[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started System Logging Service. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 117.227805][ T8161] sshd (8161) used greatest stack depth: 4048 bytes left Warning: Permanently added '10.128.0.27' (ECDSA) to the list of known hosts. executing program [ 138.901634][ T3218] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 139.261910][ T3218] usb 1-1: New USB device found, idVendor=2001, idProduct=1a02, bcdDevice=f8.9b [ 139.271102][ T3218] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.283122][ T3218] usb 1-1: config 0 descriptor?? [ 139.981654][ T3218] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 140.231791][ T8469] ===================================================== [ 140.238741][ T8469] BUG: KMSAN: kernel-infoleak in kmsan_copy_to_user+0x81/0x90 [ 140.246326][ T8469] CPU: 0 PID: 8469 Comm: syz-executor131 Not tainted 5.8.0-rc5-syzkaller #0 [ 140.254984][ T8469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 140.265013][ T8469] Call Trace: [ 140.268283][ T8469] dump_stack+0x21c/0x280 [ 140.272592][ T8469] kmsan_report+0xf7/0x1e0 [ 140.276987][ T8469] kmsan_internal_check_memory+0x238/0x3d0 [ 140.282817][ T8469] ? kmsan_get_metadata+0x116/0x180 [ 140.288026][ T8469] kmsan_copy_to_user+0x81/0x90 [ 140.292848][ T8469] _copy_to_user+0x18e/0x260 [ 140.297419][ T8469] raw_ioctl+0x4995/0x5810 [ 140.301817][ T8469] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 140.308171][ T8469] ? do_vfs_ioctl+0x1182/0x3540 [ 140.312996][ T8469] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 140.318793][ T8469] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 140.324839][ T8469] ? security_file_ioctl+0x1bd/0x210 [ 140.330112][ T8469] ? kmsan_get_metadata+0x116/0x180 [ 140.335288][ T8469] ? bdc_pci_remove+0xb0/0xb0 [ 140.339941][ T8469] __se_sys_ioctl+0x319/0x4d0 [ 140.344596][ T8469] __x64_sys_ioctl+0x4a/0x70 [ 140.349173][ T8469] do_syscall_64+0xad/0x160 [ 140.353662][ T8469] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 140.359527][ T8469] RIP: 0033:0x444cf7 [ 140.363402][ T8469] Code: Bad RIP value. [ 140.367443][ T8469] RSP: 002b:00007ffd7306dca8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 140.375834][ T8469] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000444cf7 [ 140.383781][ T8469] RDX: 00007ffd7306ecd0 RSI: 0000000080085502 RDI: 0000000000000003 [ 140.391728][ T8469] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000019 [ 140.399671][ T8469] R10: 0000000000000075 R11: 0000000000000246 R12: 00000000004029f0 [ 140.407637][ T8469] R13: 0000000000402a80 R14: 0000000000000000 R15: 0000000000000000 [ 140.415589][ T8469] [ 140.417891][ T8469] Uninit was stored to memory at: [ 140.422901][ T8469] kmsan_internal_chain_origin+0xad/0x130 [ 140.428594][ T8469] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 140.434558][ T8469] kmsan_memcpy_metadata+0xb/0x10 [ 140.439573][ T8469] __msan_memcpy+0x43/0x50 [ 140.443971][ T8469] raw_queue_event+0x2b3/0x5c0 [ 140.448709][ T8469] gadget_setup+0x48c/0x530 [ 140.453187][ T8469] dummy_timer+0x2c4d/0x71c0 [ 140.457749][ T8469] call_timer_fn+0x226/0x550 [ 140.462312][ T8469] expire_timers+0x4fc/0x780 [ 140.466875][ T8469] __run_timers+0xaf4/0xd30 [ 140.471353][ T8469] run_timer_softirq+0x2d/0x50 [ 