[ 13.252976][ C1] random: 7 urandom warning(s) missed due to ratelimiting
[�[0;32m OK �[0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 24.356497][ T72] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 24.876398][ T72] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 24.885546][ T72] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 24.893623][ T72] usb 1-1: Product: syz
[ 24.897867][ T72] usb 1-1: Manufacturer: syz
[ 24.902449][ T72] usb 1-1: SerialNumber: syz
[ 24.947567][ T72] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 25.566043][ T72] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 26.005827][ C1] ==================================================================
[ 26.014001][ C1] BUG: KASAN: use-after-free in ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 26.021625][ C1] Read of size 48856 at addr ffff8881cd938000 by task swapper/1/0
[ 26.029398][ C1]
[ 26.031706][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.9.0-syzkaller #0
[ 26.039219][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 26.049255][ C1] Call Trace:
[ 26.052522][ C1] <IRQ>
[ 26.057789][ C1] dump_stack+0x107/0x163
[ 26.062103][ C1] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 26.067365][ C1] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 26.072628][ C1] print_address_description.constprop.0+0x1c/0x210
[ 26.079193][ C1] ? lock_acquire+0x1a7/0x830
[ 26.083856][ C1] ? ath9k_hif_usb_rx_cb+0x23e/0xf80
[ 26.089119][ C1] ? vprintk_func+0x93/0x140
[ 26.093697][ C1] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 26.098970][ C1] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 26.104253][ C1] kasan_report.cold+0x37/0x7c
[ 26.109013][ C1] ? rwlock_bug.part.0+0x40/0x90
[ 26.113933][ C1] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 26.119199][ C1] check_memory_region+0xf4/0x1c0
[ 26.124205][ C1] memcpy+0x20/0x60
[ 26.128013][ C1] ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 26.133106][ C1] ? lock_acquire+0x1a7/0x830
[ 26.137761][ C1] ? kcov_remote_start+0xce/0x400
[ 26.142774][ C1] ? hif_usb_start+0xa0/0xa0
[ 26.147354][ C1] ? __usb_hcd_giveback_urb+0x302/0x560
[ 26.152900][ C1] ? lock_downgrade+0x6d0/0x6d0
[ 26.157733][ C1] __usb_hcd_giveback_urb+0x32d/0x560
[ 26.163098][ C1] usb_hcd_giveback_urb+0x367/0x410
[ 26.168279][ C1] dummy_timer+0x11f2/0x3240
[ 26.172848][ C1] ? __lock_acquire+0x16ae/0x5a60
[ 26.177853][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 26.182606][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 26.187357][ C1] call_timer_fn+0x1a5/0x630
[ 26.192186][ C1] ? timer_fixup_init+0x60/0x60
[ 26.197022][ C1] ? lock_downgrade+0x6d0/0x6d0
[ 26.201877][ C1] ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 26.207840][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 26.212604][ C1] __run_timers.part.0+0x67c/0xa10
[ 26.217704][ C1] ? call_timer_fn+0x630/0x630
[ 26.222467][ C1] ? lapic_next_event+0x4d/0x80
[ 26.227299][ C1] ? clockevents_program_event+0x12b/0x350
[ 26.233094][ C1] ? tick_program_event+0xa8/0x130
[ 26.238190][ C1] ? hrtimer_interrupt+0x6c0/0x8f0
[ 26.243293][ C1] run_timer_softirq+0x80/0x120
[ 26.248132][ C1] __do_softirq+0x1b1/0x8d1
[ 26.252621][ C1] asm_call_irq_on_stack+0xf/0x20
[ 26.257627][ C1] </IRQ>
[ 26.260581][ C1] do_softirq_own_stack+0x80/0xa0
[ 26.265603][ C1] irq_exit_rcu+0x110/0x1a0
[ 26.270085][ C1] sysvec_apic_timer_interrupt+0x43/0xa0
