[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 76.902263][ T31] audit: type=1800 audit(1570392308.951:25): pid=11228 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 76.925828][ T31] audit: type=1800 audit(1570392308.981:26): pid=11228 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 76.960698][ T31] audit: type=1800 audit(1570392309.001:27): pid=11228 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.52' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 166.192027][ T1075] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 166.202033][ T5] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 166.210034][ T742] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 166.222154][ T3366] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 166.222210][ T12] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 166.237887][ T17] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 166.442256][ T5] usb 4-1: Using ep0 maxpacket: 8 [ 166.452029][ T1075] usb 1-1: Using ep0 maxpacket: 8 [ 166.452412][ T742] usb 2-1: Using ep0 maxpacket: 8 [ 166.462811][ T12] usb 5-1: Using ep0 maxpacket: 8 [ 166.492126][ T17] usb 6-1: Using ep0 maxpacket: 8 [ 166.497498][ T3366] usb 3-1: Using ep0 maxpacket: 8 [ 166.562646][ T5] usb 4-1: config 0 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 166.576042][ T5] usb 4-1: config 0 interface 0 has no altsetting 0 [ 166.583203][ T5] usb 4-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 166.592454][ T5] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.592578][ T1075] usb 1-1: config 0 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 166.601820][ T12] usb 5-1: config 0 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 166.613627][ T1075] usb 1-1: config 0 interface 0 has no altsetting 0 [ 166.613693][ T1075] usb 1-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 166.626783][ T12] usb 5-1: config 0 interface 0 has no altsetting 0 [ 166.633393][ T1075] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.657363][ T12] usb 5-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 166.658653][ T1075] usb 1-1: config 0 descriptor?? [ 166.666572][ T12] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.667595][ T742] usb 2-1: config 0 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 166.693098][ T742] usb 2-1: config 0 interface 0 has no altsetting 0 [ 166.699752][ T742] usb 2-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 166.702472][ T17] usb 6-1: config 0 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 166.708940][ T742] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.721995][ T17] usb 6-1: config 0 interface 0 has no altsetting 0 [ 166.731338][ T5] usb 4-1: config 0 descriptor?? [ 166.736669][ T17] usb 6-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 166.749697][ T12] usb 5-1: config 0 descriptor?? [ 166.750845][ T17] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.764905][ T3366] usb 3-1: config 0 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 166.778139][ T3366] usb 3-1: config 0 interface 0 has no altsetting 0 [ 166.784905][ T3366] usb 3-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 166.791621][ T742] usb 2-1: config 0 descriptor?? [ 166.794381][ T3366] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.809788][ T3366] usb 3-1: config 0 descriptor?? [ 166.838047][ T17] usb 6-1: config 0 descriptor?? [ 167.018970][ T5] input: HID 054c:03d5 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:054C:03D5.0001/input/input5 [ 167.039273][ T5] sony 0003:054C:03D5.0001: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.3-1/input0 [ 167.306002][ T5] usb 4-1: USB disconnect, device number 2 [ 167.372553][ T742] usbhid 2-1:0.0: can't add hid device: -71 [ 167.373026][ T1075] usbhid 1-1:0.0: can't add hid device: -71 [ 167.378735][ T742] usbhid: probe of 2-1:0.0 failed with error -71 [ 167.384735][ T1075] usbhid: probe of 1-1:0.0 failed with error -71 [ 167.392942][ T12] usbhid 5-1:0.0: can't add hid device: -71 [ 167.404056][ T12] usbhid: probe of 5-1:0.0 failed with error -71 [ 167.406603][ T17] usbhid 6-1:0.0: can't add hid device: -71 [ 167.416598][ T17] usbhid: probe of 6-1:0.0 failed with error -71 [ 167.416924][ T12] usb 5-1: USB disconnect, device number 2 [ 167.425290][ T3366] usbhid 3-1:0.0: can't add hid device: -71 [ 167.435716][ T3366] usbhid: probe of 3-1:0.0 failed with error -71 [ 167.453264][ T17] usb 6-1: USB disconnect, device number 2 [ 167.457945][ T742] usb 2-1: USB disconnect, device number 2 [ 167.465644][ T3366] usb 3-1: USB disconnect, device number 2 [ 167.487275][ T1075] usb 1-1: USB disconnect, device number 2 [ 167.502978][T11387] ===================================================== [ 167.510117][T11387] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x16b/0x1f0 [ 167.517318][T11387] CPU: 0 PID: 11387 Comm: syz-executor701 Not tainted 5.3.0-rc7+ #0 [ 167.525287][T11387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.535332][T11387] Call Trace: [ 167.538610][T11387] dump_stack+0x191/0x1f0 [ 167.542927][T11387] kmsan_report+0x13a/0x2b0 [ 167.547449][T11387] kmsan_internal_check_memory+0x187/0x4c0 [ 