[�[0;32m OK �[0m] Started Getty on tty4.
[�[0;32m OK �[0m] Started Getty on tty1.
[�[0;32m OK �[0m] Started Serial Getty on ttyS0.
[�[0;32m OK �[0m] Started Getty on tty3.
[�[0;32m OK �[0m] Started Getty on tty2.
[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.0.174' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 56.675827][ T7] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 57.196014][ T7] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 57.205873][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 57.213854][ T7] usb 1-1: Product: syz
[ 57.218507][ T7] usb 1-1: Manufacturer: syz
[ 57.223260][ T7] usb 1-1: SerialNumber: syz
[ 57.267848][ T7] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 57.925687][ T7] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 58.365673][ C0] ==================================================================
[ 58.374341][ C0] BUG: KASAN: slab-out-of-bounds in ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 58.382427][ C0] Read of size 50462 at addr ffff8880237d8000 by task swapper/0/0
[ 58.390421][ C0]
[ 58.392936][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.11.0-syzkaller #0
[ 58.400550][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 58.410596][ C0] Call Trace:
[ 58.413864][ C0]
[ 58.416695][ C0] dump_stack+0x107/0x163
[ 58.421019][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 58.426539][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 58.432024][ C0] print_address_description.constprop.0.cold+0x5b/0x2f8
[ 58.439306][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 58.445193][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 58.450559][ C0] kasan_report.cold+0x79/0xd5
[ 58.455421][ C0] ? rwlock_bug.part.0+0x50/0x90
[ 58.460352][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 58.465740][ C0] check_memory_region+0x13d/0x180
[ 58.470869][ C0] memcpy+0x20/0x60
[ 58.474668][ C0] ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 58.479884][ C0] ? hif_usb_start+0xa0/0xa0
[ 58.484461][ C0] ? __usb_hcd_giveback_urb+0x413/0x5c0
[ 58.489996][ C0] ? lock_downgrade+0x6d0/0x6d0
[ 58.494933][ C0] __usb_hcd_giveback_urb+0x2b0/0x5c0
[ 58.500306][ C0] usb_hcd_giveback_urb+0x367/0x410
[ 58.505499][ C0] dummy_timer+0x11f4/0x32a0
[ 58.510107][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 58.514873][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 58.519639][ C0] call_timer_fn+0x1a5/0x6b0
[ 58.524232][ C0] ? add_timer_on+0x4a0/0x4a0
[ 58.528906][ C0] ? lock_downgrade+0x6d0/0x6d0
[ 58.533753][ C0] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 58.540007][ C0] ? _raw_spin_unlock_irq+0x1f/0x40
[ 58.545220][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 58.549981][ C0] __run_timers.part.0+0x67c/0xa50
[ 58.555095][ C0] ? call_timer_fn+0x6b0/0x6b0
[ 58.559849][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 58.566084][ C0] ? kvm_sched_clock_read+0x14/0x40
[ 58.571268][ C0] ? sched_clock+0x2a/0x40
[ 58.575675][ C0] ? sched_clock_cpu+0x18/0x1f0
[ 58.580702][ C0] run_timer_softirq+0xb3/0x1d0
[ 58.585568][ C0] __do_softirq+0x29b/0x9f6
[ 58.590072][ C0] asm_call_irq_on_stack+0xf/0x20
[ 58.595088][ C0]
[ 58.598010][ C0] do_softirq_own_stack+0xaa/0xd0
[ 58.603032][ C0] irq_exit_rcu+0x134/0x200
[ 58.607544][ C0] sysvec_apic_timer_interrupt+0x4d/0x100
[ 58.613437][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 58.619424][ C0] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[ 58.625232][ C0] Code: 0d ec 75 f8 84 db 75 ac e8 84 e5 75 f8 e8 0f b8 7b f8 e9 0c 00 00 00 e8 75 e5 75 f8 0f 00 2d 9e f0 ac 00 e8 69 e5 75 f8 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 44 ed 75 f8 48 85 db
[ 58.644841][ C0] RSP: 0018:ffffffff8ba07d60 EFLAGS: 00000293
[ 58.651167][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 58.659136][ C0] RDX: ffffffff8babc340 RSI: ffffffff88fcf087 RDI: 0000000000000000
[ 58.667104][ C0] RBP: ffff8881412ae864 R08: 0000000000000001 R09: 0000000000000001
[ 58.675066][ C0] R10: ffffffff8178a8b8 R11: 0000000000000000 R12: 0000000000000001
[ 58.683030][ C0] R13: ffff8881412ae800 R14: ffff8881412ae864 R15: ffff888143788004
[ 58.691001][ C0] ? trace_hardirqs_on+0x38/0x1c0
[ 58.696043][ C0] ? acpi_idle_do_entry+0x1c7/0x250
[ 58.701253][ C0] acpi_idle_enter+0x361/0x500
[ 58.706024][ C0] cpuidle_enter_state+0x1b1/0xc80
[ 58.711127][ C0] cpuidle_enter+0x4a/0xa0
[ 58.715530][ C0] do_idle+0x3e1/0x590
[ 58.719590][ C0] ? arch_cpu_idle_exit+0x30/0x30
[ 58.724609][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe
[ 58.730861][ C0] cpu_startup_entry+0x14/0x20
[ 58.735619][ C0] start_kernel+0x46b/0x48c
[ 58.740113][ C0] secondary_startup_64_no_verify+0xb0/0xbb
[ 58.746089][ C0]
[ 58.748395][ C0] The buggy address belongs to the page:
[ 58.754005][ C0] page:00000000d38e5836 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x237d8
