[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 84.347251][ T31] audit: type=1800 audit(1569825691.399:25): pid=12647 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 84.370216][ T31] audit: type=1800 audit(1569825691.419:26): pid=12647 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 84.405314][ T31] audit: type=1800 audit(1569825691.449:27): pid=12647 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.174' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 95.314060][T12798] IPVS: ftp: loaded support on port[0] = 21 [ 95.363274][T12798] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 95.382465][T12798] ===================================================== [ 95.389825][T12798] BUG: KMSAN: uninit-value in inet_ehash_insert+0x56c/0xc80 [ 95.397334][T12798] CPU: 1 PID: 12798 Comm: syz-executor845 Not tainted 5.3.0-rc7+ #0 [ 95.405550][T12798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 95.415823][T12798] Call Trace: [ 95.419180][T12798] dump_stack+0x191/0x1f0 [ 95.423566][T12798] kmsan_report+0x13a/0x2b0 [ 95.428055][T12798] __msan_warning+0x73/0xe0 [ 95.432725][T12798] _raw_spin_lock+0x56/0x90 [ 95.437231][T12798] inet_ehash_insert+0x56c/0xc80 [ 95.442169][T12798] inet_csk_reqsk_queue_hash_add+0x11a/0x1d0 [ 95.448136][T12798] tcp_conn_request+0x44cc/0x4fb0 [ 95.453259][T12798] tcp_v6_conn_request+0x242/0x2d0 [ 95.458359][T12798] ? ip_queue_xmit+0xf0/0xf0 [ 95.463094][T12798] tcp_rcv_state_process+0x28f/0x6f80 [ 95.468459][T12798] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 95.474348][T12798] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 95.481020][T12798] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 95.486919][T12798] tcp_v6_do_rcv+0x1001/0x1ce0 [ 95.491700][T12798] tcp_v6_rcv+0x60b7/0x6a30 [ 95.496275][T12798] ? ctnetlink_conntrack_event+0xd48/0x4300 [ 95.502215][T12798] ip6_protocol_deliver_rcu+0x1433/0x22f0 [ 95.507924][T12798] ? ipv6_confirm+0x5a5/0x670 [ 95.512600][T12798] ip6_input+0x2af/0x340 [ 95.517020][T12798] ? ip6_input+0x340/0x340 [ 95.521548][T12798] ? ip6_protocol_deliver_rcu+0x22f0/0x22f0 [ 95.527449][T12798] ipv6_rcv+0x683/0x710 [ 95.531596][T12798] ? local_bh_enable+0x40/0x40 [ 95.536348][T12798] netif_receive_skb_internal+0x4e3/0xc20 [ 95.542052][T12798] ? eth_type_trans+0x470/0xa90 [ 95.546986][T12798] napi_gro_frags+0x1643/0x2860 [ 95.551833][T12798] tun_get_user+0x56d8/0x6fe0 [ 95.556510][T12798] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 95.563255][T12798] tun_chr_write_iter+0x1f2/0x360 [ 95.568353][T12798] ? tun_chr_read_iter+0x460/0x460 [ 95.573722][T12798] do_iter_readv_writev+0xa16/0xc30 [ 95.580147][T12798] ? tun_chr_read_iter+0x460/0x460 [ 95.585248][T12798] do_iter_write+0x304/0xdc0 [ 95.589860][T12798] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 95.596143][T12798] ? import_iovec+0x5cd/0x6a0 [ 95.600828][T12798] do_writev+0x435/0x900 [ 95.605076][T12798] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 95.611132][T12798] ? prepare_exit_to_usermode+0x19a/0x4d0 [ 95.616842][T12798] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 