[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   83.645635] audit: type=1800 audit(1555983215.715:25): pid=10211 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   83.668779] audit: type=1800 audit(1555983215.735:26): pid=10211 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   83.705432] audit: type=1800 audit(1555983215.765:27): pid=10211 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.191' (ECDSA) to the list of known hosts.
syzkaller login: [   94.994243] IPVS: ftp: loaded support on port[0] = 21
executing program
[   95.045535] ==================================================================
[   95.053005] BUG: KMSAN: uninit-value in ip6_parse_tlv+0x87f/0xc70
[   95.059262] CPU: 1 PID: 10363 Comm: syz-executor959 Not tainted 5.1.0-rc4+ #1
[   95.066520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   95.075873] Call Trace:
[   95.078504]  dump_stack+0x173/0x1d0
[   95.082144]  kmsan_report+0x131/0x2a0
[   95.085948]  __msan_warning+0x7a/0xf0
[   95.089740]  ip6_parse_tlv+0x87f/0xc70
[   95.093629]  ipv6_destopt_rcv+0x5c1/0xdd0
[   95.097777]  ? ipv6_rthdr_rcv+0x58b0/0x58b0
[   95.102109]  ip6_protocol_deliver_rcu+0xb5a/0x23a0
[   95.107087]  ip6_input+0x2b6/0x350
[   95.110619]  ? ip6_input+0x350/0x350
[   95.114325]  ? ip6_protocol_deliver_rcu+0x23a0/0x23a0
[   95.119504]  ip6_rcv_finish+0x4de/0x6d0
[   95.123484]  ipv6_rcv+0x34b/0x3f0
[   95.126938]  ? local_bh_enable+0x40/0x40
[   95.130996]  netif_receive_skb_internal+0x5cd/0x9a0
[   95.136026]  ? ip6_rcv_finish+0x6d0/0x6d0
[   95.140168]  napi_gro_frags+0x1737/0x2950
[   95.144902]  tun_get_user+0x55d7/0x6e30
[   95.148902]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[   95.154079]  ? depot_save_stack+0x388/0x4a0
[   95.158392]  tun_chr_write_iter+0x1f2/0x360
[   95.162709]  ? tun_chr_read_iter+0x460/0x460
[   95.167212]  do_iter_readv_writev+0x9b3/0xbd0
[   95.171733]  ? tun_chr_read_iter+0x460/0x460
[   95.176147]  do_iter_write+0x304/0xdc0
[   95.180028]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   95.185464]  ? import_iovec+0x425/0x690
[   95.189435]  do_writev+0x3f8/0x900
[   95.192978]  __se_sys_writev+0x9b/0xb0
[   95.196860]  __x64_sys_writev+0x4a/0x70
[   95.200823]  do_syscall_64+0xbc/0xf0
[   95.204545]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   95.209732] RIP: 0033:0x4414d0
[   95.212912] Code: 05 48 3d 01 f0 ff ff 0f 83 3d 0f fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 41 9b 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 14 0f fc ff c3 48 83 ec 08 e8 7a 2b 00 00
[   95.232232] RSP: 002b:00007ffc0c854408 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   95.239931] RAX: ffffffffffffffda RBX: 00007ffc0c854420 RCX: 00000000004414d0
[   95.247193] RDX: 0000000000000001 RSI: 00007ffc0c854440 RDI: 00000000000000f0
[   95.254468] RBP: 00007ffc0c854410 R08: 0000000000000100 R09: 00000000bb1414ac
[   95.261733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[   95.268994] R13: 00007ffc0c854418 R14: 0000000000000000 R15: 0000000000000000
[   95.276349] 
[   95.277960] Uninit was stored to memory at:
[   95.282293]  kmsan_internal_chain_origin+0x134/0x230
[   95.287382]  kmsan_memcpy_memmove_metadata+0x989/0xd60
[   95.292648]  kmsan_memcpy_metadata+0xb/0x10
[   95.296955]  __msan_memcpy+0x58/0x70
[   95.300654]  pskb_expand_head+0x3aa/0x1a30
[   95.304878]  inet_frag_reasm_prepare+0xdbe/0x1410
[   95.309725]  nf_ct_frag6_gather+0x25f2/0x3550
[   95.314214]  ipv6_defrag+0x542/0x650
[   95.317918]  nf_hook_slow+0x176/0x3d0
[   95.321705]  ipv6_rcv+0x26b/0x3f0
[   95.325233]  netif_receive_skb_internal+0x5cd/0x9a0
[   95.330260]  napi_gro_frags+0x1737/0x2950
[   95.334395]  tun_get_user+0x55d7/0x6e30
[   95.338354]  tun_chr_write_iter+0x1f2/0x360
[   95.342689]  do_iter_readv_writev+0x9b3/0xbd0
[   95.347168]  do_iter_write+0x304/0xdc0
[   95.351039]  do_writev+0x3f8/0x900
[   95.354574]  __se_sys_writev+0x9b/0xb0
[   95.358449]  __x64_sys_writev+0x4a/0x70
[   95.362410]  do_syscall_64+0xbc/0xf0
[   95.366200]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   95.371372] 
[   95.372983] Uninit was created at:
[   95.376524]  kmsan_save_stack_with_flags+0x7a/0x130
[   95.381532]  kmsan_internal_alloc_meta_for_pages+0x112/0x500
[   95.387324]  kmsan_alloc_page+0x7e/0x100
[   95.391393]  __alloc_pages_nodemask+0x12fb/0x5e90
[   95.396400]  page_frag_alloc+0x3cb/0x900
[   95.400453]  __napi_alloc_skb+0x194/0x980
[   95.404891]  page_to_skb+0x15c/0x1250
[   95.408678]  receive_buf+0x10a1/0x8e30
[   95.412563]  virtnet_poll+0x916/0x1a20
[   95.416445]  net_rx_action+0x78b/0x1a60
[   95.420536]  __do_softirq+0x53f/0x93a
[   95.424331] ==================================================================
[   95.431692] Disabling lock debugging due to kernel taint
[   95.437150] Kernel panic - not syncing: panic_on_warn set ...
