[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 105.320433][ T31] audit: type=1800 audit(1564392242.373:25): pid=12562 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 105.345862][ T31] audit: type=1800 audit(1564392242.403:26): pid=12562 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 105.382652][ T31] audit: type=1800 audit(1564392242.423:27): pid=12562 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.180' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 118.252005][ T4942] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 118.491885][ T4942] usb 1-1: Using ep0 maxpacket: 8 [ 118.612078][ T4942] usb 1-1: config 0 has an invalid interface number: 26 but max is 0 [ 118.620257][ T4942] usb 1-1: config 0 has no interface number 0 [ 118.626562][ T4942] usb 1-1: config 0 interface 26 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0 [ 118.636577][ T4942] usb 1-1: New USB device found, idVendor=2040, idProduct=4902, bcdDevice=ff.51 [ 118.645744][ T4942] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.655146][ T4942] usb 1-1: config 0 descriptor?? [ 118.912030][ T4942] hdpvr 1-1:0.26: firmware version 0x3 dated b2<áó?nTdÉg:8´ëæ ªïP ÛS^ÂŒn•ø®!¨ÿæ‹m¾F•6 [ 118.922154][ T4942] hdpvr 1-1:0.26: untested firmware, the driver might not work. [ 118.931835][T12600] ================================================================== [ 118.939905][T12600] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x16b/0x1f0 [ 118.947107][T12600] CPU: 1 PID: 12600 Comm: rsyslogd Not tainted 5.2.0+ #15 [ 118.954209][T12600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 118.964266][T12600] Call Trace: [ 118.967572][T12600] dump_stack+0x191/0x1f0 [ 118.972073][T12600] kmsan_report+0x162/0x2d0 [ 118.976590][T12600] kmsan_internal_check_memory+0x544/0xa80 [ 118.982397][T12600] ? msg_print_text+0x9c5/0xa70 [ 118.987256][T12600] kmsan_copy_to_user+0xa9/0xb0 [ 118.992101][T12600] _copy_to_user+0x16b/0x1f0 [ 118.996689][T12600] do_syslog+0x2e62/0x3160 [ 119.001185][T12600] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 119.007276][T12600] ? init_wait_entry+0x190/0x190 [ 119.012214][T12600] kmsg_read+0x142/0x1a0 [ 119.016458][T12600] ? mmap_vmcore_fault+0x30/0x30 [ 119.021386][T12600] proc_reg_read+0x25f/0x360 [ 119.025976][T12600] ? proc_reg_llseek+0x2f0/0x2f0 [ 119.030905][T12600] __vfs_read+0x1a9/0xc90 [ 119.035261][T12600] ? rw_verify_area+0x3a5/0x5e0 [ 119.040116][T12600] vfs_read+0x359/0x6f0 [ 119.044273][T12600] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 119.050165][T12600] ksys_read+0x265/0x430 [ 119.054407][T12600] __se_sys_read+0x92/0xb0 [ 119.058817][T12600] __x64_sys_read+0x4a/0x70 [ 119.063335][T12600] do_syscall_64+0xbc/0xf0 [ 119.067751][T12600] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 119.073631][T12600] RIP: 0033:0x7f61bf5091fd [ 119.078038][T12600] Code: d1 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e fa ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 a7 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 119.097720][T12600] RSP: 002b:00007f61bcaa8e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 119.106123][T12600] RAX: ffffffffffffffda RBX: 0000000000ebcce0 RCX: 00007f61bf5091fd [ 119.114085][T12600] RDX: 0000000000000fff RSI: 00007f61be2dd5a0 RDI: 0000000000000004 [ 119.122086][T12600] RBP: 0000000000000000 R08: 0000000000ea8260 R09: 0000000004000001 [ 119.130042][T12600] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000065e420 [ 