Warning: Permanently added '10.128.0.172' (ECDSA) to the list of known hosts.
2020/03/31 16:48:53 parsed 1 programs
2020/03/31 16:48:53 executed programs: 0
[ 30.707749][ T515] cgroup: Unknown subsys name 'perf_event'
[ 30.715782][ T515] cgroup: Unknown subsys name 'net_cls'
[ 30.718361][ T520] cgroup: Unknown subsys name 'perf_event'
[ 30.722826][ T518] cgroup: Unknown subsys name 'perf_event'
[ 30.732675][ T522] cgroup: Unknown subsys name 'perf_event'
[ 30.736592][ T518] cgroup: Unknown subsys name 'net_cls'
[ 30.743422][ T524] cgroup: Unknown subsys name 'perf_event'
[ 30.752338][ T526] cgroup: Unknown subsys name 'perf_event'
[ 30.755374][ T520] cgroup: Unknown subsys name 'net_cls'
[ 30.758622][ T526] cgroup: Unknown subsys name 'net_cls'
[ 30.766238][ T522] cgroup: Unknown subsys name 'net_cls'
[ 30.771828][ T524] cgroup: Unknown subsys name 'net_cls'
[ 38.626721][ T83] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 38.996447][ T12] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 39.006989][ T83] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 39.018000][ T83] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 39.025984][ T83] usb 1-1: Product: syz
[ 39.030306][ T83] usb 1-1: Manufacturer: syz
[ 39.034983][ T83] usb 1-1: SerialNumber: syz
[ 39.056500][ T95] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 39.077604][ T83] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 39.106421][ T21] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 39.114367][ T17] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[ 39.126427][ T3225] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 39.366514][ T12] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 39.375582][ T12] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 39.383759][ T12] usb 6-1: Product: syz
[ 39.388026][ T12] usb 6-1: Manufacturer: syz
[ 39.392606][ T12] usb 6-1: SerialNumber: syz
[ 39.446386][ T95] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 39.455491][ T95] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 39.463578][ T95] usb 5-1: Product: syz
[ 39.467807][ T95] usb 5-1: Manufacturer: syz
[ 39.472411][ T95] usb 5-1: SerialNumber: syz
[ 39.477731][ T12] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 39.486951][ T21] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 39.496036][ T21] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 39.504192][ T21] usb 2-1: Product: syz
[ 39.508634][ T21] usb 2-1: Manufacturer: syz
[ 39.513224][ T21] usb 2-1: SerialNumber: syz
[ 39.518091][ T17] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 39.527185][ T17] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 39.535177][ T17] usb 3-1: Product: syz
[ 39.537169][ T95] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 39.539733][ T17] usb 3-1: Manufacturer: syz
[ 39.552368][ T17] usb 3-1: SerialNumber: syz
[ 39.557398][ T3225] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 39.567229][ T3225] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 39.575204][ T3225] usb 4-1: Product: syz
[ 39.579469][ T3225] usb 4-1: Manufacturer: syz
[ 39.584069][ T3225] usb 4-1: SerialNumber: syz
[ 39.626904][ T21] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 39.635578][ T3225] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 39.644613][ T17] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 39.726291][ T83] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 40.076225][ T12] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 40.130633][ T3231] usb 1-1: USB disconnect, device number 2
[ 40.146253][ T95] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 40.216117][ T17] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 40.225305][ T21] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 40.236098][ T3225] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 40.356065][ C0] ==================================================================
[ 40.364340][ C0] BUG: KASAN: use-after-free in ath9k_htc_rx_msg+0xa25/0xaf0
[ 40.371717][ C0] Write of size 2 at addr ffff8881d46881b0 by task swapper/0/0
[ 40.379232][ C0]
[ 40.381547][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.6.0-rc7-syzkaller #0
[ 40.389422][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 40.399459][ C0] Call Trace:
[ 40.402728][ C0]
[ 40.405566][ C0] dump_stack+0xef/0x16e
