[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 95.194081][ T30] audit: type=1800 audit(1564346220.245:25): pid=12463 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 95.217143][ T30] audit: type=1800 audit(1564346220.265:26): pid=12463 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 95.254165][ T30] audit: type=1800 audit(1564346220.285:27): pid=12463 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 105.121873][ T2916] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 105.361936][ T2916] usb 1-1: Using ep0 maxpacket: 8 [ 105.482058][ T2916] usb 1-1: config 0 has an invalid interface number: 200 but max is 0 [ 105.490278][ T2916] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 105.500508][ T2916] usb 1-1: config 0 has no interface number 0 [ 105.506741][ T2916] usb 1-1: config 0 interface 200 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 0 [ 105.516772][ T2916] usb 1-1: New USB device found, idVendor=2040, idProduct=4982, bcdDevice=f9.cf [ 105.525901][ T2916] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.535468][ T2916] usb 1-1: config 0 descriptor?? [ 105.792028][ T2916] hdpvr 1-1:0.200: firmware version 0x66 dated a޳J7h͵Ėz&ڙh4]zb00 [ 105.802573][ T2916] hdpvr 1-1:0.200: untested firmware, the driver might not work. [ 105.811894][T12501] ================================================================== [ 105.819947][T12501] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x16b/0x1f0 [ 105.827121][T12501] CPU: 0 PID: 12501 Comm: rsyslogd Not tainted 5.2.0+ #15 [ 105.834206][T12501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 105.844230][T12501] Call Trace: [ 105.847508][T12501] dump_stack+0x191/0x1f0 [ 105.851819][T12501] kmsan_report+0x162/0x2d0 [ 105.856347][T12501] kmsan_internal_check_memory+0x544/0xa80 [ 105.862138][T12501] ? msg_print_text+0x9c5/0xa70 [ 105.866977][T12501] kmsan_copy_to_user+0xa9/0xb0 [ 105.871837][T12501] _copy_to_user+0x16b/0x1f0 [ 105.876432][T12501] do_syslog+0x2e62/0x3160 [ 105.880829][T12501] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 105.886897][T12501] ? init_wait_entry+0x190/0x190 [ 105.891813][T12501] kmsg_read+0x142/0x1a0 [ 105.896046][T12501] ? mmap_vmcore_fault+0x30/0x30 [ 105.900956][T12501] proc_reg_read+0x25f/0x360 [ 105.905529][T12501] ? proc_reg_llseek+0x2f0/0x2f0 [ 105.910459][T12501] __vfs_read+0x1a9/0xc90 [ 105.914771][T12501] ? rw_verify_area+0x3a5/0x5e0 [ 105.919602][T12501] vfs_read+0x359/0x6f0 [ 105.923736][T12501] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 105.929604][T12501] ksys_read+0x265/0x430 [ 105.933828][T12501] __se_sys_read+0x92/0xb0 [ 105.938265][T12501] __x64_sys_read+0x4a/0x70 [ 105.942757][T12501] do_syscall_64+0xbc/0xf0 [ 105.947148][T12501] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 105.953012][T12501] RIP: 0033:0x7f486d1fc1fd [ 105.957425][T12501] Code: d1 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e fa ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 a7 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 105.977012][T12501] RSP: 002b:00007f486a79be30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 105.985393][T12501] RAX: ffffffffffffffda RBX: 0000000001758ce0 RCX: 00007f486d1fc1fd [ 105.993333][T12501] RDX: 0000000000000fff RSI: 00007f486bfd05a0 RDI: 0000000000000004 [ 106.001276][T12501] RBP: 0000000000000000 R08: 0000000001744260 R09: 0000000004000001 [ 106.009220][T12501] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000065e420 [ 