Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
[ 12.265638][ C1] random: crng init done
[ 12.266434][ C1] random: 7 urandom warning(s) missed due to ratelimiting
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.0.150' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 22.409386][ T142] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 22.928555][ T142] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 22.937688][ T142] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 22.945777][ T142] usb 1-1: Product: syz
[ 22.949990][ T142] usb 1-1: Manufacturer: syz
[ 22.954563][ T142] usb 1-1: SerialNumber: syz
[ 22.999333][ T142] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 23.617957][ T142] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 24.677100][ T142] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 24.684273][ T142] ath9k_htc: Failed to initialize the device
[ 24.777094][ C0] ==================================================================
[ 24.785395][ C0] BUG: KASAN: use-after-free in ath9k_hif_usb_rx_cb+0xd7d/0xf80
[ 24.793005][ C0] Read of size 4 at addr ffff8881cd564090 by task swapper/0/0
[ 24.800494][ C0]
[ 24.802801][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.8.0-rc3-syzkaller #0
[ 24.810673][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.820717][ C0] Call Trace:
[ 24.823980][ C0]
[ 24.826813][ C0] dump_stack+0xf6/0x16e
[ 24.831034][ C0] ? ath9k_hif_usb_rx_cb+0xd7d/0xf80
[ 24.836294][ C0] ? ath9k_hif_usb_rx_cb+0xd7d/0xf80
[ 24.841555][ C0] print_address_description.constprop.0+0x1a/0x210
[ 24.848131][ C0] ? vprintk_func+0x93/0x133
[ 24.852713][ C0] ? ath9k_hif_usb_rx_cb+0xd7d/0xf80
[ 24.857972][ C0] kasan_report.cold+0x37/0x7c
[ 24.862710][ C0] ? ath9k_hif_usb_rx_cb+0xd7d/0xf80
[ 24.867969][ C0] ath9k_hif_usb_rx_cb+0xd7d/0xf80
[ 24.873057][ C0] ? __usb_hcd_giveback_urb+0x302/0x560
[ 24.878574][ C0] ? hif_usb_start+0xa0/0xa0
[ 24.883137][ C0] ? lock_downgrade+0x730/0x730
[ 24.887980][ C0] ? trace_hardirqs_off+0x27/0x1f0
[ 24.893064][ C0] __usb_hcd_giveback_urb+0x32d/0x560
[ 24.898411][ C0] usb_hcd_giveback_urb+0x367/0x410
[ 24.903757][ C0] dummy_timer+0x11f2/0x3240
[ 24.908321][ C0] ? lock_downgrade+0x730/0x730
[ 24.913164][ C0] ? dummy_dequeue+0x490/0x490
[ 24.917917][ C0] call_timer_fn+0x1ac/0x6e0
[ 24.922496][ C0] ? dummy_dequeue+0x490/0x490
[ 24.927241][ C0] ? msleep_interruptible+0x130/0x130
[ 24.932586][ C0] ? lock_downgrade+0x730/0x730
[ 24.937496][ C0] ? _raw_spin_unlock_irq+0x1f/0x30
[ 24.942686][ C0] ? lockdep_hardirqs_on_prepare+0x1bc/0x550
[ 24.948699][ C0] ? trace_hardirqs_on+0x5f/0x200
[ 24.953738][ C0] ? dummy_dequeue+0x490/0x490
[ 24.958484][ C0] __run_timers.part.0+0x54c/0x9e0
[ 24.964377][ C0] ? call_timer_fn+0x6e0/0x6e0
[ 24.969129][ C0] ? clockevents_program_event+0x12b/0x350
[ 24.974910][ C0] ? tick_program_event+0xa8/0x130
