[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.135' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 123.827353][ T32] audit: type=1400 audit(1595183329.700:8): avc: denied { execmem } for pid=8477 comm="syz-executor495" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 123.841055][ T8477] ===================================================== [ 123.854997][ T8477] BUG: KMSAN: uninit-value in kmsan_check_memory+0xd/0x10 [ 123.862100][ T8477] CPU: 0 PID: 8477 Comm: syz-executor495 Not tainted 5.8.0-rc5-syzkaller #0 [ 123.870853][ T8477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 123.880893][ T8477] Call Trace: [ 123.884184][ T8477] dump_stack+0x1df/0x240 [ 123.888520][ T8477] kmsan_report+0xf7/0x1e0 [ 123.892950][ T8477] kmsan_internal_check_memory+0x358/0x3d0 [ 123.898756][ T8477] ? kmsan_get_metadata+0x4f/0x180 [ 123.903864][ T8477] ? kmsan_get_metadata+0x4f/0x180 [ 123.908990][ T8477] kmsan_check_memory+0xd/0x10 [ 123.913756][ T8477] copy_page_to_iter+0x7b4/0x1bb0 [ 123.918804][ T8477] pipe_read+0x6a6/0x1a00 [ 123.923164][ T8477] ? kmsan_get_metadata+0x11d/0x180 [ 123.928359][ T8477] ? __ia32_sys_pipe+0x50/0x50 [ 123.933121][ T8477] vfs_read+0xc67/0x1230 [ 123.937400][ T8477] ksys_read+0x267/0x450 [ 123.941651][ T8477] ? kmsan_get_metadata+0x4f/0x180 [ 123.946764][ T8477] __se_sys_read+0x92/0xb0 [ 123.951176][ T8477] ? __se_sys_read+0xb0/0xb0 [ 123.955768][ T8477] __ia32_sys_read+0x4a/0x70 [ 123.960352][ T8477] __do_fast_syscall_32+0x2aa/0x400 [ 123.965545][ T8477] do_fast_syscall_32+0x6b/0xd0 [ 123.970390][ T8477] do_SYSENTER_32+0x73/0x90 [ 123.974890][ T8477] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 123.981213][ T8477] RIP: 0023:0xf7f22549 [ 123.985280][ T8477] Code: Bad RIP value. [ 123.989335][ T8477] RSP: 002b:00000000ffa5d92c EFLAGS: 00000286 ORIG_RAX: 0000000000000003 [ 123.997735][ T8477] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000080 [ 124.005697][ T8477] RDX: 00000000000000be RSI: 00000000000000a0 RDI: 0000000000000000 [ 124.013643][ T8477] RBP: 0000000000c10000 R08: 0000000000000000 R09: 0000000000000000 [ 124.021590][ T8477] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 124.029570][ T8477] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 124.037520][ T8477] [ 124.039818][ T8477] Uninit was stored to memory at: [ 124.044818][ T8477] kmsan_internal_chain_origin+0xad/0x130 [ 124.050508][ T8477] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 124.056455][ T8477] kmsan_memcpy_metadata+0xb/0x10 [ 124.061449][ T8477] __msan_memcpy+0x43/0x50 [ 124.065838][ T8477] _copy_from_iter+0x1518/0x1c30 [ 124.070756][ T8477] copy_page_from_iter+0x479/0x1170 [ 124.075931][ T8477] pipe_write+0x1080/0x2300 [ 124.080416][ T8477] __kernel_write+0xba1/0x1220 [ 124.085152][ T8477] write_pipe_buf+0x1f9/0x2a0 [ 124.089801][ T8477] __splice_from_pipe+0x565/0xf00 [ 124.094865][ T8477] direct_splice_actor+0x3af/0x580 [ 124.099947][ T8477] splice_direct_to_actor+0x6b2/0xf50 [ 124.105289][ T8477] do_splice_direct+0x342/0x580 [ 124.110108][ T8477] do_sendfile+0x101b/0x1d40 [ 124.114669][ T8477] __se_compat_sys_sendfile+0x301/0x3c0 [ 124.120182][ T8477] __ia32_compat_sys_sendfile+0x56/0x70 [ 124.125697][ T8477] __do_fast_syscall_32+0x2aa/0x400 [ 124.130865][ T8477] do_fast_syscall_32+0x6b/0xd0 [ 124.135690][ T8477] do_SYSENTER_32+0x73/0x90 [ 124.140163][ T8477] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 124.146467][ T8477] [ 124.148763][ T8477] Uninit was created at: [ 124.152977][ T8477] kmsan_save_stack_with_flags+0x3c/0x90 [ 124.158576][ T8477] kmsan_alloc_page+0xb9/0x180 [ 124.163310][ T8477] __alloc_pages_nodemask+0x56a2/0x5dc0 [ 124.168833][ T8477] alloc_pages_current+0x672/0x990 [ 124.173914][ T8477] push_pipe+0x605/0xb70 [ 124.178125][ T8477] iov_iter_get_pages_alloc+0x18a9/0x21c0 [ 124.183825][ T8477] do_splice_to+0x4fc/0x14f0 [ 124.188392][ T8477] splice_direct_to_actor+0x45c/0xf50 [ 124.193737][ T8477] do_splice_direct+0x342/0x580 [ 124.198561][ T8477] do_sendfile+0x101b/0x1d40 [ 124.203144][ T8477] __se_compat_sys_sendfile+0x301/0x3c0 [ 124.208674][ T8477] __ia32_compat_sys_sendfile+0x56/0x70 [ 124.214198][ T8477] __do_fast_syscall_32+0x2aa/0x400 [ 124.219416][ T8477] do_fast_syscall_32+0x6b/0xd0 [ 124.224244][ T8477] do_SYSENTER_32+0x73/0x90 [ 124.228720][ T8477] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 124.235016][ T8477] [ 124.237319][ T8477] Bytes 0-189 of 190 are uninitialized [ 124.242754][ T8477] Memory access of size 190 starts at ffff962748cee000 [ 124.249627][ T8477] ===================================================== [ 124.256573][ T8477] Disabling lock debugging due to kernel taint [ 124.262698][ T8477] Kernel panic - not syncing: panic_on_warn set ... [ 124.269259][ T8477] CPU: 0 PID: 8477 Comm: syz-executor495 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 124.279300][ T8477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 124.289337][ T8477] Call Trace: [ 124.292604][ T8477] dump_stack+0x1df/0x240 [ 124.296909][ T8477] panic+0x3d5/0xc3e [ 124.300808][ T8477] kmsan_report+0x1df/0x1e0 [ 124.305289][ T8477] kmsan_internal_check_memory+0x358/0x3d0 [ 124.311066][ T8477] ? kmsan_get_metadata+0x4f/0x180 [ 124.316150][ T8477] ? kmsan_get_metadata+0x4f/0x180 [ 124.321236][ T8477] kmsan_check_memory+0xd/0x10 [ 124.325976][ T8477] copy_page_to_iter+0x7b4/0x1bb0 [ 124.330981][ T8477] pipe_read+0x6a6/0x1a00 [ 124.335310][ T8477] ? kmsan_get_metadata+0x11d/0x180 [ 124.340482][ T8477] ? __ia32_sys_pipe+0x50/0x50 [ 124.345219][ T8477] vfs_read+0xc67/0x1230 [ 124.349532][ T8477] ksys_read+0x267/0x450 [ 124.353750][ T8477] ? kmsan_get_metadata+0x4f/0x180 [ 124.358835][ T8477] __se_sys_read+0x92/0xb0 [ 124.363227][ T8477] ? __se_sys_read+0xb0/0xb0 [ 124.367790][ T8477] __ia32_sys_read+0x4a/0x70 [ 124.372353][ T8477] __do_fast_syscall_32+0x2aa/0x400 [ 124.377528][ T8477] do_fast_syscall_32+0x6b/0xd0 [ 124.382352][ T8477] do_SYSENTER_32+0x73/0x90 [ 124.386914][ T8477] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 124.393329][ T8477] RIP: 0023:0xf7f22549 [ 124.397362][ T8477] Code: Bad RIP value. [ 124.401395][ T8477] RSP: 002b:00000000ffa5d92c EFLAGS: 00000286 ORIG_RAX: 0000000000000003 [ 124.409777][ T8477] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000080 [ 124.417721][ T8477] RDX: 00000000000000be RSI: 00000000000000a0 RDI: 0000000000000000 [ 124.425664][ T8477] RBP: 0000000000c10000 R08: 0000000000000000 R09: 0000000000000000 [ 124.433607][ T8477] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 124.441559][ T8477] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 124.450110][ T8477] ------------[ cut here ]------------ [ 124.455552][ T8477] kernel BUG at mm/kmsan/kmsan.h:87! [ 124.460829][ T8477] invalid opcode: 0000 [#1] SMP [ 124.465654][ T8477] CPU: 0 PID: 8477 Comm: syz-executor495 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 124.475684][ T8477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 124.485724][ T8477] RIP: 0010:kmsan_internal_check_memory+0x3c0/0x3d0 [ 124.492284][ T8477] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 ea 03 0a 93 31 c0 e8 81 fe 44 ff 0f 0b 0f 0b 0f 0b 0f 0b e8 32 3f 8c 0c 0f 0b <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 83 ff [ 124.511871][ T8477] RSP: 0018:ffff9b2d40dd3508 EFLAGS: 00010046 [ 124.517912][ T8477] RAX: 0000000000000002 RBX: 00000000041f00b0 RCX: 00000000041f00b0 [ 124.525873][ T8477] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff9b2d40dd35e4 [ 124.533822][ T8477] RBP: ffff9b2d40dd35b0 R08: 0000000000000000 R09: ffff96276fc28210 [ 124.541769][ T8477] R10: 0000000000000000 R11: ffffffff89e02730 R12: 0000000000000000 [ 124.549714][ T8477] R13: 0000000000000001 R14: 