[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 85.359958][ T32] audit: type=1800 audit(1571986676.413:25): pid=12587 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 85.383208][ T32] audit: type=1800 audit(1571986676.443:26): pid=12587 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 85.418831][ T32] audit: type=1800 audit(1571986676.463:27): pid=12587 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.86' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 105.657220][T12738] device nr0 entered promiscuous mode [ 105.665368][T12738] ===================================================== [ 105.672362][T12738] BUG: KMSAN: uninit-value in __netif_receive_skb_core+0x3547/0x51a0 [ 105.680453][T12738] CPU: 1 PID: 12738 Comm: syz-executor418 Not tainted 5.4.0-rc3+ #0 [ 105.688436][T12738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 105.698499][T12738] Call Trace: [ 105.701799][T12738] dump_stack+0x191/0x1f0 [ 105.706144][T12738] kmsan_report+0x128/0x220 [ 105.710664][T12738] __msan_warning+0x73/0xe0 [ 105.715182][T12738] __netif_receive_skb_core+0x3547/0x51a0 [ 105.720912][T12738] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 105.726818][T12738] ? kmsan_get_metadata+0x39/0x350 [ 105.731953][T12738] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 105.737857][T12738] netif_receive_skb_internal+0x3cc/0xc20 [ 105.743585][T12738] ? kmsan_get_metadata+0x39/0x350 [ 105.748712][T12738] netif_receive_skb+0x1da/0x3a0 [ 105.753658][T12738] tun_get_user+0x6c44/0x6f70 [ 105.758459][T12738] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 105.764556][T12738] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 105.770457][T12738] tun_chr_write_iter+0x1f2/0x360 [ 105.775495][T12738] ? tun_chr_read_iter+0x460/0x460 [ 105.780609][T12738] __vfs_write+0xa2c/0xcb0 [ 105.785054][T12738] vfs_write+0x481/0x920 [ 105.789435][T12738] ksys_write+0x265/0x430 [ 105.793779][T12738] __se_sys_write+0x92/0xb0 [ 105.798292][T12738] __x64_sys_write+0x4a/0x70 [ 105.802887][T12738] do_syscall_64+0xb6/0x160 [ 105.807397][T12738] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 105.813291][T12738] RIP: 0033:0x440219 [ 105.817221][T12738] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 105.836827][T12738] RSP: 002b:00007fff8a229818 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 105.845237][T12738] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219 [ 105.853208][T12738] RDX: 000000000000fdef RSI: 00000000200000c0 RDI: 0000000000000003 [ 105.861178][T12738] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 105.869151][T12738] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401aa0 [ 105.877124][T12738] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000 [ 105.885117][T12738] [ 105.887439][T12738] Uninit was stored to memory at: [ 105.892478][T12738] kmsan_internal_chain_origin+0xbd/0x180 [ 105.898459][T12738] __msan_chain_origin+0x6b/0xd0 [ 105.903402][T12738] skb_vlan_untag+0x6bc/0xd20 [ 105.908088][T12738] __netif_receive_skb_core+0x833/0x51a0 [ 105.913724][T12738] netif_receive_skb_internal+0x3cc/0xc20 [ 105.919453][T12738] netif_receive_skb+0x1da/0x3a0 [ 105.924394][T12738] tun_get_user+0x6c44/0x6f70 [ 105.929074][T12738] tun_chr_write_iter+0x1f2/0x360 [ 105.934099][T12738] __vfs_write+0xa2c/0xcb0 [ 105.938524][T12738] vfs_write+0x481/0x920 [ 105.942778][T12738] ksys_write+0x265/0x430 [ 105.947105][T12738] __se_sys_write+0x92/0xb0 [ 105.951607][T12738] __x64_sys_write+0x4a/0x70 [ 105.956191][T12738] do_syscall_64+0xb6/0x160 [ 105.960675][T12738] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 105.966537][T12738] [ 105.968839][T12738] Uninit was created at: [ 105.973062][T12738] kmsan_internal_poison_shadow+0x60/0x120 [ 105.978844][T12738] kmsan_slab_alloc+0xaa/0x120 [ 105.983585][T12738] __kmalloc_node_track_caller+0xda2/0x13d0 [ 105.989452][T12738] __alloc_skb+0x306/0xa10 [ 105.993844][T12738] alloc_skb_with_frags+0x18c/0xa80 [ 105.999049][T12738] sock_alloc_send_pskb+0xafd/0x10a0 [ 106.004311][T12738] tun_get_user+0x1132/0x6f70 [ 106.008961][T12738] tun_chr_write_iter+0x1f2/0x360 [ 106.013972][T12738] __vfs_write+0xa2c/0xcb0 [ 106.018361][T12738] vfs_write+0x481/0x920 [ 106.022579][T12738] ksys_write+0x265/0x430 [ 106.026878][T12738] __se_sys_write+0x92/0xb0 [ 106.031388][T12738] __x64_sys_write+0x4a/0x70 [ 106.035959][T12738] do_syscall_64+0xb6/0x160 [ 106.040437][T12738] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 106.046299][T12738] ===================================================== [ 106.053203][T12738] Disabling lock debugging due to kernel taint [ 106.059324][T12738] Kernel panic - not syncing: panic_on_warn set ... [ 106.065890][T12738] CPU: 1 PID: 12738 Comm: syz-executor418 Tainted: G B 5.4.0-rc3+ #0 [ 106.075405][T12738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 106.085533][T12738] Call Trace: [ 106.088806][T12738] dump_stack+0x191/0x1f0 [ 106.093151][T12738] panic+0x3c9/0xc1e [ 106.097038][T12738] kmsan_report+0x215/0x220 [ 106.101546][T12738] __msan_warning+0x73/0xe0 [ 106.106119][T12738] __netif_receive_skb_core+0x3547/0x51a0 [ 106.111817][T12738] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 106.117693][T12738] ? kmsan_get_metadata+0x39/0x350 [ 106.122788][T12738] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 106.128659][T12738] netif_receive_skb_internal+0x3cc/0xc20 [ 106.134355][T12738] ? kmsan_get_metadata+0x39/0x350 [ 106.139448][T12738] netif_receive_skb+0x1da/0x3a0 [ 106.144373][T12738] tun_get_user+0x6c44/0x6f70 [ 106.149032][T12738] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 106.155090][T12738] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 106.160980][T12738] tun_chr_write_iter+0x1f2/0x360 [ 106.165986][T12738] ? tun_chr_read_iter+0x460/0x460 [ 106.171073][T12738] __vfs_write+0xa2c/0xcb0 [ 106.175478][T12738] vfs_write+0x481/0x920 [ 106.179704][T12738] ksys_write+0x265/0x430 [ 106.184016][T12738] __se_sys_write+0x92/0xb0 [ 106.188499][T12738] __x64_sys_write+0x4a/0x70 [ 106.193065][T12738] do_syscall_64+0xb6/0x160 [ 106.197716][T12738] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 106.203600][T12738] RIP: 0033:0x440219 [ 106.207472][T12738] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 106.227051][T12738] RSP: 002b:00007fff8a229818 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 106.235449][T12738] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219 [ 106.243397][T12738] RDX: 000000000000fdef RSI: 00000000200000c0 RDI: 0000000000000003 [ 106.251345][T12738] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 106.259295][T12738] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401aa0 [ 106.267243][T12738] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000 [ 106.276642][T12738] Kernel Offset: disabled [ 106.280964][T12738] Rebooting in 86400 seconds..