[ 24.979994][ C0] run_timer_softirq+0x80/0x120
[ 24.984822][ C0] __do_softirq+0x222/0x95b
[ 24.989299][ C0] asm_call_on_stack+0xf/0x20
[ 24.993944][ C0]
[ 24.996858][ C0] do_softirq_own_stack+0xed/0x140
[ 25.001944][ C0] irq_exit_rcu+0x150/0x1f0
[ 25.006456][ C0] sysvec_apic_timer_interrupt+0x49/0xc0
[ 25.012065][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 25.018018][ C0] RIP: 0010:acpi_safe_halt+0x72/0x90
[ 25.023275][ C0] Code: 74 06 5b e9 60 c8 8f fb e8 5b c8 8f fb e8 a6 53 95 fb e9 0c 00 00 00 e8 4c c8 8f fb 0f 00 2d c5 e5 74 00 e8 40 c8 8f fb fb f4 e8 98 4d 95 fb 5b e9 32 c8 8f fb 48 89 df e8 fa 72 b9 fb eb ab
[ 25.042954][ C0] RSP: 0018:ffffffff87207c80 EFLAGS: 00000293
[ 25.048990][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 25.056936][ C0] RDX: ffffffff8722f840 RSI: ffffffff85afd9a0 RDI: ffffffff85afd98a
[ 25.065063][ C0] RBP: ffff8881d8cca864 R08: 0000000000000000 R09: 0000000000000000
[ 25.073022][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: ffff8881d8cca864
[ 25.080968][ C0] R13: 1ffffffff0e40f99 R14: ffff8881d8cca865 R15: 0000000000000001
[ 25.089098][ C0] ? acpi_safe_halt+0x70/0x90
[ 25.093762][ C0] ? acpi_safe_halt+0x5a/0x90
[ 25.098415][ C0] acpi_idle_do_entry+0x15c/0x1b0
[ 25.103411][ C0] acpi_idle_enter+0x3f0/0xa50
[ 25.108149][ C0] ? acpi_idle_enter_s2idle+0x190/0x190
[ 25.113687][ C0] ? kvm_sched_clock_read+0x14/0x30
[ 25.118935][ C0] ? sched_clock+0x5/0x10
[ 25.123300][ C0] ? sched_clock_cpu+0x18/0x170
[ 25.128195][ C0] cpuidle_enter_state+0xff/0x870
[ 25.133201][ C0] ? rcu_read_lock_sched_held+0x3a/0x70
[ 25.138724][ C0] cpuidle_enter+0x4a/0xa0
[ 25.143137][ C0] do_idle+0x3d6/0x5a0
[ 25.147192][ C0] ? arch_cpu_idle_exit+0x40/0x40
[ 25.152197][ C0] ? schedule+0xe1/0x2b0
[ 25.156422][ C0] cpu_startup_entry+0x14/0x20
[ 25.161180][ C0] start_kernel+0xa1b/0xa56
[ 25.165664][ C0] ? mem_encrypt_init+0x5/0x5
[ 25.170321][ C0] ? x86_cpuid_vendor+0x84/0x90
[ 25.175197][ C0] ? __sanitizer_cov_trace_switch+0x45/0x70
[ 25.181066][ C0] ? load_ucode_bsp+0x1b7/0x1f7
[ 25.185901][ C0] secondary_startup_64+0xb6/0xc0
[ 25.190933][ C0]
[ 25.193241][ C0] Allocated by task 116:
[ 25.197459][ C0] save_stack+0x1b/0x40
[ 25.201590][ C0] __kasan_kmalloc.constprop.0+0xc2/0xd0
[ 25.207199][ C0] kmem_cache_alloc+0xd2/0x310
[ 25.211939][ C0] getname_flags.part.0+0x50/0x4f0
[ 25.217497][ C0] user_path_at_empty+0xa1/0x100
[ 25.222415][ C0] vfs_statx+0x14e/0x390
[ 25.226633][ C0] __do_sys_newlstat+0x91/0x110
[ 25.231509][ C0] do_syscall_64+0x50/0x90
[ 25.235931][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 25.241792][ C0]
[ 25.244092][ C0] Freed by task 116:
[ 25.247961][ C0] save_stack+0x1b/0x40
[ 25.252088][ C0] __kasan_slab_free+0x116/0x160
[ 25.256997][ C0] slab_free_freelist_hook+0x53/0x140
[ 25.262340][ C0] kmem_cache_free+0x84/0x2e0
[ 25.267010][ C0] putname+0xe1/0x120
[ 25.270966][ C0] filename_lookup+0x3b1/0x560
