[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.0.78' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 35.962713][ T5] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 36.262767][ T5] usb 1-1: too many configurations: 49, using maximum allowed: 8
[ 37.082290][ T5] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 37.091396][ T5] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 37.099743][ T5] usb 1-1: Product: syz
[ 37.104174][ T5] usb 1-1: Manufacturer: syz
[ 37.108778][ T5] usb 1-1: SerialNumber: syz
[ 37.155862][ T5] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 37.822007][ T5] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 38.242027][ C0] ==================================================================
[ 38.250511][ C0] BUG: KASAN: use-after-free in ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 38.258375][ C0] Read of size 41740 at addr ffff888101f70000 by task swapper/0/0
[ 38.266164][ C0]
[ 38.268488][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.0-rc1-syzkaller #0
[ 38.276461][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 38.286520][ C0] Call Trace:
[ 38.289808][ C0]
[ 38.292709][ C0] dump_stack+0x107/0x163
[ 38.297025][ C0] ? ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 38.302399][ C0] ? ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 38.307778][ C0] print_address_description.constprop.0.cold+0xae/0x4c8
[ 38.314807][ C0] ? lock_acquire+0x1a7/0x870
[ 38.319471][ C0] ? ath9k_hif_usb_rx_cb+0x244/0x1020
[ 38.324824][ C0] ? vprintk_func+0x93/0x140
[ 38.330182][ C0] ? ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 38.335543][ C0] ? ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 38.340926][ C0] kasan_report.cold+0x1f/0x37
[ 38.345682][ C0] ? spin_bug+0xd0/0x100
[ 38.349918][ C0] ? ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 38.355292][ C0] check_memory_region+0x13d/0x180
[ 38.360406][ C0] memcpy+0x20/0x60
[ 38.364212][ C0] ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 38.369410][ C0] ? lock_acquire+0x1a7/0x870
[ 38.374085][ C0] ? hif_usb_start+0xa0/0xa0
[ 38.378659][ C0] ? __usb_hcd_giveback_urb+0x302/0x560
[ 38.384193][ C0] ? lock_downgrade+0x6d0/0x6d0
[ 38.389039][ C0] __usb_hcd_giveback_urb+0x32d/0x560
[ 38.394399][ C0] usb_hcd_giveback_urb+0x367/0x410
[ 38.399588][ C0] dummy_timer+0x11f4/0x3280
[ 38.404182][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 38.408949][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 38.413700][ C0] call_timer_fn+0x1a5/0x630
[ 38.418286][ C0] ? timer_fixup_init+0x60/0x60
[ 38.423138][ C0] ? lock_downgrade+0x6d0/0x6d0
[ 38.427977][ C0] ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 38.433958][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 38.438889][ C0] __run_timers.part.0+0x67c/0xa10
[ 38.444002][ C0] ? call_timer_fn+0x630/0x630
[ 38.444988][ T53] usb 1-1: USB disconnect, device number 2
[ 38.448776][ C0] ? clockevents_program_event+0x12b/0x350
[ 38.460390][ C0] ? tick_program_event+0xa8/0x130
[ 38.465525][ C0] run_timer_softirq+0x80/0x120
[ 38.470391][ C0] __do_softirq+0x1b2/0x945
[ 38.474944][ C0] asm_call_irq_on_stack+0xf/0x20
[ 38.480004][ C0]
[ 38.482965][ C0] do_softirq_own_stack+0x80/0xa0
[ 38.488008][ C0] irq_exit_rcu+0x110/0x1a0
[ 38.492533][ C0] sysvec_apic_timer_interrupt+0x43/0xa0
[ 38.498182][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 38.504787][ C0] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[ 38.510588][ C0] Code: bd 13 a1 fb 84 db 75 ac e8 64 1b a1 fb e8 8f c1 a6 fb e9 0c 00 00 00 e8 55 1b a1 fb 0f 00 2d 1e be 69 00 e8 49 1b a1 fb fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 e4 13 a1 fb 48 85 db
[ 38.530200][ C0] RSP: 0018:ffffffff87007d60 EFLAGS: 00000293
[ 38.536260][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff1079e01
[ 38.544220][ C0] RDX: ffffffff87031000 RSI: ffffffff859daf27 RDI: ffffffff859daf11
[ 38.552199][ C0] RBP: ffff88810340c864 R08: 0000000000000001 R09: 0000000000000001
[ 38.560176][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[ 38.568140][ C0] R13: ffff88810340c800 R14: ffff88810340c864 R15: ffff888105b2a804
[ 38.576110][ C0] ? acpi_idle_do_entry+0x1c7/0x250
[ 38.581317][ C0] ? acpi_idle_do_entry+0x1b1/0x250
[ 38.586531][ C0] acpi_idle_enter+0x355/0x4f0
[ 38.591292][ C0] cpuidle_enter_state+0x1b1/0xc80
[ 38.596416][ C0] cpuidle_enter+0x4a/0xa0
[ 38.600841][ C0] do_idle+0x3d5/0x580
[ 38.604915][ C0] ? arch_cpu_idle_exit+0x40/0x40
[ 38.609928][ C0] ? schedule+0xdf/0x270
[ 38.614170][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe
[ 38.620413][ C0] cpu_startup_entry+0x14/0x20
[ 38.625180][ C0] start_kernel+0x472/0x493
[ 38.629684][ C0] secondary_startup_64_no_verify+0xa6/0xab
[ 38.635575][ C0]
[ 38.637909][ C0] The buggy address belongs to the page:
