[ 102.741819][ T31] audit: type=1800 audit(1564125827.797:25): pid=12397 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 102.793470][ T31] audit: type=1800 audit(1564125827.827:26): pid=12397 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 102.813962][ T31] audit: type=1800 audit(1564125827.837:27): pid=12397 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 104.024309][T12467] sshd (12467) used greatest stack depth: 53744 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.183' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 115.912608][ T17] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 116.152544][ T17] usb 1-1: Using ep0 maxpacket: 8 [ 116.272722][ T17] usb 1-1: config 0 has an invalid interface number: 200 but max is 0 [ 116.280972][ T17] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 116.291258][ T17] usb 1-1: config 0 has no interface number 0 [ 116.297490][ T17] usb 1-1: config 0 interface 200 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 0 [ 116.307590][ T17] usb 1-1: New USB device found, idVendor=2040, idProduct=4982, bcdDevice=f9.cf [ 116.316737][ T17] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.326345][ T17] usb 1-1: config 0 descriptor?? [ 116.592790][ T17] hdpvr 1-1:0.200: firmware version 0x87 dated 6›¨¨à"oW†Úðñ÷(ÿÔŒr*[pñÂŬ<”íœî‰«eöš/á00 [ 116.603171][ T17] hdpvr 1-1:0.200: untested firmware, the driver might not work. [ 116.612485][T12435] ================================================================== [ 116.620585][T12435] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x16b/0x1f0 [ 116.641667][T12435] CPU: 1 PID: 12435 Comm: rsyslogd Not tainted 5.2.0+ #15 [ 116.648786][T12435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 116.658841][T12435] Call Trace: [ 116.662167][T12435] dump_stack+0x191/0x1f0 [ 116.666502][T12435] kmsan_report+0x162/0x2d0 [ 116.671001][T12435] kmsan_internal_check_memory+0x544/0xa80 [ 116.676809][T12435] ? msg_print_text+0x9c5/0xa70 [ 116.681672][T12435] kmsan_copy_to_user+0xa9/0xb0 [ 116.686520][T12435] _copy_to_user+0x16b/0x1f0 [ 116.691111][T12435] do_syslog+0x2e62/0x3160 [ 116.695540][T12435] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 116.701661][T12435] ? init_wait_entry+0x190/0x190 [ 116.706622][T12435] kmsg_read+0x142/0x1a0 [ 116.710870][T12435] ? mmap_vmcore_fault+0x30/0x30 [ 116.715813][T12435] proc_reg_read+0x25f/0x360 [ 116.720414][T12435] ? proc_reg_llseek+0x2f0/0x2f0 [ 116.725348][T12435] __vfs_read+0x1a9/0xc90 [ 116.729691][T12435] ? rw_verify_area+0x3a5/0x5e0 [ 116.734559][T12435] vfs_read+0x359/0x6f0 [ 116.738753][T12435] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 116.744656][T12435] ksys_read+0x265/0x430 [ 116.748959][T12435] __se_sys_read+0x92/0xb0 [ 116.753409][T12435] __x64_sys_read+0x4a/0x70 [ 116.757911][T12435] do_syscall_64+0xbc/0xf0 [ 116.762322][T12435] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 116.768199][T12435] RIP: 0033:0x7feb18b301fd [ 116.772605][T12435] Code: d1 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e fa ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 a7 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 116.792208][T12435] RSP: 002b:00007feb160cfe30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 116.800647][T12435] RAX: ffffffffffffffda RBX: 0000000000c9b4b0 RCX: 00007feb18b301fd [ 116.808618][T12435] RDX: 0000000000000fff RSI: 00007feb179045a0 RDI: 0000000000000004 [ 116.816589][T12435] RBP: 0000000000000000 R08: 0000000000c86260 R09: 0000000004000001 [ 