[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.10.54' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 37.866904][ T32] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 38.406556][ T32] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 38.415785][ T32] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 38.423868][ T32] usb 1-1: Product: syz
[ 38.428087][ T32] usb 1-1: Manufacturer: syz
[ 38.432699][ T32] usb 1-1: SerialNumber: syz
[ 38.478141][ T32] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 39.086132][ T32] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 40.115499][ T32] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 40.122756][ T32] ath9k_htc: Failed to initialize the device
[ 40.135598][ C1] ==================================================================
[ 40.143790][ C1] BUG: KASAN: use-after-free in ath9k_hif_usb_rx_cb+0xca2/0x1020
[ 40.151505][ C1] Read of size 4 at addr ffff8881191140c4 by task swapper/1/0
[ 40.158947][ C1]
[ 40.161270][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.11.0-rc1-syzkaller #0
[ 40.169247][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 40.179306][ C1] Call Trace:
[ 40.182571][ C1]
[ 40.185406][ C1] dump_stack+0x107/0x163
[ 40.189751][ C1] ? ath9k_hif_usb_rx_cb+0xca2/0x1020
[ 40.195127][ C1] ? ath9k_hif_usb_rx_cb+0xca2/0x1020
[ 40.200499][ C1] print_address_description.constprop.0.cold+0x5b/0x2f8
[ 40.207532][ C1] ? ath9k_hif_usb_rx_cb+0xca2/0x1020
[ 40.212908][ C1] ? ath9k_hif_usb_rx_cb+0xca2/0x1020
[ 40.218272][ C1] kasan_report.cold+0x79/0xd5
[ 40.223029][ C1] ? ath9k_hif_usb_rx_cb+0xca2/0x1020
[ 40.228415][ C1] ath9k_hif_usb_rx_cb+0xca2/0x1020
[ 40.233623][ C1] ? hif_usb_start+0xa0/0xa0
[ 40.238198][ C1] ? __usb_hcd_giveback_urb+0x413/0x5c0
[ 40.243745][ C1] ? lock_downgrade+0x6d0/0x6d0
[ 40.248586][ C1] __usb_hcd_giveback_urb+0x2b0/0x5c0
[ 40.253961][ C1] usb_hcd_giveback_urb+0x367/0x410
[ 40.259154][ C1] dummy_timer+0x11f4/0x32a0
[ 40.263759][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 40.268513][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 40.273348][ C1] call_timer_fn+0x1a5/0x630
[ 40.277929][ C1] ? timer_fixup_init+0x60/0x60
[ 40.282766][ C1] ? lock_downgrade+0x6d0/0x6d0
[ 40.287603][ C1] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 40.293828][ C1] ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 40.299809][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 40.304598][ C1] __run_timers.part.0+0x67c/0xa10
[ 40.309797][ C1] ? call_timer_fn+0x630/0x630
[ 40.314563][ C1] ? asm_sysvec_reschedule_ipi+0x12/0x20
[ 40.320182][ C1] ? trace_hardirqs_on+0x38/0x1a0
[ 40.325200][ C1] run_timer_softirq+0x80/0x120
[ 40.328439][ T7] usb 1-1: USB disconnect, device number 2
[ 40.330071][ C1] __do_softirq+0x1b7/0x977
[ 40.340473][ C1] asm_call_irq_on_stack+0xf/0x20
[ 40.345524][ C1]
[ 40.348472][ C1] do_softirq_own_stack+0x80/0xa0
[ 40.353522][ C1] irq_exit_rcu+0x110/0x1a0
[ 40.358059][ C1] sysvec_apic_timer_interrupt+0x43/0xa0
executing program
[ 40.364155][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 40.370164][ C1] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[ 40.376005][ C1] Code: 1d 68 95 fb 84 db 75 ac e8 94 61 95 fb e8 df 1b 9b fb e9 0c 00 00 00 e8 85 61 95 fb 0f 00 2d be e4 7d 00 e8 79 61 95 fb fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 54 69 95 fb 48 85 db
[ 40.395636][ C1] RSP: 0018:ffffc900000dfd18 EFLAGS: 00000293
[ 40.401743][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 40.409728][ C1] RDX: ffff8881002c8000 RSI: ffffffff85aa30a7 RDI: ffffffff85aa3091