[ 26.275703][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 26.281660][ C1] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[ 26.287441][ C1] Code: 4d ce 83 fb 84 db 75 ac e8 d4 d5 83 fb e8 ff 69 89 fb e9 0c 00 00 00 e8 c5 d5 83 fb 0f 00 2d 9e ac 69 00 e8 b9 d5 83 fb fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 74 ce 83 fb 48 85 db
[ 26.307034][ C1] RSP: 0018:ffff8881da257d18 EFLAGS: 00000293
[ 26.313105][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff103af21
[ 26.321055][ C1] RDX: ffff8881da23b280 RSI: ffffffff85bb48e7 RDI: ffffffff85bb48d1
[ 26.329017][ C1] RBP: ffff8881d8d4a064 R08: 0000000000000001 R09: 0000000000000001
[ 26.337023][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[ 26.345014][ C1] R13: ffff8881d8d4a000 R14: ffff8881d8d4a064 R15: ffff8881d6f18804
[ 26.352987][ C1] ? acpi_idle_do_entry+0x1c7/0x250
[ 26.358182][ C1] ? acpi_idle_do_entry+0x1b1/0x250
[ 26.363359][ C1] ? acpi_idle_do_entry+0x1c7/0x250
[ 26.368543][ C1] acpi_idle_enter+0x337/0x490
[ 26.373284][ C1] cpuidle_enter_state+0x1a2/0xa80
[ 26.378385][ C1] ? tick_nohz_idle_stop_tick+0x526/0xa90
[ 26.384086][ C1] cpuidle_enter+0x4a/0xa0
[ 26.388482][ C1] do_idle+0x3d5/0x580
[ 26.392537][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 26.397548][ C1] ? lockdep_hardirqs_on_prepare+0x273/0x3e0
[ 26.403515][ C1] ? _raw_spin_unlock_irqrestore+0x34/0x40
[ 26.409298][ C1] ? trace_hardirqs_on+0x5b/0x1a0
[ 26.414302][ C1] cpu_startup_entry+0x14/0x20
[ 26.419049][ C1] start_secondary+0x25b/0x320
[ 26.423801][ C1] ? set_cpu_sibling_map+0x1ff0/0x1ff0
[ 26.429240][ C1] secondary_startup_64_no_verify+0xb8/0xbb
[ 26.435541][ C1]
[ 26.437855][ C1] The buggy address belongs to the page:
[ 26.443477][ C1] page:00000000fcd1433e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1cd938
[ 26.453734][ C1] head:00000000fcd1433e order:3 compound_mapcount:0 compound_pincount:0
[ 26.462038][ C1] flags: 0x200000000010000(head)
[ 26.466963][ C1] raw: 0200000000010000 dead000000000100 dead000000000122 0000000000000000
[ 26.475536][ C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 26.484099][ C1] page dumped because: kasan: bad access detected
[ 26.490484][ C1]
[ 26.492786][ C1] Memory state around the buggy address:
[ 26.498392][ C1] ffff8881cd93ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 26.506444][ C1] ffff8881cd93ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 26.514497][ C1] >ffff8881cd940000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 26.522540][ C1] ^
[ 26.526594][ C1] ffff8881cd940080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 26.534644][ C1] ffff8881cd940100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 26.542682][ C1] ==================================================================
[ 26.550723][ C1] Disabling lock debugging due to kernel taint
[ 26.557814][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 26.564375][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 5.9.0-syzkaller #0
[ 26.573280][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 26.583310][ C1] Call Trace:
[ 26.586582][ C1] <IRQ>
[ 26.589454][ C1] dump_stack+0x107/0x163
[ 26.593774][ C1] ? ath9k_hif_usb_rx_cb+0x2c0/0xf80
[ 26.599031][ C1] panic+0x2cb/0x702
[ 26.602955][ C1] ? __warn_printk+0xf3/0xf3
[ 26.607532][ C1] ? do_raw_spin_unlock+0x50/0x1f0
[ 26.612631][ C1] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 26.617887][ C1] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 26.623148][ C1] end_report+0x58/0x5e