[ 40.409929][ C0] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 40.414954][ C0] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 40.419964][ C0] print_address_description.constprop.0.cold+0xd3/0x314
[ 40.426963][ C0] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 40.431979][ C0] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 40.437276][ C0] __kasan_report.cold+0x37/0x77
[ 40.442258][ C0] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 40.448577][ C0] kasan_report+0xe/0x20
[ 40.453082][ C0] ath9k_htc_rx_msg+0xa25/0xaf0
[ 40.458166][ C0] ath9k_hif_usb_reg_in_cb+0x1ba/0x630
[ 40.463621][ C0] ? _raw_read_unlock+0x1a/0x30
[ 40.468461][ C0] ? led_trigger_blink_oneshot+0xb4/0xe0
[ 40.474091][ C0] __usb_hcd_giveback_urb+0x1f2/0x470
[ 40.479934][ C0] usb_hcd_giveback_urb+0x368/0x420
[ 40.485119][ C0] dummy_timer+0x1258/0x32ae
[ 40.489779][ C0] ? dummy_udc_probe+0x930/0x930
[ 40.494734][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 40.501272][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 40.506541][ C0] call_timer_fn+0x195/0x6f0
[ 40.511354][ C0] ? dummy_udc_probe+0x930/0x930
[ 40.517425][ C0] ? msleep_interruptible+0x130/0x130
[ 40.523216][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 40.529639][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 40.535097][ C0] ? _raw_spin_unlock_irq+0x1f/0x30
[ 40.540275][ C0] ? dummy_udc_probe+0x930/0x930
[ 40.545584][ C0] run_timer_softirq+0x5f9/0x1500
[ 40.551357][ C0] ? add_timer+0x7a0/0x7a0
[ 40.556030][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 40.561558][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 40.566864][ C0] __do_softirq+0x21e/0x950
[ 40.571487][ C0] irq_exit+0x178/0x1a0
[ 40.575733][ C0] smp_apic_timer_interrupt+0x141/0x540
[ 40.581492][ C0] apic_timer_interrupt+0xf/0x20
[ 40.586518][ C0]
[ 40.589883][ C0] RIP: 0010:default_idle+0x28/0x300
[ 40.595094][ C0] Code: cc cc 41 56 41 55 65 44 8b 2d 04 3b 72 7a 41 54 55 53 0f 1f 44 00 00 e8 b6 27 b5 fb e9 07 00 00 00 0f 00 2d aa d0 52 00 fb f4 <65> 44 8b 2d e0 3a 72 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
[ 40.615180][ C0] RSP: 0018:ffffffff87007d80 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 40.623575][ C0] RAX: 0000000000000007 RBX: ffffffff8702cc40 RCX: 0000000000000000
[ 40.631805][ C0] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffffffff8702d48c
[ 40.639947][ C0] RBP: fffffbfff0e05988 R08: ffffffff8702cc40 R09: 0000000000000000
[ 40.648839][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 40.656886][ C0] R13: 0000000000000000 R14: ffffffff87e612c0 R15: 0000000000000000
[ 40.664860][ C0] do_idle+0x3e0/0x500
[ 40.669022][ C0] ? arch_cpu_idle_exit+0x40/0x40
[ 40.674031][ C0] ? schedule+0xe1/0x2b0
[ 40.678447][ C0] cpu_startup_entry+0x14/0x20
[ 40.683195][ C0] start_kernel+0xe16/0xe5a
[ 40.687687][ C0] ? mem_encrypt_init+0x5/0x5
[ 40.692360][ C0] ? x86_family+0x3d/0x50
[ 40.696715][ C0] ? load_ucode_bsp+0x23d/0x27d
[ 40.701677][ C0] secondary_startup_64+0xb6/0xc0
[ 40.706697][ C0]
[ 40.709106][ C0] Allocated by task 2593:
[ 40.713689][ C0] save_stack+0x1b/0x80
[ 40.717928][ C0] __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 40.723541][ C0] kmem_cache_alloc+0xd8/0x300
[ 40.728284][ C0] getname_flags+0xd2/0x5b0
[ 40.734563][ C0] do_sys_openat2+0x3cf/0x740
[ 40.739253][ C0] do_sys_open+0xc3/0x140
[ 40.743565][ C0] do_syscall_64+0xb6/0x5a0
[ 40.748445][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 40.754585][ C0]
[ 40.757083][ C0] Freed by task 2593:
[ 40.761229][ C0] save_stack+0x1b/0x80
[ 40.765855][ C0] __kasan_slab_free+0x117/0x160
[ 40.771305][ C0] kmem_cache_free+0x9b/0x360
[ 40.776049][ C0] putname+0xe1/0x120
[ 40.782076][ C0] do_sys_openat2+0x43a/0x740
[ 40.787335][ C0] do_sys_open+0xc3/0x140
[ 40.791763][ C0] do_syscall_64+0xb6/0x5a0
[ 40.796445][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 40.802331][ C0]
[ 40.804643][ C0] The buggy address belongs to the object at ffff8881d4688000
[ 40.804643][ C0] which belongs to the cache names_cache of size 4096
[ 40.819292][ C0] The buggy address is located 432 bytes inside of
[ 40.819292][ C0] 4096-byte region [ffff8881d4688000, ffff8881d4689000)
[ 40.832867][ C0] The buggy address belongs to the page:
[ 40.838764][ C0] page:ffffea000751a200 refcount:1 mapcount:0 mapping:ffff8881da11c000 index:0x0 compound_mapcount: 0
[ 40.850196][ C0] flags: 0x200000000010200(slab|head)
