[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 81.009553][ T32] audit: type=1800 audit(1571002971.056:25): pid=11644 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 81.034363][ T32] audit: type=1800 audit(1571002971.086:26): pid=11644 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 81.062392][ T32] audit: type=1800 audit(1571002971.106:27): pid=11644 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.156' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 93.239298][T11796] device nr0 entered promiscuous mode [ 93.247478][T11796] ===================================================== [ 93.254447][T11796] BUG: KMSAN: uninit-value in __netif_receive_skb_core+0x3547/0x51a0 [ 93.262514][T11796] CPU: 1 PID: 11796 Comm: syz-executor943 Not tainted 5.4.0-rc2+ #0 [ 93.270488][T11796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 93.280549][T11796] Call Trace: [ 93.283851][T11796] dump_stack+0x191/0x1f0 [ 93.288199][T11796] kmsan_report+0x14e/0x2c0 [ 93.292722][T11796] __msan_warning+0x73/0xe0 [ 93.299676][T11796] __netif_receive_skb_core+0x3547/0x51a0 [ 93.305410][T11796] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 93.311319][T11796] ? kmsan_get_metadata+0x39/0x350 [ 93.316460][T11796] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 93.322373][T11796] netif_receive_skb_internal+0x3cc/0xc20 [ 93.328094][T11796] ? kmsan_get_metadata+0x39/0x350 [ 93.333225][T11796] netif_receive_skb+0x1da/0x3a0 [ 93.338169][T11796] tun_get_user+0x6c44/0x6f70 [ 93.342868][T11796] ? __msan_metadata_ptr_for_load_n+0x10/0x10 [ 93.348967][T11796] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 93.354872][T11796] tun_chr_write_iter+0x1f2/0x360 [ 93.359907][T11796] ? tun_chr_read_iter+0x460/0x460 [ 93.365027][T11796] __vfs_write+0xa2c/0xcb0 [ 93.369472][T11796] vfs_write+0x481/0x920 [ 93.373737][T11796] ksys_write+0x265/0x430 [ 93.378081][T11796] __se_sys_write+0x92/0xb0 [ 93.382590][T11796] __x64_sys_write+0x4a/0x70 [ 93.387186][T11796] do_syscall_64+0xb6/0x160 [ 93.391777][T11796] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 93.398979][T11796] RIP: 0033:0x440219 [ 93.402877][T11796] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 93.422483][T11796] RSP: 002b:00007ffea8569ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 93.430903][T11796] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219 [ 93.438972][T11796] RDX: 000000000000b107 RSI: 00000000200000c0 RDI: 0000000000000003 [ 93.446949][T11796] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 93.454925][T11796] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401aa0 [ 93.462904][T11796] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000 [ 93.470895][T11796] [ 93.473220][T11796] Uninit was stored to memory at: [ 93.478264][T11796] kmsan_internal_chain_origin+0xbd/0x170 [ 93.483990][T11796] __msan_chain_origin+0x6b/0xe0 [ 93.488932][T11796] skb_vlan_untag+0x6bc/0xd20 [ 93.493619][T11796] __netif_receive_skb_core+0x833/0x51a0 [ 93.499255][T11796] netif_receive_skb_internal+0x3cc/0xc20 [ 93.504977][T11796] netif_receive_skb+0x1da/0x3a0 [ 93.510091][T11796] tun_get_user+0x6c44/0x6f70 [ 93.514771][T11796] tun_chr_write_iter+0x1f2/0x360 [ 93.519795][T11796] __vfs_write+0xa2c/0xcb0 [ 93.524212][T11796] vfs_write+0x481/0x920 [ 93.528470][T11796] ksys_write+0x265/0x430 [ 93.532808][T11796] __se_sys_write+0x92/0xb0 [ 93.537398][T11796] __x64_sys_write+0x4a/0x70 [ 93.541990][T11796] do_syscall_64+0xb6/0x160 [ 93.546486][T11796] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 93.552348][T11796] [ 93.554650][T11796] Uninit was created at: [ 93.558871][T11796] kmsan_internal_poison_shadow+0x60/0x120 [ 93.564654][T11796] kmsan_slab_alloc+0xaa/0x120 [ 93.569393][T11796] __kmalloc_node_track_caller+0xb55/0x1320 [ 93.575273][T11796] __alloc_skb+0x306/0xa10 [ 93.579668][T11796] alloc_skb_with_frags+0x18c/0xa80 [ 93.585014][T11796] sock_alloc_send_pskb+0xafd/0x10a0 [ 93.590276][T11796] tun_get_user+0x1132/0x6f70 [ 93.594939][T11796] tun_chr_write_iter+0x1f2/0x360 [ 93.599951][T11796] __vfs_write+0xa2c/0xcb0 [ 93.604351][T11796] vfs_write+0x481/0x920 [ 93.608573][T11796] ksys_write+0x265/0x430 [ 93.612877][T11796] __se_sys_write+0x92/0xb0 [ 93.617357][T11796] __x64_sys_write+0x4a/0x70 [ 93.621921][T11796] do_syscall_64+0xb6/0x160 [ 93.626398][T11796] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 93.632259][T11796] ===================================================== [ 93.639173][T11796] Disabling lock debugging due to kernel taint [ 93.645300][T11796] Kernel panic - not syncing: panic_on_warn set ... [ 93.651867][T11796] CPU: 1 PID: 11796 Comm: syz-executor943 Tainted: G B 5.4.0-rc2+ #0 [ 93.661213][T11796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 93.671256][T11796] Call Trace: [ 93.674535][T11796] dump_stack+0x191/0x1f0 [ 93.678850][T11796] panic+0x3c9/0xc1e [ 93.682750][T11796] kmsan_report+0x2b6/0x2c0 [ 93.687247][T11796] __msan_warning+0x73/0xe0 [ 93.691745][T11796] __netif_receive_skb_core+0x3547/0x51a0 [ 93.697478][T11796] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 93.703354][T11796] ? kmsan_get_metadata+0x39/0x350 [ 93.708450][T11796] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 93.714325][T11796] netif_receive_skb_internal+0x3cc/0xc20 [ 93.720024][T11796] ? kmsan_get_metadata+0x39/0x350 [ 93.725122][T11796] netif_receive_skb+0x1da/0x3a0 [ 93.730049][T11796] tun_get_user+0x6c44/0x6f70 [ 93.734721][T11796] ? __msan_metadata_ptr_for_load_n+0x10/0x10 [ 93.740783][T11796] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 93.746669][T11796] tun_chr_write_iter+0x1f2/0x360 [ 93.751689][T11796] ? tun_chr_read_iter+0x460/0x460 [ 93.756785][T11796] __vfs_write+0xa2c/0xcb0 [ 93.761188][T11796] vfs_write+0x481/0x920 [ 93.765421][T11796] ksys_write+0x265/0x430 [ 93.769732][T11796] __se_sys_write+0x92/0xb0 [ 93.774218][T11796] __x64_sys_write+0x4a/0x70 [ 93.778788][T11796] do_syscall_64+0xb6/0x160 [ 93.783268][T11796] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 93.789136][T11796] RIP: 0033:0x440219 [ 93.793010][T11796] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 93.812598][T11796] RSP: 002b:00007ffea8569ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 93.821070][T11796] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219 [ 93.829017][T11796] RDX: 000000000000b107 RSI: 00000000200000c0 RDI: 0000000000000003 [ 93.836973][T11796] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 93.845135][T11796] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401aa0 [ 93.853095][T11796] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000 [ 93.862424][T11796] Kernel Offset: disabled [ 93.866771][T11796] Rebooting in 86400 seconds..