[ 25.275726][ C0] vfs_statx+0x14e/0x390
[ 25.279941][ C0] __do_sys_newlstat+0x91/0x110
[ 25.284765][ C0] do_syscall_64+0x50/0x90
[ 25.289155][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 25.295014][ C0]
[ 25.297319][ C0] The buggy address belongs to the object at ffff8881cd563300
[ 25.297319][ C0] which belongs to the cache names_cache of size 4096
[ 25.311430][ C0] The buggy address is located 3472 bytes inside of
[ 25.311430][ C0] 4096-byte region [ffff8881cd563300, ffff8881cd564300)
[ 25.324845][ C0] The buggy address belongs to the page:
[ 25.330454][ C0] page:ffffea0007355800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 head:ffffea0007355800 order:3 compound_mapcount:0 compound_pincount:0
[ 25.345611][ C0] flags: 0x200000000010200(slab|head)
[ 25.350959][ C0] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da120000
[ 25.359530][ C0] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000
[ 25.368167][ C0] page dumped because: kasan: bad access detected
[ 25.374547][ C0]
[ 25.376846][ C0] Memory state around the buggy address:
[ 25.382449][ C0] ffff8881cd563f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 25.390483][ C0] ffff8881cd564000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 25.398519][ C0] >ffff8881cd564080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 25.406551][ C0] ^
[ 25.411113][ C0] ffff8881cd564100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 25.419157][ C0] ffff8881cd564180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 25.427188][ C0] ==================================================================
[ 25.435223][ C0] Disabling lock debugging due to kernel taint
[ 25.441432][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 25.447990][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 5.8.0-rc3-syzkaller #0
[ 25.457234][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 25.467372][ C0] Call Trace:
[ 25.473493][ C0]
[ 25.476756][ C0] dump_stack+0xf6/0x16e
[ 25.480977][ C0] ? ath9k_hif_usb_rx_cb+0xd30/0xf80
[ 25.486232][ C0] panic+0x2aa/0x6e1
[ 25.490155][ C0] ? __warn_printk+0xf3/0xf3
[ 25.494718][ C0] ? _raw_spin_unlock_irqrestore+0x2a/0x40
[ 25.500496][ C0] ? trace_hardirqs_off+0x27/0x1f0
[ 25.505580][ C0] ? ath9k_hif_usb_rx_cb+0xd7d/0xf80
[ 25.510856][ C0] ? ath9k_hif_usb_rx_cb+0xd7d/0xf80
[ 25.516115][ C0] end_report+0x4d/0x53
[ 25.520255][ C0] kasan_report.cold+0x72/0x7c
[ 25.524998][ C0] ? ath9k_hif_usb_rx_cb+0xd7d/0xf80
[ 25.530253][ C0] ath9k_hif_usb_rx_cb+0xd7d/0xf80
[ 25.535357][ C0] ? __usb_hcd_giveback_urb+0x302/0x560
[ 25.540874][ C0] ? hif_usb_start+0xa0/0xa0
[ 25.545433][ C0] ? lock_downgrade+0x730/0x730
[ 25.550278][ C0] ? trace_hardirqs_off+0x27/0x1f0
[ 25.555362][ C0] __usb_hcd_giveback_urb+0x32d/0x560
[ 25.560723][ C0] usb_hcd_giveback_urb+0x367/0x410
[ 25.565892][ C0] dummy_timer+0x11f2/0x3240
