[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.10.46' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   23.987854][   T22] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   24.347174][   T22] usb 1-1: config index 0 descriptor too short (expected 65434, got 72)
[   24.507092][   T22] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   24.516578][   T22] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   24.524639][   T22] usb 1-1: Product: syz
[   24.528867][   T22] usb 1-1: Manufacturer: syz
[   24.533440][   T22] usb 1-1: SerialNumber: syz
[   24.578023][   T22] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   25.206807][   T22] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   25.426703][    C1] ==================================================================
[   25.434874][    C1] BUG: KASAN: use-after-free in ath9k_htc_rx_msg+0xa25/0xaf0
[   25.442686][    C1] Write of size 2 at addr ffff8881cd7291b0 by task swapper/1/0
[   25.450209][    C1] 
[   25.452515][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.7.0-rc6-syzkaller #0
[   25.460385][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.470509][    C1] Call Trace:
[   25.473788][    C1]  <IRQ>
[   25.476618][    C1]  dump_stack+0xef/0x16e
[   25.480848][    C1]  print_address_description.constprop.0.cold+0xd3/0x415
[   25.487844][    C1]  ? vprintk_func+0x7d/0x113
[   25.492845][    C1]  ? ath9k_htc_rx_msg+0xa25/0xaf0
[   25.497848][    C1]  __kasan_report.cold+0x37/0x7d
[   25.502767][    C1]  ? ath9k_htc_rx_msg+0xa25/0xaf0
[   25.508046][    C1]  ? ath9k_htc_rx_msg+0xa25/0xaf0
[   25.513043][    C1]  kasan_report+0x33/0x50
[   25.517533][    C1]  ath9k_htc_rx_msg+0xa25/0xaf0
[   25.522380][    C1]  ath9k_hif_usb_reg_in_cb+0x1c0/0x630
[   25.527821][    C1]  ? trace_hardirqs_off+0x50/0x200
[   25.533037][    C1]  __usb_hcd_giveback_urb+0x29a/0x550
[   25.538396][    C1]  usb_hcd_giveback_urb+0x368/0x420
[   25.543568][    C1]  dummy_timer+0x125e/0x32b4
[   25.548134][    C1]  ? dummy_udc_probe+0x980/0x980
[   25.553127][    C1]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   25.558647][    C1]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   25.563904][    C1]  call_timer_fn+0x1ac/0x700
[   25.568474][    C1]  ? dummy_udc_probe+0x980/0x980
[   25.573394][    C1]  ? timer_fixup_init+0