[[0;32m  OK  [0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[[0;32m  OK  [0m] Started Getty on tty6.
[[0;32m  OK  [0m] Started Getty on tty5.
[[0;32m  OK  [0m] Started Getty on tty4.
[[0;32m  OK  [0m] Started Getty on tty3.
[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.
Warning: Permanently added '10.128.1.89' (ECDSA) to the list of known hosts.

Debian GNU/Linux 9 syzkaller ttyS0

executing program
syzkaller login: [   77.095102][   T38] audit: type=1400 audit(1617556042.999:8): avc:  denied  { execmem } for  pid=8378 comm="syz-executor932" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   77.370305][   T20] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   77.930343][   T20] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   77.940518][   T20] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   77.948638][   T20] usb 1-1: Product: syz
[   77.954132][   T20] usb 1-1: Manufacturer: syz
[   77.958725][   T20] usb 1-1: SerialNumber: syz
[   78.002865][   T20] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   78.610277][   T20] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   79.050262][    C1] ==================================================================
[   79.058553][    C1] BUG: KASAN: slab-out-of-bounds in ath9k_hif_usb_rx_cb+0x3d3/0x1050
[   79.066644][    C1] Read of size 49085 at addr ffff8880393b0000 by task swapper/1/0
[   79.074438][    C1] 
[   79.076749][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.12.0-rc5-syzkaller #0
[   79.084709][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   79.094750][    C1] Call Trace:
[   79.098039][    C1]  <IRQ>
[   79.100869][    C1]  dump_stack+0x141/0x1d7
[   79.105195][    C1]  ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[   79.110641][    C1]  print_address_description.constprop.0.cold+0x5b/0x2c6
[   79.117652][    C1]  ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[   79.123009][    C1]  ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[   79.128365][    C1]  kasan_report.cold+0x7c/0xd8
[   79.133117][    C1]  ? rwlock_bug.part.0+0x80/0x90
[   79.138038][    C1]  ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[   79.143405][    C1]  kasan_check_range+0x13d/0x180
[   79.148433][    C1]  memcpy+0x20/0x60
[   79.152232][    C1]  ath9k_hif_usb_rx_cb+0x3d3/0x1050
[   79.157438][    C1]  ? hif_usb_start+0xa0/0xa0
[   79.162114][    C1]  ? __usb_hcd_giveback_urb+0x413/0x5c0
[   79.167660][    C1]  ? lock_downgrade+0x6e0/0x6e0
[   79.172505][    C1]  __usb_hcd_giveback_urb+0x2b0/0x5c0
[   79.177873][    C1]  usb_hcd_giveback_urb+0x367/0x410
[   79.183075][    C1]  dummy_timer+0x11f4/0x32a0
[   79.187658][    C1]  ? dummy_dequeue+0x500/0x500
[   79.192413][    C1]  ? dummy_dequeue+0x500/0x500
[   79.197171][    C1]  call_timer_fn+0x1a5/0x6b0
[   79.201758][    C1]  ? add_timer_on+0x4a0/0x4a0
[   79.206436][    C1]  ? lock_downgrade+0x6e0/0x6e0
[   79.211287][    C1]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   79.217533][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[   79.222744][    C1]  ? dummy_dequeue+0x500/0x500
[   79.227525][    C1]  __run_timers.part.0+0x67c/0xa50
[   79.232654][    C1]  ? call_timer_fn+0x6b0/0x6b0
[   79.237419][    C1]  ? lapic_next_event+0x4d/0x80
[   79.242387][    C1]  ? kvm_sched_clock_read+0x14/0x40
[   79.248362][    C1]  ? sched_clock+0x2a/0x40
[   79.252773][    C1]  ? sched_clock_cpu+0x18/0x1f0
[   79.257629][    C1]  run_timer_softirq+0xb3/0x1d0
[   79.262473][    C1]  __do_softirq+0x29b/0x9f6
[   79.266974][    C1]  irq_exit_rcu+0x134/0x200
[   79.271468][    C1]  sysvec_apic_timer_interrupt+0x93/0xc0
[   79.277095][    C1]  </IRQ>
