[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 76.320124][ T32] audit: type=1800 audit(1570040515.373:25): pid=11114 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 76.343426][ T32] audit: type=1800 audit(1570040515.403:26): pid=11114 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 76.378947][ T32] audit: type=1800 audit(1570040515.423:27): pid=11114 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.93' (ECDSA) to the list of known hosts. 2019/10/02 18:22:09 fuzzer started 2019/10/02 18:22:13 dialing manager at 10.128.0.26:37073 2019/10/02 18:22:13 syscalls: 2412 2019/10/02 18:22:13 code coverage: enabled 2019/10/02 18:22:13 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/10/02 18:22:13 extra coverage: enabled 2019/10/02 18:22:13 setuid sandbox: enabled 2019/10/02 18:22:13 namespace sandbox: enabled 2019/10/02 18:22:13 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/02 18:22:13 fault injection: enabled 2019/10/02 18:22:13 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/02 18:22:13 net packet injection: enabled 2019/10/02 18:22:13 net device setup: enabled 18:25:33 executing program 0: r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xa9, 0x8c, 0x78, 0x8, 0x2040, 0x4902, 0xff51, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1a, 0x0, 0x1, 0xf, 0xa0, 0x63, 0x0, [], [{{0x9, 0x5, 0x8f, 0x2}}]}}]}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f00000001c0)={0x0, 0x0, 0x2e, "7608759ca85de24ad6ec8b58598a5b4dd9736741bf26c2a075a170502bed1c4c686c6b10660eefa53d9ecc17a418"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syzkaller login: [ 295.168296][T11279] IPVS: ftp: loaded support on port[0] = 21 [ 295.309779][T11279] chnl_net:caif_netlink_parms(): no params data found [ 295.367591][T11279] bridge0: port 1(bridge_slave_0) entered blocking state [ 295.374890][T11279] bridge0: port 1(bridge_slave_0) entered disabled state [ 295.383740][T11279] device bridge_slave_0 entered promiscuous mode [ 295.394131][T11279] bridge0: port 2(bridge_slave_1) entered blocking state [ 295.401312][T11279] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.410113][T11279] device bridge_slave_1 entered promiscuous mode [ 295.444049][T11279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 295.456864][T11279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 295.490108][T11279] team0: Port device team_slave_0 added [ 295.499446][T11279] team0: Port device team_slave_1 added [ 295.676681][T11279] device hsr_slave_0 entered promiscuous mode [ 295.932613][T11279] device hsr_slave_1 entered promiscuous mode [ 296.132860][T11279] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.140880][T11279] bridge0: port 2(bridge_slave_1) entered forwarding state [ 296.148668][T11279] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.156298][T11279] bridge0: port 1(bridge_slave_0) entered forwarding state [ 296.238894][T11279] 8021q: adding VLAN 0 to HW filter on device bond0 [ 296.259788][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 296.271474][ T31] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.281966][ T31] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.295983][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 296.317473][T11279] 8021q: adding VLAN 0 to HW filter on device team0 [ 296.335662][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 296.345818][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 296.354835][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.362047][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 296.379858][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 296.389753][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 296.398801][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.406026][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 296.451395][T11279] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 296.461989][T11279] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 296.478706][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 296.488890][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 296.498888][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 296.509014][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 296.518608][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 296.528470][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 296.538101][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 296.547298][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 296.556951][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 296.566208][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 296.586267][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 296.595271][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 296.634352][T11279] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 297.022138][ T31] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 297.262449][ T31] usb 1-1: Using ep0 maxpacket: 8 [ 297.382593][ T31] usb 1-1: config 0 has an invalid interface number: 26 but max is 0 [ 297.390942][ T31] usb 1-1: config 0 has no interface number 0 [ 297.397256][ T31] usb 1-1: config 0 interface 26 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0 [ 297.407273][ T31] usb 1-1: New USB device found, idVendor=2040, idProduct=4902, bcdDevice=ff.51 [ 297.416399][ T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.427329][ T31] usb 1-1: config 0 descriptor?? [ 297.692246][ T31] hdpvr 1-1:0.26: firmware version 0x8 dated uœ¨]âJÖì‹XYŠ[MÙsgA¿& u¡pP+íLhlkfï¥=žÌ¤6 [ 297.712047][T11152] ===================================================== [ 297.719046][T11152] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x16b/0x1f0 [ 297.726242][T11152] CPU: 1 PID: 11152 Comm: rsyslogd Not tainted 5.3.0-rc7+ #0 [ 297.733728][T11152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.743789][T11152] Call Trace: [ 297.747177][T11152] dump_stack+0x191/0x1f0 [ 297.751522][T11152] kmsan_report+0x13a/0x2b0 [ 297.756034][T11152] kmsan_internal_check_memory+0x187/0x4c0 [ 297.761842][T11152] ? msg_print_text+0x9c5/0xa70 [ 297.766707][T11152] kmsan_copy_to_user+0xa9/0xb0 [ 297.771569][T11152] _copy_to_user+0x16b/0x1f0 [ 297.776171][T11152] do_syslog+0x2e62/0x3160 [ 297.780608][T11152] ? kmsan_internal_set_origin+0x6a/0xb0 [ 297.786277][T11152] ? init_wait_entry+0x190/0x190 [ 297.791236][T11152] kmsg_read+0x142/0x1a0 [ 297.795500][T11152] ? mmap_vmcore_fault+0x30/0x30 [ 297.800445][T11152] proc_reg_read+0x25f/0x360 [ 297.805048][T11152] ? proc_reg_llseek+0x2f0/0x2f0 [ 297.809992][T11152] __vfs_read+0x1a9/0xc90 [ 297.814339][T11152] ? rw_verify_area+0x3a5/0x5e0 [ 297.819204][T11152] vfs_read+0x359/0x6f0 [ 297.823380][T11152] ksys_read+0x265/0x430 [ 297.827638][T11152] __se_sys_read+0x92/0xb0 [ 297.832062][T11152] __x64_sys_read+0x4a/0x70 [ 297.836577][T11152] do_syscall_64+0xbc/0xf0 [ 297.841035][T11152] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 297.847015][T11152] RIP: 0033:0x7f1ef77771fd [ 297.851523][T11152] Code: d1 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e fa ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 a7 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 297.871311][T11152] RSP: 002b:00007f1ef4d16e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 297.879928][T11152] RAX: ffffffffffffffda RBX: 00000000014004b0 RCX: 00007f1ef77771fd [ 297.888009][T11152] RDX: 0000000000000fff RSI: 00007f1ef654b5a0 RDI: 0000000000000004 [ 297.896786][T11152] RBP: 0000000000000000 R08: 00000000013eb260 R09: 0000000004000001 [ 297.904759][T11152] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000065e420 [ 297.912917][T11152] R13: 00007f1ef4d179c0 R14: 00007f1ef7dbc040 R15: 0000000000000003 [ 297.920922][T11152] [ 297.923256][T11152] Uninit was created at: [ 297.927505][T11152] kmsan_internal_poison_shadow+0x53/0x100 [ 297.933317][T11152] kmsan_slab_alloc+0xaa/0x120 [ 297.938086][T11152] kmem_cache_alloc_trace+0x8c5/0xd20 [ 297.943489][T11152] do_syslog+0x263b/0x3160 [ 297.947910][T11152] kmsg_read+0x142/0x1a0 [ 297.952163][T11152] proc_reg_read+0x25f/0x360 [ 297.956771][T11152] __vfs_read+0x1a9/0xc90 [ 297.961098][T11152] vfs_read+0x359/0x6f0 [ 297.965344][T11152] ksys_read+0x265/0x430 [ 297.969603][T11152] __se_sys_read+0x92/0xb0 [ 297.974031][T11152] __x64_sys_read+0x4a/0x70 [ 297.978660][T11152] do_syscall_64+0xbc/0xf0 [ 297.983174][T11152] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 297.989074][T11152] [ 297.991499][T11152] Byte 113 of 115 is uninitialized [ 297.996613][T11152] Memory access of size 115 starts at ffff888056963800 [ 298.003659][T11152] Data copied to user address 00007f1ef654b5a0 [ 298.009900][T11152] ===================================================== [ 298.017456][T11152] Disabling lock debugging due to kernel taint [ 298.023605][T11152] Kernel panic - not syncing: panic_on_warn set ... [ 298.030195][T11152] CPU: 1 PID: 11152 Comm: rsyslogd Tainted: G B 5.3.0-rc7+ #0 [ 298.039054][T11152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 298.049229][T11152] Call Trace: [ 298.052542][T11152] dump_stack+0x191/0x1f0 [ 298.056892][T11152] panic+0x3c9/0xc1e [ 298.060819][T11152] kmsan_report+0x2a2/0x2b0 [ 298.065424][T11152] kmsan_internal_check_memory+0x187/0x4c0 [ 298.071318][T11152] ? msg_print_text+0x9c5/0xa70 [ 298.076190][T11152] kmsan_copy_to_user+0xa9/0xb0 [ 298.081051][T11152] _copy_to_user+0x16b/0x1f0 [ 298.085658][T11152] do_syslog+0x2e62/0x3160 [ 298.090087][T11152] ? kmsan_internal_set_origin+0x6a/0xb0 [ 298.095752][T11152] ? init_wait_entry+0x190/0x190 [ 298.100705][T11152] kmsg_read+0x142/0x1a0 [ 298.104960][T11152] ? mmap_vmcore_fault+0x30/0x30 [ 298.109900][T11152] proc_reg_read+0x25f/0x360 [ 298.114505][T11152] ? proc_reg_llseek+0x2f0/0x2f0 [ 298.119470][T11152] __vfs_read+0x1a9/0xc90 [ 298.123819][T11152] ? rw_verify_area+0x3a5/0x5e0 [ 298.129135][T11152] vfs_read+0x359/0x6f0 [ 298.133324][T11152] ksys_read+0x265/0x430 [ 298.137591][T11152] __se_sys_read+0x92/0xb0 [ 298.142021][T11152] __x64_sys_read+0x4a/0x70 [ 298.146624][T11152] do_syscall_64+0xbc/0xf0 [ 298.151052][T11152] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 298.156950][T11152] RIP: 0033:0x7f1ef77771fd [ 298.161375][T11152] Code: d1 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e fa ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 a7 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 298.181105][T11152] RSP: 002b:00007f1ef4d16e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 298.189550][T11152] RAX: ffffffffffffffda RBX: 00000000014004b0 RCX: 00007f1ef77771fd [ 298.198136][T11152] RDX: 0000000000000fff RSI: 00007f1ef654b5a0 RDI: 0000000000000004 [ 298.206111][T11152] RBP: 0000000000000000 R08: 00000000013eb260 R09: 0000000004000001 [ 298.214522][T11152] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000065e420 [ 298.222503][T11152] R13: 00007f1ef4d179c0 R14: 00007f1ef7dbc040 R15: 0000000000000003 [ 298.231864][T11152] Kernel Offset: disabled [ 298.236199][T11152] Rebooting in 86400 seconds..