140.476090][ T8469] __do_softirq+0x2ea/0x7f5 [ 140.480558][ T8469] [ 140.482860][ T8469] Uninit was stored to memory at: [ 140.487868][ T8469] kmsan_internal_chain_origin+0xad/0x130 [ 140.493560][ T8469] __msan_chain_origin+0x50/0x90 [ 140.498472][ T8469] dummy_timer+0x1d82/0x71c0 [ 140.503035][ T8469] call_timer_fn+0x226/0x550 [ 140.507600][ T8469] expire_timers+0x4fc/0x780 [ 140.512163][ T8469] __run_timers+0xaf4/0xd30 [ 140.516637][ T8469] run_timer_softirq+0x2d/0x50 [ 140.521372][ T8469] __do_softirq+0x2ea/0x7f5 [ 140.525853][ T8469] [ 140.528155][ T8469] Uninit was stored to memory at: [ 140.533169][ T8469] kmsan_internal_chain_origin+0xad/0x130 [ 140.538860][ T8469] __msan_chain_origin+0x50/0x90 [ 140.543782][ T8469] usb_control_msg+0x5df/0x820 [ 140.548519][ T8469] usbnet_write_cmd+0x3de/0x480 [ 140.553354][ T8469] asix_write_cmd+0x18b/0x2c0 [ 140.558016][ T8469] ax88772_hw_reset+0x1bd/0xc30 [ 140.562837][ T8469] ax88772_bind+0x8f3/0x1400 [ 140.567401][ T8469] usbnet_probe+0x1152/0x3f90 [ 140.572066][ T8469] usb_probe_interface+0xece/0x1550 [ 140.577248][ T8469] really_probe+0xf20/0x20b0 [ 140.581810][ T8469] driver_probe_device+0x293/0x390 [ 140.586894][ T8469] __device_attach_driver+0x63f/0x830 [ 140.592239][ T8469] bus_for_each_drv+0x2ca/0x3f0 [ 140.597062][ T8469] __device_attach+0x4e2/0x7f0 [ 140.601799][ T8469] device_initial_probe+0x4a/0x60 [ 140.606796][ T8469] bus_probe_device+0x177/0x3d0 [ 140.611635][ T8469] device_add+0x3b0e/0x40d0 [ 140.616125][ T8469] usb_set_configuration+0x380f/0x3f10 [ 140.621555][ T8469] usb_generic_driver_probe+0x138/0x300 [ 140.627083][ T8469] usb_probe_device+0x311/0x490 [ 140.632014][ T8469] really_probe+0xf20/0x20b0 [ 140.636576][ T8469] driver_probe_device+0x293/0x390 [ 140.641673][ T8469] __device_attach_driver+0x63f/0x830 [ 140.647026][ T8469] bus_for_each_drv+0x2ca/0x3f0 [ 140.651852][ T8469] __device_attach+0x4e2/0x7f0 [ 140.656588][ T8469] device_initial_probe+0x4a/0x60 [ 140.661592][ T8469] bus_probe_device+0x177/0x3d0 [ 140.666412][ T8469] device_add+0x3b0e/0x40d0 [ 140.670891][ T8469] usb_new_device+0x1bd4/0x2a30 [ 140.675728][ T8469] hub_event+0x5e7b/0x8a70 [ 140.680120][ T8469] process_one_work+0x1688/0x2140 [ 140.685115][ T8469] worker_thread+0x10bc/0x2730 [ 140.689848][ T8469] kthread+0x551/0x590 [ 140.693888][ T8469] ret_from_fork+0x1f/0x30 [ 140.698269][ T8469] [ 140.700568][ T8469] Uninit was stored to memory at: [ 140.705572][ T8469] kmsan_internal_chain_origin+0xad/0x130 [ 140.711275][ T8469] __msan_chain_origin+0x50/0x90 [ 140.716187][ T8469] ax88772_bind+0x82e/0x1400 [ 140.720746][ T8469] usbnet_probe+0x1152/0x3f90 [ 140.725399][ T8469] usb_probe_interface+0xece/0x1550 [ 140.730571][ T8469] really_probe+0xf20/0x20b0 [ 140.735132][ T8469] driver_probe_device+0x293/0x390 [ 140.740216][ T8469] __device_attach_driver+0x63f/0x830 [ 140.745559][ T8469] bus_for_each_drv+0x2ca/0x3f0 [ 140.750384][ T8469] __device_attach+0x4e2/0x7f0 [ 140.755120][ T8469] device_initial_probe+0x4a/0x60 [ 140.760115][ T8469] bus_probe_device+0x177/0x3d0 [ 140.764937][ T8469] device_add+0x3b0e/0x40d0 [ 140.769500][ T8469] usb_set_configuration+0x380f/0x3f10 [ 140.774931][ T8469] usb_generic_driver_probe+0x138/0x300 [ 140.780449][ T8469] usb_probe_device+0x311/0x490 [ 140.785276][ T8469] really_probe+0xf20/0x20b0 [ 140.789838][ T8469] driver_probe_device+0x293/0x390 [ 140.794952][ T8469] __device_attach_driver+0x63f/0x830 [ 140.800293][ T8469] bus_for_each_drv+0x2ca/0x3f0 [ 140.805117][ T8469] __device_attach+0x4e2/0x7f0 [ 140.809853][ T8469] device_initial_probe+0x4a/0x60 [ 140.814848][ T8469] bus_probe_device+0x177/0x3d0 [ 140.819669][ T8469] device_add+0x3b0e/0x40d0 [ 140.824147][ T8469] usb_new_device+0x1bd4/0x2a30 [ 140.828967][ T8469] hub_event+0x5e7b/0x8a70 [ 140.833359][ T8469] process_one_work+0x1688/0x2140 [ 140.838368][ T8469] worker_thread+0x10bc/0x2730 [ 140.843102][ T8469] kthread+0x551/0x590 [ 140.847142][ T8469] ret_from_fork+0x1f/0x30 [ 140.851523][ T8469] [ 140.853821][ T8469] Local variable ----buf.i@asix_get_phy_addr created at: [ 140.860815][ T8469] asix_get_phy_addr+0x4d/0x290 [ 140.865639][ T8469] asix_get_phy_addr+0x4d/0x290 [ 140.870469][ T8469] [ 140.872767][ T8469] Byte 10 of 16 is uninitialized [ 140.877670][ T8469] Memory access of size 16 starts at ffff8881053636b0 [ 140.884397][ T8469] Data copied to user address 00007ffd7306ecd0 [ 140.890519][ T8469] ===================================================== [ 140.897422][ T8469] Disabling lock debugging due to kernel taint [ 140.903543][ T8469] Kernel panic - not syncing: panic_on_warn set ... [ 140.910105][ T8469] CPU: 0 PID: 8469 Comm: syz-executor131 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 140.920132][ T8469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 140.930157][ T8469] Call Trace: [ 140.933430][ T8469] dump_stack+0x21c/0x280 [ 140.937767][ T8469] panic+0x4d7/0xef7 [ 140.941731][ T8469] ? add_taint+0x17c/0x210 [ 140.946139][ T8469] kmsan_report+0x1df/0x1e0 [ 140.950621][ T8469] kmsan_internal_check_memory+0x238/0x3d0 [ 140.956402][ T8469] ? kmsan_get_metadata+0x116/0x180 [ 140.961582][ T8469] kmsan_copy_to_user+0x81/0x90 [ 140.966427][ T8469] _copy_to_user+0x18e/0x260 [ 140.971010][ T8469] raw_ioctl+0x4995/0x5810 [ 140.975412][ T8469] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 140.981453][ T8469] ? do_vfs_ioctl+0x1182/0x3540 [ 140.986296][ T8469] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 140.992079][ T8469] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 140.998117][ T8469] ? security_file_ioctl+0x1bd/0x210 [ 141.003376][ T8469] ? kmsan_get_metadata+0x116/0x180 [ 141.008554][ T8469] ? bdc_pci_remove+0xb0/0xb0 [ 141.013206][ T8469] __se_sys_ioctl+0x319/0x4d0 [ 141.017861][ T8469] __x64_sys_ioctl+0x4a/0x70 [ 141.022433][ T8469] do_syscall_64+0xad/0x160 [ 141.026921][ T8469] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 141.032784][ T8469] RIP: 0033:0x444cf7 [ 141.036647][ T8469] Code: Bad RIP value. [ 141.040708][ T8469] RSP: 002b:00007ffd7306dca8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 141.049091][ T8469] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000444cf7 [ 141.057035][ T8469] RDX: 00007ffd7306ecd0 RSI: 0000000080085502 RDI: 0000000000000003 [ 141.064981][ T8469] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000019 [ 141.072927][ T8469] R10: 0000000000000075 R11: 0000000000000246 R12: 00000000004029f0 [ 141.080877][ T8469] R13: 0000000000402a80 R14: 0000000000000000 R15: 0000000000000000 [ 141.089905][ T8469] Kernel Offset: disabled [ 141.094222][ T8469] Rebooting in 86400 seconds..