[ 57.130428] audit: type=1800 audit(1542168848.178:25): pid=6568 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 57.149755] audit: type=1800 audit(1542168848.178:26): pid=6568 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 57.169273] audit: type=1800 audit(1542168848.198:27): pid=6568 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 58.411091] sshd (6632) used greatest stack depth: 53600 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.95' (ECDSA) to the list of known hosts. syzkaller login: [ 68.476851] PANIC: double fault, error_code: 0x0 [ 68.481741] CPU: 1 PID: 6731 Comm: syz-executor377 Not tainted 4.20.0-rc2+ #85 [ 68.489164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.500554] ================================================================== [ 68.500562] BUG: KMSAN: uninit-value in do_raw_spin_lock+0x130/0x410 [ 68.500570] CPU: 1 PID: 6731 Comm: syz-executor377 Not tainted 4.20.0-rc2+ #85 [ 68.500578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.500584] Call Trace: [ 68.500589] <#DF> [ 68.500595] dump_stack+0x32d/0x480 [ 68.500601] ? do_raw_spin_lock+0x130/0x410 [ 68.500607] kmsan_report+0x19f/0x300 [ 68.500613] kmsan_internal_check_memory+0x35b/0x3b0 [ 68.500619] ? __msan_poison_alloca+0x1e0/0x270 [ 68.500625] kmsan_check_memory+0xd/0x10 [ 68.500631] do_raw_spin_lock+0x130/0x410 [ 68.500638] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 68.500643] _raw_spin_lock+0x27/0x30 [ 68.500649] vprintk_emit+0x1d9/0x8a0 [ 68.500655] vprintk_default+0x90/0xa0 [ 68.500661] vprintk_func+0x26b/0x2a0 [ 68.500666] printk+0x1a3/0x1f0 [ 68.500673] ? kmsan_get_origin_address+0x212/0x360 [ 68.500679] ? kmsan_get_shadow_origin_ptr+0x2c0/0x410 [ 68.500685] show_iret_regs+0x13c/0x540 [ 68.500691] ? kmsan_get_origin_address+0x212/0x360 [ 68.500697] ? __show_regs+0xb2/0x1350 [ 68.500703] ? show_regs+0xaf/0x170 [ 68.500708] __show_regs+0xc9/0x1350 [ 68.500714] ? get_cpu_entry_area+0xc/0x30 [ 68.500720] ? kmsan_get_shadow_origin_ptr+0x2c0/0x410 [ 68.500726] show_regs+0xaf/0x170 [ 68.500731] df_debug+0x86/0xb0 [ 68.500737] do_double_fault+0x362/0x480 [ 68.500742] double_fault+0x1e/0x30 [ 68.500749] RIP: 0010:kmsan_get_origin_address+0x212/0x360 [ 68.500761] Code: 2d 01 00 00 e9 fe 00 00 00 65 44 8b 34 25 20 a1 02 00 48 b8 00 00 00 00 00 02 00 00 48 01 d8 48 3d ff 0f e8 00 77 38 44 89 f7 19 30 4a ff 48 89 d9 48 29 c1 85 c9 78 26 48 63 c1 48 3d ff 9f [ 68.500767] RSP: 0018:fffffe000003c000 EFLAGS: 00010093 [ 68.500778] RAX: 000000000003c150 RBX: fffffe000003c150 RCX: 000000000000002e [ 68.500785] RDX: 0000000000000001 RSI: 0000000000000088 RDI: 0000000000000001 [ 68.500792] RBP: fffffe000003c038 R08: 0000000000000000 R09: 0000000000000000 [ 68.500799] R10: 0000000000000000 R11: 0000000000000000 R12: 0000778000000000 [ 68.500806] R13: 0000000000000000 R14: 0000000000000001 R15: fffffe008003c150 [ 68.500811] [ 68.500816] [ 68.500822] kmsan_memmove_origins+0xbd/0x1c0 [ 68.500828] ? kmsan_memmove_shadow+0xad/0xd0 [ 68.500833] __msan_memmove+0x6c/0x80 [ 68.500837] fixup_bad_iret+0x63/0xc0 [ 68.500842] error_entry+0xad/0xc0 [ 68.500847] RIP: 440e59:0xffd5 [ 68.500852] Code: Bad RIP value. [ 68.500857] RSP: 0003:00000000200001c0 EFLAGS: 0000ffd5 ORIG_RAX: 00000000200000c0 [ 68.500869] RAX: 0000000000000000 RBX: ffffffff8b000e58 RCX: 0000000000000000 [ 68.500876] RDX: 0000000000000216 RSI: 0000000000000000 RDI: 000000000000001c [ 68.500883] RBP: 0000000000000000 R08: 0000000000401cf0 R09: 0000000000401d80 [ 68.500890] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000401cf0 [ 68.500897] R13: 