[   79.280018][    C1]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   79.286002][    C1] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[   79.291811][    C1] Code: 2d f0 6d f8 84 db 75 ac e8 14 e8 6d f8 e8 ef d7 73 f8 e9 0c 00 00 00 e8 05 e8 6d f8 0f 00 2d 1e 73 c7 00 e8 f9 e7 6d f8 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 a4 ee 6d f8 48 85 db
[   79.311417][    C1] RSP: 0018:ffffc90000d6fd18 EFLAGS: 00000293
[   79.317479][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   79.325451][    C1] RDX: ffff8880116de040 RSI: ffffffff89053e07 RDI: 0000000000000000
[   79.333413][    C1] RBP: ffff888015b94864 R08: 0000000000000001 R09: 0000000000000001
[   79.341374][    C1] R10: ffffffff81791618 R11: 0000000000000000 R12: 0000000000000001
[   79.349345][    C1] R13: ffff888015b94800 R14: ffff888015b94864 R15: ffff888018fea804
[   79.359314][    C1]  ? trace_hardirqs_on+0x38/0x1c0
[   79.364347][    C1]  ? acpi_idle_do_entry+0x1c7/0x250
[   79.369539][    C1]  ? acpi_idle_do_entry+0x1c7/0x250
[   79.374730][    C1]  acpi_idle_enter+0x361/0x500
[   79.379498][    C1]  cpuidle_enter_state+0x1b1/0xc80
[   79.384606][    C1]  cpuidle_enter+0x4a/0xa0
[   79.389024][    C1]  do_idle+0x3e1/0x590
[   79.393096][    C1]  ? arch_cpu_idle_exit+0x30/0x30
[   79.398111][    C1]  cpu_startup_entry+0x14/0x20
[   79.402868][    C1]  start_secondary+0x274/0x350
[   79.407626][    C1]  ? set_cpu_sibling_map+0x2460/0x2460
[   79.413080][    C1]  secondary_startup_64_no_verify+0xb0/0xbb
[   79.418970][    C1] 
[   79.421281][    C1] Allocated by task 20:
[   79.425421][    C1]  kasan_save_stack+0x1b/0x40
[   79.430092][    C1]  __kasan_kmalloc+0x96/0xc0
[   79.434687][    C1]  __alloc_skb+0xde/0x340
[   79.439009][    C1]  ath9k_hif_usb_alloc_urbs+0x665/0x1040
[   79.444647][    C1]  ath9k_hif_usb_firmware_cb+0x148/0x530
[   79.451453][    C1]  request_firmware_work_func+0x12c/0x230
[   79.457306][    C1]  process_one_work+0x98d/0x1600
[   79.462431][    C1]  worker_thread+0x64c/0x1120
[   79.467100][    C1]  kthread+0x3b1/0x4a0
[   79.471164][    C1]  ret_from_fork+0x1f/0x30
[   79.475574][    C1] 
[   79.477886][    C1] The buggy address belongs to the object at ffff8880393b0000
[   79.477886][    C1]  which belongs to the cache kmalloc-32k of size 32768
[   79.492100][    C1] The buggy address is located 0 bytes inside of
[   79.492100][    C1]  32768-byte region [ffff8880393b0000, ffff8880393b8000)
[   79.505469][    C1] The buggy address belongs to the page:
[   79.511083][    C1] page:ffffea0000e4ec00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x393b0
[   79.521234][    C1] head:ffffea0000e4ec00 order:4 compound_mapcount:0 compound_pincount:0
[   79.529543][    C1] flags: 0xfff00000010200(slab|head)
[   79.534826][    C1] raw: 00fff00000010200 ffffea0000e4e808 ffffea0000e4f008 ffff888010840c00
[   79.543400][    C1] raw: 0000000000000000 ffff8880393b0000 0000000100000001 0000000000000000
[   79.551967][    C1] page dumped because: kasan: bad access detected
[   79.558363][    C1] 
[   79.560671][    C1] Memory state around the buggy address:
[   79.566285][    C1]  ffff8880393b7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   79.574333][    C1]  ffff8880393b7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   79.582383][    C1] >ffff8880393b8000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   79.590547][    C1]                    ^
[   79.594608][    C1]  ffff8880393b8080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   79.602667][    C1]  ffff8880393b8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   79.610712][    C1] ==================================================================
[   79.618753][    C1] Disabling lock debugging due to kernel taint
[   79.624980][    C1] Kernel panic - not syncing: panic_on_warn set ...