[ 40.417719][ C1] RBP: ffff888103f38864 R08: 0000000000000001 R09: 0000000000000001
[ 40.425717][ C1] R10: ffffffff81454ca8 R11: 0000000000000000 R12: 0000000000000001
[ 40.433685][ C1] R13: ffff888103f38800 R14: ffff888103f38864 R15: ffff8881067c9804
[ 40.441669][ C1] ? trace_hardirqs_on+0x38/0x1a0
[ 40.446717][ C1] ? acpi_idle_do_entry+0x1c7/0x250
[ 40.451969][ C1] ? acpi_idle_do_entry+0x1b1/0x250
[ 40.457173][ C1] ? acpi_idle_do_entry+0x1c7/0x250
[ 40.462407][ C1] acpi_idle_enter+0x355/0x4f0
[ 40.467162][ C1] cpuidle_enter_state+0x1b1/0xc80
[ 40.472294][ C1] cpuidle_enter+0x4a/0xa0
[ 40.476699][ C1] do_idle+0x3d5/0x580
[ 40.480757][ C1] ? arch_cpu_idle_exit+0x30/0x30
[ 40.485770][ C1] ? lockdep_hardirqs_on_prepare+0x273/0x3e0
[ 40.491738][ C1] ? _raw_spin_unlock_irqrestore+0x34/0x40
[ 40.497530][ C1] ? trace_hardirqs_on+0x5b/0x1a0
[ 40.502539][ C1] cpu_startup_entry+0x14/0x20
[ 40.507291][ C1] start_secondary+0x273/0x350
[ 40.512047][ C1] ? set_cpu_sibling_map+0x2460/0x2460
[ 40.517504][ C1] secondary_startup_64_no_verify+0xb0/0xbb
[ 40.523406][ C1]
[ 40.525733][ C1] general protection fault, probably for non-canonical address 0xdead000000000400: 0000 [#1] SMP KASAN
[ 40.536731][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.11.0-rc1-syzkaller #0
[ 40.544704][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 40.555000][ C1] RIP: 0010:print_address_description.constprop.0.cold+0xbf/0x2f8
[ 40.562798][ C1] Code: 00 48 8b 00 f6 c4 02 0f 84 71 ff ff ff 48 8b 5d 18 b9 0b 00 00 00 b8 11 ff ff 01 48 c1 e1 29 48 c1 e0 27 48 01 e9 48 c1 f9 06 <8b> 73 18 48 c1 e1 0c 48 01 c1 4c 89 e0 48 29 c8 48 99 48 f7 fe 0f
[ 40.582398][ C1] RSP: 0018:ffffc90000148890 EFLAGS: 00010006
[ 40.588577][ C1] RAX: ffff888000000000 RBX: dead000000000400 RCX: 0000000000119114
[ 40.596542][ C1] RDX: ffffea0004644401 RSI: ffffffff812996d3 RDI: fffff52000029104
[ 40.604508][ C1] RBP: ffffea0004644500 R08: 0000000000000000 R09: 0000000000000000
[ 40.612477][ C1] R10: ffffffff8149b8bf R11: 0000000000000000 R12: ffff8881191140c4
[ 40.620448][ C1] R13: ffffffff82fa02f2 R14: ffffffff82fa02f2 R15: 0000000000000000
[ 40.628401][ C1] FS: 0000000000000000(0000) GS:ffff8881f6b00000(0000) knlGS:0000000000000000
[ 40.637318][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 40.643883][ C1] CR2: 0000000020002000 CR3: 0000000106b90000 CR4: 00000000001506e0
[ 40.651841][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 40.659795][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 40.667747][ C1] Call Trace:
[ 40.671008][ C1]
[ 40.673833][ C1] ? ath9k_hif_usb_rx_cb+0xca2/0x1020
[ 40.679206][ C1] ? ath9k_hif_usb_rx_cb+0xca2/0x1020
[ 40.684565][ C1] kasan_report.cold+0x79/0xd5
[ 40.689330][ C1] ? ath9k_hif_usb_rx_cb+0xca2/0x1020
[ 40.694685][ C1] ath9k_hif_usb_rx_cb+0xca2/0x1020
[ 40.699865][ C1] ? hif_usb_start+0xa0/0xa0
[ 40.704454][ C1] ? __usb_hcd_giveback_urb+0x413/0x5c0
[ 40.709996][ C1] ? lock_downgrade+0x6d0/0x6d0
[ 40.714845][ C1] __usb_hcd_giveback_urb+0x2b0/0x5c0
[ 40.720198][ C1] usb_hcd_giveback_urb+0x367/0x410
[ 40.725376][ C1] dummy_timer+0x11f4/0x32a0
[ 40.729969][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 40.734721][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 40.739520][ C1] call_timer_fn+0x1a5/0x630
[ 40.744107][ C1] ? timer_fixup_init+0x60/0x60
[ 40.748952][ C1] ? lock_downgrade+0x6d0/0x6d0
[ 40.753791][ C1] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 40.760019][ C1] ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 40.766437][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 40.771192][ C1] __run_timers.part.0+0x67c/0xa10
