[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 77.088745] sshd (6897) used greatest stack depth: 54112 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 77.810536] kauditd_printk_skb: 1 callbacks suppressed [ 77.810568] audit: type=1800 audit(1544173480.858:29): pid=6830 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 77.835522] audit: type=1800 audit(1544173480.868:30): pid=6830 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.216' (ECDSA) to the list of known hosts. 2018/12/07 09:04:53 parsed 1 programs 2018/12/07 09:05:00 executed programs: 0 syzkaller login: [ 97.476111] IPVS: ftp: loaded support on port[0] = 21 [ 98.147460] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.154222] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.162506] device bridge_slave_0 entered promiscuous mode [ 98.206099] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.212723] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.220640] device bridge_slave_1 entered promiscuous mode [ 98.262759] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 98.304709] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 98.436117] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 98.481196] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 98.688387] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 98.696789] team0: Port device team_slave_0 added [ 98.739118] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 98.747389] team0: Port device team_slave_1 added [ 98.789462] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 98.834643] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 98.880118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 98.926407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 99.358716] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.365291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.372621] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.379163] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.388063] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 99.962419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 101.018196] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.167058] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 101.314510] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 101.320793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 101.329246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 101.478361] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.430653] FAULT_INJECTION: forcing a failure. [ 102.430653] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 102.442836] CPU: 0 PID: 7249 Comm: syz-executor0 Not tainted 4.20.0-rc5+ #109 [ 102.450183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 102.459604] Call Trace: [ 102.462288] dump_stack+0x32d/0x480 [ 102.466004] should_fail+0x11f9/0x13d0 [ 102.469937] __alloc_pages_nodemask+0x73f/0x63b0 [ 102.474728] ? __irqentry_text_end+0x1f9c46/0x1f9c46 [ 102.479869] ? __msan_poison_alloca+0x1e0/0x270 [ 102.484578] ? ima_match_policy+0xf8/0x22f0 [ 102.488945] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 102.494377] ? ima_match_policy+0x2230/0x22f0 [ 102.498964] alloc_pages_current+0x566/0x820 [ 102.503408] ? __page_cache_alloc+0x5d/0x4a0 [ 102.507848] __page_cache_alloc+0xdb/0x4a0 [ 102.512114] ? __do_page_cache_readahead+0xbe/0x9a0 [ 102.517192] __do_page_cache_readahead+0x46b/0x9a0 [ 102.522223] ondemand_readahead+0xe5e/0x12d0 [ 102.526689] ? __msan_poison_alloca+0x1e0/0x270 [ 102.531485] page_cache_sync_readahead+0x58f/0xa00 [ 102.536458] generic_file_read_iter+0xed5/0x4fc0 [ 102.541281] blkdev_read_iter+0x20d/0x270 [ 102.545507] ? blkdev_write_iter+0x660/0x660 [ 102.549966] __vfs_read+0x874/0xb00 [ 102.553636] vfs_read+0x3b3/0x6f0 [ 102.557126] __se_sys_read+0x17a/0x370 [ 102.561049] __x64_sys_read+0x4a/0x70 [ 102.564883] do_syscall_64+0xcd/0x110 [ 102.568748] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 102.573999] RIP: 0033:0x457569 [ 102.577239] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 102.596379] RSP: 002b:00007ffcd211f988 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 102.604127] RAX: ffffffffffffffda RBX: 00007ffcd211f9a0 RCX: 0000000000457569 [ 102.611450] RDX: 000000000000006f RSI: 00000000200000c0 RDI: 0000000000000003 [ 102.618742] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 