[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 74.678134] audit: type=1800 audit(1549425691.722:25): pid=10035 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 74.697344] audit: type=1800 audit(1549425691.722:26): pid=10035 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 74.716793] audit: type=1800 audit(1549425691.722:27): pid=10035 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.63' (ECDSA) to the list of known hosts. syzkaller login: [ 87.136838] IPVS: ftp: loaded support on port[0] = 21 executing program [ 87.185333] ================================================================== [ 87.192723] BUG: KMSAN: uninit-value in ip6_parse_tlv+0x87f/0xc70 [ 87.198966] CPU: 1 PID: 10186 Comm: syz-executor422 Not tainted 5.0.0-rc1+ #9 [ 87.206219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 87.215552] Call Trace: [ 87.218128] dump_stack+0x173/0x1d0 [ 87.221753] kmsan_report+0x12e/0x2a0 [ 87.225597] __msan_warning+0x82/0xf0 [ 87.229390] ip6_parse_tlv+0x87f/0xc70 [ 87.233285] ipv6_destopt_rcv+0x5c1/0xdd0 [ 87.237424] ? ipv6_rthdr_rcv+0x58b0/0x58b0 [ 87.241745] ip6_protocol_deliver_rcu+0xb5a/0x23a0 [ 87.246678] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 87.251869] ip6_input+0x2b6/0x350 [ 87.255400] ? ip6_input+0x350/0x350 [ 87.259108] ? ip6_protocol_deliver_rcu+0x23a0/0x23a0 [ 87.264279] ip6_rcv_finish+0x4e7/0x6d0 [ 87.268237] ipv6_rcv+0x34b/0x3f0 [ 87.271674] ? local_bh_enable+0x40/0x40 [ 87.275718] netif_receive_skb_internal+0x5cd/0x9a0 [ 87.280718] ? ip6_rcv_finish+0x6d0/0x6d0 [ 87.284849] napi_gro_frags+0x1737/0x2950 [ 87.289046] tun_get_user+0x55be/0x7190 [ 87.293020] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 87.298224] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 87.303407] tun_chr_write_iter+0x1f2/0x360 [ 87.307716] ? tun_chr_read_iter+0x460/0x460 [ 87.312105] do_iter_readv_writev+0x985/0xba0 [ 87.316590] ? tun_chr_read_iter+0x460/0x460 [ 87.321018] do_iter_write+0x304/0xdc0 [ 87.324891] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 87.330325] ? import_iovec+0x40e/0x660 [ 87.334288] do_writev+0x397/0x840 [ 87.337831] __se_sys_writev+0x9b/0xb0 [ 87.341717] __x64_sys_writev+0x4a/0x70 [ 87.345698] do_syscall_64+0xbc/0xf0 [ 87.349440] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 87.354658] RIP: 0033:0x441360 [ 87.357832] Code: 05 48 3d 01 f0 ff ff 0f 83 3d 0f fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d b1 8c 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 14 0f fc ff c3 48 83 ec 08 e8 7a 2b 00 00 [ 87.376716] RSP: 002b:00007ffdef679c98 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 87.384403] RAX: ffffffffffffffda RBX: 00007ffdef679cb0 RCX: 0000000000441360 [ 87.391664] RDX: 0000000000000001 RSI: 00007ffdef679cd0 RDI: 00000000000000f0 [ 87.398935] RBP: 00007ffdef679ca0 R08: 0000000000000100 R09: 00000000bb1414ac [ 87.406249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 87.413613] R13: 00007ffdef679ca8 R14: 0000000000000000 R15: 0000000000000000 [ 87.420883] [ 87.422493] Uninit was stored to memory at: [ 87.426829] kmsan_internal_chain_origin+0x134/0x230 [ 87.431915] kmsan_memcpy_memmove_metadata+0xcf2/0xf10 [ 87.437281] kmsan_memcpy_metadata+0xb/0x10 [ 87.441589] __msan_memcpy+0x58/0x70 [ 87.445417] pskb_expand_head+0x34c/0x18f0 [ 87.449637] nf_ct_frag6_gather+0x3936/0x5860 [ 87.454115] ipv6_defrag+0x542/0x650 [ 87.457825] nf_hook_slow+0x176/0x3d0 [ 87.461611] ipv6_rcv+0x26b/0x3f0 [ 87.465066] netif_receive_skb_internal+0x5cd/0x9a0 [ 87.470082] napi_gro_frags+0x1737/0x2950 [ 87.474214] tun_get_user+0x55be/0x7190 [ 87.478167] tun_chr_write_iter+0x1f2/0x360 [ 87.482471] do_iter_readv_writev+0x985/0xba0 [ 87.486951] do_iter_write+0x304/0xdc0 [ 87.490818] do_writev+0x397/0x840 [ 87.494336] __se_sys_writev+0x9b/0xb0 [ 87.498223] __x64_sys_writev+0x4a/0x70 [ 87.502186] do_syscall_64+0xbc/0xf0 [ 87.505882] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 87.511056] [ 87.512660] Uninit was created at: [ 87.516186] kmsan_save_stack_with_flags+0x7a/0x130 [ 87.521180] kmsan_internal_alloc_meta_for_pages+0x113/0x580 [ 87.526964] kmsan_alloc_page+0x7e/0x100 [ 87.531024] __alloc_pages_nodemask+0x137b/0x5e30 [ 87.535846] page_frag_alloc+0x3c1/0x980 [ 87.539884] __napi_alloc_skb+0x194/0x980 [ 87.544010] page_to_skb+0x156/0x10d0 [ 87.547883] receive_buf+0x1525/0x81f0 [ 87.551748] virtnet_poll+0xddf/0x1c60 [ 87.555613] net_rx_action+0x78b/0x1a60 [ 87.559566] __do_softirq+0x53f/0x93a [ 87.563343] ================================================================== [ 87.570679] Disabling lock debugging due to kernel taint [ 87.576107] Kernel panic - not syncing: panic_on_warn set ... [ 87.582000] CPU: 1 PID: 10186 Comm: syz-executor422 Tainted: G B 5.0.0-rc1+ #9 [ 87.590639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 87.599968] Call Trace: [ 87.602546] dump_stack+0x173/0x1d0 [ 87.606158] panic+0x3d1/0xb01 [ 87.609348] kmsan_report+0x293/0x2a0 [ 87.613133] __msan_warning+0x82/0xf0 [ 87.616916] ip6_parse_tlv+0x87f/0xc70 [ 87.620828] ipv6_destopt_rcv+0x5c1/0xdd0 [ 87.624979] ? ipv6_rthdr_rcv+0x58b0/0x58b0 [ 87.629285] ip6_protocol_deliver_rcu+0xb5a/0x23a0 [ 87.634207] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 87.639388] ip6_input+0x2b6/0x350 [ 87.643001] ? ip6_input+0x350/0x350 [ 87.646711] ? ip6_protocol_deliver_rcu+0x23a0/0x23a0 [ 87.651881] ip6_rcv_finish+0x4e7/0x6d0 [ 87.655844] ipv6_rcv+0x34b/0x3f0 [ 87.659287] ? local_bh_enable+0x40/0x40 [ 87.663331] netif_receive_skb_internal+0x5cd/0x9a0 [ 87.668343] ? ip6_rcv_finish+0x6d0/0x6d0 [ 87.672480] napi_gro_frags+0x1737/0x2950 [ 87.676627] tun_get_user+0x55be/0x7190 [ 87.680588] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 87.685782] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 87.690973] tun_chr_write_iter+0x1f2/0x360 [ 87.695293] ? tun_chr_read_iter+0x460/0x460 [ 87.699681] do_iter_readv_writev+0x985/0xba0 [ 87.704166] ? tun_chr_read_iter+0x460/0x460 [ 87.708649] do_iter_write+0x304/0xdc0 [ 87.712532] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 87.717969] ? import_iovec+0x40e/0x660 [ 87.721963] do_writev+0x397/0x840 [ 87.725520] __se_sys_writev+0x9b/0xb0 [ 87.729393] __x64_sys_writev+0x4a/0x70 [ 87.733348] do_syscall_64+0xbc/0xf0 [ 87.737058] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 87.742242] RIP: 0033:0x441360 [ 87.745418] Code: 05 48 3d 01 f0 ff ff 0f 83 3d 0f fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d b1 8c 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 14 0f fc ff c3 48 83 ec 08 e8 7a 2b 00 00 [ 87.764409] RSP: 002b:00007ffdef679c98 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 87.772114] RAX: ffffffffffffffda RBX: 00007ffdef679cb0 RCX: 0000000000441360 [ 87.779362] RDX: 0000000000000001 RSI: 00007ffdef679cd0 RDI: 00000000000000f0 [ 87.786611] RBP: 00007ffdef679ca0 R08: 0000000000000100 R09: 00000000bb1414ac [ 87.793859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 87.801107] R13: 00007ffdef679ca8 R14: 0000000000000000 R15: 0000000000000000 [ 87.809495] Kernel Offset: disabled [ 87.813120] Rebooting in 86400 seconds..