[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.0.81' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 66.814771][ T8] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 67.095028][ T8] usb 1-1: too many configurations: 49, using maximum allowed: 8
[ 67.894684][ T8] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 67.903873][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 67.912915][ T8] usb 1-1: Product: syz
[ 67.917688][ T8] usb 1-1: Manufacturer: syz
[ 67.922270][ T8] usb 1-1: SerialNumber: syz
[ 67.966705][ T8] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 68.624557][ T8] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 69.044574][ C0] ==================================================================
[ 69.052815][ C0] BUG: KASAN: slab-out-of-bounds in ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 69.060897][ C0] Read of size 41740 at addr ffff88801a768000 by task swapper/0/0
[ 69.068686][ C0]
[ 69.071000][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.12.0-rc7-next-20210415-syzkaller #0
[ 69.080177][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 69.090216][ C0] Call Trace:
[ 69.093480][ C0]
[ 69.096313][ C0] dump_stack+0x141/0x1d7
[ 69.100988][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 69.106363][ C0] print_address_description.constprop.0.cold+0x5b/0x2f8
[ 69.113386][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 69.118752][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 69.124106][ C0] kasan_report.cold+0x7c/0xd8
[ 69.128856][ C0] ? spin_bug+0x100/0x100
[ 69.133171][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 69.138590][ C0] kasan_check_range+0x13d/0x180
[ 69.143564][ C0] memcpy+0x20/0x60
[ 69.147362][ C0] ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 69.152570][ C0] ? hif_usb_start+0xa0/0xa0
[ 69.157151][ C0] ? __usb_hcd_giveback_urb+0x413/0x5c0
[ 69.162685][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 69.167537][ C0] __usb_hcd_giveback_urb+0x2b0/0x5c0
[ 69.172899][ C0] usb_hcd_giveback_urb+0x367/0x410
[ 69.178089][ C0] dummy_timer+0x11f4/0x32a0
[ 69.182688][ C0] ? dummy_dequeue+0x500/0x500
[ 69.187444][ C0] ? dummy_dequeue+0x500/0x500
[ 69.192198][ C0] call_timer_fn+0x1a5/0x6b0
[ 69.196777][ C0] ? add_timer_on+0x4a0/0x4a0
[ 69.201492][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 69.206365][ C0] ? _find_next_bit+0x1e3/0x260
[ 69.211206][ C0] ? _raw_spin_unlock_irq+0x1f/0x40
[ 69.216389][ C0] ? dummy_dequeue+0x500/0x500
[ 69.221142][ C0] __run_timers.part.0+0x67c/0xa50
[ 69.226242][ C0] ? call_timer_fn+0x6b0/0x6b0
[ 69.230989][ C0] ? lapic_next_event+0x4d/0x80
[ 69.235834][ C0] ? kvm_sched_clock_read+0x14/0x40
[ 69.241014][ C0] ? sched_clock_cpu+0x18/0x1f0
[ 69.245853][ C0] run_timer_softirq+0xb3/0x1d0
[ 69.250685][ C0] __do_softirq+0x29b/0x9fe
[ 69.255186][ C0] __irq_exit_rcu+0x136/0x200
[ 69.259846][ C0] irq_exit_rcu+0x5/0x20
[ 69.264070][ C0] sysvec_apic_timer_interrupt+0x93/0xc0
[ 69.269688][ C0]
[ 69.272600][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 69.278564][ C0] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[ 69.284358][ C0] Code: ed 7a 60 f8 84 db 75 ac e8 34 74 60 f8 e8 0f 7a 66 f8 e9 0c 00 00 00 e8 25 74 60 f8 0f 00 2d 9e 0b ba 00 e8 19 74 60 f8 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 24 7c 60 f8 48 85 db
[ 69.303948][ C0] RSP: 0018:ffffffff8bc07d60 EFLAGS: 00000293
[ 69.310003][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 69.318047][ C0] RDX: ffffffff8bcbc540 RSI: ffffffff89140427 RDI: 0000000000000000
[ 69.326000][ C0] RBP: ffff8880160a0064 R08: 0000000000000001 R09: 0000000000000001
[ 69.333968][ C0] R10: ffffffff817a7e58 R11: 0000000000000000 R12: 0000000000000001
[ 69.341933][ C0] R13: ffff8880160a0000 R14: ffff8880160a0064 R15: ffff888018831804
[ 69.349891][ C0] ? trace_hardirqs_on+0x38/0x1c0
[ 69.354908][ C0] ? acpi_idle_do_entry+0x1c7/0x250
[ 69.360094][ C0] acpi_idle_enter+0x361/0x500
[ 69.364849][ C0] cpuidle_enter_state+0x1b1/0xc80
[ 69.370039][ C0] cpuidle_enter+0x4a/0xa0
[ 69.374442][ C0] do_idle+0x3e8/0x590
[ 69.378497][ C0] ? arch_cpu_idle_exit+0x30/0x30
[ 69.383522][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe
[ 69.389764][ C0] cpu_startup_entry+0x14/0x20
[ 69.394521][ C0] start_kernel+0x47a/0x49b
[ 69.399013][ C0] secondary_startup_64_no_verify+0xb0/0xbb
[ 69.404900][ C0]
[ 69.407204][ C0] The buggy address belongs to the page:
[ 69.412812][ C0] page:ffffea000069da00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1a768
