[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Warning: Permanently added '10.128.1.50' (ECDSA) to the list of known hosts. executing program [ 81.097800][ T35] audit: type=1400 audit(1612376314.828:8): avc: denied { execmem } for pid=8451 comm="syz-executor320" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 81.369866][ T3194] usb 1-1: new high-speed USB device number 2 using dummy_hcd Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 81.890017][ T3194] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 81.899395][ T3194] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 81.908716][ T3194] usb 1-1: Product: syz [ 81.913740][ T3194] usb 1-1: Manufacturer: syz [ 81.918380][ T3194] usb 1-1: SerialNumber: syz [ 81.966039][ T3194] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 82.599908][ T3194] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 83.039877][ C0] ================================================================== [ 83.048298][ C0] BUG: KASAN: slab-out-of-bounds in ath9k_hif_usb_rx_cb+0x3d3/0x1050 [ 83.056412][ C0] Read of size 48922 at addr ffff888039510000 by task swapper/0/0 [ 83.064279][ C0] [ 83.066609][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.11.0-rc6-syzkaller #0 [ 83.074593][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.084684][ C0] Call Trace: [ 83.087975][ C0] [ 83.100038][ C0] dump_stack+0x107/0x163 [ 83.104411][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050 [ 83.109903][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050 [ 83.115327][ C0] print_address_description.constprop.0.cold+0x5b/0x2c6 [ 83.122483][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050 [ 83.127885][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050 [ 83.133278][ C0] kasan_report.cold+0x79/0xd5 [ 83.138054][ C0] ? rwlock_bug.part.0+0x10/0x90 [ 83.143008][ C0] ? ath9k_hif_usb_rx_cb+0x3d3/0x1050 [ 83.148477][ C0] check_memory_region+0x13d/0x180 [ 83.153615][ C0] memcpy+0x20/0x60 [ 83.157431][ C0] ath9k_hif_usb_rx_cb+0x3d3/0x1050 [ 83.163576][ C0] ? hif_usb_start+0xa0/0xa0 [ 83.168187][ C0] ? __usb_hcd_giveback_urb+0x413/0x5c0 [ 83.173768][ C0] ? lock_downgrade+0x6d0/0x6d0 [ 83.178672][ C0] __usb_hcd_giveback_urb+0x2b0/0x5c0 [ 83.184076][ C0] usb_hcd_giveback_urb+0x367/0x410 [ 83.189291][ C0] dummy_timer+0x11f4/0x32a0 [ 83.193933][ C0] ? dummy_dequeue+0x4c0/0x4c0 [ 83.198760][ C0] ? dummy_dequeue+0x4c0/0x4c0 [ 83.203572][ C0] call_timer_fn+0x1a5/0x6b0 [ 83.208176][ C0] ? add_timer_on+0x4a0/0x4a0 [ 83.212861][ C0] ? lock_downgrade+0x6d0/0x6d0 [ 83.217719][ C0] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 83.224030][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 83.225288][ T3205] usb 1-1: USB disconnect, device number 2 [ 83.229300][ C0] ? dummy_dequeue+0x4c0/0x4c0 [ 83.239909][ C0] __run_timers.part.0+0x67c/0xa50 [ 83.245082][ C0] ? call_timer_fn+0x6b0/