[   79.631635][    C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B             5.12.0-rc5-syzkaller #0
[   79.640990][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   79.651028][    C1] Call Trace:
[   79.654293][    C1]  <IRQ>
[   79.657120][    C1]  dump_stack+0x141/0x1d7
[   79.661457][    C1]  panic+0x306/0x73d
[   79.665338][    C1]  ? __warn_printk+0xf3/0xf3
[   79.669914][    C1]  ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[   79.675277][    C1]  ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[   79.680662][    C1]  end_report.cold+0x5a/0x5a
[   79.686111][    C1]  kasan_report.cold+0x6a/0xd8
[   79.690863][    C1]  ? rwlock_bug.part.0+0x80/0x90
[   79.695789][    C1]  ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[   79.701149][    C1]  kasan_check_range+0x13d/0x180
[   79.706073][    C1]  memcpy+0x20/0x60
[   79.710040][    C1]  ath9k_hif_usb_rx_cb+0x3d3/0x1050
[   79.715334][    C1]  ? hif_usb_start+0xa0/0xa0
[   79.719913][    C1]  ? __usb_hcd_giveback_urb+0x413/0x5c0
[   79.725538][    C1]  ? lock_downgrade+0x6e0/0x6e0
[   79.730380][    C1]  __usb_hcd_giveback_urb+0x2b0/0x5c0
[   79.735761][    C1]  usb_hcd_giveback_urb+0x367/0x410
[   79.740958][    C1]  dummy_timer+0x11f4/0x32a0
[   79.745552][    C1]  ? dummy_dequeue+0x500/0x500
[   79.750310][    C1]  ? dummy_dequeue+0x500/0x500
[   79.755056][    C1]  call_timer_fn+0x1a5/0x6b0
[   79.759634][    C1]  ? add_timer_on+0x4a0/0x4a0
[   79.764311][    C1]  ? lock_downgrade+0x6e0/0x6e0
[   79.769147][    C1]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   79.775378][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[   79.780651][    C1]  ? dummy_dequeue+0x500/0x500
[   79.785402][    C1]  __run_timers.part.0+0x67c/0xa50
[   79.790497][    C1]  ? call_timer_fn+0x6b0/0x6b0
[   79.795245][    C1]  ? lapic_next_event+0x4d/0x80
[   79.800086][    C1]  ? kvm_sched_clock_read+0x14/0x40
[   79.805282][    C1]  ? sched_clock+0x2a/0x40
[   79.809772][    C1]  ? sched_clock_cpu+0x18/0x1f0
[   79.814607][    C1]  run_timer_softirq+0xb3/0x1d0
[   79.819442][    C1]  __do_softirq+0x29b/0x9f6
[   79.823936][    C1]  irq_exit_rcu+0x134/0x200
[   79.828427][    C1]  sysvec_apic_timer_interrupt+0x93/0xc0
[   79.834051][    C1]  </IRQ>
[   79.836967][    C1]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[   79.842942][    C1] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[   79.848743][    C1] Code: 2d f0 6d f8 84 db 75 ac e8 14 e8 6d f8 e8 ef d7 73 f8 e9 0c 00 00 00 e8 05 e8 6d f8 0f 00 2d 1e 73 c7 00 e8 f9 e7 6d f8 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 a4 ee 6d f8 48 85 db
[   79.868335][    C1] RSP: 0018:ffffc90000d6fd18 EFLAGS: 00000293
[   79.874489][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   79.890209][    C1] RDX: ffff8880116de040 RSI: ffffffff89053e07 RDI: 0000000000000000
[   79.898178][    C1] RBP: ffff888015b94864 R08: 0000000000000001 R09: 0000000000000001
[   79.906224][    C1] R10: ffffffff81791618 R11: 0000000000000000 R12: 0000000000000001
[   79.914185][    C1] R13: ffff888015b94800 R14: ffff888015b94864 R15: ffff888018fea804
[   79.922248][    C1]  ? trace_hardirqs_on+0x38/0x1c0
[   79.927264][    C1]  ? acpi_idle_do_entry+0x1c7/0x250
[   79.932450][    C1]  ? acpi_idle_do_entry+0x1c7/0x250
[   79.937822][    C1]  acpi_idle_enter+0x361/0x500
[   79.942572][    C1]  cpuidle_enter_state+0x1b1/0xc80
[   79.947673][    C1]  cpuidle_enter+0x4a/0xa0
[   79.952076][    C1]  do_idle+0x3e1/0x590
[   79.956132][    C1]  ? arch_cpu_idle_exit+0x30/0x30
[   79.961145][    C1]  cpu_startup_entry+0x14/0x20
[   79.965897][    C1]  start_secondary+0x274/0x350
[   79.970650][    C1]  ? set_cpu_sibling_map+0x2460/0x2460
[   79.976097][    C1]  secondary_startup_64_no_verify+0xb0/0xbb
[   79.982659][    C1] Kernel Offset: disabled
[   79.986969][    C1] Rebooting in 86400 seconds..