[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 83.905938][ T30] audit: type=1800 audit(1565562343.968:25): pid=12370 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 83.929346][ T30] audit: type=1800 audit(1565562343.988:26): pid=12370 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 83.964099][ T30] audit: type=1800 audit(1565562344.018:27): pid=12370 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.252' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 95.312157][ T3372] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 95.672300][ T3372] usb 1-1: config 0 has an invalid interface number: 97 but max is 0 [ 95.680453][ T3372] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 95.691695][ T3372] usb 1-1: config 0 has no interface number 0 [ 95.697956][ T3372] usb 1-1: config 0 interface 97 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 95.709109][ T3372] usb 1-1: New USB device found, idVendor=1b80, idProduct=e755, bcdDevice=1e.97 [ 95.718255][ T3372] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.727726][ T3372] usb 1-1: config 0 descriptor?? [ 95.776703][ T3372] em28xx 1-1:0.97: New device @ 480 Mbps (1b80:e755, interface 97, class 97) [ 95.786024][ T3372] em28xx 1-1:0.97: Audio interface 97 found (Vendor Class) [ 96.022221][T12521] ================================================================== [ 96.030313][T12521] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x16b/0x1f0 [ 96.037487][T12521] CPU: 0 PID: 12521 Comm: syz-executor117 Not tainted 5.3.0-rc3+ #17 [ 96.045540][T12521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 96.056098][T12521] Call Trace: [ 96.059396][T12521] dump_stack+0x191/0x1f0 [ 96.063708][T12521] kmsan_report+0x162/0x2d0 [ 96.068192][T12521] kmsan_internal_check_memory+0x7be/0x8d0 [ 96.073977][T12521] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 96.079944][T12521] ? wait_for_common+0x6f9/0x8d0 [ 96.084863][T12521] kmsan_copy_to_user+0xa9/0xb0 [ 96.089709][T12521] _copy_to_user+0x16b/0x1f0 [ 96.094288][T12521] fuzzer_ioctl+0x511f/0x5690 [ 96.098953][T12521] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 96.104940][T12521] ? next_event+0x6a0/0x6a0 [ 96.109434][T12521] full_proxy_unlocked_ioctl+0x1ca/0x380 [ 96.115048][T12521] ? full_proxy_poll+0x320/0x320 [ 96.119961][T12521] do_vfs_ioctl+0xea8/0x2c50 [ 96.124674][T12521] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 96.130632][T12521] ? __fget_light+0x19f/0x710 [ 96.135325][T12521] ? security_file_ioctl+0x1bd/0x200 [ 96.140591][T12521] __se_sys_ioctl+0x1da/0x270 [ 96.145345][T12521] __x64_sys_ioctl+0x4a/0x70 [ 96.149914][T12521] do_syscall_64+0xbc/0xf0 [ 96.154312][T12521] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 96.160179][T12521] RIP: 0033:0x440947 [ 96.164052][T12521] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 cd 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 96.183817][T12521] RSP: 002b:00007ffda9b09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 96.192206][T12521] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000440947 [ 96.200152][T12521] RDX: 00007ffda9b09050 RSI: 00000000c0085504 RDI: 0000000000000003 [ 96.208107][T12521] RBP: 0000000000000040 R08: 00000000000d8305 R09: 0000000000000000 [ 96.216067][T12521] R10: 0000000000402330 R11: 0000000000000246 R12: 00007ffda9b09050 [ 96.224014][T12521] R13: 0000000000402330 R14: 0000000000000000 R15: 0000000000000000 [ 96.231970][T12521] [ 96.234280][T12521] Uninit was created at: [ 96.238526][T12521] kmsan_internal_poison_shadow+0x53/0xa0 [ 96.244237][T12521] kmsan_slab_alloc+0xaa/0x120 [ 96.249100][T12521] __kmalloc+0x28e/0x430 [ 96.253324][T12521] fuzzer_ioctl+0x2b09/0x5690 [ 96.257994][T12521] full_proxy_unlocked_ioctl+0x1ca/0x380 [ 96.263604][T12521] do_vfs_ioctl+0xea8/0x2c50 [ 96.268206][T12521] __se_sys_ioctl+0x1da/0x270 [ 96.272858][T12521] __x64_sys_ioctl+0x4a/0x70 [ 96.277427][T12521] do_syscall_64+0xbc/0xf0 [ 96.281822][T12521] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 96.287682][T12521] [ 96.289987][T12521] Byte 0 of 1 is uninitialized [ 96.294728][T12521] Memory access of size 1 starts at ffff888106c49458 [ 96.301463][T12521] Data copied to user address 00007ffda9b09058 [ 96.307770][T12521] ================================================================== [ 96.315822][T12521] Disabling lock debugging due to kernel taint [ 96.321957][T12521] Kernel panic - not syncing: panic_on_warn set ... [ 96.328524][T12521] CPU: 0 PID: 12521 Comm: syz-executor117 Tainted: G B 5.3.0-rc3+ #17 [ 96.338073][T12521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 96.348120][T12521] Call Trace: [ 96.351434][T12521] dump_stack+0x191/0x1f0 [ 96.355762][T12521] panic+0x3c9/0xc1e [ 96.359672][T12521] kmsan_report+0x2ca/0x2d0 [ 96.364159][T12521] kmsan_internal_check_memory+0x7be/0x8d0 [ 96.370045][T12521] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 96.376020][T12521] ? wait_for_common+0x6f9/0x8d0 [ 96.380941][T12521] kmsan_copy_to_user+0xa9/0xb0 [ 96.385769][T12521] _copy_to_user+0x16b/0x1f0 [ 96.390343][T12521] fuzzer_ioctl+0x511f/0x5690 [ 96.395022][T12521] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 96.400982][T12521] ? next_event+0x6a0/0x6a0 [ 96.405655][T12521] full_proxy_unlocked_ioctl+0x1ca/0x380 [ 96.411272][T12521] ? full_proxy_poll+0x320/0x320 [ 96.416197][T12521] do_vfs_ioctl+0xea8/0x2c50 [ 96.420764][T12521] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 96.426733][T12521] ? __fget_light+0x19f/0x710 [ 96.431413][T12521] ? security_file_ioctl+0x1bd/0x200 [ 96.436767][T12521] __se_sys_ioctl+0x1da/0x270 [ 96.441467][T12521] __x64_sys_ioctl+0x4a/0x70 [ 96.446037][T12521] do_syscall_64+0xbc/0xf0 [ 96.450456][T12521] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 96.456323][T12521] RIP: 0033:0x440947 [ 96.460210][T12521] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 cd 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 96.479794][T12521] RSP: 002b:00007ffda9b09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 96.488179][T12521] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000440947 [ 96.496128][T12521] RDX: 00007ffda9b09050 RSI: 00000000c0085504 RDI: 0000000000000003 [ 96.504076][T12521] RBP: 0000000000000040 R08: 00000000000d8305 R09: 0000000000000000 [ 96.512024][T12521] R10: 0000000000402330 R11: 0000000000000246 R12: 00007ffda9b09050 [ 96.519983][T12521] R13: 0000000000402330 R14: 0000000000000000 R15: 0000000000000000 [ 96.529222][T12521] Kernel Offset: disabled [ 96.535358][T12521] Rebooting in 86400 seconds..