[ 69.422940][ C0] head:ffffea000069da00 order:3 compound_mapcount:0 compound_pincount:0
[ 69.431258][ C0] flags: 0xfff00000010000(head|node=0|zone=1|lastcpupid=0x7ff)
[ 69.438799][ C0] raw: 00fff00000010000 dead000000000100 dead000000000122 0000000000000000
[ 69.447371][ C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 69.455979][ C0] page dumped because: kasan: bad access detected
[ 69.462372][ C0]
[ 69.464678][ C0] Memory state around the buggy address:
[ 69.470289][ C0] ffff88801a770400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 69.478356][ C0] ffff88801a770480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 69.486402][ C0] >ffff88801a770500: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 69.494444][ C0] ^
[ 69.499268][ C0] ffff88801a770580: fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 69.507320][ C0] ffff88801a770600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 69.515358][ C0] ==================================================================
[ 69.523390][ C0] Disabling lock debugging due to kernel taint
[ 69.529526][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 69.536097][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 5.12.0-rc7-next-20210415-syzkaller #0
[ 69.546656][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 69.556695][ C0] Call Trace:
[ 69.559955][ C0]
[ 69.562783][ C0] dump_stack+0x141/0x1d7
[ 69.567112][ C0] panic+0x306/0x73d
[ 69.570991][ C0] ? __warn_printk+0xf3/0xf3
[ 69.575563][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 69.580927][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 69.586278][ C0] end_report.cold+0x5a/0x5a
[ 69.590852][ C0] kasan_report.cold+0x6a/0xd8
[ 69.595596][ C0] ? spin_bug+0x100/0x100
[ 69.599914][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 69.605280][ C0] kasan_check_range+0x13d/0x180
[ 69.610320][ C0] memcpy+0x20/0x60
[ 69.614115][ C0] ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 69.619296][ C0] ? hif_usb_start+0xa0/0xa0
[ 69.623864][ C0] ? __usb_hcd_giveback_urb+0x413/0x5c0
[ 69.629392][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 69.634228][ C0] __usb_hcd_giveback_urb+0x2b0/0x5c0
[ 69.639589][ C0] usb_hcd_giveback_urb+0x367/0x410
[ 69.644778][ C0] dummy_timer+0x11f4/0x32a0
[ 69.649369][ C0] ? dummy_dequeue+0x500/0x500
[ 69.654137][ C0] ? dummy_dequeue+0x500/0x500
[ 69.658884][ C0] call_timer_fn+0x1a5/0x6b0
[ 69.663466][ C0] ? add_timer_on+0x4a0/0x4a0
[ 69.668148][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 69.672985][ C0] ? _find_next_bit+0x1e3/0x260
[ 69.677827][ C0] ? _raw_spin_unlock_irq+0x1f/0x40
[ 69.683020][ C0] ? dummy_dequeue+0x500/0x500
[ 69.687767][ C0] __run_timers.part.0+0x67c/0xa50
[ 69.692861][ C0] ? call_timer_fn+0x6b0/0x6b0
[ 69.697604][ C0] ? lapic_next_event+0x4d/0x80
[ 69.702451][ C0] ? kvm_sched_clock_read+0x14/0x40
[ 69.707629][ C0] ? sched_clock_cpu+0x18/0x1f0
[ 69.712464][ C0] run_timer_softirq+0xb3/0x1d0
[ 69.717306][ C0] __do_softirq+0x29b/0x9fe
[ 69.721796][ C0] __irq_exit_rcu+0x136/0x200
[ 69.726451][ C0] irq_exit_rcu+0x5/0x20
[ 69.730668][ C0] sysvec_apic_timer_interrupt+0x93/0xc0
[ 69.736282][ C0]
[ 69.739193][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 69.745154][ C0] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[ 69.750939][ C0] Code: ed 7a 60 f8 84 db 75 ac e8 34 74 60 f8 e8 0f 7a 66 f8 e9 0c 00 00 00 e8 25 74 60 f8 0f 00 2d 9e 0b ba 00 e8 19 74 60 f8 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 24 7c 60 f8 48 85 db
[ 69.770524][ C0] RSP: 0018:ffffffff8bc07d60 EFLAGS: 00000293
[ 69.776568][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 69.784519][ C0] RDX: ffffffff8bcbc540 RSI: ffffffff89140427 RDI: 0000000000000000
[ 69.792484][ C0] RBP: ffff8880160a0064 R08: 0000000000000001 R09: 0000000000000001
[ 69.800433][ C0] R10: ffffffff817a7e58 R11: 0000000000000000 R12: 0000000000000001
[ 69.808388][ C0] R13: ffff8880160a0000 R14: ffff8880160a0064 R15: ffff888018831804
[ 69.816343][ C0] ? trace_hardirqs_on+0x38/0x1c0
[ 69.821355][ C0] ? acpi_idle_do_entry+0x1c7/0x250
[ 69.826552][ C0] acpi_idle_enter+0x361/0x500
[ 69.831301][ C0] cpuidle_enter_state+0x1b1/0xc80
[ 69.836395][ C0] cpuidle_enter+0x4a/0xa0
[ 69.840804][ C0] do_idle+0x3e8/0x590
[ 69.844855][ C0] ? arch_cpu_idle_exit+0x30/0x30
[ 69.849865][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe
[ 69.856090][ C0] cpu_startup_entry+0x14/0x20
[ 69.860835][ C0] start_kernel+0x47a/0x49b
[ 69.865330][ C0] secondary_startup_64_no_verify+0xb0/0xbb
[ 69.871907][ C0] Kernel Offset: disabled
[ 69.876222][ C0] Rebooting in 86400 seconds..