[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   76.807889][   T31] audit: type=1800 audit(1574620792.859:25): pid=11119 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   76.834074][   T31] audit: type=1800 audit(1574620792.889:26): pid=11119 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   76.869500][   T31] audit: type=1800 audit(1574620792.909:27): pid=11119 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.226' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   87.175090][T11272] device nr0 entered promiscuous mode
[   87.211274][T11272] =====================================================
executing program
executing program
executing program
executing program
executing program
[   87.218286][T11272] BUG: KMSAN: uninit-value in __netif_receive_skb_core+0x3547/0x51a0
[   87.226367][T11272] CPU: 0 PID: 11272 Comm: syz-executor796 Not tainted 5.4.0-rc8-syzkaller #0
[   87.235158][T11272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   87.245238][T11272] Call Trace:
[   87.248551][T11272]  dump_stack+0x1c9/0x220
[   87.252906][T11272]  kmsan_report+0x128/0x220
[   87.257519][T11272]  __msan_warning+0x64/0xc0
[   87.262046][T11272]  __netif_receive_skb_core+0x3547/0x51a0
[   87.267786][T11272]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
executing program
executing program
executing program
executing program
executing program
[   87.273713][T11272]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[   87.280761][T11272]  ? kmsan_get_shadow_origin_ptr+0x1e8/0x4d0
[   87.286766][T11272]  netif_receive_skb_internal+0x3cc/0xc20
[   87.292511][T11272]  ? kmsan_get_metadata+0x51/0x350
[   87.297654][T11272]  netif_receive_skb+0x1da/0x3a0
[   87.302795][T11272]  tun_get_user+0x6d8c/0x70c0
[   87.307530][T11272]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[   87.313454][T11272]  tun_chr_write_iter+0x1f2/0x360
[   87.318509][T11272]  ? tun_chr_read_iter+0x460/0x460
executing program
executing program
executing program
executing program
executing program
[   87.323634][T11272]  __vfs_write+0xa2c/0xcb0
[   87.328091][T11272]  vfs_write+0x481/0x920
[   87.332372][T11272]  ksys_write+0x265/0x430
[   87.336731][T11272]  __se_sys_write+0x92/0xb0
[   87.341255][T11272]  __x64_sys_write+0x4a/0x70
[   87.345865][T11272]  do_syscall_64+0xb6/0x160
[   87.350387][T11272]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   87.356299][T11272] RIP: 0033:0x441799
executing program
executing program
executing program
executing program
executing program
[   87.360210][T11272] Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   87.379832][T11272] RSP: 002b:00007ffdcabedfc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   87.388378][T11272] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441799
[   87.396391][T11272] RDX: 000000000000fdef RSI: 00000000200000c0 RDI: 0000000000000003
[   87.404378][T11272] RBP: 0000000000000000 R08: 00000000004025a0 R09: 00000000004025a0
[   87.412363][T11272] R10: 00000000004025a0 R11: 0000000000000246 R12: 0000000000402510
executing program
executing program
executing program
executing program
executing program
[   87.420350][T11272] R13: 00000000004025a0 R14: 0000000000000000 R15: 0000000000000000
[   87.428348][T11272] 
[   87.430680][T11272] Uninit was stored to memory at:
[   87.435718][T11272]  kmsan_internal_chain_origin+0xbd/0x180
[   87.441452][T11272]  __msan_chain_origin+0x5c/0xc0
[   87.446402][T11272]  skb_vlan_untag+0x6bc/0xd20
[   87.451093][T11272]  __netif_receive_skb_core+0x833/0x51a0
[   87.456733][T11272]  netif_receive_skb_internal+0x3cc/0xc20
[   87.462473][T11272]  netif_receive_skb+0x1da/0x3a0
[   87.467418][T11272]  tun_get_user+0x6d8c/0x70c0
executing program
executing program
executing program
executing program
executing program
[   87.472106][T11272]  tun_chr_write_iter+0x1f2/0x360
[   87.477166][T11272]  __vfs_write+0xa2c/0xcb0
[   87.481618][T11272]  vfs_write+0x481/0x920
[   87.485869][T11272]  ksys_write+0x265/0x430
[   87.490296][T11272]  __se_sys_write+0x92/0xb0
