[�[0;32m OK �[0m] Started Serial Getty on ttyS0.
[�[0;32m OK �[0m] Reached target Login Prompts.
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started OpenBSD Secure Shell server.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
[ 17.072377][ C1] random: crng init done
[ 17.076933][ C1] random: 7 urandom warning(s) missed due to ratelimiting
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.0.176' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 24.669344][ T176] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 25.038979][ T176] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 25.048230][ T176] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 25.056299][ T176] usb 1-1: Product: syz
[ 25.060529][ T176] usb 1-1: Manufacturer: syz
[ 25.065103][ T176] usb 1-1: SerialNumber: syz
[ 25.109757][ T176] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 25.708322][ T176] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 25.928123][ C1] ==================================================================
[ 25.936312][ C1] BUG: KASAN: slab-out-of-bounds in ath9k_htc_rx_msg+0xa25/0xaf0
[ 25.944020][ C1] Write of size 2 at addr ffff8881ce4564e0 by task swapper/1/0
[ 25.951545][ C1]
[ 25.953864][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.6.0-rc5-syzkaller #0
[ 25.961728][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 25.971872][ C1] Call Trace:
[ 25.975143][ C1]
[ 25.977980][ C1] dump_stack+0xef/0x16e
[ 25.982202][ C1] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 25.987211][ C1] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 25.992242][ C1] print_address_description.constprop.0.cold+0xd3/0x314
[ 25.999244][ C1] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 26.004248][ C1] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 26.009424][ C1] __kasan_report.cold+0x37/0x77
[ 26.014353][ C1] ? do_raw_spin_lock+0x61/0x290
[ 26.019266][ C1] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 26.024618][ C1] kasan_report+0xe/0x20
[ 26.028851][ C1] ath9k_htc_rx_msg+0xa25/0xaf0
[ 26.033740][ C1] ath9k_hif_usb_reg_in_cb+0x1ba/0x630
[ 26.039191][ C1] ? trace_hardirqs_off+0x50/0x200
[ 26.044397][ C1] __usb_hcd_giveback_urb+0x29a/0x550
[ 26.049756][ C1] usb_hcd_giveback_urb+0x368/0x420
[ 26.054980][ C1] dummy_timer+0x1258/0x32ae
[ 26.059560][ C1] ? dummy_udc_probe+0x930/0x930
[ 26.064488][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 26.070019][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 26.075282][ C1] call_timer_fn+0x195/0x6f0
[ 26.079855][ C1] ? dummy_udc_probe+0x930/0x930
[ 26.084770][ C1] ? msleep_interruptible+0x130/0x130
[ 26.090136][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 26.095670][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 26.100935][ C1] ? _raw_spin_unlock_irq+0x1f/0x30
[ 26.106289][ C1] ? dummy_udc_probe+0x930/0x930
[ 26.111224][ C1] run_timer_softirq+0x5f9/0x1500
[ 26.112373][ T94] usb 1-1: USB disconnect, device number 2
[ 26.116261][ C1] ? add_timer+0x7a0/0x7a0
executing program
[ 26.126459][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 26.132016][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 26.137312][ C1] __do_softirq+0x21e/0x950
[ 26.141825][ C1] irq_exit+0x178/0x1a0
[ 26.145991][ C1] smp_apic_timer_interrupt+0x141/0x540
[ 26.151694][ C1] apic_timer_interrupt+0xf/0x20
[ 26.156633][ C1]
[ 26.159586][ C1] RIP: 0010:default_idle+0x28/0x300
[ 26.164779][ C1] Code: cc cc 41 56 41 55 65 44 8b 2d 44 77 72 7a 41 54 55 53 0f 1f 44 00 00 e8 b6 62 b5 fb e9 07 00 00 00 0f 00 2d ea 0c 53 00 fb f4 <65> 44 8b 2d 20 77 72 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
[ 26.184518][ C1] RSP: 0018:ffff8881da22fda8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 26.192947][ C1] RAX: 0000000000000007 RBX: ffff8881da213100 RCX: 0000000000000000
[ 26.200917][ C1] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffff8881da21394c
[ 26.209481][ C1] RBP: ffffed103b442620 R08: ffff8881da213100 R09: 0000000000000000
[ 26.217446][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
[ 26.225407][ C1] R13: 0000000000000001 R14: ffffffff87e607c0 R15: 0000000000000000
[ 26.233383][ C1] ? default_idle+0x1a/0x300
[ 26.237954][ C1] do_idle+0x3e0/0x500
[ 26.242005][ C1] ? __wake_up_common+0x147/0x650
[ 26.247019][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 26.252022][ C1] ? _raw_spin_unlock_irqrestore+0x39/0x40
[ 26.257808][ C1] ? lockdep_hardirqs_on+0x382/0x580
[ 26.263089][ C1] cpu_startup_entry+0x14/0x20
[ 26.267843][ C1] start_secondary+0x2a4/0x390
[ 26.272584][ C1] ? set_cpu_sibling_map+0x1e90/0x1e90
[ 26.278023][ C1] secondary_startup_64+0xb6/0xc0
[ 26.283032][ C1]
[ 26.285471][ C1] Allocated by task 0:
[ 26.289515][ C1] (stack is not available)
[ 26.293960][ C1]
[ 26.296279][ C1] Freed by task 0:
[ 26.299985][ C1] (stack is not available)
[ 26.304383][ C1]