95.622848][T12798] __se_sys_writev+0x9b/0xb0 [ 95.627576][T12798] __x64_sys_writev+0x4a/0x70 [ 95.632513][T12798] do_syscall_64+0xbc/0xf0 [ 95.637083][T12798] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 95.643053][T12798] RIP: 0033:0x4419b0 [ 95.646929][T12798] Code: 05 48 3d 01 f0 ff ff 0f 83 fd 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 61 96 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 d4 0e fc ff c3 48 83 ec 08 e8 7a 2b 00 00 [ 95.667007][T12798] RSP: 002b:00007ffdb76bd3a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 95.675667][T12798] RAX: ffffffffffffffda RBX: 00007ffdb76bd460 RCX: 00000000004419b0 [ 95.683630][T12798] RDX: 0000000000000001 RSI: 00007ffdb76bd3c0 RDI: 00000000000000f0 [ 95.691588][T12798] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000555500008236 [ 95.699725][T12798] R10: 0000555500008236 R11: 0000000000000246 R12: 00007ffdb76bd458 [ 95.707778][T12798] R13: 00007ffdb76bd450 R14: 0000000000000000 R15: 0000000000000000 [ 95.715778][T12798] [ 95.718131][T12798] Uninit was created at: [ 95.722365][T12798] kmsan_save_stack_with_flags+0x3a/0x80 [ 95.727979][T12798] kmsan_alloc_page+0x151/0x360 [ 95.732820][T12798] __alloc_pages_nodemask+0x142d/0x5fa0 [ 95.738552][T12798] alloc_pages_current+0x68d/0x9a0 [ 95.743726][T12798] alloc_slab_page+0x10e/0x12c0 [ 95.748561][T12798] new_slab+0x2ca/0x1a00 [ 95.752980][T12798] ___slab_alloc+0x1423/0x1fb0 [ 95.757753][T12798] kmem_cache_alloc+0xade/0xd10 [ 95.762610][T12798] tcp_conn_request+0x989/0x4fb0 [ 95.767546][T12798] tcp_v6_conn_request+0x242/0x2d0 [ 95.772733][T12798] tcp_rcv_state_process+0x28f/0x6f80 [ 95.778168][T12798] tcp_v6_do_rcv+0x1001/0x1ce0 [ 95.783098][T12798] tcp_v6_rcv+0x60b7/0x6a30 [ 95.791153][T12798] ip6_protocol_deliver_rcu+0x1433/0x22f0 [ 95.797078][T12798] ip6_input+0x2af/0x340 [ 95.802521][T12798] ipv6_rcv+0x683/0x710 [ 95.807443][T12798] netif_receive_skb_internal+0x4e3/0xc20 [ 95.813447][T12798] napi_gro_frags+0x1643/0x2860 [ 95.818387][T12798] tun_get_user+0x56d8/0x6fe0 [ 95.823056][T12798] tun_chr_write_iter+0x1f2/0x360 [ 95.828165][T12798] do_iter_readv_writev+0xa16/0xc30 [ 95.833354][T12798] do_iter_write+0x304/0xdc0 [ 95.837932][T12798] do_writev+0x435/0x900 [ 95.842167][T12798] __se_sys_writev+0x9b/0xb0 [ 95.846821][T12798] __x64_sys_writev+0x4a/0x70 [ 95.851486][T12798] do_syscall_64+0xbc/0xf0 [ 95.855892][T12798] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 95.861761][T12798] ===================================================== [ 95.868666][T12798] Disabling lock debugging due to kernel taint [ 95.874908][T12798] Kernel panic - not syncing: panic_on_warn set ... [ 95.881569][T12798] CPU: 1 PID: 12798 Comm: syz-executor845 Tainted: G B 5.3.0-rc7+ #0 [ 95.891047][T12798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 95.901100][T12798] Call Trace: [ 95.904382][T12798] dump_stack+0x191/0x1f0 [ 95.908706][T12798] panic+0x3c9/0xc1e [ 95.912906][T12798] kmsan_report+0x2a2/0x2b0 [ 95.917392][T12798] __msan_warning+0x73/0xe0 [ 