[ 40.776290][ C1] ? call_timer_fn+0x630/0x630
[ 40.781037][ C1] ? asm_sysvec_reschedule_ipi+0x12/0x20
[ 40.786655][ C1] ? trace_hardirqs_on+0x38/0x1a0
[ 40.791662][ C1] run_timer_softirq+0x80/0x120
[ 40.796499][ C1] __do_softirq+0x1b7/0x977
[ 40.800995][ C1] asm_call_irq_on_stack+0xf/0x20
[ 40.806005][ C1]
[ 40.808924][ C1] do_softirq_own_stack+0x80/0xa0
[ 40.813950][ C1] irq_exit_rcu+0x110/0x1a0
[ 40.818442][ C1] sysvec_apic_timer_interrupt+0x43/0xa0
[ 40.824061][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 40.830027][ C1] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[ 40.835819][ C1] Code: 1d 68 95 fb 84 db 75 ac e8 94 61 95 fb e8 df 1b 9b fb e9 0c 00 00 00 e8 85 61 95 fb 0f 00 2d be e4 7d 00 e8 79 61 95 fb fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 54 69 95 fb 48 85 db
[ 40.855558][ C1] RSP: 0018:ffffc900000dfd18 EFLAGS: 00000293
[ 40.861618][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 40.869570][ C1] RDX: ffff8881002c8000 RSI: ffffffff85aa30a7 RDI: ffffffff85aa3091
[ 40.877526][ C1] RBP: ffff888103f38864 R08: 0000000000000001 R09: 0000000000000001
[ 40.885478][ C1] R10: ffffffff81454ca8 R11: 0000000000000000 R12: 0000000000000001
[ 40.893447][ C1] R13: ffff888103f38800 R14: ffff888103f38864 R15: ffff8881067c9804
[ 40.904178][ C1] ? trace_hardirqs_on+0x38/0x1a0
[ 40.909192][ C1] ? acpi_idle_do_entry+0x1c7/0x250
[ 40.914386][ C1] ? acpi_idle_do_entry+0x1b1/0x250
[ 40.919566][ C1] ? acpi_idle_do_entry+0x1c7/0x250
[ 40.924749][ C1] acpi_idle_enter+0x355/0x4f0
[ 40.929494][ C1] cpuidle_enter_state+0x1b1/0xc80
[ 40.934589][ C1] cpuidle_enter+0x4a/0xa0
[ 40.939004][ C1] do_idle+0x3d5/0x580
[ 40.943147][ C1] ? arch_cpu_idle_exit+0x30/0x30
[ 40.948172][ C1] ? lockdep_hardirqs_on_prepare+0x273/0x3e0
[ 40.954134][ C1] ? _raw_spin_unlock_irqrestore+0x34/0x40
[ 40.959923][ C1] ? trace_hardirqs_on+0x5b/0x1a0
[ 40.964947][ C1] cpu_startup_entry+0x14/0x20
[ 40.969700][ C1] start_secondary+0x273/0x350
[ 40.974461][ C1] ? set_cpu_sibling_map+0x2460/0x2460
[ 40.979915][ C1] secondary_startup_64_no_verify+0xb0/0xbb
[ 40.985789][ C1] Modules linked in:
[ 40.989667][ C1] ---[ end trace cb7cdd31c473af59 ]---
[ 40.995114][ C1] RIP: 0010:print_address_description.constprop.0.cold+0xbf/0x2f8
[ 41.003019][ C1] Code: 00 48 8b 00 f6 c4 02 0f 84 71 ff ff ff 48 8b 5d 18 b9 0b 00 00 00 b8 11 ff ff 01 48 c1 e1 29 48 c1 e0 27 48 01 e9 48 c1 f9 06 <8b> 73 18 48 c1 e1 0c 48 01 c1 4c 89 e0 48 29 c8 48 99 48 f7 fe 0f
[ 41.022628][ C1] RSP: 0018:ffffc90000148890 EFLAGS: 00010006
[ 41.028675][ C1] RAX: ffff888000000000 RBX: dead000000000400 RCX: 0000000000119114
[ 41.036628][ C1] RDX: ffffea0004644401 RSI: ffffffff812996d3 RDI: fffff52000029104
[ 41.044577][ C1] RBP: ffffea0004644500 R08: 0000000000000000 R09: 0000000000000000
[ 41.052528][ C1] R10: ffffffff8149b8bf R11: 0000000000000000 R12: ffff8881191140c4
[ 41.060480][ C1] R13: ffffffff82fa02f2 R14: ffffffff82fa02f2 R15: 0000000000000000
[ 41.068438][ C1] FS: 0000000000000000(0000) GS:ffff8881f6b00000(0000) knlGS:0000000000000000
[ 41.077351][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 41.083933][ C1] CR2: 0000000020002000 CR3: 0000000106b90000 CR4: 00000000001506e0
[ 41.091900][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 41.099850][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 41.107802][ C1] Kernel panic - not syncing: Fatal exception in interrupt
[ 41.115552][ C1] Kernel Offset: disabled
[ 41.119867][ C1] Rebooting in 86400 seconds..