[ 26.627276][ C1] kasan_report.cold+0x72/0x7c
[ 26.632012][ C1] ? rwlock_bug.part.0+0x40/0x90
[ 26.636922][ C1] ? ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 26.642193][ C1] check_memory_region+0xf4/0x1c0
[ 26.647188][ C1] memcpy+0x20/0x60
[ 26.650985][ C1] ath9k_hif_usb_rx_cb+0x3a8/0xf80
[ 26.656080][ C1] ? lock_acquire+0x1a7/0x830
[ 26.660736][ C1] ? kcov_remote_start+0xce/0x400
[ 26.665734][ C1] ? hif_usb_start+0xa0/0xa0
[ 26.670300][ C1] ? __usb_hcd_giveback_urb+0x302/0x560
[ 26.675822][ C1] ? lock_downgrade+0x6d0/0x6d0
[ 26.680647][ C1] __usb_hcd_giveback_urb+0x32d/0x560
[ 26.686011][ C1] usb_hcd_giveback_urb+0x367/0x410
[ 26.691196][ C1] dummy_timer+0x11f2/0x3240
[ 26.695762][ C1] ? __lock_acquire+0x16ae/0x5a60
[ 26.700774][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 26.705523][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 26.710267][ C1] call_timer_fn+0x1a5/0x630
[ 26.714835][ C1] ? timer_fixup_init+0x60/0x60
[ 26.719662][ C1] ? lock_downgrade+0x6d0/0x6d0
[ 26.724529][ C1] ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 26.730485][ C1] ? dummy_dequeue+0x4c0/0x4c0
[ 26.735221][ C1] __run_timers.part.0+0x67c/0xa10
[ 26.740309][ C1] ? call_timer_fn+0x630/0x630
[ 26.745061][ C1] ? lapic_next_event+0x4d/0x80
[ 26.750604][ C1] ? clockevents_program_event+0x12b/0x350
[ 26.756494][ C1] ? tick_program_event+0xa8/0x130
[ 26.761590][ C1] ? hrtimer_interrupt+0x6c0/0x8f0
[ 26.766685][ C1] run_timer_softirq+0x80/0x120
[ 26.771509][ C1] __do_softirq+0x1b1/0x8d1
[ 26.775994][ C1] asm_call_irq_on_stack+0xf/0x20
[ 26.780986][ C1] </IRQ>
[ 26.783904][ C1] do_softirq_own_stack+0x80/0xa0
[ 26.788909][ C1] irq_exit_rcu+0x110/0x1a0
[ 26.793406][ C1] sysvec_apic_timer_interrupt+0x43/0xa0
[ 26.799023][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 26.804979][ C1] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[ 26.810755][ C1] Code: 4d ce 83 fb 84 db 75 ac e8 d4 d5 83 fb e8 ff 69 89 fb e9 0c 00 00 00 e8 c5 d5 83 fb 0f 00 2d 9e ac 69 00 e8 b9 d5 83 fb fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 74 ce 83 fb 48 85 db
[ 26.831296][ C1] RSP: 0018:ffff8881da257d18 EFLAGS: 00000293
[ 26.837345][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff103af21
[ 26.845289][ C1] RDX: ffff8881da23b280 RSI: ffffffff85bb48e7 RDI: ffffffff85bb48d1
[ 26.853242][ C1] RBP: ffff8881d8d4a064 R08: 0000000000000001 R09: 0000000000000001
[ 26.861186][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[ 26.869132][ C1] R13: ffff8881d8d4a000 R14: ffff8881d8d4a064 R15: ffff8881d6f18804
[ 26.877182][ C1] ? acpi_idle_do_entry+0x1c7/0x250
[ 26.882360][ C1] ? acpi_idle_do_entry+0x1b1/0x250
[ 26.887543][ C1] ? acpi_idle_do_entry+0x1c7/0x250
[ 26.892721][ C1] acpi_idle_enter+0x337/0x490
[ 26.897458][ C1] cpuidle_enter_state+0x1a2/0xa80
[ 26.902550][ C1] ? tick_nohz_idle_stop_tick+0x526/0xa90
[ 26.908238][ C1] cpuidle_enter+0x4a/0xa0
[ 26.912627][ C1] do_idle+0x3d5/0x580
[ 26.916678][ C1] ? arch_cpu_idle_exit+0x40/0x40
[ 26.921686][ C1] ? lockdep_hardirqs_on_prepare+0x273/0x3e0
[ 26.927645][ C1] ? _raw_spin_unlock_irqrestore+0x34/0x40
[ 26.933431][ C1] ? trace_hardirqs_on+0x5b/0x1a0
[ 26.938429][ C1] cpu_startup_entry+0x14/0x20
[ 26.943164][ C1] start_secondary+0x25b/0x320
[ 26.947898][ C1] ? set_cpu_sibling_map+0x1ff0/0x1ff0
[ 26.953338][ C1] secondary_startup_64_no_verify+0xb8/0xbb
[ 26.959750][ C1] Kernel Offset: disabled
[ 26.964077][ C1] Rebooting in 86400 seconds..