         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.10.22' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   40.083250][   T95] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   40.603170][   T95] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   40.612316][   T95] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   40.620406][   T95] usb 1-1: Product: syz
[   40.624639][   T95] usb 1-1: Manufacturer: syz
[   40.629233][   T95] usb 1-1: SerialNumber: syz
[   40.674219][   T95] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   41.292906][   T95] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
executing program
[   41.694850][   T83] usb 1-1: USB disconnect, device number 2
[   42.322519][   T95] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[   42.329715][   T95] ath9k_htc: Failed to initialize the device
[   42.337047][   T83] usb 1-1: ath9k_htc: USB layer deinitialized
[   42.702452][   T83] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   43.222386][   T83] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   43.231458][   T83] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   43.239516][   T83] usb 1-1: Product: syz
[   43.243864][   T83] usb 1-1: Manufacturer: syz
[   43.248511][   T83] usb 1-1: SerialNumber: syz
[   43.293824][   T83] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   43.862218][   T83] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
executing program
[   44.263998][   T17] usb 1-1: USB disconnect, device number 3
[   44.881889][   T83] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[   44.888872][   T83] ath9k_htc: Failed to initialize the device
[   44.895981][   T17] usb 1-1: ath9k_htc: USB layer deinitialized
[   45.251778][   T17] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   45.771776][   T17] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   45.780859][   T17] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   45.788945][   T17] usb 1-1: Product: syz
[   45.793181][   T17] usb 1-1: Manufacturer: syz
[   45.797777][   T17] usb 1-1: SerialNumber: syz
[   45.842384][   T17] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   46.411609][   T17] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
executing program
[   46.813067][   T83] usb 1-1: USB disconnect, device number 4
[   47.441280][   T17] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[   47.448239][   T17] ath9k_htc: Failed to initialize the device
[   47.455477][   T83] usb 1-1: ath9k_htc: USB layer deinitialized
[   47.811234][   T83] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   48.331259][   T83] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   48.341502][   T83] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   48.349530][   T83] usb 1-1: Product: syz
[   48.353834][   T83] usb 1-1: Manufacturer: syz
[   48.358534][   T83] usb 1-1: SerialNumber: syz
[   48.401700][   T83] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   48.971090][   T83] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
executing program
[   49.372388][   T17] usb 1-1: USB disconnect, device number 5
[   50.000797][   T83] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[   50.007870][   T83] ath9k_htc: Failed to initialize the device
[   50.014426][   T17] usb 1-1: ath9k_htc: USB layer deinitialized
[   50.370755][   T17] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   50.890753][   T17] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   50.899792][   T17] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   50.908486][   T17] usb 1-1: Product: syz
[   50.912736][   T17] usb 1-1: Manufacturer: syz
[   50.917313][   T17] usb 1-1: SerialNumber: syz
[   50.961599][   T17] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   51.530673][   T17] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   51.750642][    C1] ==================================================================
[   51.758823][    C1] BUG: KASAN: slab-out-of-bounds in ath9k_htc_rx_msg+0xa25/0xaf0
[   51.766531][    C1] Write of size 2 at addr ffff8881cc774420 by task swapper/1/0
[   51.774323][    C1] 
[   51.776657][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.7.0-rc6-syzkaller #0
[   51.784536][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.794571][    C1] Call Trace:
[   51.797849][    C1]  <IRQ>
[   51.800685][    C1]  dump_stack+0xef/0x16e
[   51.805432][    C1]  print_address_description.constprop.0.cold+0xd3/0x415
[   51.812438][    C1]  ? vprintk_func+0x7d/0x113
[   51.817009][    C1]  ? ath9k_htc_rx_msg+0xa25/0xaf0
[   51.822024][    C1]  __kasan_report.cold+0x37/0x7d
[   51.827039][    C1]  ? ath9k_htc_rx_msg+0xa25/0xaf0
[   51.832046][    C1]  ? ath9k_htc_rx_msg+0xa25/0xaf0
[   51.837077][    C1]  kasan_report+0x33/0x50