0000000000401d80 R14: 0000000000000000 R15: 0000000000000000 [ 68.500902] ? general_protection+0x8/0x30 [ 68.500908] ? general_protection+0x8/0x30 [ 68.500913] [ 68.500918] [ 68.500925] Local variable description: ----v.addr.i.i@do_raw_spin_lock [ 68.500931] Variable was created at: [ 68.500937] do_raw_spin_lock+0x62/0x410 [ 68.500942] _raw_spin_lock+0x27/0x30 [ 68.500946] [ 68.500952] Bytes 0-7 of 8 are uninitialized [ 68.500959] Memory access of size 8 starts at fffffe00000439f8 [ 68.500967] ================================================================== [ 68.500973] Disabling lock debugging due to kernel taint [ 68.500979] Kernel panic - not syncing: panic_on_warn set ... [ 68.500988] CPU: 1 PID: 6731 Comm: syz-executor377 Tainted: G B 4.20.0-rc2+ #85 [ 68.500996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.501001] Call Trace: [ 68.501006] <#DF> [ 68.501011] dump_stack+0x32d/0x480 [ 68.501017] panic+0x624/0xc08 [ 68.501023] kmsan_report+0x300/0x300 [ 68.501029] kmsan_internal_check_memory+0x35b/0x3b0 [ 68.501035] ? __msan_poison_alloca+0x1e0/0x270 [ 68.501041] kmsan_check_memory+0xd/0x10 [ 68.501047] do_raw_spin_lock+0x130/0x410 [ 68.501054] ? kmsan_internal_unpoison_shadow+0x83/0xd0 [ 68.501059] _raw_spin_lock+0x27/0x30 [ 68.501065] vprintk_emit+0x1d9/0x8a0 [ 68.501071] vprintk_default+0x90/0xa0 [ 68.501077] vprintk_func+0x26b/0x2a0 [ 68.501082] printk+0x1a3/0x1f0 [ 68.501088] ? kmsan_get_origin_address+0x212/0x360 [ 68.501094] ? kmsan_get_shadow_origin_ptr+0x2c0/0x410 [ 68.501100] show_iret_regs+0x13c/0x540 [ 68.501106] ? kmsan_get_origin_address+0x212/0x360 [ 68.501112] ? __show_regs+0xb2/0x1350 [ 68.501117] ? show_regs+0xaf/0x170 [ 68.501123] __show_regs+0xc9/0x1350 [ 68.501128] ? get_cpu_entry_area+0xc/0x30 [ 68.501134] ? kmsan_get_shadow_origin_ptr+0x2c0/0x410 [ 68.501139] show_regs+0xaf/0x170 [ 68.501143] df_debug+0x86/0xb0 [ 68.501148] do_double_fault+0x362/0x480 [ 68.501152] double_fault+0x1e/0x30 [ 68.501157] RIP: 0010:kmsan_get_origin_address+0x212/0x360 [ 68.501169] Code: 2d 01 00 00 e9 fe 00 00 00 65 44 8b 34 25 20 a1 02 00 48 b8 00 00 00 00 00 02 00 00 48 01 d8 48 3d ff 0f e8 00 77 38 44 89 f7 19 30 4a ff 48 89 d9 48 29 c1 85 c9 78 26 48 63 c1 48 3d ff 9f [ 68.501175] RSP: 0018:fffffe000003c000 EFLAGS: 00010093 [ 68.501186] RAX: 000000000003c150 RBX: fffffe000003c150 RCX: 000000000000002e [ 68.501194] RDX: 0000000000000001 RSI: 0000000000000088 RDI: 0000000000000001 [ 68.501201] RBP: fffffe000003c038 R08: 0000000000000000 R09: 0000000000000000 [ 68.501209] R10: 0000000000000000 R11: 0000000000000000 R12: 0000778000000000 [ 68.501216] R13: 0000000000000000 R14: 0000000000000001 R15: fffffe008003c150 [ 68.501221] [ 68.501226] [ 68.501232] kmsan_memmove_origins+0xbd/0x1c0 [ 68.501238] ? kmsan_memmove_shadow+0xad/0xd0 [ 68.501244] __msan_memmove+0x6c/0x80 [ 68.501250] fixup_bad_iret+0x63/0xc0 [ 68.501255] error_entry+0xad/0xc0 [ 68.501261] RIP: 440e59:0xffd5 [ 68.501273] Code: Bad RIP value. [ 68.501280] RSP: 0003:00000000200001c0 EFLAGS: 0000ffd5 ORIG_RAX: 00000000200000c0 [ 68.501292] RAX: 0000000000000000 RBX: ffffffff8b000e58 RCX: 0000000000000000 [ 68.501299] RDX: 0000000000000216 RSI: 0000000000000000 RDI: 000000000000001c [ 68.501307] RBP: 0000000000000000 R08: 0000000000401cf0 R09: 0000000000401d80 [ 68.501314] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000401cf0 [ 68.501322] R13: 0000000000401d80 R14: 0000000000000000 R15: 0000000000000000 [ 68.501328] ? general_protection+0x8/0x30 [ 68.501334] ? general_protection+0x8/0x30 [ 68.501339] [ 68.502724] Kernel Offset: disabled