0000000000000002 R15: 0000000000000001 [ 124.557672][ T8477] FS: 0000000000000000(0000) GS:ffff96276fc00000(0063) knlGS:000000000893e840 [ 124.566575][ T8477] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 124.573130][ T8477] CR2: 0000000020dec004 CR3: 000000010d59e000 CR4: 00000000001406f0 [ 124.581074][ T8477] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 124.589040][ T8477] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 124.596981][ T8477] Call Trace: [ 124.600250][ T8477] kmsan_check_memory+0xd/0x10 [ 124.604988][ T8477] iowrite8+0x99/0x2e0 [ 124.609036][ T8477] pvpanic_panic_notify+0x99/0xc0 [ 124.614030][ T8477] ? pvpanic_mmio_remove+0x60/0x60 [ 124.619134][ T8477] atomic_notifier_call_chain+0x130/0x250 [ 124.624830][ T8477] panic+0x468/0xc3e [ 124.628705][ T8477] kmsan_report+0x1df/0x1e0 [ 124.633180][ T8477] kmsan_internal_check_memory+0x358/0x3d0 [ 124.638957][ T8477] ? kmsan_get_metadata+0x4f/0x180 [ 124.644039][ T8477] ? kmsan_get_metadata+0x4f/0x180 [ 124.649124][ T8477] kmsan_check_memory+0xd/0x10 [ 124.653864][ T8477] copy_page_to_iter+0x7b4/0x1bb0 [ 124.658871][ T8477] pipe_read+0x6a6/0x1a00 [ 124.663182][ T8477] ? kmsan_get_metadata+0x11d/0x180 [ 124.668349][ T8477] ? __ia32_sys_pipe+0x50/0x50 [ 124.673083][ T8477] vfs_read+0xc67/0x1230 [ 124.677311][ T8477] ksys_read+0x267/0x450 [ 124.681527][ T8477] ? kmsan_get_metadata+0x4f/0x180 [ 124.686621][ T8477] __se_sys_read+0x92/0xb0 [ 124.691008][ T8477] ? __se_sys_read+0xb0/0xb0 [ 124.695566][ T8477] __ia32_sys_read+0x4a/0x70 [ 124.700126][ T8477] __do_fast_syscall_32+0x2aa/0x400 [ 124.705300][ T8477] do_fast_syscall_32+0x6b/0xd0 [ 124.710140][ T8477] do_SYSENTER_32+0x73/0x90 [ 124.714615][ T8477] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 124.721045][ T8477] RIP: 0023:0xf7f22549 [ 124.725080][ T8477] Code: Bad RIP value. [ 124.729115][ T8477] RSP: 002b:00000000ffa5d92c EFLAGS: 00000286 ORIG_RAX: 0000000000000003 [ 124.737495][ T8477] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000080 [ 124.745436][ T8477] RDX: 00000000000000be RSI: 00000000000000a0 RDI: 0000000000000000 [ 124.753390][ T8477] RBP: 0000000000c10000 R08: 0000000000000000 R09: 0000000000000000 [ 124.761330][ T8477] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 124.769403][ T8477] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 124.777549][ T8477] Modules linked in: [ 124.781416][ T8477] ---[ end trace c3076eddd3627039 ]--- [ 124.786847][ T8477] RIP: 0010:kmsan_internal_check_memory+0x3c0/0x3d0 [ 124.793403][ T8477] Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 48 c7 c7 ea 03 0a 93 31 c0 e8 81 fe 44 ff 0f 0b 0f 0b 0f 0b 0f 0b e8 32 3f 8c 0c 0f 0b <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 83 ff [ 124.812982][ T8477] RSP: 0018:ffff9b2d40dd3508 EFLAGS: 00010046 [ 124.819018][ T8477] RAX: 0000000000000002 RBX: 00000000041f00b0 RCX: 00000000041f00b0 [ 124.826959][ T8477] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff9b2d40dd35e4 [ 124.834905][ T8477] RBP: ffff9b2d40dd35b0 R08: 0000000000000000 R09: ffff96276fc28210 [ 124.842849][ T8477] R10: 0000000000000000 R11: ffffffff89e02730 R12: 0000000000000000 [ 124.850790][ T8477] R13: 0000000000000001 R14: 0000000000000002 R15: 0000000000000001 [ 124.858732][ T8477] FS: 0000000000000000(0000) GS:ffff96276fc00000(0063) knlGS:000000000893e840 [ 124.867631][ T8477] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 124.874184][ T8477] CR2: 0000000020dec004 CR3: 000000010d59e000 CR4: 00000000001406f0 [ 124.882132][ T8477] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 124.890074][ T8477] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 124.898017][ T8477] Kernel panic - not syncing: Fatal exception [ 124.904705][ T8477] Kernel Offset: 0x3a00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 124.916222][ T8477] Rebooting in 86400 seconds..