[ OK ] Started System Logging Service. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.58' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 149.891571][ T17] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 150.411964][ T17] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 150.421331][ T17] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.429437][ T17] usb 1-1: Product: syz [ 150.433944][ T17] usb 1-1: Manufacturer: syz [ 150.438677][ T17] usb 1-1: SerialNumber: syz [ 150.483630][ T17] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 151.111805][ T3752] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 151.321786][ T3752] ===================================================== [ 151.328830][ T3752] BUG: KMSAN: kernel-usb-infoleak in kmsan_handle_urb+0x28/0x40 [ 151.336471][ T3752] CPU: 1 PID: 3752 Comm: kworker/1:2 Not tainted 5.8.0-rc5-syzkaller #0 [ 151.344894][ T3752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 151.354962][ T3752] Workqueue: events request_firmware_work_func [ 151.361124][ T3752] Call Trace: [ 151.364443][ T3752] dump_stack+0x21c/0x280 [ 151.368794][ T3752] kmsan_report+0xf7/0x1e0 [ 151.373219][ T3752] kmsan_internal_check_memory+0x238/0x3d0 [ 151.379028][ T3752] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 151.385271][ T3752] ? kmsan_get_metadata+0x116/0x180 [ 151.390490][ T3752] kmsan_handle_urb+0x28/0x40 [ 151.395184][ T3752] usb_submit_urb+0x861/0x2470 [ 151.400104][ T3752] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 151.405947][ T3752] hif_usb_send+0x633/0x1790 [ 151.410620][ T3752] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 151.416454][ T3752] htc_connect_service+0x14b4/0x19f0 [ 151.421758][ T3752] ? hif_usb_sta_drain+0x6c0/0x6c0 [ 151.427021][ T3752] ath9k_wmi_connect+0x178/0x2c0 [ 151.432714][ T3752] ? ath9k_wmi_connect+0x2c0/0x2c0 [ 151.437971][ T3752] ? ath9k_wmi_ctrl_tx+0x50/0x50 [ 151.442976][ T3752] ath9k_init_htc_services+0xf3/0x11f0 [ 151.448469][ T3752] ath9k_htc_probe_device+0x4dc/0x3ed0 [ 151.455701][ T3752] ? ath9k_hif_usb_alloc_urbs+0x1cb8/0x2010 [ 151.461966][ T3752] ath9k_htc_hw_init+0xdf/0x190 [ 151.466836][ T3752] ath9k_hif_usb_firmware_cb+0x42e/0xab0 [ 151.472504][ T3752] request_firmware_work_func+0x1aa/0x2d0 [ 151.478231][ T3752] ? ath9k_hif_request_firmware+0x930/0x930 [ 151.484449][ T3752] ? request_firmware_nowait+0x840/0x840 [ 151.490188][ T3752] process_one_work+0x1688/0x2140 [ 151.495269][ T3752] worker_thread+0x10bc/0x2730 [ 151.500046][ T3752] ? kmsan_get_metadata+0x116/0x180 [ 151.505270][ T3752] ? kmsan_get_metadata+0x116/0x180 [ 151.510598][ T3752] kthread+0x551/0x590 [ 151.514994][ T3752] ? process_one_work+0x2140/0x2140 [ 151.520485][ T3752] ? kthread_blkcg+0x110/0x110 [ 151.525366][ T3752] ret_from_fork+0x1f/0x30 [ 151.530004][ T3752] [ 151.532338][ T3752] Uninit was created at: [ 151.537435][ T3752] kmsan_internal_poison_shadow+0x66/0xd0 [ 151.544077][ T3752] kmsan_slab_alloc+0x8a/0xe0 [ 151.550509][ T3752] __kmalloc_node_track_caller+0xeab/0x12e0 [ 151.556430][ T3752] __alloc_skb+0x35f/0xb30 [ 151.560861][ T3752] htc_connect_service+0x1057/0x19f0 [ 151.566171][ T3752] ath9k_wmi_connect+0x178/0x2c0 [ 151.571133][ T3752] ath9k_init_htc_services+0xf3/0x11f0 [ 151.576621][ T3752] ath9k_htc_probe_device+0x4dc/0x3ed0 [ 151.582183][ T3752] ath9k_htc_hw_init+0xdf/0x190 [ 151.587142][ T3752] ath9k_hif_usb_firmware_cb+0x42e/0xab0 [ 151.592783][ T3752] request_firmware_work_func+0x1aa/0x2d0 [ 151.598515][ T3752] process_one_work+0x1688/0x2140 [ 151.603559][ T3752] worker_thread+0x10bc/0x2730 [ 151.608321][ T3752] kthread+0x551/0x590 [ 151.612477][ T3752] ret_from_fork+0x1f/0x30 [ 151.616876][ T3752] [ 151.619208][ T3752] Bytes 4-7 of 18 are uninitialized [ 151.624485][ T3752] Memory access of size 18 starts at ffff88810a729200 [ 151.631586][ T3752] ===================================================== [ 151.638611][ T3752] Disabling lock debugging due to kernel taint [ 151.644779][ T3752] Kernel panic - not syncing: panic_on_warn set ... [ 151.651393][ T3752] CPU: 1 PID: 3752 Comm: kworker/1:2 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 151.661195][ T3752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 151.672685][ T3752] Workqueue: events request_firmware_work_func [ 151.678883][ T3752] Call Trace: [ 151.682182][ T3752] dump_stack+0x21c/0x280 [ 151.686708][ T3752] panic+0x4d7/0xef7 [ 151.690619][ T3752] ? add_taint+0x17c/0x210 [ 151.695137][ T3752] kmsan_report+0x1df/0x1e0 [ 151.699744][ T3752] kmsan_internal_check_memory+0x238/0x3d0 [ 151.705574][ T3752] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 151.711666][ T3752] ? kmsan_get_metadata+0x116/0x180 [ 151.716897][ T3752] kmsan_handle_urb+0x28/0x40 [ 151.721586][ T3752] usb_submit_urb+0x861/0x2470 [ 151.726359][ T3752] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 151.732477][ T3752] hif_usb_send+0x633/0x1790 [ 151.737167][ T3752] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 151.743082][ T3752] htc_connect_service+0x14b4/0x19f0 [ 151.749223][ T3752] ? hif_usb_sta_drain+0x6c0/0x6c0 [ 151.754355][ T3752] ath9k_wmi_connect+0x178/0x2c0 [ 151.759322][ T3752] ? ath9k_wmi_connect+0x2c0/0x2c0 [ 151.765317][ T3752] ? ath9k_wmi_ctrl_tx+0x50/0x50 [ 151.771966][ T3752] ath9k_init_htc_services+0xf3/0x11f0 [ 151.779082][ T3752] ath9k_htc_probe_device+0x4dc/0x3ed0 [ 151.784696][ T3752] ? ath9k_hif_usb_alloc_urbs+0x1cb8/0x2010 [ 151.790606][ T3752] ath9k_htc_hw_init+0xdf/0x190 [ 151.795486][ T3752] ath9k_hif_usb_firmware_cb+0x42e/0xab0 [ 151.801168][ T3752] request_firmware_work_func+0x1aa/0x2d0 [ 151.809396][ T3752] ? ath9k_hif_request_firmware+0x930/0x930 [ 151.815320][ T3752] ? request_firmware_nowait+0x840/0x840 [ 151.821145][ T3752] process_one_work+0x1688/0x2140 [ 151.826233][ T3752] worker_thread+0x10bc/0x2730 [ 151.831286][ T3752] ? kmsan_get_metadata+0x116/0x180 [ 151.837874][ T3752] ? kmsan_get_metadata+0x116/0x180 [ 151.843722][ T3752] kthread+0x551/0x590 [ 151.848983][ T3752] ? process_one_work+0x2140/0x2140 [ 151.854208][ T3752] ? kthread_blkcg+0x110/0x110 [ 151.859173][ T3752] ret_from_fork+0x1f/0x30 [ 151.865313][ T3752] Kernel Offset: disabled [ 151.869661][ T3752] Rebooting in 86400 seconds..