[   87.494808][T11272]  __x64_sys_write+0x4a/0x70
[   87.499415][T11272]  do_syscall_64+0xb6/0x160
[   87.503959][T11272]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   87.509861][T11272] 
[   87.512194][T11272] Uninit was created at:
[   87.516450][T11272]  kmsan_internal_poison_shadow+0x60/0x120
executing program
executing program
executing program
executing program
[   87.522268][T11272]  kmsan_slab_alloc+0x97/0x100
[   87.527049][T11272]  __kmalloc_node_track_caller+0xe27/0x11a0
[   87.532982][T11272]  __alloc_skb+0x306/0xa10
[   87.537410][T11272]  alloc_skb_with_frags+0x18c/0xa80
[   87.542624][T11272]  sock_alloc_send_pskb+0xafd/0x10a0
[   87.547924][T11272]  tun_get_user+0x125e/0x70c0
[   87.552617][T11272]  tun_chr_write_iter+0x1f2/0x360
[   87.557740][T11272]  __vfs_write+0xa2c/0xcb0
[   87.562185][T11272]  vfs_write+0x481/0x920
[   87.566439][T11272]  ksys_write+0x265/0x430
[   87.570774][T11272]  __se_sys_write+0x92/0xb0
executing program
executing program
executing program
executing program
executing program
[   87.575299][T11272]  __x64_sys_write+0x4a/0x70
[   87.579898][T11272]  do_syscall_64+0xb6/0x160
[   87.584586][T11272]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   87.590476][T11272] =====================================================
[   87.597408][T11272] Disabling lock debugging due to kernel taint
[   87.603578][T11272] Kernel panic - not syncing: panic_on_warn set ...
[   87.610207][T11272] CPU: 0 PID: 11272 Comm: syz-executor796 Tainted: G    B             5.4.0-rc8-syzkaller #0
executing program
executing program
executing program
executing program
executing program
[   87.620453][T11272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   87.630519][T11272] Call Trace:
[   87.633835][T11272]  dump_stack+0x1c9/0x220
[   87.638189][T11272]  panic+0x3c9/0xc1e
[   87.642132][T11272]  kmsan_report+0x215/0x220
[   87.646667][T11272]  __msan_warning+0x64/0xc0
[   87.651196][T11272]  __netif_receive_skb_core+0x3547/0x51a0
[   87.656937][T11272]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[   87.662876][T11272]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[   87.668983][T11272]  ? kmsan_get_shadow_origin_ptr+0x1e8/0x4d0
executing program
executing program
executing program
executing program
executing program
[   87.674990][T11272]  netif_receive_skb_internal+0x3cc/0xc20
[   87.680731][T11272]  ? kmsan_get_metadata+0x51/0x350
[   87.685875][T11272]  netif_receive_skb+0x1da/0x3a0
[   87.690846][T11272]  tun_get_user+0x6d8c/0x70c0
[   87.695572][T11272]  ? kmsan_get_shadow_origin_ptr+0x91/0x4d0
[   87.701484][T11272]  tun_chr_write_iter+0x1f2/0x360
[   87.706532][T11272]  ? tun_chr_read_iter+0x460/0x460
[   87.711777][T11272]  __vfs_write+0xa2c/0xcb0
[   87.716270][T11272]  vfs_write+0x481/0x920
[   87.720548][T11272]  ksys_write+0x265/0x430
executing program
executing program
executing program
executing program
executing program
[   87.724928][T11272]  __se_sys_write+0x92/0xb0
[   87.729445][T11272]  __x64_sys_write+0x4a/0x70
[   87.734210][T11272]  do_syscall_64+0xb6/0x160
[   87.738732][T11272]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   87.744630][T11272] RIP: 0033:0x441799
[   87.748542][T11272] Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   87.768160][T11272] RSP: 002b:00007ffdcabedfc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
executing program
executing program
executing program
[   87.776597][T11272] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441799
[   87.784588][T11272] RDX: 000000000000fdef RSI: 00000000200000c0 RDI: 0000000000000003
[   87.792577][T11272] RBP: 0000000000000000 R08: 00000000004025a0 R09: 00000000004025a0
[   87.801366][T11272] R10: 00000000004025a0 R11: 0000000000000246 R12: 0000000000402510
[   87.809362][T11272] R13: 00000000004025a0 R14: 0000000000000000 R15: 0000000000000000
[   87.819097][T11272] Kernel Offset: 0xca00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   87.830684][T11272] Rebooting in 86400 seconds..