[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 104.735563][ T30] audit: type=1800 audit(1563582551.786:25): pid=12395 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 104.760552][ T30] audit: type=1800 audit(1563582551.806:26): pid=12395 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 104.798938][ T30] audit: type=1800 audit(1563582551.836:27): pid=12395 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.46' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 118.023268][T12547] ================================================================== [ 118.031371][T12547] BUG: KMSAN: kernel-infoleak in copyout+0x16b/0x1f0 [ 118.038059][T12547] CPU: 0 PID: 12547 Comm: syz-executor694 Not tainted 5.2.0+ #15 [ 118.045795][T12547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 118.055907][T12547] Call Trace: [ 118.059302][T12547] dump_stack+0x191/0x1f0 [ 118.063638][T12547] kmsan_report+0x162/0x2d0 [ 118.068149][T12547] kmsan_internal_check_memory+0x544/0xa80 [ 118.074291][T12547] kmsan_copy_to_user+0xa9/0xb0 [ 118.079149][T12547] copyout+0x16b/0x1f0 [ 118.083227][T12547] _copy_to_iter+0x366/0x26e0 [ 118.087914][T12547] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.093860][T12547] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 118.100014][T12547] ? __skb_try_recv_from_queue+0xc21/0xe00 [ 118.105884][T12547] simple_copy_to_iter+0x92/0xb0 [ 118.110847][T12547] __skb_datagram_iter+0x256/0xe60 [ 118.115995][T12547] ? skb_copy_datagram_iter+0x2b0/0x2b0 [ 118.121593][T12547] skb_copy_datagram_iter+0x29c/0x2b0 [ 118.126983][T12547] netlink_recvmsg+0x68c/0x18e0 [ 118.131862][T12547] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.137759][T12547] ? netlink_sendmsg+0x12f0/0x12f0 [ 118.142965][T12547] sock_recvmsg+0x2df/0x2f0 [ 118.147505][T12547] ___sys_recvmsg+0x3d9/0x1140 [ 118.152296][T12547] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 118.158426][T12547] ? __fget_light+0x6b1/0x710 [ 118.163152][T12547] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.169064][T12547] do_recvmmsg+0x5f6/0x10a0 [ 118.173620][T12547] ? stack_depot_save+0x374/0x480 [ 118.178668][T12547] ? __x64_sys_recvmmsg+0x62/0x80 [ 118.183696][T12547] __se_sys_recvmmsg+0x1d1/0x350 [ 118.188641][T12547] __x64_sys_recvmmsg+0x62/0x80 [ 118.193500][T12547] do_syscall_64+0xbc/0xf0 [ 118.197933][T12547] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 118.203824][T12547] RIP: 0033:0x4459a9 [ 118.207730][T12547] Code: e8 bc b7 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 118.227498][T12547] RSP: 002b:00007f6c76f13d98 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 118.235926][T12547] RAX: ffffffffffffffda RBX: 00000000006dac38 RCX: 00000000004459a9 [ 118.243893][T12547] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000004 [ 118.251869][T12547] RBP: 00000000006dac30 R08: 0000000000000000 R09: 0000000000000000 [ 118.259925][T12547] R10: 0000000000000002 R11: 0000000000000246 R12: 00000000006dac3c [ 118.267892][T12547] R13: 06e0ff807aed8402 R14: 568c0dfdea4b0009 R15: 0d19001400000048 [ 118.275886][T12547] [ 118.278201][T12547] Uninit was created at: [ 118.282435][T12547] kmsan_internal_poison_shadow+0x53/0xa0 [ 118.288147][T12547] kmsan_slab_alloc+0xaa/0x120 [ 118.292930][T12547] __kmalloc_node_track_caller+0xc8f/0xf10 [ 118.298732][T12547] __alloc_skb+0x306/0xa10 [ 118.303141][T12547] netlink_dump+0x44b/0x1ab0 [ 118.307742][T12547] __netlink_dump_start+0xa3a/0xb30 [ 118.312935][T12547] inet_diag_handler_cmd+0x7ad/0x850 [ 118.318210][T12547] sock_diag_rcv_msg+0x211/0x610 [ 118.323143][T12547] netlink_rcv_skb+0x431/0x620 [ 118.327918][T12547] sock_diag_rcv+0x63/0x80 [ 118.332327][T12547] netlink_unicast+0xf3e/0x1020 [ 118.337193][T12547] netlink_sendmsg+0x127e/0x12f0 [ 118.342129][T12547] sock_write_iter+0x552/0x5a0 [ 118.347328][T12547] do_iter_readv_writev+0xa16/0xc30 [ 118.352543][T12547] do_iter_write+0x304/0xdc0 [ 118.357154][T12547] do_writev+0x437/0x910 [ 118.361393][T12547] __se_sys_writev+0x9b/0xb0 [ 118.365986][T12547] __x64_sys_writev+0x4a/0x70 [ 118.370690][T12547] do_syscall_64+0xbc/0xf0 [ 118.375114][T12547] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 118.381009][T12547] [ 118.383331][T12547] Bytes 68-71 of 166 are uninitialized [ 118.388802][T12547] Memory access of size 166 starts at ffff8880baf22000 [ 118.395650][T12547] Data copied to user address 0000000020000380 [ 118.401794][T12547] ================================================================== [ 118.409901][T12547] Disabling lock debugging due to kernel taint [ 118.416070][T12547] Kernel panic - not syncing: panic_on_warn set ... [ 118.422661][T12547] CPU: 0 PID: 12547 Comm: syz-executor694 Tainted: G B 5.2.0+ #15 [ 118.431761][T12547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 118.441865][T12547] Call Trace: [ 118.445162][T12547] dump_stack+0x191/0x1f0 [ 118.449517][T12547] panic+0x3c9/0xc1e [ 118.453449][T12547] kmsan_report+0x2ca/0x2d0 [ 118.457963][T12547] kmsan_internal_check_memory+0x544/0xa80 [ 118.463792][T12547] kmsan_copy_to_user+0xa9/0xb0 [ 118.468646][T12547] copyout+0x16b/0x1f0 [ 118.472728][T12547] _copy_to_iter+0x366/0x26e0 [ 118.477399][T12547] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.483309][T12547] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 118.489467][T12547] ? __skb_try_recv_from_queue+0xc21/0xe00 [ 118.495299][T12547] simple_copy_to_iter+0x92/0xb0 [ 118.500246][T12547] __skb_datagram_iter+0x256/0xe60 [ 118.505368][T12547] ? skb_copy_datagram_iter+0x2b0/0x2b0 [ 118.510969][T12547] skb_copy_datagram_iter+0x29c/0x2b0 [ 118.516365][T12547] netlink_recvmsg+0x68c/0x18e0 [ 118.521243][T12547] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.527148][T12547] ? netlink_sendmsg+0x12f0/0x12f0 [ 118.532261][T12547] sock_recvmsg+0x2df/0x2f0 [ 118.536777][T12547] ___sys_recvmsg+0x3d9/0x1140 [ 118.541602][T12547] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 118.547689][T12547] ? __fget_light+0x6b1/0x710 [ 118.552380][T12547] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 118.558285][T12547] do_recvmmsg+0x5f6/0x10a0 [ 118.562807][T12547] ? stack_depot_save+0x374/0x480 [ 118.567887][T12547] ? __x64_sys_recvmmsg+0x62/0x80 [ 118.572921][T12547] __se_sys_recvmmsg+0x1d1/0x350 [ 118.577877][T12547] __x64_sys_recvmmsg+0x62/0x80 [ 118.582730][T12547] do_syscall_64+0xbc/0xf0 [ 118.587145][T12547] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 118.593034][T12547] RIP: 0033:0x4459a9 [ 118.596944][T12547] Code: e8 bc b7 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 118.616542][T12547] RSP: 002b:00007f6c76f13d98 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 118.624966][T12547] RAX: ffffffffffffffda RBX: 00000000006dac38 RCX: 00000000004459a9 [ 118.632931][T12547] RDX: 0000000000000001 RSI: 0000000020001680 RDI: 0000000000000004 [ 118.640916][T12547] RBP: 00000000006dac30 R08: 0000000000000000 R09: 0000000000000000 [ 118.648886][T12547] R10: 0000000000000002 R11: 0000000000000246 R12: 00000000006dac3c [ 118.656858][T12547] R13: 06e0ff807aed8402 R14: 568c0dfdea4b0009 R15: 0d19001400000048 [ 118.665891][T12547] Kernel Offset: disabled [ 118.670237][T12547] Rebooting in 86400 seconds..