[   51.841388][    C1]  ath9k_htc_rx_msg+0xa25/0xaf0
[   51.846248][    C1]  ath9k_hif_usb_reg_in_cb+0x1c0/0x630
[   51.851696][    C1]  ? trace_hardirqs_off+0x50/0x200
[   51.856801][    C1]  __usb_hcd_giveback_urb+0x29a/0x550
[   51.862180][    C1]  usb_hcd_giveback_urb+0x368/0x420
[   51.867366][    C1]  dummy_timer+0x125e/0x32b4
[   51.871937][    C1]  ? dummy_udc_probe+0x980/0x980
[   51.876881][    C1]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   51.882407][    C1]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   51.887774][    C1]  call_timer_fn+0x1ac/0x700
[   51.892373][    C1]  ? dummy_udc_probe+0x980/0x980
executing program
[   51.897491][    C1]  ? timer_fixup_init+0x60/0x60
[   51.902495][    C1]  ? lock_downgrade+0x720/0x720
[   51.907344][    C1]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   51.913114][    C1]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   51.918729][    C1]  ? _raw_spin_unlock_irq+0x1f/0x30
[   51.923921][    C1]  ? dummy_udc_probe+0x980/0x980
[   51.929000][    C1]  run_timer_softirq+0x5f9/0x1500
[   51.932192][   T95] usb 1-1: USB disconnect, device number 6
[   51.934025][    C1]  ? add_timer+0x7a0/0x7a0
[   51.944248][    C1]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   51.949845][    C1]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   51.955698][    C1]  __do_softirq+0x21e/0x9aa
[   51.960291][    C1]  irq_exit+0x178/0x1a0
[   51.964434][    C1]  smp_apic_timer_interrupt+0x141/0x540
[   51.969960][    C1]  apic_timer_interrupt+0xf/0x20
[   51.974870][    C1]  </IRQ>
[   51.977827][    C1] RIP: 0010:default_idle+0x28/0x300
[   51.983002][    C1] Code: cc cc 41 56 41 55 65 44 8b 2d 94 3f 6b 7a 41 54 55 53 0f 1f 44 00 00 e8 16 28 af fb e9 07 00 00 00 0f 00 2d 7a e1 4b 00 fb f4 <65> 44 8b 2d 70 3f 6b 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
[   52.002696][    C1] RSP: 0018:ffff8881da227da8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[   52.011093][    C1] RAX: 0000000000000007 RBX: ffff8881da20b180 RCX: 0000000000000000
[   52.019149][    C1] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffff8881da20b9fc
[   52.027112][    C1] RBP: ffffed103b441630 R08: ffff8881da20b180 R09: 0000000000000000
[   52.035156][    C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
[   52.043116][    C1] R13: 0000000000000001 R14: ffffffff87e88c40 R15: 0000000000000000
[   52.051080][    C1]  ? default_idle+0x1a/0x300
[   52.055661][    C1]  do_idle+0x3e0/0x500
[   52.059709][    C1]  ? arch_cpu_idle_exit+0x40/0x40
[   52.064740][    C1]  ? _raw_spin_unlock_irqrestore+0x39/0x40
[   52.070539][    C1]  ? lockdep_hardirqs_on+0x3c7/0x5d0
[   52.075804][    C1]  cpu_startup_entry+0x14/0x20
[   52.080554][    C1]  start_secondary+0x2ae/0x390
[   52.085411][    C1]  ? set_cpu_sibling_map+0x1e90/0x1e90
[   52.090939][    C1]  secondary_startup_64+0xb6/0xc0
[   52.095938][    C1] 
[   52.098242][    C1] Allocated by task 0:
[   52.102281][    C1] (stack is not available)
[   52.106683][    C1] 
[   52.109000][    C1] Freed by task 0:
[   52.112775][    C1] (stack is not available)
[   52.117200][    C1] 
[   52.119520][    C1] The buggy address belongs to the object at ffff8881cc774000
[   52.119520][    C1]  which belongs to the cache kmalloc-2k of size 2048
[   52.133768][    C1] The buggy address is located 1056 bytes inside of
[   52.133768][    C1]  2048-byte region [ffff8881cc774000, ffff8881cc774800)
[   52.147365][    C1] The buggy address belongs to the page:
[   52.153081][    C1] page:ffffea000731dc00 refcount:1 mapcount:0 mapping:00000000e3327b97 index:0x0 head:ffffea000731dc00 order:3 compound_mapcount:0 compound_pincount:0
[   52.168248][    C1] flags: 0x200000000010200(slab|head)
[   52.173863][    C1] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da00c000
[   52.182436][    C1] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[   52.191011][    C1] page dumped because: kasan: bad access detected
[   52.197400][    C1] 
[   52.199713][    C1] Memory state around the buggy address:
[   52.205327][    C1]  ffff8881cc774300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.213386][    C1]  ffff8881cc774380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.221422][    C1] >ffff8881cc774400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.229463][    C1]                                ^
[   52.234556][    C1]  ffff8881cc774480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.242606][    C1]  ffff8881cc774500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.250642][    C1] ==================================================================
[   52.258691][    C1] Disabling lock debugging due to kernel taint
[   52.265159][    C1] Kernel panic - not syncing: panic_on_warn set ...