106.017162][T12501] R13: 00007f486a79c9c0 R14: 00007f486d841040 R15: 0000000000000003 [ 106.025128][T12501] [ 106.027427][T12501] Uninit was created at: [ 106.031647][T12501] kmsan_internal_poison_shadow+0x53/0xa0 [ 106.037354][T12501] kmsan_slab_alloc+0xaa/0x120 [ 106.042088][T12501] kmem_cache_alloc_trace+0x873/0xa50 [ 106.047432][T12501] do_syslog+0x263b/0x3160 [ 106.051834][T12501] kmsg_read+0x142/0x1a0 [ 106.056060][T12501] proc_reg_read+0x25f/0x360 [ 106.060620][T12501] __vfs_read+0x1a9/0xc90 [ 106.064934][T12501] vfs_read+0x359/0x6f0 [ 106.069069][T12501] ksys_read+0x265/0x430 [ 106.073281][T12501] __se_sys_read+0x92/0xb0 [ 106.077666][T12501] __x64_sys_read+0x4a/0x70 [ 106.082152][T12501] do_syscall_64+0xbc/0xf0 [ 106.086566][T12501] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 106.092443][T12501] [ 106.094747][T12501] Byte 116 of 118 is uninitialized [ 106.099852][T12501] Memory access of size 118 starts at ffff88810b5f8800 [ 106.106666][T12501] Data copied to user address 00007f486bfd05a0 [ 106.112782][T12501] ================================================================== [ 106.120809][T12501] Disabling lock debugging due to kernel taint [ 106.126939][T12501] Kernel panic - not syncing: panic_on_warn set ... [ 106.133503][T12501] CPU: 0 PID: 12501 Comm: rsyslogd Tainted: G B 5.2.0+ #15 [ 106.141967][T12501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 106.151993][T12501] Call Trace: [ 106.155280][T12501] dump_stack+0x191/0x1f0 [ 106.159606][T12501] panic+0x3c9/0xc1e [ 106.163509][T12501] kmsan_report+0x2ca/0x2d0 [ 106.167993][T12501] kmsan_internal_check_memory+0x544/0xa80 [ 106.173797][T12501] ? msg_print_text+0x9c5/0xa70 [ 106.178634][T12501] kmsan_copy_to_user+0xa9/0xb0 [ 106.183467][T12501] _copy_to_user+0x16b/0x1f0 [ 106.188051][T12501] do_syslog+0x2e62/0x3160 [ 106.192441][T12501] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 106.198510][T12501] ? init_wait_entry+0x190/0x190 [ 106.203438][T12501] kmsg_read+0x142/0x1a0 [ 106.207679][T12501] ? mmap_vmcore_fault+0x30/0x30 [ 106.212592][T12501] proc_reg_read+0x25f/0x360 [ 106.217172][T12501] ? proc_reg_llseek+0x2f0/0x2f0 [ 106.222096][T12501] __vfs_read+0x1a9/0xc90 [ 106.226412][T12501] ? rw_verify_area+0x3a5/0x5e0 [ 106.231260][T12501] vfs_read+0x359/0x6f0 [ 106.235397][T12501] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 106.241277][T12501] ksys_read+0x265/0x430 [ 106.245516][T12501] __se_sys_read+0x92/0xb0 [ 106.249933][T12501] __x64_sys_read+0x4a/0x70 [ 106.254412][T12501] do_syscall_64+0xbc/0xf0 [ 106.258802][T12501] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 106.264664][T12501] RIP: 0033:0x7f486d1fc1fd [ 106.269049][T12501] Code: d1 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e fa ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 a7 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 106.288621][T12501] RSP: 002b:00007f486a79be30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 106.297003][T12501] RAX: ffffffffffffffda RBX: 0000000001758ce0 RCX: 00007f486d1fc1fd [ 106.304959][T12501] RDX: 0000000000000fff RSI: 00007f486bfd05a0 RDI: 0000000000000004 [ 106.312914][T12501] RBP: 0000000000000000 R08: 0000000001744260 R09: 0000000004000001 [ 106.320857][T12501] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000065e420 [ 106.328811][T12501] R13: 00007f486a79c9c0 R14: 00007f486d841040 R15: 0000000000000003 [ 106.337825][T12501] Kernel Offset: disabled [ 106.342168][T12501] Rebooting in 86400 seconds..