[ 24.456214][ C1] ? acpi_idle_enter_s2idle+0x190/0x190
[ 24.461750][ C1] ? kvm_sched_clock_read+0x14/0x30
[ 24.466924][ C1] ? sched_clock+0x5/0x10
[ 24.471242][ C1] ? sched_clock_cpu+0x18/0x170
[ 24.476090][ C1] cpuidle_enter_state+0xdb/0xc20
[ 24.481092][ C1] ? rcu_idle_exit+0x20/0x30
[ 24.485660][ C1] cpuidle_enter+0x4a/0xa0
[ 24.490052][ C1] do_idle+0x3c2/0x500
[ 24.494100][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 24.499116][ C1] cpu_startup_entry+0x14/0x20
[ 24.503969][ C1] start_secondary+0x294/0x370
[ 24.508711][ C1] ? set_cpu_sibling_map+0x1e90/0x1e90
[ 24.514150][ C1] secondary_startup_64+0xb6/0xc0
[ 24.519149][ C1]
[ 24.521454][ C1] The buggy address belongs to the page:
[ 24.527064][ C1] page:ffffea000734d300 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 24.536160][ C1] flags: 0x200000000000000()
[ 24.540730][ C1] raw: 0200000000000000 0000000000000000 ffffea000734d308 0000000000000000
[ 24.549296][ C1] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 24.557853][ C1] page dumped because: kasan: bad access detected
[ 24.564237][ C1]
[ 24.566542][ C1] Memory state around the buggy address:
[ 24.572161][ C1] ffff8881cd34bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 24.580227][ C1] ffff8881cd34c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 24.588285][ C1] >ffff8881cd34c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 24.596332][ C1] ^
[ 24.600909][ C1] ffff8881cd34c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 24.609059][ C1] ffff8881cd34c180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 24.617094][ C1] ==================================================================
[ 24.625138][ C1] Disabling lock debugging due to kernel taint
[ 24.631269][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 24.637834][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 5.8.0-rc1-syzkaller #0
[ 24.647087][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.657129][ C1] Call Trace:
[ 24.660388][ C1]
[ 24.663236][ C1] dump_stack+0xf6/0x16e
[ 24.667456][ C1] ? ath9k_hif_usb_rx_cb+0xd30/0x1050
[ 24.672803][ C1] panic+0x2aa/0x6e1
[ 24.676673][ C1] ? __warn_printk+0xf3/0xf3
[ 24.681237][ C1] ? _raw_spin_unlock_irqrestore+0x2a/0x40
[ 24.687035][ C1] ? trace_hardirqs_off+0x27/0x1f0
[ 24.692121][ C1] ? ath9k_hif_usb_rx_cb+0xdb4/0x1050
[ 24.697480][ C1] ? ath9k_hif_usb_rx_cb+0xdb4/0x1050
[ 24.702827][ C1] end_report+0x4d/0x53
[ 24.706970][ C1] kasan_report.cold+0x72/0x7c
[ 24.711728][ C1] ? ath9k_hif_usb_rx_cb+0xdb4/0x1050
[ 24.717094][ C1] ath9k_hif_usb_rx_cb+0xdb4/0x1050
[ 24.722279][ C1] ? hif_usb_mgmt_cb+0x310/0x310
[ 24.727195][ C1] ? do_raw_spin_lock+0x120/0x290
[ 24.732197][ C1] ? lock_downgrade+0x720/0x720
[ 24.737025][ C1] ? trace_hardirqs_off+0x27/0x1f0
[ 24.742130][ C1] __usb_hcd_giveback_urb+0x29a/0x550