[   52.271718][    C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B             5.7.0-rc6-syzkaller #0
[   52.281759][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.291877][    C1] Call Trace:
[   52.295163][    C1]  <IRQ>
[   52.298002][    C1]  dump_stack+0xef/0x16e
[   52.302237][    C1]  panic+0x2aa/0x6e1
[   52.306120][    C1]  ? add_taint.cold+0x16/0x16
[   52.310792][    C1]  ? trace_hardirqs_off+0x50/0x200
[   52.315890][    C1]  ? ath9k_htc_rx_msg+0xa25/0xaf0
[   52.320921][    C1]  end_report+0x4d/0x53
[   52.325058][    C1]  __kasan_report.cold+0x72/0x7d
[   52.329987][    C1]  ? ath9k_htc_rx_msg+0xa25/0xaf0
[   52.334985][    C1]  ? ath9k_htc_rx_msg+0xa25/0xaf0
[   52.340252][    C1]  kasan_report+0x33/0x50
[   52.344570][    C1]  ath9k_htc_rx_msg+0xa25/0xaf0
[   52.349401][    C1]  ath9k_hif_usb_reg_in_cb+0x1c0/0x630
[   52.355130][    C1]  ? trace_hardirqs_off+0x50/0x200
[   52.360227][    C1]  __usb_hcd_giveback_urb+0x29a/0x550
[   52.365678][    C1]  usb_hcd_giveback_urb+0x368/0x420
[   52.370857][    C1]  dummy_timer+0x125e/0x32b4
[   52.375523][    C1]  ? dummy_udc_probe+0x980/0x980
[   52.380438][    C1]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   52.385974][    C1]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   52.391266][    C1]  call_timer_fn+0x1ac/0x700
[   52.395832][    C1]  ? dummy_udc_probe+0x980/0x980
[   52.400741][    C1]  ? timer_fixup_init+0x60/0x60
[   52.405580][    C1]  ? lock_downgrade+0x720/0x720
[   52.410412][    C1]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   52.415949][    C1]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   52.421230][    C1]  ? _raw_spin_unlock_irq+0x1f/0x30
[   52.426418][    C1]  ? dummy_udc_probe+0x980/0x980
[   52.431332][    C1]  run_timer_softirq+0x5f9/0x1500
[   52.436949][    C1]  ? add_timer+0x7a0/0x7a0
[   52.441450][    C1]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   52.446965][    C1]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   52.452222][    C1]  __do_softirq+0x21e/0x9aa
[   52.456727][    C1]  irq_exit+0x178/0x1a0
[   52.461031][    C1]  smp_apic_timer_interrupt+0x141/0x540
[   52.466552][    C1]  apic_timer_interrupt+0xf/0x20
[   52.471468][    C1]  </IRQ>
[   52.474404][    C1] RIP: 0010:default_idle+0x28/0x300
[   52.479594][    C1] Code: cc cc 41 56 41 55 65 44 8b 2d 94 3f 6b 7a 41 54 55 53 0f 1f 44 00 00 e8 16 28 af fb e9 07 00 00 00 0f 00 2d 7a e1 4b 00 fb f4 <65> 44 8b 2d 70 3f 6b 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
[   52.499560][    C1] RSP: 0018:ffff8881da227da8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[   52.508053][    C1] RAX: 0000000000000007 RBX: ffff8881da20b180 RCX: 0000000000000000
[   52.516013][    C1] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffff8881da20b9fc
[   52.523997][    C1] RBP: ffffed103b441630 R08: ffff8881da20b180 R09: 0000000000000000
[   52.532118][    C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
[   52.540497][    C1] R13: 0000000000000001 R14: ffffffff87e88c40 R15: 0000000000000000
[   52.548454][    C1]  ? default_idle+0x1a/0x300
[   52.553024][    C1]  do_idle+0x3e0/0x500
[   52.557088][    C1]  ? arch_cpu_idle_exit+0x40/0x40
[   52.562093][    C1]  ? _raw_spin_unlock_irqrestore+0x39/0x40
[   52.568052][    C1]  ? lockdep_hardirqs_on+0x3c7/0x5d0
[   52.573328][    C1]  cpu_startup_entry+0x14/0x20
[   52.578170][    C1]  start_secondary+0x2ae/0x390
[   52.582930][    C1]  ? set_cpu_sibling_map+0x1e90/0x1e90
[   52.588374][    C1]  secondary_startup_64+0xb6/0xc0
[   52.594013][    C1] Kernel Offset: disabled
[   52.598329][    C1] Rebooting in 86400 seconds..