[ 38.643533][ C0] page:000000009e2c8f45 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101f70
[ 38.653765][ C0] head:000000009e2c8f45 order:3 compound_mapcount:0 compound_pincount:0
[ 38.662093][ C0] flags: 0x200000000010000(head)
[ 38.667031][ C0] raw: 0200000000010000 dead000000000100 dead000000000122 0000000000000000
[ 38.675607][ C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 38.684190][ C0] page dumped because: kasan: bad access detected
[ 38.690603][ C0]
[ 38.692919][ C0] Memory state around the buggy address:
[ 38.698558][ C0] ffff888101f78f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 38.706622][ C0] ffff888101f78f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 38.714687][ C0] >ffff888101f79000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[ 38.722748][ C0] ^
[ 38.726818][ C0] ffff888101f79080: fa fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc
[ 38.734894][ C0] ffff888101f79100: 00 00 00 00 fc fc fc fc fa fb fb fb fc fc fc fc
[ 38.742952][ C0] ==================================================================
[ 38.751012][ C0] Disabling lock debugging due to kernel taint
[ 38.757165][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 38.763747][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 5.10.0-rc1-syzkaller #0
[ 38.773103][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 38.783139][ C0] Call Trace:
[ 38.786422][ C0]
[ 38.789261][ C0] dump_stack+0x107/0x163
[ 38.793590][ C0] ? ath9k_hif_usb_rx_cb+0x300/0x1020
[ 38.798961][ C0] panic+0x306/0x73d
[ 38.802846][ C0] ? __warn_printk+0xf3/0xf3
[ 38.807439][ C0] ? do_raw_spin_unlock+0x50/0x230
[ 38.812537][ C0] ? ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 38.817903][ C0] ? ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 38.823279][ C0] end_report+0x58/0x5e
[ 38.827421][ C0] kasan_report.cold+0xd/0x37
[ 38.832100][ C0] ? spin_bug+0xd0/0x100
[ 38.836765][ C0] ? ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 38.842123][ C0] check_memory_region+0x13d/0x180
[ 38.847262][ C0] memcpy+0x20/0x60
[ 38.851061][ C0] ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 38.856440][ C0] ? lock_acquire+0x1a7/0x870
[ 38.861108][ C0] ? hif_usb_start+0xa0/0xa0
[ 38.865692][ C0] ? __usb_hcd_giveback_urb+0x302/0x560
[ 38.871246][ C0] ? lock_downgrade+0x6d0/0x6d0
[ 38.876099][ C0] __usb_hcd_giveback_urb+0x32d/0x560
[ 38.881475][ C0] usb_hcd_giveback_urb+0x367/0x410
[ 38.886684][ C0] dummy_timer+0x11f4/0x3280
[ 38.891271][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 38.896052][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 38.900816][ C0] call_timer_fn+0x1a5/0x630
[ 38.905399][ C0] ? timer_fixup_init+0x60/0x60
[ 38.910248][ C0] ? lock_downgrade+0x6d0/0x6d0
[ 38.915088][ C0] ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 38.921056][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 38.925839][ C0] __run_timers.part.0+0x67c/0xa10
[ 38.930942][ C0] ? call_timer_fn+0x630/0x630
[ 38.935698][ C0] ? clockevents_program_event+0x12b/0x350
[ 38.941510][ C0] ? tick_program_event+0xa8/0x130
[ 38.946619][ C0] run_timer_softirq+0x80/0x120
[ 38.951481][ C0] __do_softirq+0x1b2/0x945
[ 38.955980][ C0] asm_call_irq_on_stack+0xf/0x20
[ 38.960984][ C0]
[ 38.963978][ C0] do_softirq_own_stack+0x80/0xa0
[ 38.969030][ C0] irq_exit_rcu+0x110/0x1a0
[ 38.973551][ C0] sysvec_apic_timer_interrupt+0x43/0xa0
[ 38.979198][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 38.985197][ C0] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[ 38.991002][ C0] Code: bd 13 a1 fb 84 db 75 ac e8 64 1b a1 fb e8 8f c1 a6 fb e9 0c 00 00 00 e8 55 1b a1 fb 0f 00 2d 1e be 69 00 e8 49 1b a1 fb fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 e4 13 a1 fb 48 85 db
[ 39.010807][ C0] RSP: 0018:ffffffff87007d60 EFLAGS: 00000293
[ 39.016872][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff1079e01
[ 39.026150][ C0] RDX: ffffffff87031000 RSI: ffffffff859daf27 RDI: ffffffff859daf11
[ 39.034149][ C0] RBP: ffff88810340c864 R08: 0000000000000001 R09: 0000000000000001
[ 39.042395][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[ 39.050584][ C0] R13: ffff88810340c800 R14: ffff88810340c864 R15: ffff888105b2a804
[ 39.058554][ C0] ? acpi_idle_do_entry+0x1c7/0x250
[ 39.063753][ C0] ? acpi_idle_do_entry+0x1b1/0x250
[ 39.068992][ C0] acpi_idle_enter+0x355/0x4f0
[ 39.073769][ C0] cpuidle_enter_state+0x1b1/0xc80
[ 39.078880][ C0] cpuidle_enter+0x4a/0xa0
[ 39.083295][ C0] do_idle+0x3d5/0x580
[ 39.087363][ C0] ? arch_cpu_idle_exit+0x40/0x40
[ 39.092375][ C0] ? schedule+0xdf/0x270
[ 39.096628][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe
[ 39.102972][ C0] cpu_startup_entry+0x14/0x20
[ 39.107749][ C0] start_kernel+0x472/0x493
[ 39.113006][ C0] secondary_startup_64_no_verify+0xa6/0xab
[ 39.119559][ C0] Kernel Offset: disabled
[ 39.123911][ C0] Rebooting in 86400 seconds..