[ 24.747489][ C1] usb_hcd_giveback_urb+0x368/0x420
[ 24.752676][ C1] dummy_timer+0x125e/0x32b4
[ 24.757245][ C1] ? dummy_udc_probe+0x980/0x980
[ 24.762159][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 24.767687][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 24.772961][ C1] call_timer_fn+0x1ac/0x6e0
[ 24.777530][ C1] ? dummy_udc_probe+0x980/0x980
[ 24.782445][ C1] ? msleep_interruptible+0x130/0x130
[ 24.787794][ C1] ? lock_downgrade+0x720/0x720
[ 24.792618][ C1] ? _raw_spin_unlock_irq+0x1f/0x30
[ 24.797790][ C1] ? lockdep_hardirqs_on_prepare+0x1bc/0x550
[ 24.803748][ C1] ? dummy_udc_probe+0x980/0x980
[ 24.808659][ C1] run_timer_softirq+0x5e5/0x14c0
[ 24.813659][ C1] ? add_timer+0x7b0/0x7b0
[ 24.818052][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 24.823574][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 24.828833][ C1] ? lockdep_hardirqs_on_prepare+0x1bc/0x550
[ 24.834789][ C1] __do_softirq+0x21e/0x996
[ 24.839282][ C1] asm_call_on_stack+0xf/0x20
[ 24.843928][ C1]
[ 24.846844][ C1] do_softirq_own_stack+0x109/0x140
[ 24.852020][ C1] irq_exit_rcu+0x16f/0x1a0
[ 24.856522][ C1] sysvec_apic_timer_interrupt+0xd3/0x1b0
[ 24.862233][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 24.868189][ C1] RIP: 0010:acpi_safe_halt+0x72/0x90
[ 24.873471][ C1] Code: 74 06 5b e9 c0 32 9f fb e8 bb 32 9f fb e8 c6 96 a4 fb e9 0c 00 00 00 e8 ac 32 9f fb 0f 00 2d 45 6e 84 00 e8 a0 32 9f fb fb f4 e8 b8 94 a4 fb 5b e9 92 32 9f fb 48 89 df e8 7a e1 c8 fb eb ab
[ 24.893164][ C1] RSP: 0018:ffff8881da22fc60 EFLAGS: 00000293
[ 24.899212][ C1] RAX: ffff8881da213200 RBX: 0000000000000000 RCX: 1ffffffff1014efa
[ 24.907170][ C1] RDX: 0000000000000000 RSI: ffffffff85a03aa0 RDI: ffff8881da213a38
[ 24.915116][ C1] RBP: ffff8881d8ccb064 R08: 0000000000000000 R09: 0000000000000001
[ 24.923062][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881d8ccb064
[ 24.931005][ C1] R13: 1ffff1103b445f96 R14: ffff8881d8ccb065 R15: 0000000000000001
[ 24.938965][ C1] ? acpi_safe_halt+0x70/0x90
[ 24.943631][ C1] acpi_idle_do_entry+0xa9/0xe0
[ 24.948468][ C1] acpi_idle_enter+0x42b/0xac0
[ 24.953209][ C1] ? nr_iowait_cpu+0x47/0x90
[ 24.957774][ C1] ? acpi_idle_enter_s2idle+0x190/0x190
[ 24.963306][ C1] ? kvm_sched_clock_read+0x14/0x30
[ 24.968478][ C1] ? sched_clock+0x5/0x10
[ 24.972783][ C1] ? sched_clock_cpu+0x18/0x170
[ 24.977610][ C1] cpuidle_enter_state+0xdb/0xc20
[ 24.982622][ C1] ? rcu_idle_exit+0x20/0x30
[ 24.987190][ C1] cpuidle_enter+0x4a/0xa0
[ 24.991581][ C1] do_idle+0x3c2/0x500
[ 24.995640][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 25.000650][ C1] cpu_startup_entry+0x14/0x20
[ 25.005403][ C1] start_secondary+0x294/0x370
[ 25.010142][ C1] ? set_cpu_sibling_map+0x1e90/0x1e90
[ 25.015576][ C1] secondary_startup_64+0xb6/0xc0
[ 25.021055][ C1] Kernel Offset: disabled
[ 25.025367][ C1] Rebooting in 86400 seconds..