[ 40.856139][ C0] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da11c000
[ 40.864717][ C0] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000
[ 40.873438][ C0] page dumped because: kasan: bad access detected
[ 40.880135][ C0]
[ 40.882469][ C0] Memory state around the buggy address:
[ 40.883075][ T3238] usb 3-1: USB disconnect, device number 2
[ 40.888397][ C0] ffff8881d4688080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.888414][ C0] ffff8881d4688100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.888422][ C0] >ffff8881d4688180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.888432][ C0] ^
[ 40.888440][ C0] ffff8881d4688200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.888448][ C0] ffff8881d4688280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.888458][ C0] ==================================================================
[ 40.949123][ C0] Disabling lock debugging due to kernel taint
[ 40.955251][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 40.961813][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 5.6.0-rc7-syzkaller #0
[ 40.971061][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 40.981176][ C0] Call Trace:
[ 40.984448][ C0]
[ 40.987288][ C0] dump_stack+0xef/0x16e
[ 40.991547][ C0] panic+0x2aa/0x6e1
[ 40.995445][ C0] ? add_taint.cold+0x16/0x16
[ 41.000126][ C0] ? print_shadow_for_address+0xb8/0x114
[ 41.005749][ C0] ? trace_hardirqs_off+0x50/0x200
[ 41.010962][ C0] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 41.015984][ C0] end_report+0x43/0x49
[ 41.020121][ C0] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 41.025122][ C0] __kasan_report.cold+0x55/0x77
[ 41.030054][ C0] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 41.035118][ C0] kasan_report+0xe/0x20
[ 41.039344][ C0] ath9k_htc_rx_msg+0xa25/0xaf0
[ 41.044360][ C0] ath9k_hif_usb_reg_in_cb+0x1ba/0x630
[ 41.049805][ C0] ? _raw_read_unlock+0x1a/0x30
[ 41.054639][ C0] ? led_trigger_blink_oneshot+0xb4/0xe0
[ 41.060260][ C0] __usb_hcd_giveback_urb+0x1f2/0x470
[ 41.065621][ C0] usb_hcd_giveback_urb+0x368/0x420
[ 41.070888][ C0] dummy_timer+0x1258/0x32ae
[ 41.075579][ C0] ? dummy_udc_probe+0x930/0x930
[ 41.080528][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 41.086054][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 41.091433][ C0] call_timer_fn+0x195/0x6f0
[ 41.096004][ C0] ? dummy_udc_probe+0x930/0x930
[ 41.100922][ C0] ? msleep_interruptible+0x130/0x130
[ 41.106271][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 41.111797][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 41.117063][ C0] ? _raw_spin_unlock_irq+0x1f/0x30
[ 41.122255][ C0] ? dummy_udc_probe+0x930/0x930
[ 41.127172][ C0] run_timer_softirq+0x5f9/0x1500
[ 41.132183][ C0] ? add_timer+0x7a0/0x7a0
[ 41.136604][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 41.142137][ C0] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 41.147398][ C0] __do_softirq+0x21e/0x950
[ 41.151891][ C0] irq_exit+0x178/0x1a0
[ 41.156027][ C0] smp_apic_timer_interrupt+0x141/0x540
[ 41.161586][ C0] apic_timer_interrupt+0xf/0x20
[ 41.166497][ C0]
[ 41.169413][ C0] RIP: 0010:default_idle+0x28/0x300
[ 41.174610][ C0] Code: cc cc 41 56 41 55 65 44 8b 2d 04 3b 72 7a 41 54 55 53 0f 1f 44 00 00 e8 b6 27 b5 fb e9 07 00 00 00 0f 00 2d aa d0 52 00 fb f4 <65> 44 8b 2d e0 3a 72 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
[ 41.194194][ C0] RSP: 0018:ffffffff87007d80 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 41.202596][ C0] RAX: 0000000000000007 RBX: ffffffff8702cc40 RCX: 0000000000000000
[ 41.210548][ C0] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffffffff8702d48c
[ 41.218502][ C0] RBP: fffffbfff0e05988 R08: ffffffff8702cc40 R09: 0000000000000000
[ 41.226464][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 41.234432][ C0] R13: 0000000000000000 R14: ffffffff87e612c0 R15: 0000000000000000
[ 41.242395][ C0] do_idle+0x3e0/0x500
[ 41.246468][ C0] ? arch_cpu_idle_exit+0x40/0x40
[ 41.251692][ C0] ? schedule+0xe1/0x2b0
[ 41.256713][ C0] cpu_startup_entry+0x14/0x20
[ 41.261460][ C0] start_kernel+0xe16/0xe5a
[ 41.265952][ C0] ? mem_encrypt_init+0x5/0x5
[ 41.270609][ C0] ? x86_family+0x3d/0x50
[ 41.275005][ C0] ? load_ucode_bsp+0x23d/0x27d
[ 41.279832][ C0] secondary_startup_64+0xb6/0xc0
[ 41.285603][ C0] Kernel Offset: disabled
[ 41.289925][ C0] Rebooting in 86400 seconds..