[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 123.395125][ T8441] sshd (8441) used greatest stack depth: 3816 bytes left Warning: Permanently added '10.128.1.10' (ECDSA) to the list of known hosts. executing program [ 132.790561][ T31] audit: type=1400 audit(1595212950.751:8): avc: denied { execmem } for pid=8475 comm="syz-executor839" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 132.800451][ T8475] ===================================================== [ 132.819268][ T8475] BUG: KMSAN: uninit-value in tgr192_pass+0x1a25/0x1ee0 [ 132.826248][ T8475] CPU: 1 PID: 8475 Comm: syz-executor839 Not tainted 5.8.0-rc5-syzkaller #0 [ 132.834932][ T8475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 132.846995][ T8475] Call Trace: [ 132.850309][ T8475] dump_stack+0x1df/0x240 [ 132.854763][ T8475] kmsan_report+0xf7/0x1e0 [ 132.859278][ T8475] __msan_warning+0x58/0xa0 [ 132.863787][ T8475] tgr192_pass+0x1a25/0x1ee0 [ 132.868392][ T8475] ? kmsan_get_metadata+0x4f/0x180 [ 132.873509][ T8475] ? kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 132.879675][ T8475] tgr192_transform+0x248/0x1080 [ 132.884639][ T8475] ? is_module_text_address+0x4d/0x2a0 [ 132.890633][ T8475] ? __kernel_text_address+0x171/0x2d0 [ 132.896109][ T8475] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 132.901926][ T8475] tgr192_update+0x663/0xb00 [ 132.906534][ T8475] ? tgr192_init+0x150/0x150 [ 132.911131][ T8475] crypto_shash_update+0x4e9/0x550 [ 132.916272][ T8475] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 132.922440][ T8475] ? hash_walk_new_entry+0x6c7/0x770 [ 132.928015][ T8475] ? crypto_hash_walk_first+0x1fd/0x360 [ 132.933750][ T8475] ? kmsan_get_metadata+0x4f/0x180 [ 132.938873][ T8475] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 132.944670][ T8475] shash_async_update+0x113/0x1d0 [ 132.949726][ T8475] ? shash_async_init+0x1e0/0x1e0 [ 132.954729][ T8475] hash_sendpage+0x8ef/0xdf0 [ 132.959318][ T8475] ? hash_recvmsg+0xd30/0xd30 [ 132.964009][ T8475] sock_sendpage+0x1e1/0x2c0 [ 132.968849][ T8475] pipe_to_sendpage+0x38c/0x4c0 [ 132.973691][ T8475] ? sock_fasync+0x250/0x250 [ 132.978330][ T8475] __splice_from_pipe+0x565/0xf00 [ 132.983345][ T8475] ? generic_splice_sendpage+0x2d0/0x2d0 [ 132.988968][ T8475] generic_splice_sendpage+0x1d5/0x2d0 [ 132.994425][ T8475] ? iter_file_splice_write+0x1800/0x1800 [ 133.000170][ T8475] direct_splice_actor+0x1fd/0x580 [ 133.005274][ T8475] ? kmsan_get_metadata+0x4f/0x180 [ 133.010389][ T8475] splice_direct_to_actor+0x6b2/0xf50 [ 133.015883][ T8475] ? do_splice_direct+0x580/0x580 [ 133.021057][ T8475] do_splice_direct+0x342/0x580 [ 133.025899][ T8475] do_sendfile+0x101b/0x1d40 [ 133.030635][ T8475] __se_compat_sys_sendfile+0x301/0x3c0 [ 133.036529][ T8475] ? kmsan_get_metadata+0x11d/0x180 [ 133.041743][ T8475] ? __ia32_sys_sendfile64+0x70/0x70 [ 133.047021][ T8475] __ia32_compat_sys_sendfile+0x56/0x70 [ 133.052550][ T8475] __do_fast_syscall_32+0x2aa/0x400 [ 133.057760][ T8475] do_fast_syscall_32+0x6b/0xd0 [ 133.062596][ T8475] do_SYSENTER_32+0x73/0x90 [ 133.067079][ T8475] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 133.073428][ T8475] RIP: 0023:0xf7fee549 [ 133.077643][ T8475] Code: Bad RIP value. [ 133.081686][ T8475] RSP: 002b:00000000fff765fc EFLAGS: 00000292 ORIG_RAX: 00000000000000bb [ 133.090078][ T8475] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000006 [ 133.098193][ T8475] RDX: 0000000000000000 RSI: 0000000000007e00 RDI: 0000000000000000 [ 133.106488][ T8475] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 133.114704][ T8475] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 133.122752][ T8475] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 133.130822][ T8475] [ 133.133128][ T8475] Uninit was stored to memory at: [ 133.138134][ T8475] kmsan_internal_chain_origin+0xad/0x130 [ 133.144092][ T8475] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 133.150097][ T8475] kmsan_memcpy_metadata+0xb/0x10 [ 133.155103][ T8475] __msan_memcpy+0x43/0x50 [ 133.159503][ T8475] tgr192_transform+0xc5/0x1080 [ 133.164359][ T8475] tgr192_update+0x663/0xb00 [ 133.168927][ T8475] crypto_shash_update+0x4e9/0x550 [ 133.174080][ T8475] shash_async_update+0x113/0x1d0 [ 133.179255][ T8475] hash_sendpage+0x8ef/0xdf0 [ 133.183833][ T8475] sock_sendpage+0x1e1/0x2c0 [ 133.188405][ T8475] pipe_to_sendpage+0x38c/0x4c0 [ 133.193602][ T8475] __splice_from_pipe+0x565/0xf00 [ 133.198902][ T8475] generic_splice_sendpage+0x1d5/0x2d0 [ 133.204546][ T8475] direct_splice_actor+0x1fd/0x580 [ 133.209652][ T8475] splice_direct_to_actor+0x6b2/0xf50 [ 133.215096][ T8475] do_splice_direct+0x342/0x580 [ 133.220035][ T8475] do_sendfile+0x101b/0x1d40 [ 133.224712][ T8475] __se_compat_sys_sendfile+0x301/0x3c0 [ 133.230289][ T8475] __ia32_compat_sys_sendfile+0x56/0x70 [ 133.236009][ T8475] __do_fast_syscall_32+0x2aa/0x400 [ 133.241301][ T8475] do_fast_syscall_32+0x6b/0xd0 [ 133.246165][ T8475] do_SYSENTER_32+0x73/0x90 [ 133.252041][ T8475] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 133.258569][ T8475] [ 133.261043][ T8475] Uninit was created at: [ 133.265300][ T8475] kmsan_save_stack_with_flags+0x3c/0x90 [ 133.270993][ T8475] kmsan_alloc_page+0xb9/0x180 [ 133.275751][ T8475] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 133.282060][ T8475] alloc_pages_current+0x672/0x990 [ 133.287197][ T8475] push_pipe+0x605/0xb70 [ 133.291452][ T8475] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 133.297439][ T8475] do_splice_to+0x4fc/0x14f0 [ 133.302023][ T8475] splice_direct_to_actor+0x45c/0xf50 [ 133.307583][ T8475] do_splice_direct+0x342/0x580 [ 133.312439][ T8475] do_sendfile+0x101b/0x1d40 [ 133.317877][ T8475] __se_compat_sys_sendfile+0x301/0x3c0 [ 133.323403][ T8475] __ia32_compat_sys_sendfile+0x56/0x70 [ 133.329042][ T8475] __do_fast_syscall_32+0x2aa/0x400 [ 133.334231][ T8475] do_fast_syscall_32+0x6b/0xd0 [ 133.339898][ T8475] do_SYSENTER_32+0x73/0x90 [ 133.344489][ T8475] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 133.350796][ T8475] ===================================================== [ 133.357900][ T8475] Disabling lock debugging due to kernel taint [ 133.364119][ T8475] Kernel panic - not syncing: panic_on_warn set ... [ 133.370789][ T8475] CPU: 1 PID: 8475 Comm: syz-executor839 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 133.380975][ T8475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 