95.922312][T12798] _raw_spin_lock+0x56/0x90 [ 95.926808][T12798] inet_ehash_insert+0x56c/0xc80 [ 95.931752][T12798] inet_csk_reqsk_queue_hash_add+0x11a/0x1d0 [ 95.937719][T12798] tcp_conn_request+0x44cc/0x4fb0 [ 95.942766][T12798] tcp_v6_conn_request+0x242/0x2d0 [ 95.948045][T12798] ? ip_queue_xmit+0xf0/0xf0 [ 95.952703][T12798] tcp_rcv_state_process+0x28f/0x6f80 [ 95.958169][T12798] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 95.964355][T12798] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 95.971884][T12798] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 95.978313][T12798] tcp_v6_do_rcv+0x1001/0x1ce0 [ 95.983162][T12798] tcp_v6_rcv+0x60b7/0x6a30 [ 95.987679][T12798] ? ctnetlink_conntrack_event+0xd48/0x4300 [ 95.993786][T12798] ip6_protocol_deliver_rcu+0x1433/0x22f0 [ 95.999622][T12798] ? ipv6_confirm+0x5a5/0x670 [ 96.004299][T12798] ip6_input+0x2af/0x340 [ 96.008527][T12798] ? ip6_input+0x340/0x340 [ 96.013303][T12798] ? ip6_protocol_deliver_rcu+0x22f0/0x22f0 [ 96.019187][T12798] ipv6_rcv+0x683/0x710 [ 96.023606][T12798] ? local_bh_enable+0x40/0x40 [ 96.028362][T12798] netif_receive_skb_internal+0x4e3/0xc20 [ 96.034363][T12798] ? eth_type_trans+0x470/0xa90 [ 96.039307][T12798] napi_gro_frags+0x1643/0x2860 [ 96.044499][T12798] tun_get_user+0x56d8/0x6fe0 [ 96.049880][T12798] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 96.056035][T12798] tun_chr_write_iter+0x1f2/0x360 [ 96.061071][T12798] ? tun_chr_read_iter+0x460/0x460 [ 96.066615][T12798] do_iter_readv_writev+0xa16/0xc30 [ 96.071839][T12798] ? tun_chr_read_iter+0x460/0x460 [ 96.077030][T12798] do_iter_write+0x304/0xdc0 [ 96.081693][T12798] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 96.087920][T12798] ? import_iovec+0x5cd/0x6a0 [ 96.092606][T12798] do_writev+0x435/0x900 [ 96.096955][T12798] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 96.103114][T12798] ? prepare_exit_to_usermode+0x19a/0x4d0 [ 96.109299][T12798] ? kmsan_get_shadow_origin_ptr+0x6e/0x4c0 [ 96.115491][T12798] __se_sys_writev+0x9b/0xb0 [ 96.120078][T12798] __x64_sys_writev+0x4a/0x70 [ 96.124832][T12798] do_syscall_64+0xbc/0xf0 [ 96.129247][T12798] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 96.135215][T12798] RIP: 0033:0x4419b0 [ 96.139185][T12798] Code: 05 48 3d 01 f0 ff ff 0f 83 fd 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 61 96 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 d4 0e fc ff c3 48 83 ec 08 e8 7a 2b 00 00 [ 96.159918][T12798] RSP: 002b:00007ffdb76bd3a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 96.168460][T12798] RAX: ffffffffffffffda RBX: 00007ffdb76bd460 RCX: 00000000004419b0 [ 96.176518][T12798] RDX: 0000000000000001 RSI: 00007ffdb76bd3c0 RDI: 00000000000000f0 [ 96.184832][T12798] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000555500008236 [ 96.192970][T12798] R10: 0000555500008236 R11: 0000000000000246 R12: 00007ffdb76bd458 [ 96.201122][T12798] R13: 00007ffdb76bd450 R14: 0000000000000000 R15: 0000000000000000 [ 96.211113][T12798] Kernel Offset: disabled [ 96.215471][T12798] Rebooting in 86400 seconds..