[ 26.306738][ C1] The buggy address belongs to the object at ffff8881ce456000
[ 26.306738][ C1] which belongs to the cache kmalloc-2k of size 2048
[ 26.320792][ C1] The buggy address is located 1248 bytes inside of
[ 26.320792][ C1] 2048-byte region [ffff8881ce456000, ffff8881ce456800)
[ 26.334215][ C1] The buggy address belongs to the page:
[ 26.339931][ C1] page:ffffea0007391400 refcount:1 mapcount:0 mapping:ffff8881da00c000 index:0x0 compound_mapcount: 0
[ 26.350838][ C1] flags: 0x200000000010200(slab|head)
[ 26.356195][ C1] raw: 0200000000010200 dead000000000100 dead000000000122 ffff8881da00c000
[ 26.364873][ C1] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 26.373444][ C1] page dumped because: kasan: bad access detected
[ 26.379864][ C1]
[ 26.382189][ C1] Memory state around the buggy address:
[ 26.387814][ C1] ffff8881ce456380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 26.395858][ C1] ffff8881ce456400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 26.403901][ C1] >ffff8881ce456480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 26.411949][ C1] ^
[ 26.419123][ C1] ffff8881ce456500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 26.427169][ C1] ffff8881ce456580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 26.435217][ C1] ==================================================================
[ 26.443254][ C1] Disabling lock debugging due to kernel taint
[ 26.449447][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 26.456023][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 5.6.0-rc5-syzkaller #0
[ 26.465272][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 26.475316][ C1] Call Trace:
[ 26.478581][ C1]
[ 26.481422][ C1] dump_stack+0xef/0x16e
[ 26.485642][ C1] panic+0x2aa/0x6e1
[ 26.489523][ C1] ? add_taint.cold+0x16/0x16
[ 26.494191][ C1] ? print_shadow_for_address+0xb8/0x114
[ 26.499812][ C1] ? trace_hardirqs_off+0x50/0x200
[ 26.504918][ C1] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 26.510179][ C1] end_report+0x43/0x49
[ 26.514317][ C1] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 26.519328][ C1] __kasan_report.cold+0x55/0x77
[ 26.524342][ C1] ? do_raw_spin_lock+0x61/0x290
[ 26.529270][ C1] ? ath9k_htc_rx_msg+0xa25/0xaf0
[ 26.534268][ C1] kasan_report+0xe/0x20
[ 26.538497][ C1] ath9k_htc_rx_msg+0xa25/0xaf0
[ 26.543324][ C1] ath9k_hif_usb_reg_in_cb+0x1ba/0x630
[ 26.548772][ C1] ? trace_hardirqs_off+0x50/0x200
[ 26.553888][ C1] __usb_hcd_giveback_urb+0x29a/0x550
[ 26.559250][ C1] usb_hcd_giveback_urb+0x368/0x420
[ 26.564465][ C1] dummy_timer+0x1258/0x32ae
[ 26.569040][ C1] ? dummy_udc_probe+0x930/0x930
[ 26.573989][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 26.579537][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 26.584803][ C1] call_timer_fn+0x195/0x6f0
[ 26.589372][ C1] ? dummy_udc_probe+0x930/0x930
[ 26.594290][ C1] ? msleep_interruptible+0x130/0x130
[ 26.599652][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 26.605280][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 26.610546][ C1] ? _raw_spin_unlock_irq+0x1f/0x30
[ 26.615740][ C1] ? dummy_udc_probe+0x930/0x930
[ 26.620676][ C1] run_timer_softirq+0x5f9/0x1500
[ 26.625684][ C1] ? add_timer+0x7a0/0x7a0
[ 26.630082][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 26.635665][ C1] ? rcu_read_lock_bh_held+0xb0/0xb0
[ 26.640954][ C1] __do_softirq+0x21e/0x950
[ 26.645437][ C1] irq_exit+0x178/0x1a0
[ 26.649623][ C1] smp_apic_timer_interrupt+0x141/0x540
[ 26.655199][ C1] apic_timer_interrupt+0xf/0x20
[ 26.660121][ C1]
[ 26.663058][ C1] RIP: 0010:default_idle+0x28/0x300
[ 26.668234][ C1] Code: cc cc 41 56 41 55 65 44 8b 2d 44 77 72 7a 41 54 55 53 0f 1f 44 00 00 e8 b6 62 b5 fb e9 07 00 00 00 0f 00 2d ea 0c 53 00 fb f4 <65> 44 8b 2d 20 77 72 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
[ 26.687961][ C1] RSP: 0018:ffff8881da22fda8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 26.696357][ C1] RAX: 0000000000000007 RBX: ffff8881da213100 RCX: 0000000000000000
[ 26.704317][ C1] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffff8881da21394c
[ 26.712280][ C1] RBP: ffffed103b442620 R08: ffff8881da213100 R09: 0000000000000000
[ 26.720482][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
[ 26.728458][ C1] R13: 0000000000000001 R14: ffffffff87e607c0 R15: 0000000000000000
[ 26.736458][ C1] ? default_idle+0x1a/0x300
[ 26.741063][ C1] do_idle+0x3e0/0x500
[ 26.745124][ C1] ? __wake_up_common+0x147/0x650
[ 26.750386][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 26.755386][ C1] ? _raw_spin_unlock_irqrestore+0x39/0x40
[ 26.761189][ C1] ? lockdep_hardirqs_on+0x382/0x580
[ 26.766474][ C1] cpu_startup_entry+0x14/0x20
[ 26.771238][ C1] start_secondary+0x2a4/0x390
[ 26.776010][ C1] ? set_cpu_sibling_map+0x1e90/0x1e90
[ 26.781454][ C1] secondary_startup_64+0xb6/0xc0
[ 26.787000][ C1] Kernel Offset: disabled
[ 26.791310][ C1] Rebooting in 86400 seconds..