[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Debian GNU/Linux 9 syzkaller ttyS0
syzkaller login: [ 24.497137][ T4349] bash (4349) used greatest stack depth: 23512 bytes left
Warning: Permanently added '10.128.0.186' (ECDSA) to the list of known hosts.
executing program
[ 31.357401][ T2645] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 31.887182][ T2645] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 31.896288][ T2645] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 31.904307][ T2645] usb 1-1: Product: syz
[ 31.908577][ T2645] usb 1-1: Manufacturer: syz
[ 31.913145][ T2645] usb 1-1: SerialNumber: syz
[ 31.958649][ T2645] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 32.536713][ T2645] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 32.956498][ C0] ==================================================================
[ 32.964649][ C0] BUG: KASAN: slab-out-of-bounds in ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 32.972684][ C0] Read of size 41740 at addr ffff88810bf10000 by task swapper/0/0
[ 32.980473][ C0]
[ 32.982807][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.0-rc1-syzkaller #0
[ 32.990752][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 33.000788][ C0] Call Trace:
[ 33.004052][ C0]
[ 33.006881][ C0] dump_stack+0x107/0x163
[ 33.011189][ C0] ? ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 33.016580][ C0] ? ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 33.021928][ C0] print_address_description.constprop.0.cold+0xae/0x4c8
[ 33.028987][ C0] ? lock_acquire+0x1a7/0x870
[ 33.033643][ C0] ? ath9k_hif_usb_rx_cb+0x244/0x1020
[ 33.038997][ C0] ? vprintk_func+0x93/0x140
[ 33.043563][ C0] ? ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 33.048933][ C0] ? ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 33.054323][ C0] kasan_report.cold+0x1f/0x37
[ 33.059082][ C0] ? spin_bug+0xd0/0x100
[ 33.063316][ C0] ? ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 33.068666][ C0] check_memory_region+0x13d/0x180
[ 33.073752][ C0] memcpy+0x20/0x60
[ 33.077534][ C0] ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 33.082709][ C0] ? lock_acquire+0x1a7/0x870
[ 33.087498][ C0] ? hif_usb_start+0xa0/0xa0
[ 33.092063][ C0] ? __usb_hcd_giveback_urb+0x302/0x560
[ 33.097584][ C0] ? lock_downgrade+0x6d0/0x6d0
[ 33.102435][ C0] __usb_hcd_giveback_urb+0x32d/0x560
[ 33.107805][ C0] usb_hcd_giveback_urb+0x367/0x410
[ 33.112979][ C0] dummy_timer+0x11f4/0x3280
[ 33.117541][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 33.122277][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 33.127010][ C0] call_timer_fn+0x1a5/0x630
[ 33.131573][ C0] ? timer_fixup_init+0x60/0x60
[ 33.136398][ C0] ? lock_downgrade+0x6d0/0x6d0
[ 33.141224][ C0] ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 33.147175][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 33.151928][ C0] __run_timers.part.0+0x67c/0xa10
[ 33.157013][ C0] ? call_timer_fn+0x630/0x630
[ 33.161751][ C0] ? clockevents_program_event+0x12b/0x350
[ 33.167569][ C0] ? tick_program_event+0xa8/0x130
[ 33.172648][ C0] run_timer_softirq+0x80/0x120
[ 33.177470][ C0] __do_softirq+0x1b2/0x945
[ 33.181948][ C0] asm_call_irq_on_stack+0xf/0x20
[ 33.186941][ C0]
[ 33.189856][ C0] do_softirq_own_stack+0x80/0xa0
[ 33.194854][ C0] irq_exit_rcu+0x110/0x1a0
[ 33.199331][ C0] sysvec_apic_timer_interrupt+0x43/0xa0
[ 33.204952][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 33.210922][ C0] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[ 33.216699][ C0] Code: bd 13 a1 fb 84 db 75 ac e8 64 1b a1 fb e8 8f c1 a6 fb e9 0c 00 00 00 e8 55 1b a1 fb 0f 00 2d 1e be 69 00 e8 49 1b a1 fb fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 e4 13 a1 fb 48 85 db
[ 33.236794][ C0] RSP: 0018:ffffffff87007d60 EFLAGS: 00000293
[ 33.242834][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff1079e01
[ 33.250798][ C0] RDX: ffffffff87031000 RSI: ffffffff859daf27 RDI: ffffffff859daf11
[ 33.258746][ C0] RBP: ffff888103980864 R08: 0000000000000001 R09: 0000000000000001
[ 33.266699][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[ 33.274641][ C0] R13: ffff888103980800 R14: ffff888103980864 R15: ffff88810545e804
[ 33.282588][ C0] ? acpi_idle_do_entry+0x1c7/0x250
[ 33.287759][ C0] ? acpi_idle_do_entry+0x1b1/0x250
[ 33.292945][ C0] acpi_idle_enter+0x355/0x4f0
[ 33.297686][ C0] cpuidle_enter_state+0x1b1/0xc80
[ 33.302771][ C0] cpuidle_enter+0x4a/0xa0
[ 33.307160][ C0] do_idle+0x3d5/0x580
[ 33.311198][ C0] ? arch_cpu_idle_exit+0x40/0x40
[ 33.316192][ C0] ? schedule+0xdf/0x270
[ 33.320414][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe
[ 33.326641][ C0] cpu_startup_entry+0x14/0x20
[ 33.331378][ C0] start_kernel+0x472/0x493
[ 33.335862][ C0] secondary_startup_64_no_verify+0xa6/0xab
[ 33.341730][ C0]
[ 33.344029][ C0] The buggy address belongs to the page:
