[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 75.705147][ T30] audit: type=1800 audit(1564179952.767:25): pid=11526 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 75.739010][ T30] audit: type=1800 audit(1564179952.797:26): pid=11526 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 75.786206][ T30] audit: type=1800 audit(1564179952.827:27): pid=11526 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.194' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 88.452054][ T50] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 88.692964][ T50] usb 1-1: Using ep0 maxpacket: 8 [ 88.812173][ T50] usb 1-1: config 0 has an invalid interface number: 200 but max is 0 [ 88.820409][ T50] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 88.830655][ T50] usb 1-1: config 0 has no interface number 0 [ 88.836908][ T50] usb 1-1: config 0 interface 200 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 0 [ 88.846979][ T50] usb 1-1: New USB device found, idVendor=2040, idProduct=4982, bcdDevice=f9.cf [ 88.856216][ T50] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.865655][ T50] usb 1-1: config 0 descriptor?? [ 89.122270][ T50] hdpvr 1-1:0.200: firmware version 0xd7 dated /%GAI{%2o!9K,L@jߔPQ]00 [ 89.132621][ T50] hdpvr 1-1:0.200: untested firmware, the driver might not work. [ 89.142007][T11564] ================================================================== [ 89.150085][T11564] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x16b/0x1f0 [ 89.157275][T11564] CPU: 1 PID: 11564 Comm: rsyslogd Not tainted 5.2.0+ #15 [ 89.164501][T11564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 89.174550][T11564] Call Trace: [ 89.177834][T11564] dump_stack+0x191/0x1f0 [ 89.182148][T11564] kmsan_report+0x162/0x2d0 [ 89.186638][T11564] kmsan_internal_check_memory+0x544/0xa80 [ 89.192428][T11564] ? msg_print_text+0x9c5/0xa70 [ 89.197301][T11564] kmsan_copy_to_user+0xa9/0xb0 [ 89.202255][T11564] _copy_to_user+0x16b/0x1f0 [ 89.206835][T11564] do_syslog+0x2e62/0x3160 [ 89.211252][T11564] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 89.217307][T11564] ? init_wait_entry+0x190/0x190 [ 89.222490][T11564] kmsg_read+0x142/0x1a0 [ 89.226723][T11564] ? mmap_vmcore_fault+0x30/0x30 [ 89.231900][T11564] proc_reg_read+0x25f/0x360 [ 89.236480][T11564] ? proc_reg_llseek+0x2f0/0x2f0 [ 89.241425][T11564] __vfs_read+0x1a9/0xc90 [ 89.245813][T11564] ? rw_verify_area+0x3a5/0x5e0 [ 89.250651][T11564] vfs_read+0x359/0x6f0 [ 89.254809][T11564] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 89.260682][T11564] ksys_read+0x265/0x430 [ 89.264921][T11564] __se_sys_read+0x92/0xb0 [ 89.269325][T11564] __x64_sys_read+0x4a/0x70 [ 89.273807][T11564] do_syscall_64+0xbc/0xf0 [ 89.278207][T11564] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 89.284171][T11564] RIP: 0033:0x7fc2292421fd [ 89.288580][T11564] Code: d1 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e fa ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 a7 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 89.308254][T11564] RSP: 002b:00007fc2267e1e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 89.316904][T11564] RAX: ffffffffffffffda RBX: 0000000001dd2ce0 RCX: 00007fc2292421fd [ 89.324855][T11564] RDX: 0000000000000fff RSI: 00007fc2280165a0 RDI: 0000000000000004 [ 89.332828][T11564] RBP: 0000000000000000 R08: 0000000001dbe260 R09: 0000000004000001 [ 89.340777][T11564] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000065e420 [ 89.348750][T11564] R13: 00007fc2267e29c0 R14: 00007fc229887040 R15: 0000000000000003 [ 89.356825][T11564] [ 89.359133][T11564] Uninit was created at: [ 89.363359][T11564] kmsan_internal_poison_shadow+0x53/0xa0 [ 89.369057][T11564] kmsan_slab_alloc+0xaa/0x120 [ 89.373794][T11564] kmem_cache_alloc_trace+0x873/0xa50 [ 89.379146][T11564] do_syslog+0x263b/0x3160 [ 89.383565][T11564] kmsg_read+0x142/0x1a0 [ 89.387797][T11564] proc_reg_read+0x25f/0x360 [ 89.392389][T11564] __vfs_read+0x1a9/0xc90 [ 89.396722][T11564] vfs_read+0x359/0x6f0 [ 89.400948][T11564] ksys_read+0x265/0x430 [ 89.405239][T11564] __se_sys_read+0x92/0xb0 [ 89.409810][T11564] __x64_sys_read+0x4a/0x70 [ 89.414303][T11564] do_syscall_64+0xbc/0xf0 [ 89.418713][T11564] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 89.424594][T11564] [ 89.426915][T11564] Byte 116 of 118 is uninitialized [ 89.432010][T11564] Memory access of size 118 starts at ffff88810976c800 [ 89.438834][T11564] Data copied to user address 00007fc2280165a0 [ 89.444989][T11564] ================================================================== [ 89.453194][T11564] Disabling lock debugging due to kernel taint [ 89.459676][T11564] Kernel panic - not syncing: panic_on_warn set ... [ 89.466253][T11564] CPU: 1 PID: 11564 Comm: rsyslogd Tainted: G B 5.2.0+ #15 [ 89.474881][T11564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 89.485134][T11564] Call Trace: [ 89.488434][T11564] dump_stack+0x191/0x1f0 [ 89.492752][T11564] panic+0x3c9/0xc1e [ 89.496646][T11564] kmsan_report+0x2ca/0x2d0 [ 89.501133][T11564] kmsan_internal_check_memory+0x544/0xa80 [ 89.506931][T11564] ? msg_print_text+0x9c5/0xa70 [ 89.511775][T11564] kmsan_copy_to_user+0xa9/0xb0 [ 89.516616][T11564] _copy_to_user+0x16b/0x1f0 [ 89.521193][T11564] do_syslog+0x2e62/0x3160 [ 89.525595][T11564] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 89.531908][T11564] ? init_wait_entry+0x190/0x190 [ 89.536865][T11564] kmsg_read+0x142/0x1a0 [ 89.541108][T11564] ? mmap_vmcore_fault+0x30/0x30 [ 89.546062][T11564] proc_reg_read+0x25f/0x360 [ 89.550669][T11564] ? proc_reg_llseek+0x2f0/0x2f0 [ 89.555590][T11564] __vfs_read+0x1a9/0xc90 [ 89.559923][T11564] ? rw_verify_area+0x3a5/0x5e0 [ 89.564783][T11564] vfs_read+0x359/0x6f0 [ 89.568934][T11564] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 89.575076][T11564] ksys_read+0x265/0x430 [ 89.579305][T11564] __se_sys_read+0x92/0xb0 [ 89.583728][T11564] __x64_sys_read+0x4a/0x70 [ 89.588222][T11564] do_syscall_64+0xbc/0xf0 [ 89.592629][T11564] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 89.598517][T11564] RIP: 0033:0x7fc2292421fd [ 89.602926][T11564] Code: d1 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e fa ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 a7 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 89.622963][T11564] RSP: 002b:00007fc2267e1e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 89.631370][T11564] RAX: ffffffffffffffda RBX: 0000000001dd2ce0 RCX: 00007fc2292421fd [ 89.639427][T11564] RDX: 0000000000000fff RSI: 00007fc2280165a0 RDI: 0000000000000004 [ 89.647646][T11564] RBP: 0000000000000000 R08: 0000000001dbe260 R09: 0000000004000001 [ 89.656002][T11564] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000065e420 [ 89.663981][T11564] R13: 00007fc2267e29c0 R14: 00007fc229887040 R15: 0000000000000003 [ 89.673609][T11564] Kernel Offset: disabled [ 89.677961][T11564] Rebooting in 86400 seconds..