119.137994][T12600] R13: 00007f61bcaa99c0 R14: 00007f61bfb4e040 R15: 0000000000000003 [ 119.145983][T12600] [ 119.148293][T12600] Uninit was created at: [ 119.152525][T12600] kmsan_internal_poison_shadow+0x53/0xa0 [ 119.158230][T12600] kmsan_slab_alloc+0xaa/0x120 [ 119.163015][T12600] kmem_cache_alloc_trace+0x873/0xa50 [ 119.168399][T12600] do_syslog+0x263b/0x3160 [ 119.172839][T12600] kmsg_read+0x142/0x1a0 [ 119.177069][T12600] proc_reg_read+0x25f/0x360 [ 119.181658][T12600] __vfs_read+0x1a9/0xc90 [ 119.186070][T12600] vfs_read+0x359/0x6f0 [ 119.190211][T12600] ksys_read+0x265/0x430 [ 119.194440][T12600] __se_sys_read+0x92/0xb0 [ 119.198841][T12600] __x64_sys_read+0x4a/0x70 [ 119.203332][T12600] do_syscall_64+0xbc/0xf0 [ 119.207758][T12600] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 119.213652][T12600] [ 119.215963][T12600] Byte 113 of 115 is uninitialized [ 119.221080][T12600] Memory access of size 115 starts at ffff8881084e2400 [ 119.227913][T12600] Data copied to user address 00007f61be2dd5a0 [ 119.234054][T12600] ================================================================== [ 119.242099][T12600] Disabling lock debugging due to kernel taint [ 119.248244][T12600] Kernel panic - not syncing: panic_on_warn set ... [ 119.254829][T12600] CPU: 1 PID: 12600 Comm: rsyslogd Tainted: G B 5.2.0+ #15 [ 119.263332][T12600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 119.273383][T12600] Call Trace: [ 119.276675][T12600] dump_stack+0x191/0x1f0 [ 119.281003][T12600] panic+0x3c9/0xc1e [ 119.284924][T12600] kmsan_report+0x2ca/0x2d0 [ 119.289426][T12600] kmsan_internal_check_memory+0x544/0xa80 [ 119.295227][T12600] ? msg_print_text+0x9c5/0xa70 [ 119.300096][T12600] kmsan_copy_to_user+0xa9/0xb0 [ 119.304948][T12600] _copy_to_user+0x16b/0x1f0 [ 119.309546][T12600] do_syslog+0x2e62/0x3160 [ 119.313961][T12600] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 119.320041][T12600] ? init_wait_entry+0x190/0x190 [ 119.324981][T12600] kmsg_read+0x142/0x1a0 [ 119.329222][T12600] ? mmap_vmcore_fault+0x30/0x30 [ 119.334164][T12600] proc_reg_read+0x25f/0x360 [ 119.338757][T12600] ? proc_reg_llseek+0x2f0/0x2f0 [ 119.343790][T12600] __vfs_read+0x1a9/0xc90 [ 119.348125][T12600] ? rw_verify_area+0x3a5/0x5e0 [ 119.352976][T12600] vfs_read+0x359/0x6f0 [ 119.357245][T12600] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 119.363141][T12600] ksys_read+0x265/0x430 [ 119.367407][T12600] __se_sys_read+0x92/0xb0 [ 119.373054][T12600] __x64_sys_read+0x4a/0x70 [ 119.377558][T12600] do_syscall_64+0xbc/0xf0 [ 119.381973][T12600] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 119.387854][T12600] RIP: 0033:0x7f61bf5091fd [ 119.392259][T12600] Code: d1 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e fa ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 a7 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 119.411853][T12600] RSP: 002b:00007f61bcaa8e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 119.420264][T12600] RAX: ffffffffffffffda RBX: 0000000000ebcce0 RCX: 00007f61bf5091fd [ 119.428230][T12600] RDX: 0000000000000fff RSI: 00007f61be2dd5a0 RDI: 0000000000000004 [ 119.436220][T12600] RBP: 0000000000000000 R08: 0000000000ea8260 R09: 0000000004000001 [ 119.444348][T12600] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000065e420 [ 119.452311][T12600] R13: 00007f61bcaa99c0 R14: 00007f61bfb4e040 R15: 0000000000000003 [ 119.461312][T12600] Kernel Offset: disabled [ 119.465655][T12600] Rebooting in 86400 seconds..