167.553254][T11387] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 167.559388][T11387] kmsan_copy_to_user+0xa9/0xb0 [ 167.564222][T11387] _copy_to_user+0x16b/0x1f0 [ 167.568805][T11387] hidraw_ioctl+0x7f5/0x11a0 [ 167.573379][T11387] ? hidraw_poll+0x360/0x360 [ 167.577952][T11387] do_vfs_ioctl+0xea8/0x2c50 [ 167.582522][T11387] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 167.588402][T11387] ? security_file_ioctl+0x1bd/0x200 [ 167.593685][T11387] __se_sys_ioctl+0x1da/0x270 [ 167.598345][T11387] __x64_sys_ioctl+0x4a/0x70 [ 167.602919][T11387] do_syscall_64+0xbc/0xf0 [ 167.607321][T11387] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 167.613193][T11387] RIP: 0033:0x445d39 [ 167.617243][T11387] Code: e8 7c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 167.636844][T11387] RSP: 002b:00007fff410b4e88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 167.645246][T11387] RAX: ffffffffffffffda RBX: 00007fff410b5030 RCX: 0000000000445d39 [ 167.653213][T11387] RDX: 00000000200000c0 RSI: 0000000080084803 RDI: 0000000000000004 [ 167.661164][T11387] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 167.669114][T11387] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000000 [ 167.677062][T11387] R13: 0000000000402e30 R14: 0000000000000000 R15: 0000000000000000 [ 167.685024][T11387] [ 167.687346][T11387] Uninit was stored to memory at: [ 167.692350][T11387] kmsan_internal_chain_origin+0xd2/0x170 [ 167.698069][T11387] __msan_chain_origin+0x6b/0xe0 [ 167.702998][T11387] hidraw_ioctl+0x650/0x11a0 [ 167.707566][T11387] do_vfs_ioctl+0xea8/0x2c50 [ 167.712137][T11387] __se_sys_ioctl+0x1da/0x270 [ 167.716791][T11387] __x64_sys_ioctl+0x4a/0x70 [ 167.721375][T11387] do_syscall_64+0xbc/0xf0 [ 167.725781][T11387] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 167.731660][T11387] [ 167.733973][T11387] Uninit was created at: [ 167.738209][T11387] kmsan_internal_poison_shadow+0x53/0x100 [ 167.743997][T11387] kmsan_slab_free+0x8d/0x100 [ 167.748753][T11387] kfree+0x4c1/0x2db0 [ 167.752714][T11387] hid_device_release+0x78/0x90 [ 167.757561][T11387] device_release+0xe2/0x380 [ 167.762131][T11387] kobject_put+0x38d/0x480 [ 167.766538][T11387] put_device+0x51/0x70 [ 167.770674][T11387] hid_destroy_device+0x18c/0x200 [ 167.775687][T11387] usbhid_disconnect+0x11d/0x1d0 [ 167.780703][T11387] usb_unbind_interface+0x3a2/0xdd0 [ 167.785888][T11387] device_release_driver_internal+0x911/0xd20 [ 167.792038][T11387] device_release_driver+0x4b/0x60 [ 167.797132][T11387] bus_remove_device+0x4bf/0x670 [ 167.802051][T11387] device_del+0xcd5/0x1d10 [ 167.806555][T11387] usb_disable_device+0x567/0x1150 [ 167.811644][T11387] usb_disconnect+0x51e/0xd60 [ 167.816300][T11387] hub_event+0x3fd0/0x72f0 [ 167.820703][T11387] process_one_work+0x1572/0x1ef0 [ 167.825716][T11387] worker_thread+0x111b/0x2460 [ 167.830482][T11387] kthread+0x4b5/0x4f0 [ 167.834544][T11387] ret_from_fork+0x35/0x40 [ 167.838950][T11387] [ 167.841258][T11387] Bytes 0-1 of 8 are uninitialized [ 167.846357][T11387] Memory access of size 8 starts at ffff8880b776fd20 [ 167.853020][T11387] Data copied to user address 00000000200000c0 [ 167.859233][T11387] ===================================================== [ 167.866154][T11387] Disabling lock debugging due to kernel taint [ 167.872282][T11387] Kernel panic - not syncing: panic_on_warn set ... [ 167.878852][T11387] CPU: 0 PID: 11387 Comm: syz-executor701 Tainted: G B 5.3.0-rc7+ #0 [ 167.888202][T11387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.898244][T11387] Call Trace: [ 167.901524][T11387] dump_stack+0x191/0x1f0 [ 167.907318][T11387] panic+0x3c9/0xc1e [ 167.911208][T11387] kmsan_report+0x2a2/0x2b0 [ 167.915696][T11387] kmsan_internal_check_memory+0x187/0x4c0 [ 167.921482][T11387] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 167.927619][T11387] kmsan_copy_to_user+0xa9/0xb0 [ 167.932453][T11387] _copy_to_user+0x16b/0x1f0 [ 167.937027][T11387] hidraw_ioctl+0x7f5/0x11a0 [ 167.941603][T11387] ? hidraw_poll+0x360/0x360 [ 167.946174][T11387] do_vfs_ioctl+0xea8/0x2c50 [ 167.950755][T11387] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 167.956650][T11387] ? security_file_ioctl+0x1bd/0x200 [ 167.961918][T11387] __se_sys_ioctl+0x1da/0x270 [ 167.966586][T11387] __x64_sys_ioctl+0x4a/0x70 [ 167.971418][T11387] do_syscall_64+0xbc/0xf0 [ 167.975835][T11387] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 167.981752][T11387] RIP: 0033:0x445d39 [ 167.985651][T11387] Code: e8 7c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db cb fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 168.005241][T11387] RSP: 002b:00007fff410b4e88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 168.013635][T11387] RAX: ffffffffffffffda RBX: 00007fff410b5030 RCX: 0000000000445d39 [ 168.021601][T11387] RDX: 00000000200000c0 RSI: 0000000080084803 RDI: 0000000000000004 [ 168.029551][T11387] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 168.037520][T11387] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000000 [ 168.045471][T11387] R13: 0000000000402e30 R14: 0000000000000000 R15: 0000000000000000 [ 168.055132][T11387] Kernel Offset: disabled [ 168.059654][T11387] Rebooting in 86400 seconds..