[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 75.506976][ T8433] sshd (8433) used greatest stack depth: 3816 bytes left Warning: Permanently added '10.128.0.92' (ECDSA) to the list of known hosts. executing program [ 83.376219][ T8467] ===================================================== [ 83.383334][ T8467] BUG: KMSAN: uninit-value in tgr192_pass+0x1a25/0x1ee0 [ 83.390247][ T8467] CPU: 1 PID: 8467 Comm: syz-executor443 Not tainted 5.8.0-rc5-syzkaller #0 [ 83.398891][ T8467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.408922][ T8467] Call Trace: [ 83.412201][ T8467] dump_stack+0x1df/0x240 [ 83.416587][ T8467] kmsan_report+0xf7/0x1e0 [ 83.420983][ T8467] __msan_warning+0x58/0xa0 [ 83.425462][ T8467] tgr192_pass+0x1a25/0x1ee0 [ 83.430032][ T8467] ? kmsan_get_metadata+0x4f/0x180 [ 83.435122][ T8467] ? kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 83.441258][ T8467] tgr192_transform+0x248/0x1080 [ 83.446173][ T8467] ? is_module_text_address+0x4d/0x2a0 [ 83.451613][ T8467] ? __kernel_text_address+0x171/0x2d0 [ 83.457084][ T8467] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 83.462867][ T8467] tgr192_update+0x663/0xb00 [ 83.467438][ T8467] ? tgr192_init+0x150/0x150 [ 83.472003][ T8467] crypto_shash_update+0x4e9/0x550 [ 83.477091][ T8467] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 83.483231][ T8467] ? crypto_hash_walk_first+0x1fd/0x360 [ 83.488753][ T8467] ? kmsan_get_metadata+0x4f/0x180 [ 83.493853][ T8467] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 83.499647][ T8467] shash_async_update+0x113/0x1d0 [ 83.504658][ T8467] ? shash_async_init+0x1e0/0x1e0 [ 83.509674][ T8467] hash_sendpage+0x8ef/0xdf0 [ 83.514245][ T8467] ? hash_recvmsg+0xd30/0xd30 [ 83.518900][ T8467] sock_sendpage+0x1e1/0x2c0 [ 83.523477][ T8467] pipe_to_sendpage+0x38c/0x4c0 [ 83.528303][ T8467] ? sock_fasync+0x250/0x250 [ 83.532873][ T8467] __splice_from_pipe+0x565/0xf00 [ 83.537876][ T8467] ? generic_splice_sendpage+0x2d0/0x2d0 [ 83.543492][ T8467] generic_splice_sendpage+0x1d5/0x2d0 [ 83.548931][ T8467] ? iter_file_splice_write+0x1800/0x1800 [ 83.554624][ T8467] direct_splice_actor+0x1fd/0x580 [ 83.559713][ T8467] ? kmsan_get_metadata+0x4f/0x180 [ 83.564819][ T8467] splice_direct_to_actor+0x6b2/0xf50 [ 83.570167][ T8467] ? do_splice_direct+0x580/0x580 [ 83.575178][ T8467] do_splice_direct+0x342/0x580 [ 83.580032][ T8467] do_sendfile+0x101b/0x1d40 [ 83.584609][ T8467] __se_sys_sendfile64+0x2bb/0x360 [ 83.589695][ T8467] ? kmsan_get_metadata+0x4f/0x180 [ 83.594800][ T8467] __x64_sys_sendfile64+0x56/0x70 [ 83.599802][ T8467] do_syscall_64+0xb0/0x150 [ 83.604282][ T8467] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 83.610148][ T8467] RIP: 0033:0x440409 [ 83.614012][ T8467] Code: Bad RIP value. [ 83.618051][ T8467] RSP: 002b:00007ffc744248c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 83.626437][ T8467] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440409 [ 83.634384][ T8467] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 83.642330][ T8467] RBP: 00000000006cb018 R08: 0000000000000019 R09: 65732f636f72702f [ 83.650275][ T8467] R10: 0000000000007e00 R11: 0000000000000246 R12: 0000000000401c70 [ 83.658225][ T8467] R13: 0000000000401d00 R14: 0000000000000000 R15: 0000000000000000 [ 83.666203][ T8467] [ 83.668507][ T8467] Uninit was stored to memory at: [ 83.673508][ T8467] kmsan_internal_chain_origin+0xad/0x130 [ 83.679199][ T8467] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 83.685154][ T8467] kmsan_memcpy_metadata+0xb/0x10 [ 83.690153][ T8467] __msan_memcpy+0x43/0x50 [ 83.694544][ T8467] tgr192_transform+0xc5/0x1080 [ 83.699369][ T8467] tgr192_update+0x663/0xb00 [ 83.703934][ T8467] crypto_shash_update+0x4e9/0x550 [ 83.709036][ T8467] shash_async_update+0x113/0x1d0 [ 83.714036][ T8467] hash_sendpage+0x8ef/0xdf0 [ 83.718601][ T8467] sock_sendpage+0x1e1/0x2c0 [ 83.723166][ T8467] pipe_to_sendpage+0x38c/0x4c0 [ 83.727992][ T8467] __splice_from_pipe+0x565/0xf00 [ 83.732990][ T8467] generic_splice_sendpage+0x1d5/0x2d0 [ 83.738422][ T8467] direct_splice_actor+0x1fd/0x580 [ 83.743507][ T8467] splice_direct_to_actor+0x6b2/0xf50 [ 83.748858][ T8467] do_splice_direct+0x342/0x580 [ 83.753701][ T8467] do_sendfile+0x101b/0x1d40 [ 83.758266][ T8467] __se_sys_sendfile64+0x2bb/0x360 [ 83.763350][ T8467] __x64_sys_sendfile64+0x56/0x70 [ 83.768348][ T8467] do_syscall_64+0xb0/0x150 [ 83.772826][ T8467] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 83.778686][ T8467] [ 83.780998][ T8467] Uninit was created at: [ 83.785229][ T8467] kmsan_save_stack_with_flags+0x3c/0x90 [ 83.790850][ T8467] kmsan_alloc_page+0xb9/0x180 [ 83.795588][ T8467] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 83.801119][ T8467] alloc_pages_current+0x672/0x990 [ 83.806208][ T8467] push_pipe+0x605/0xb70 [ 83.810433][ T8467] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 83.816132][ T8467] do_splice_to+0x4fc/0x14f0 [ 83.820701][ T8467] splice_direct_to_actor+0x45c/0xf50 [ 83.826053][ T8467] do_splice_direct+0x342/0x580 [ 83.830881][ T8467] do_sendfile+0x101b/0x1d40 [ 83.835446][ T8467] __se_sys_sendfile64+0x2bb/0x360 [ 83.840531][ T8467] __x64_sys_sendfile64+0x56/0x70 [ 83.845578][ T8467] do_syscall_64+0xb0/0x150 [ 83.850055][ T8467] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 83.855915][ T8467] ===================================================== [ 83.862818][ T8467] Disabling lock debugging due to kernel taint [ 83.868939][ T8467] Kernel panic - not syncing: panic_on_warn set ... [ 83.875503][ T8467] CPU: 1 PID: 8467 Comm: syz-executor443 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 83.885532][ T8467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.895575][ T8467] Call Trace: [ 83.898847][ T8467] dump_stack+0x1df/0x240 [ 83.903158][ T8467] panic+0x3d5/0xc3e [ 83.907040][ T8467] kmsan_report+0x1df/0x1e0 [ 83.911520][ T8467] __msan_warning+0x58/0xa0 [ 83.916001][ T8467] tgr192_pass+0x1a25/0x1ee0 [ 83.920569][ T8467] ? kmsan_get_metadata+0x4f/0x180 [ 83.925657][ T8467] ? kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 83.931789][ T8467] tgr192_transform+0x248/0x1080 [ 83.936705][ T8467] ? is_module_text_address+0x4d/0x2a0 [ 83.942140][ T8467] ? __kernel_text_address+0x171/0x2d0 [ 83.947582][ T8467] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 83.953363][ T8467] tgr192_update+0x663/0xb00 [ 83.957931][ T8467] ? tgr192_init+0x150/0x150 [ 83.962513][ T8467] crypto_shash_update+0x4e9/0x550 [ 83.967612][ T8467] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 83.973765][ T8467] ? crypto_hash_walk_first+0x1fd/0x360 [ 83.979289][ T8467] ? kmsan_get_metadata+0x4f/0x180 [ 83.984408][ T8467] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 83.990191][ T8467] shash_async_update+0x113/0x1d0 [ 83.995244][ T8467] ? shash_async_init+0x1e0/0x1e0 [ 84.000248][ T8467] hash_sendpage+0x8ef/0xdf0 [ 84.004822][ T8467] ? hash_recvmsg+0xd30/0xd30 [ 84.009480][ T8467] sock_sendpage+0x1e1/0x2c0 [ 84.014054][ T8467] pipe_to_sendpage+0x38c/0x4c0 [ 84.018894][ T8467] ? sock_fasync+0x250/0x250 [ 84.023492][ T8467] __splice_from_pipe+0x565/0xf00 [ 84.028510][ T8467] ? generic_splice_sendpage+0x2d0/0x2d0 [ 84.034131][ T8467] generic_splice_sendpage+0x1d5/0x2d0 [ 84.039573][ T8467] ? iter_file_splice_write+0x1800/0x1800 [ 84.045269][ T8467] direct_splice_actor+0x1fd/0x580 [ 84.050361][ T8467] ? kmsan_get_metadata+0x4f/0x180 [ 84.055456][ T8467] splice_direct_to_actor+0x6b2/0xf50 [ 84.060804][ T8467] ? do_splice_direct+0x580/0x580 [ 84.065886][ T8467] do_splice_direct+0x342/0x580 [ 84.070722][ T8467] do_sendfile+0x101b/0x1d40 [ 84.075300][ T8467] __se_sys_sendfile64+0x2bb/0x360 [ 84.080387][ T8467] ? kmsan_get_metadata+0x4f/0x180 [ 84.085519][ T8467] __x64_sys_sendfile64+0x56/0x70 [ 84.090521][ T8467] do_syscall_64+0xb0/0x150 [ 84.095014][ T8467] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 84.100891][ T8467] RIP: 0033:0x440409 [ 84.104757][ T8467] Code: Bad RIP value. [ 84.108796][ T8467] RSP: 002b:00007ffc744248c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 84.117182][ T8467] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440409 [ 84.125128][ T8467] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 84.133074][ T8467] RBP: 00000000006cb018 R08: 0000000000000019 R09: 65732f636f72702f [ 84.141018][ T8467] R10: 0000000000007e00 R11: 0000000000000246 R12: 0000000000401c70 [ 84.148965][ T8467] R13: 0000000000401d00 R14: 0000000000000000 R15: 0000000000000000 [ 84.158253][ T8467] Kernel Offset: 0xec00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 84.169860][ T8467] Rebooting in 86400 seconds..