[ 58.764159][ C0] head:00000000d38e5836 order:3 compound_mapcount:0 compound_pincount:0
[ 58.772468][ C0] flags: 0xfff00000010000(head)
[ 58.777326][ C0] raw: 00fff00000010000 dead000000000100 dead000000000122 0000000000000000
[ 58.786041][ C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 58.794779][ C0] page dumped because: kasan: bad access detected
[ 58.801189][ C0]
[ 58.803497][ C0] Memory state around the buggy address:
[ 58.809109][ C0] ffff8880237e0400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 58.817167][ C0] ffff8880237e0480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 58.825225][ C0] >ffff8880237e0500: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[ 58.833265][ C0] ^
[ 58.838354][ C0] ffff8880237e0580: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00
[ 58.846418][ C0] ffff8880237e0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 58.854543][ C0] ==================================================================
[ 58.862603][ C0] Disabling lock debugging due to kernel taint
[ 58.868728][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 58.875399][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 5.11.0-syzkaller #0
[ 58.884403][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 58.894436][ C0] Call Trace:
[ 58.897695][ C0]
[ 58.900521][ C0] dump_stack+0x107/0x163
[ 58.904839][ C0] ? ath9k_hif_usb_rx_cb+0x360/0x1050
[ 58.910312][ C0] panic+0x306/0x73d
[ 58.914191][ C0] ? __warn_printk+0xf3/0xf3
[ 58.918761][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 58.924202][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 58.929550][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 58.934901][ C0] end_report+0x58/0x5e
[ 58.939038][ C0] kasan_report.cold+0x67/0xd5
[ 58.943870][ C0] ? rwlock_bug.part.0+0x50/0x90
[ 58.948793][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 58.954148][ C0] check_memory_region+0x13d/0x180
[ 58.959244][ C0] memcpy+0x20/0x60
[ 58.963035][ C0] ath9k_hif_usb_rx_cb+0x3d3/0x1050
[ 58.968219][ C0] ? hif_usb_start+0xa0/0xa0
[ 58.972805][ C0] ? __usb_hcd_giveback_urb+0x413/0x5c0
[ 58.978350][ C0] ? lock_downgrade+0x6d0/0x6d0
[ 58.983186][ C0] __usb_hcd_giveback_urb+0x2b0/0x5c0
[ 58.988539][ C0] usb_hcd_giveback_urb+0x367/0x410
[ 58.993891][ C0] dummy_timer+0x11f4/0x32a0
[ 58.998487][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 59.003234][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 59.007980][ C0] call_timer_fn+0x1a5/0x6b0
[ 59.012559][ C0] ? add_timer_on+0x4a0/0x4a0
[ 59.017221][ C0] ? lock_downgrade+0x6d0/0x6d0
[ 59.022057][ C0] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 59.028284][ C0] ? _raw_spin_unlock_irq+0x1f/0x40
[ 59.033466][ C0] ? dummy_dequeue+0x4c0/0x4c0
[ 59.038213][ C0] __run_timers.part.0+0x67c/0xa50
[ 59.043307][ C0] ? call_timer_fn+0x6b0/0x6b0
[ 59.048048][ C0] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 59.054273][ C0] ? kvm_sched_clock_read+0x14/0x40
[ 59.059467][ C0] ? sched_clock+0x2a/0x40
[ 59.063875][ C0] ? sched_clock_cpu+0x18/0x1f0
[ 59.068709][ C0] run_timer_softirq+0xb3/0x1d0
[ 59.073543][ C0] __do_softirq+0x29b/0x9f6
[ 59.078060][ C0] asm_call_irq_on_stack+0xf/0x20
[ 59.083082][ C0]
[ 59.085997][ C0] do_softirq_own_stack+0xaa/0xd0
[ 59.091012][ C0] irq_exit_rcu+0x134/0x200
[ 59.095502][ C0] sysvec_apic_timer_interrupt+0x4d/0x100
[ 59.101205][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 59.107173][ C0] RIP: 0010:acpi_idle_do_entry+0x1c9/0x250
[ 59.112970][ C0] Code: 0d ec 75 f8 84 db 75 ac e8 84 e5 75 f8 e8 0f b8 7b f8 e9 0c 00 00 00 e8 75 e5 75 f8 0f 00 2d 9e f0 ac 00 e8 69 e5 75 f8 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 44 ed 75 f8 48 85 db
[ 59.132563][ C0] RSP: 0018:ffffffff8ba07d60 EFLAGS: 00000293
[ 59.138617][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 59.146597][ C0] RDX: ffffffff8babc340 RSI: ffffffff88fcf087 RDI: 0000000000000000
[ 59.154647][ C0] RBP: ffff8881412ae864 R08: 0000000000000001 R09: 0000000000000001
[ 59.162608][ C0] R10: ffffffff8178a8b8 R11: 0000000000000000 R12: 0000000000000001
[ 59.170572][ C0] R13: ffff8881412ae800 R14: ffff8881412ae864 R15: ffff888143788004
[ 59.178536][ C0] ? trace_hardirqs_on+0x38/0x1c0
[ 59.183560][ C0] ? acpi_idle_do_entry+0x1c7/0x250
[ 59.188857][ C0] acpi_idle_enter+0x361/0x500
[ 59.193628][ C0] cpuidle_enter_state+0x1b1/0xc80
[ 59.198730][ C0] cpuidle_enter+0x4a/0xa0
[ 59.203144][ C0] do_idle+0x3e1/0x590
[ 59.207292][ C0] ? arch_cpu_idle_exit+0x30/0x30
[ 59.212332][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe
[ 59.218563][ C0] cpu_startup_entry+0x14/0x20
[ 59.224121][ C0] start_kernel+0x46b/0x48c
[ 59.228663][ C0] secondary_startup_64_no_verify+0xb0/0xbb
[ 59.240390][ C0] Kernel Offset: disabled
[ 59.245859][ C0] Rebooting in 86400 seconds..