116.824590][T12435] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000065e420 [ 116.832589][T12435] R13: 00007feb160d09c0 R14: 00007feb19175040 R15: 0000000000000003 [ 116.840567][T12435] [ 116.842880][T12435] Uninit was created at: [ 116.847114][T12435] kmsan_internal_poison_shadow+0x53/0xa0 [ 116.852825][T12435] kmsan_slab_alloc+0xaa/0x120 [ 116.857574][T12435] kmem_cache_alloc_trace+0x873/0xa50 [ 116.862932][T12435] do_syslog+0x263b/0x3160 [ 116.867330][T12435] kmsg_read+0x142/0x1a0 [ 116.871553][T12435] proc_reg_read+0x25f/0x360 [ 116.876153][T12435] __vfs_read+0x1a9/0xc90 [ 116.880467][T12435] vfs_read+0x359/0x6f0 [ 116.884604][T12435] ksys_read+0x265/0x430 [ 116.888832][T12435] __se_sys_read+0x92/0xb0 [ 116.893232][T12435] __x64_sys_read+0x4a/0x70 [ 116.897722][T12435] do_syscall_64+0xbc/0xf0 [ 116.902128][T12435] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 116.908006][T12435] [ 116.910322][T12435] Byte 116 of 118 is uninitialized [ 116.915422][T12435] Memory access of size 118 starts at ffff88811b37ec00 [ 116.922257][T12435] Data copied to user address 00007feb179045a0 [ 116.928401][T12435] ================================================================== [ 116.936453][T12435] Disabling lock debugging due to kernel taint [ 116.942598][T12435] Kernel panic - not syncing: panic_on_warn set ... [ 116.949188][T12435] CPU: 1 PID: 12435 Comm: rsyslogd Tainted: G B 5.2.0+ #15 [ 116.957670][T12435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 116.967711][T12435] Call Trace: [ 116.971003][T12435] dump_stack+0x191/0x1f0 [ 116.975340][T12435] panic+0x3c9/0xc1e [ 116.979254][T12435] kmsan_report+0x2ca/0x2d0 [ 116.983757][T12435] kmsan_internal_check_memory+0x544/0xa80 [ 116.989557][T12435] ? msg_print_text+0x9c5/0xa70 [ 116.994414][T12435] kmsan_copy_to_user+0xa9/0xb0 [ 116.999342][T12435] _copy_to_user+0x16b/0x1f0 [ 117.003931][T12435] do_syslog+0x2e62/0x3160 [ 117.008384][T12435] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 117.014462][T12435] ? init_wait_entry+0x190/0x190 [ 117.019391][T12435] kmsg_read+0x142/0x1a0 [ 117.023629][T12435] ? mmap_vmcore_fault+0x30/0x30 [ 117.028563][T12435] proc_reg_read+0x25f/0x360 [ 117.033164][T12435] ? proc_reg_llseek+0x2f0/0x2f0 [ 117.038091][T12435] __vfs_read+0x1a9/0xc90 [ 117.042420][T12435] ? rw_verify_area+0x3a5/0x5e0 [ 117.047274][T12435] vfs_read+0x359/0x6f0 [ 117.051422][T12435] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 117.057328][T12435] ksys_read+0x265/0x430 [ 117.061582][T12435] __se_sys_read+0x92/0xb0 [ 117.065998][T12435] __x64_sys_read+0x4a/0x70 [ 117.070490][T12435] do_syscall_64+0xbc/0xf0 [ 117.074899][T12435] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 117.080772][T12435] RIP: 0033:0x7feb18b301fd [ 117.085174][T12435] Code: d1 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e fa ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 a7 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 117.104766][T12435] RSP: 002b:00007feb160cfe30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 117.113166][T12435] RAX: ffffffffffffffda RBX: 0000000000c9b4b0 RCX: 00007feb18b301fd [ 117.121123][T12435] RDX: 0000000000000fff RSI: 00007feb179045a0 RDI: 0000000000000004 [ 117.129087][T12435] RBP: 0000000000000000 R08: 0000000000c86260 R09: 0000000004000001 [ 117.137066][T12435] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000065e420 [ 117.145024][T12435] R13: 00007feb160d09c0 R14: 00007feb19175040 R15: 0000000000000003 [ 117.154126][T12435] Kernel Offset: disabled [ 117.158491][T12435] Rebooting in 86400 seconds..