================================================================== BUG: KASAN: use-after-free in memcpy include/linux/string.h:406 [inline] BUG: KASAN: use-after-free in ath9k_hif_usb_rx_stream drivers/net/wireless/ath/ath9k/hif_usb.c:553 [inline] BUG: KASAN: use-after-free in ath9k_hif_usb_rx_cb+0x3a8/0xf80 drivers/net/wireless/ath/ath9k/hif_usb.c:671 Read of size 49238 at addr ffff8881c3018000 by task swapper/0/0 CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.8.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xf6/0x16e lib/dump_stack.c:118 print_address_description.constprop.0+0x1a/0x210 mm/kasan/report.c:383 __kasan_report mm/kasan/report.c:513 [inline] kasan_report.cold+0x37/0x7c mm/kasan/report.c:530 check_memory_region_inline mm/kasan/generic.c:186 [inline] check_memory_region+0xf4/0x1c0 mm/kasan/generic.c:192 memcpy+0x20/0x60 mm/kasan/common.c:105 memcpy include/linux/string.h:406 [inline] ath9k_hif_usb_rx_stream drivers/net/wireless/ath/ath9k/hif_usb.c:553 [inline] ath9k_hif_usb_rx_cb+0x3a8/0xf80 drivers/net/wireless/ath/ath9k/hif_usb.c:671 __usb_hcd_giveback_urb+0x32d/0x560 drivers/usb/core/hcd.c:1650 usb_hcd_giveback_urb+0x367/0x410 drivers/usb/core/hcd.c:1716 dummy_timer+0x11f2/0x3240 drivers/usb/gadget/udc/dummy_hcd.c:1967 call_timer_fn+0x1ac/0x6e0 kernel/time/timer.c:1413