133.391076][ T8475] Call Trace: [ 133.394827][ T8475] dump_stack+0x1df/0x240 [ 133.399267][ T8475] panic+0x3d5/0xc3e [ 133.403247][ T8475] kmsan_report+0x1df/0x1e0 [ 133.407730][ T8475] __msan_warning+0x58/0xa0 [ 133.412316][ T8475] tgr192_pass+0x1a25/0x1ee0 [ 133.416987][ T8475] ? kmsan_get_metadata+0x4f/0x180 [ 133.422116][ T8475] ? kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 133.428353][ T8475] tgr192_transform+0x248/0x1080 [ 133.433397][ T8475] ? is_module_text_address+0x4d/0x2a0 [ 133.438880][ T8475] ? __kernel_text_address+0x171/0x2d0 [ 133.444430][ T8475] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 133.450503][ T8475] tgr192_update+0x663/0xb00 [ 133.455447][ T8475] ? tgr192_init+0x150/0x150 [ 133.460046][ T8475] crypto_shash_update+0x4e9/0x550 [ 133.465144][ T8475] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 133.471294][ T8475] ? hash_walk_new_entry+0x6c7/0x770 [ 133.478171][ T8475] ? crypto_hash_walk_first+0x1fd/0x360 [ 133.483747][ T8475] ? kmsan_get_metadata+0x4f/0x180 [ 133.488863][ T8475] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 133.494652][ T8475] shash_async_update+0x113/0x1d0 [ 133.499665][ T8475] ? shash_async_init+0x1e0/0x1e0 [ 133.504669][ T8475] hash_sendpage+0x8ef/0xdf0 [ 133.509269][ T8475] ? hash_recvmsg+0xd30/0xd30 [ 133.514008][ T8475] sock_sendpage+0x1e1/0x2c0 [ 133.518586][ T8475] pipe_to_sendpage+0x38c/0x4c0 [ 133.523437][ T8475] ? sock_fasync+0x250/0x250 [ 133.528169][ T8475] __splice_from_pipe+0x565/0xf00 [ 133.533200][ T8475] ? generic_splice_sendpage+0x2d0/0x2d0 [ 133.539276][ T8475] generic_splice_sendpage+0x1d5/0x2d0 [ 133.544725][ T8475] ? iter_file_splice_write+0x1800/0x1800 [ 133.550428][ T8475] direct_splice_actor+0x1fd/0x580 [ 133.555532][ T8475] ? kmsan_get_metadata+0x4f/0x180 [ 133.560718][ T8475] splice_direct_to_actor+0x6b2/0xf50 [ 133.566097][ T8475] ? do_splice_direct+0x580/0x580 [ 133.571113][ T8475] do_splice_direct+0x342/0x580 [ 133.576047][ T8475] do_sendfile+0x101b/0x1d40 [ 133.580752][ T8475] __se_compat_sys_sendfile+0x301/0x3c0 [ 133.586292][ T8475] ? kmsan_get_metadata+0x11d/0x180 [ 133.591843][ T8475] ? __ia32_sys_sendfile64+0x70/0x70 [ 133.597118][ T8475] __ia32_compat_sys_sendfile+0x56/0x70 [ 133.602650][ T8475] __do_fast_syscall_32+0x2aa/0x400 [ 133.607865][ T8475] do_fast_syscall_32+0x6b/0xd0 [ 133.612725][ T8475] do_SYSENTER_32+0x73/0x90 [ 133.617303][ T8475] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 133.623621][ T8475] RIP: 0023:0xf7fee549 [ 133.628814][ T8475] Code: Bad RIP value. [ 133.632946][ T8475] RSP: 002b:00000000fff765fc EFLAGS: 00000292 ORIG_RAX: 00000000000000bb [ 133.642146][ T8475] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000006 [ 133.650183][ T8475] RDX: 0000000000000000 RSI: 0000000000007e00 RDI: 0000000000000000 [ 133.658250][ T8475] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 133.666302][ T8475] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 133.674258][ T8475] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 133.684539][ T8475] Kernel Offset: 0x2e200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 133.696618][ T8475] Rebooting in 86400 seconds..