102.626033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001622914 [ 102.633393] R13: 00000000004c292a R14: 00000000004d5c18 R15: 0000000000000004 [ 102.645766] ================================================================== [ 102.653153] BUG: KMSAN: kernel-infoleak in copyout+0x1a4/0x250 [ 102.659153] CPU: 0 PID: 7249 Comm: syz-executor0 Not tainted 4.20.0-rc5+ #109 [ 102.666448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 102.675820] Call Trace: [ 102.678429] dump_stack+0x32d/0x480 [ 102.682065] ? copyout+0x1a4/0x250 [ 102.685631] kmsan_report+0x12d/0x290 [ 102.689519] kmsan_internal_check_memory+0x9ce/0xa50 [ 102.694661] ? finish_task_switch+0x20d/0x3f0 [ 102.699192] kmsan_copy_to_user+0x8d/0xa0 [ 102.703365] copyout+0x1a4/0x250 [ 102.706775] copy_page_to_iter+0x6d9/0x19b0 [ 102.711158] generic_file_read_iter+0x36a8/0x4fc0 [ 102.716069] blkdev_read_iter+0x20d/0x270 [ 102.720251] ? blkdev_write_iter+0x660/0x660 [ 102.724734] __vfs_read+0x874/0xb00 [ 102.728404] vfs_read+0x3b3/0x6f0 [ 102.731886] __se_sys_read+0x17a/0x370 [ 102.735798] __x64_sys_read+0x4a/0x70 [ 102.739609] do_syscall_64+0xcd/0x110 [ 102.743444] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 102.748654] RIP: 0033:0x457569 [ 102.751860] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 102.770821] RSP: 002b:00007ffcd211f988 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 102.778539] RAX: ffffffffffffffda RBX: 00007ffcd211f9a0 RCX: 0000000000457569 [ 102.785813] RDX: 000000000000006f RSI: 00000000200000c0 RDI: 0000000000000003 [ 102.793089] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 102.800370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001622914 [ 102.807640] R13: 00000000004c292a R14: 00000000004d5c18 R15: 0000000000000004 [ 102.814988] [ 102.816616] Uninit was created at: [ 102.820172] kmsan_save_stack_with_flags+0x7a/0x130 [ 102.825193] kmsan_internal_alloc_meta_for_pages+0x113/0x640 [ 102.830994] kmsan_alloc_page+0x77/0xc0 [ 102.834977] __alloc_pages_nodemask+0x171b/0x63b0 [ 102.839824] alloc_pages_current+0x566/0x820 [ 102.844236] __page_cache_alloc+0xdb/0x4a0 [ 102.848476] generic_file_read_iter+0x2749/0x4fc0 [ 102.853336] blkdev_read_iter+0x20d/0x270 [ 102.857495] __vfs_read+0x874/0xb00 [ 102.861124] vfs_read+0x3b3/0x6f0 [ 102.864594] __se_sys_read+0x17a/0x370 [ 102.868502] __x64_sys_read+0x4a/0x70 [ 102.872306] do_syscall_64+0xcd/0x110 [ 102.876134] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 102.881459] [ 102.883093] Bytes 0-110 of 111 are uninitialized [ 102.887864] Memory access of size 111 starts at ffff8881989f8000 [ 102.894030] Data copied to user address 00000000200000c0 [ 102.899478] ================================================================== [ 102.906833] Disabling lock debugging due to kernel taint [ 102.912298] Kernel panic - not syncing: panic_on_warn set ... [ 102.918352] CPU: 0 PID: 7249 Comm: syz-executor0 Tainted: G B 4.20.0-rc5+ #109 [ 102.927047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 102.936413] Call Trace: [ 102.939017] dump_stack+0x32d/0x480 [ 102.942674] panic+0x5db/0xbb8 [ 102.945919] kmsan_report+0x290/0x290 [ 102.949740] kmsan_internal_check_memory+0x9ce/0xa50 [ 102.954856] ? finish_task_switch+0x20d/0x3f0 [ 102.959389] kmsan_copy_to_user+0x8d/0xa0 [ 102.963559] copyout+0x1a4/0x250 [ 102.966956] copy_page_to_iter+0x6d9/0x19b0 [ 102.971326] generic_file_read_iter+0x36a8/0x4fc0 [ 102.976240] blkdev_read_iter+0x20d/0x270 [ 102.980403] ? blkdev_write_iter+0x660/0x660 [ 102.984828] __vfs_read+0x874/0xb00 [ 102.988490] vfs_read+0x3b3/0x6f0 [ 102.991983] __se_sys_read+0x17a/0x370 [ 102.995900] __x64_sys_read+0x4a/0x70 [ 102.999719] do_syscall_64+0xcd/0x110 [ 103.003551] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 103.008738] RIP: 0033:0x457569 [ 103.011939] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 103.030858] RSP: 002b:00007ffcd211f988 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 103.038575] RAX: ffffffffffffffda RBX: 00007ffcd211f9a0 RCX: 0000000000457569 [ 103.045847] RDX: 000000000000006f RSI: 00000000200000c0 RDI: 0000000000000003 [ 103.053116] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 103.060380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001622914 [ 103.067655] R13: 00000000004c292a R14: 00000000004d5c18 R15: 0000000000000004 [ 103.075953] Kernel Offset: disabled [ 103.079599] Rebooting in 86400 seconds..