[ 25.570890][ C0] ? lock_downgrade+0x730/0x730
[ 25.575731][ C0] ? dummy_dequeue+0x490/0x490
[ 25.580466][ C0] call_timer_fn+0x1ac/0x6e0
[ 25.585026][ C0] ? dummy_dequeue+0x490/0x490
[ 25.589758][ C0] ? msleep_interruptible+0x130/0x130
[ 25.595121][ C0] ? lock_downgrade+0x730/0x730
[ 25.599942][ C0] ? _raw_spin_unlock_irq+0x1f/0x30
[ 25.605111][ C0] ? lockdep_hardirqs_on_prepare+0x1bc/0x550
[ 25.611078][ C0] ? trace_hardirqs_on+0x5f/0x200
[ 25.616094][ C0] ? dummy_dequeue+0x490/0x490
[ 25.620839][ C0] __run_timers.part.0+0x54c/0x9e0
[ 25.626047][ C0] ? call_timer_fn+0x6e0/0x6e0
[ 25.630803][ C0] ? clockevents_program_event+0x12b/0x350
[ 25.636584][ C0] ? tick_program_event+0xa8/0x130
[ 25.642623][ C0] run_timer_softirq+0x80/0x120
[ 25.647470][ C0] __do_softirq+0x222/0x95b
[ 25.652901][ C0] asm_call_on_stack+0xf/0x20
[ 25.657545][ C0]
[ 25.660458][ C0] do_softirq_own_stack+0xed/0x140
[ 25.665546][ C0] irq_exit_rcu+0x150/0x1f0
[ 25.670020][ C0] sysvec_apic_timer_interrupt+0x49/0xc0
[ 25.675642][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 25.681625][ C0] RIP: 0010:acpi_safe_halt+0x72/0x90
[ 25.686900][ C0] Code: 74 06 5b e9 60 c8 8f fb e8 5b c8 8f fb e8 a6 53 95 fb e9 0c 00 00 00 e8 4c c8 8f fb 0f 00 2d c5 e5 74 00 e8 40 c8 8f fb fb f4 e8 98 4d 95 fb 5b e9 32 c8 8f fb 48 89 df e8 fa 72 b9 fb eb ab
[ 25.706492][ C0] RSP: 0018:ffffffff87207c80 EFLAGS: 00000293
[ 25.712527][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 25.720471][ C0] RDX: ffffffff8722f840 RSI: ffffffff85afd9a0 RDI: ffffffff85afd98a
[ 25.728438][ C0] RBP: ffff8881d8cca864 R08: 0000000000000000 R09: 0000000000000000
[ 25.736385][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: ffff8881d8cca864
[ 25.744330][ C0] R13: 1ffffffff0e40f99 R14: ffff8881d8cca865 R15: 0000000000000001
[ 25.752279][ C0] ? acpi_safe_halt+0x70/0x90
[ 25.756925][ C0] ? acpi_safe_halt+0x5a/0x90
[ 25.761587][ C0] acpi_idle_do_entry+0x15c/0x1b0
[ 25.766604][ C0] acpi_idle_enter+0x3f0/0xa50
[ 25.771338][ C0] ? acpi_idle_enter_s2idle+0x190/0x190
[ 25.776855][ C0] ? kvm_sched_clock_read+0x14/0x30
[ 25.782024][ C0] ? sched_clock+0x5/0x10
[ 25.786352][ C0] ? sched_clock_cpu+0x18/0x170
[ 25.791183][ C0] cpuidle_enter_state+0xff/0x870
[ 25.796199][ C0] ? rcu_read_lock_sched_held+0x3a/0x70
[ 25.801733][ C0] cpuidle_enter+0x4a/0xa0
[ 25.806128][ C0] do_idle+0x3d6/0x5a0
[ 25.810172][ C0] ? arch_cpu_idle_exit+0x40/0x40
[ 25.815166][ C0] ? schedule+0xe1/0x2b0
[ 25.819383][ C0] cpu_startup_entry+0x14/0x20
[ 25.824135][ C0] start_kernel+0xa1b/0xa56
[ 25.828611][ C0] ? mem_encrypt_init+0x5/0x5
[ 25.833275][ C0] ? x86_cpuid_vendor+0x84/0x90
[ 25.838101][ C0] ? __sanitizer_cov_trace_switch+0x45/0x70
[ 25.843968][ C0] ? load_ucode_bsp+0x1b7/0x1f7
[ 25.848789][ C0] secondary_startup_64+0xb6/0xc0
[ 25.854555][ C0] Kernel Offset: disabled
[ 25.858864][ C0] Rebooting in 86400 seconds..