[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 120.939075][ T33] kauditd_printk_skb: 4 callbacks suppressed [ 120.939125][ T33] audit: type=1800 audit(1583503219.989:39): pid=11598 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 120.967508][ T33] audit: type=1800 audit(1583503219.999:40): pid=11598 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [ 121.947862][ T33] audit: type=1400 audit(1583503220.999:41): avc: denied { map } for pid=11772 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.46' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 130.338471][ T33] audit: type=1400 audit(1583503229.389:42): avc: denied { map } for pid=11784 comm="syz-executor940" path="/root/syz-executor940438123" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 130.359601][T11784] ===================================================== [ 130.372492][T11784] BUG: KMSAN: uninit-value in __iptunnel_pull_header+0x30c/0xbd0 [ 130.380198][T11784] CPU: 1 PID: 11784 Comm: syz-executor940 Not tainted 5.6.0-rc2-syzkaller #0 [ 130.388938][T11784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 130.398975][T11784] Call Trace: [ 130.402256][T11784] dump_stack+0x1c9/0x220 [ 130.406603][T11784] kmsan_report+0xf7/0x1e0 [ 130.411031][T11784] __msan_warning+0x58/0xa0 [ 130.415535][T11784] __iptunnel_pull_header+0x30c/0xbd0 [ 130.420913][T11784] gre_rcv+0x15e/0x19c0 [ 130.425065][T11784] ? __local_bh_enable_ip+0x97/0x1d0 [ 130.430352][T11784] ? ipv6_chk_mcast_addr+0x713/0x7d0 [ 130.435636][T11784] ? kmsan_get_metadata+0x11d/0x180 [ 130.440832][T11784] ip6_protocol_deliver_rcu+0x181b/0x22c0 [ 130.446549][T11784] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 130.452386][T11784] ? ipv6_confirm+0x257/0x650 [ 130.457077][T11784] ip6_mc_input+0xdf2/0x1460 [ 130.461676][T11784] ? ip6_input+0x340/0x340 [ 130.466083][T11784] ? ip6_input_finish+0xa0/0xa0 [ 130.470920][T11784] ipv6_rcv+0x683/0x710 [ 130.475070][T11784] ? local_bh_enable+0x40/0x40 [ 130.479838][T11784] netif_receive_skb+0x66b/0xf20 [ 130.484823][T11784] ? __msan_poison_alloca+0xf0/0x120 [ 130.490117][T11784] tun_get_user+0x6aef/0x6f60 [ 130.494822][T11784] ? kmsan_get_metadata+0x11d/0x180 [ 130.500013][T11784] tun_chr_write_iter+0x1f2/0x360 [ 130.505036][T11784] ? tun_chr_read_iter+0x460/0x460 [ 130.510135][T11784] __vfs_write+0xa5a/0xca0 [ 130.514573][T11784] vfs_write+0x44a/0x8f0 [ 130.518824][T11784] ksys_write+0x267/0x450 [ 130.523157][T11784] __ia32_sys_write+0xdb/0x120 [ 130.527925][T11784] ? __se_sys_write+0xb0/0xb0 [ 130.532597][T11784] do_fast_syscall_32+0x3c7/0x6e0 [ 130.537648][T11784] entry_SYSENTER_compat+0x68/0x77 [ 130.542763][T11784] RIP: 0023:0xf7f62d99 [ 130.546822][T11784] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 130.566416][T11784] RSP: 002b:00000000fffedb2c EFLAGS: 00000217 ORIG_RAX: 0000000000000004 [ 130.574828][T11784] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020002580 [ 130.582785][T11784] RDX: 0000000000000fca RSI: 0000000000000036 RDI: 0000000000000004 [ 130.590739][T11784] RBP: 0000000000008914 R08: 0000000000000000 R09: 0000000000000000 [ 130.598697][T11784] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 130.606665][T11784] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 130.614640][T11784] [ 130.616949][T11784] Uninit was created at: [ 130.621189][T11784] kmsan_internal_poison_shadow+0x66/0xd0 [ 130.626893][T11784] kmsan_slab_alloc+0x8a/0xe0 [ 130.631554][T11784] __kmalloc_node_track_caller+0xb40/0x1200 [ 130.637445][T11784] __alloc_skb+0x2fd/0xac0 [ 130.641846][T11784] alloc_skb_with_frags+0x18c/0xa70 [ 130.647029][T11784] sock_alloc_send_pskb+0xada/0xc60 [ 130.652211][T11784] tun_get_user+0x10ae/0x6f60 [ 130.656868][T11784] tun_chr_write_iter+0x1f2/0x360 [ 130.661876][T11784] __vfs_write+0xa5a/0xca0 [ 130.666276][T11784] vfs_write+0x44a/0x8f0 [ 130.670504][T11784] ksys_write+0x267/0x450 [ 130.674819][T11784] __ia32_sys_write+0xdb/0x120 [ 130.679570][T11784] do_fast_syscall_32+0x3c7/0x6e0 [ 130.684584][T11784] entry_SYSENTER_compat+0x68/0x77 [ 130.689675][T11784] ===================================================== [ 130.696586][T11784] Disabling lock debugging due to kernel taint [ 130.702718][T11784] Kernel panic - not syncing: panic_on_warn set ... [ 130.709292][T11784] CPU: 1 PID: 11784 Comm: syz-executor940 Tainted: G B 5.6.0-rc2-syzkaller #0 [ 130.719419][T11784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 130.729457][T11784] Call Trace: [ 130.732737][T11784] dump_stack+0x1c9/0x220 [ 130.737062][T11784] panic+0x3d5/0xc3e [ 130.740971][T11784] kmsan_report+0x1df/0x1e0 [ 130.745471][T11784] __msan_warning+0x58/0xa0 [ 130.749966][T11784] __iptunnel_pull_header+0x30c/0xbd0 [ 130.755344][T11784] gre_rcv+0x15e/0x19c0 [ 130.759492][T11784] ? __local_bh_enable_ip+0x97/0x1d0 [ 130.768858][T11784] ? ipv6_chk_mcast_addr+0x713/0x7d0 [ 130.774139][T11784] ? kmsan_get_metadata+0x11d/0x180 [ 130.779342][T11784] ip6_protocol_deliver_rcu+0x181b/0x22c0 [ 130.785053][T11784] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 130.790851][T11784] ? ipv6_confirm+0x257/0x650 [ 130.795539][T11784] ip6_mc_input+0xdf2/0x1460 [ 130.800133][T11784] ? ip6_input+0x340/0x340 [ 130.804539][T11784] ? ip6_input_finish+0xa0/0xa0 [ 130.809386][T11784] ipv6_rcv+0x683/0x710 [ 130.813538][T11784] ? local_bh_enable+0x40/0x40 [ 130.818292][T11784] netif_receive_skb+0x66b/0xf20 [ 130.823222][T11784] ? __msan_poison_alloca+0xf0/0x120 [ 130.828506][T11784] tun_get_user+0x6aef/0x6f60 [ 130.833208][T11784] ? kmsan_get_metadata+0x11d/0x180 [ 130.838398][T11784] tun_chr_write_iter+0x1f2/0x360 [ 130.843421][T11784] ? tun_chr_read_iter+0x460/0x460 [ 130.848522][T11784] __vfs_write+0xa5a/0xca0 [ 130.852950][T11784] vfs_write+0x44a/0x8f0 [ 130.857196][T11784] ksys_write+0x267/0x450 [ 130.861527][T11784] __ia32_sys_write+0xdb/0x120 [ 130.866284][T11784] ? __se_sys_write+0xb0/0xb0 [ 130.870956][T11784] do_fast_syscall_32+0x3c7/0x6e0 [ 130.875982][T11784] entry_SYSENTER_compat+0x68/0x77 [ 130.881087][T11784] RIP: 0023:0xf7f62d99 [ 130.885146][T11784] Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 130.904735][T11784] RSP: 002b:00000000fffedb2c EFLAGS: 00000217 ORIG_RAX: 0000000000000004 [ 130.913131][T11784] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020002580 [ 130.921085][T11784] RDX: 0000000000000fca RSI: 0000000000000036 RDI: 0000000000000004 [ 130.929042][T11784] RBP: 0000000000008914 R08: 0000000000000000 R09: 0000000000000000 [ 130.937005][T11784] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 130.944964][T11784] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 130.954371][T11784] Kernel Offset: 0x5c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 130.965897][T11784] Rebooting in 86400 seconds..