[ 33.349663][ C0] page:00000000dfda5045 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10bf10
[ 33.359870][ C0] head:00000000dfda5045 order:3 compound_mapcount:0 compound_pincount:0
[ 33.368165][ C0] flags: 0x200000000010000(head)
[ 33.373077][ C0] raw: 0200000000010000 dead000000000100 dead000000000122 0000000000000000
[ 33.381644][ C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 33.390195][ C0] page dumped because: kasan: bad access detected
[ 33.396574][ C0]
[ 33.398890][ C0] Memory state around the buggy address:
[ 33.404494][ C0] ffff88810bf18380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 33.412528][ C0] ffff88810bf18400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 33.420578][ C0] >ffff88810bf18480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 33.428610][ C0] ^
[ 33.436555][ C0] ffff88810bf18500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00
[ 33.444586][ C0] ffff88810bf18580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 33.452615][ C0] ==================================================================
[ 33.460643][ C0] Disabling lock debugging due to kernel taint
[ 33.466759][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 33.473314][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 5.10.0-rc1-syzkaller #0
[ 33.482657][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 33.492677][ C0] Call Trace:
[ 33.495930][ C0]
[ 33.498752][ C0] dump_stack+0x107/0x163
[ 33.503050][ C0] ? ath9k_hif_usb_rx_cb+0x300/0x1020
[ 33.508390][ C0] panic+0x306/0x73d
[ 33.512256][ C0] ? __warn_printk+0xf3/0xf3
[ 33.516815][ C0] ? do_raw_spin_unlock+0x50/0x230
[ 33.521891][ C0] ? ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 33.527227][ C0] ? ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 33.532672][ C0] end_report+0x58/0x5e
[ 33.536796][ C0] kasan_report.cold+0xd/0x37
[ 33.541441][ C0] ? spin_bug+0xd0/0x100
[ 33.545650][ C0] ? ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 33.550990][ C0] check_memory_region+0x13d/0x180
[ 33.556075][ C0] memcpy+0x20/0x60
[ 33.559855][ C0] ath9k_hif_usb_rx_cb+0x3ab/0x1020
[ 33.565021][ C0] ? lock_acquire+0x1a7/0x870
[ 33.569666][ C0] ? hif_usb_start+0xa0/0xa0
[ 33.574223][ C0] ? __usb_hcd_giveback_urb+0x302/0x560
[ 33.579736][ C0] ? lock_downgrade+0x6d0/0x6d0
[ 33.584554][ C0] __usb_hcd_giveback_urb+0x32d/0x560
[ 33.589891][ C0] usb_hcd_giveback_urb+0x367/0x410
[ 33.595060][ C0] dummy_timer+0x11f4/0x3280
[ 33.599622][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 33.604353][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 33.609083][ C0] call_timer_fn+0x1a5/0x630
[ 33.613640][ C0] ? timer_fixup_init+0x60/0x60
[ 33.618458][ C0] ? lock_downgrade+0x6d0/0x6d0
[ 33.623275][ C0] ? lockdep_hardirqs_on_prepare+0x129/0x3e0
[ 33.629233][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 33.633964][ C0] __run_timers.part.0+0x67c/0xa10
[ 33.639045][ C0] ? call_timer_fn+0x630/0x630
[ 33.643780][ C0] ? clockevents_program_event+0x12b/0x350
[ 33.649566][ C0] ? tick_program_event+0xa8/0x130
[ 33.654648][ C0] run_timer_softirq+0x80/0x120
[ 33.659485][ C0] __do_softirq+0x1b2/0x945
[ 33.663957][ C0] asm_call_irq_on_stack+0xf/0x20
[ 33.668947][ C0]
[ 33.671871][ C0] do_softirq_own_stack+0x80/0xa0
[ 33.676869][ C0] irq_exit_rcu+0x110/0x1a0
[ 33.681340][ C0] sysvec_apic_timer_interrupt+0x43/0xa0
[ 33.686941][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 33.692911][ C0] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[ 33.698685][ C0] Code: bd 13 a1 fb 84 db 75 ac e8 64 1b a1 fb e8 8f c1 a6 fb e9 0c 00 00 00 e8 55 1b a1 fb 0f 00 2d 1e be 69 00 e8 49 1b a1 fb fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 e4 13 a1 fb 48 85 db
[ 33.718256][ C0] RSP: 0018:ffffffff87007d60 EFLAGS: 00000293
[ 33.724291][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffffffff1079e01
[ 33.732235][ C0] RDX: ffffffff87031000 RSI: ffffffff859daf27 RDI: ffffffff859daf11
[ 33.740176][ C0] RBP: ffff888103980864 R08: 0000000000000001 R09: 0000000000000001
[ 33.748117][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[ 33.756057][ C0] R13: ffff888103980800 R14: ffff888103980864 R15: ffff88810545e804
[ 33.763998][ C0] ? acpi_idle_do_entry+0x1c7/0x250
[ 33.769161][ C0] ? acpi_idle_do_entry+0x1b1/0x250
[ 33.774328][ C0] acpi_idle_enter+0x355/0x4f0
[ 33.779062][ C0] cpuidle_enter_state+0x1b1/0xc80
[ 33.784141][ C0] cpuidle_enter+0x4a/0xa0
[ 33.788526][ C0] do_idle+0x3d5/0x580
[ 33.792569][ C0] ? arch_cpu_idle_exit+0x40/0x40
[ 33.797564][ C0] ? schedule+0xdf/0x270
[ 33.801777][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe
[ 33.807996][ C0] cpu_startup_entry+0x14/0x20
[ 33.812731][ C0] start_kernel+0x472/0x493
[ 33.817205][ C0] secondary_startup_64_no_verify+0xa6/0xab
[ 33.823653][ C0] Kernel Offset: disabled
[ 33.827960][ C0] Rebooting in 86400 seconds..