[   95.443039] CPU: 1 PID: 10363 Comm: syz-executor959 Tainted: G    B             5.1.0-rc4+ #1
[   95.451693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   95.461036] Call Trace:
[   95.463636]  dump_stack+0x173/0x1d0
[   95.467254]  panic+0x3d1/0xb01
[   95.470447]  kmsan_report+0x29a/0x2a0
[   95.474251]  __msan_warning+0x7a/0xf0
[   95.478056]  ip6_parse_tlv+0x87f/0xc70
[   95.481975]  ipv6_destopt_rcv+0x5c1/0xdd0
[   95.486148]  ? ipv6_rthdr_rcv+0x58b0/0x58b0
[   95.490461]  ip6_protocol_deliver_rcu+0xb5a/0x23a0
[   95.495404]  ip6_input+0x2b6/0x350
[   95.498936]  ? ip6_input+0x350/0x350
[   95.502641]  ? ip6_protocol_deliver_rcu+0x23a0/0x23a0
[   95.507823]  ip6_rcv_finish+0x4de/0x6d0
[   95.511877]  ipv6_rcv+0x34b/0x3f0
[   95.515330]  ? local_bh_enable+0x40/0x40
[   95.519754]  netif_receive_skb_internal+0x5cd/0x9a0
[   95.524768]  ? ip6_rcv_finish+0x6d0/0x6d0
[   95.528906]  napi_gro_frags+0x1737/0x2950
[   95.533061]  tun_get_user+0x55d7/0x6e30
[   95.537049]  ? kmsan_get_shadow_origin_ptr+0x73/0x480
[   95.542240]  ? depot_save_stack+0x388/0x4a0
[   95.546563]  tun_chr_write_iter+0x1f2/0x360
[   95.550885]  ? tun_chr_read_iter+0x460/0x460
[   95.555468]  do_iter_readv_writev+0x9b3/0xbd0
[   95.559964]  ? tun_chr_read_iter+0x460/0x460
[   95.564357]  do_iter_write+0x304/0xdc0
[   95.568236]  ? __msan_metadata_ptr_for_store_8+0x13/0x20
[   95.573677]  ? import_iovec+0x425/0x690
[   95.577671]  do_writev+0x3f8/0x900
[   95.581216]  __se_sys_writev+0x9b/0xb0
[   95.585110]  __x64_sys_writev+0x4a/0x70
[   95.589079]  do_syscall_64+0xbc/0xf0
[   95.592783]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[   95.597957] RIP: 0033:0x4414d0
[   95.601157] Code: 05 48 3d 01 f0 ff ff 0f 83 3d 0f fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 41 9b 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 14 0f fc ff c3 48 83 ec 08 e8 7a 2b 00 00
[   95.620176] RSP: 002b:00007ffc0c854408 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   95.627877] RAX: ffffffffffffffda RBX: 00007ffc0c854420 RCX: 00000000004414d0
[   95.635154] RDX: 0000000000000001 RSI: 00007ffc0c854440 RDI: 00000000000000f0
[   95.642410] RBP: 00007ffc0c854410 R08: 0000000000000100 R09: 00000000bb1414ac
[   95.649666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[   95.656924] R13: 00007ffc0c854418 R14: 0000000000000000 R15: 0000000000000000
[   95.665386] Kernel Offset: disabled
[   95.669045] Rebooting in 86400 seconds..