Warning: Permanently added '10.128.1.17' (ECDSA) to the list of known hosts. syzkaller login: [ 100.252523][T12709] IPVS: ftp: loaded support on port[0] = 21 [ 100.326474][T12709] chnl_net:caif_netlink_parms(): no params data found [ 100.363466][T12709] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.371133][T12709] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.379942][T12709] device bridge_slave_0 entered promiscuous mode [ 100.388408][T12709] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.396805][T12709] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.405182][T12709] device bridge_slave_1 entered promiscuous mode [ 100.427036][T12709] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.441324][T12709] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.466395][T12709] team0: Port device team_slave_0 added [ 100.475196][T12709] team0: Port device team_slave_1 added [ 100.534984][T12709] device hsr_slave_0 entered promiscuous mode [ 100.572499][T12709] device hsr_slave_1 entered promiscuous mode [ 100.633692][T12709] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.641656][T12709] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.649473][T12709] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.657158][T12709] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.706480][T12709] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.722739][ T4046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 100.733809][ T4046] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.744019][ T4046] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.754202][ T4046] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 100.769280][T12709] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.783599][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 100.793049][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.801929][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.823377][ T4046] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 100.832579][ T4046] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.840149][ T4046] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.856716][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 100.867689][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 100.881797][ T4046] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 100.903285][ T4046] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 100.913339][ T4046] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 100.927802][T12709] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 100.955241][T12709] 8021q: adding VLAN 0 to HW filter on device batadv0 executing program [ 101.021325][T12718] ================================================================== [ 101.030049][T12718] BUG: KMSAN: uninit-value in ipv6_find_tlv+0x370/0x3c0 [ 101.037577][T12718] CPU: 0 PID: 12718 Comm: syz-executor830 Not tainted 5.3.0-rc7+ #0 [ 101.045548][T12718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 101.055709][T12718] Call Trace: [ 101.059098][T12718] dump_stack+0x191/0x1f0 [ 101.063429][T12718] kmsan_report+0x162/0x2d0 [ 101.067931][T12718] __msan_warning+0x75/0xe0 [ 101.072437][T12718] ipv6_find_tlv+0x370/0x3c0 [ 101.077032][T12718] ip6_find_1stfragopt+0x2b6/0x500 [ 101.082242][T12718] ip6_fragment+0x275/0x37d0 [ 101.086837][T12718] ? __msan_poison_alloca+0x1c0/0x270 [ 101.092417][T12718] ? __ip6_finish_output+0x8f0/0x8f0 [ 101.097706][T12718] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 101.103793][T12718] ? kmsan_get_metadata_or_null+0x208/0x290 [ 101.109701][T12718] ? __msan_poison_alloca+0x1c0/0x270 [ 101.115191][T12718] ? ip_vs_out+0x4d5/0x46b0 [ 101.119689][T12718] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 101.125835][T12718] ? nf_conntrack_in+0x2434/0x2664 [ 101.131034][T12718] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 101.137115][T12718] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 101.143430][T12718] __ip6_finish_output+0x753/0x8f0 [ 101.148825][T12718] ip6_finish_output+0x2db/0x420 [ 101.154070][T12718] ip6_output+0x5d3/0x720 [ 101.158531][T12718] ? ip6_output+0x720/0x720 [ 101.163261][T12718] ? ac6_seq_show+0x200/0x200 [ 101.168021][T12718] ip6_local_out+0x164/0x1d0 [ 101.173602][T12718] ip6_push_pending_frames+0x215/0x4f0 [ 101.179179][T12718] rawv6_sendmsg+0x40da/0x5b10 [ 101.183970][T12718] ? sock_write_iter+0x101/0x650 [ 101.188910][T12718] ? __vfs_write+0xa2c/0xcb0 [ 101.193792][T12718] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 101.200140][T12718] ? udp_cmsg_send+0x5d0/0x5d0 [ 101.205174][T12718] ? compat_rawv6_ioctl+0x100/0x100 [ 101.210640][T12718] inet_sendmsg+0x2d8/0x2e0 [ 101.215221][T12718] ? inet_send_prepare+0x600/0x600 [ 101.220655][T12718] sock_write_iter+0x599/0x650 [ 101.225783][T12718] ? sock_read_iter+0x660/0x660 [ 101.230805][T12718] __vfs_write+0xa2c/0xcb0 [ 101.235406][T12718] vfs_write+0x481/0x920 [ 101.240006][T12718] ksys_write+0x265/0x430 [ 101.244493][T12718] __se_sys_write+0x92/0xb0 [ 101.248990][T12718] __x64_sys_write+0x4a/0x70 [ 101.253695][T12718] do_syscall_64+0xbc/0xf0 [ 101.258105][T12718] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 101.264082][T12718] RIP: 0033:0x448a59 [ 101.268055][T12718] Code: e8 5c 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 101.288225][T12718] RSP: 002b:00007fce7f5f6d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 101.297305][T12718] RAX: ffffffffffffffda RBX: 00000000006dec28 RCX: 0000000000448a59 [ 101.305711][T12718] RDX: 00000000000041a0 RSI: 00000000200001c0 RDI: 0000000000000004 [ 101.314199][T12718] RBP: 00000000006dec20 R08: 0000000000000000 R09: 0000000000000000 [ 101.322388][T12718] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dec2c [ 101.331035][T12718] R13: 0000000000000000 R14: 0000000000000000 R15: 00007265746c6966 [ 101.339410][T12718] [ 101.341739][T12718] Uninit was created at: [ 101.345995][T12718] kmsan_internal_poison_shadow+0x58/0xb0 [ 101.351749][T12718] kmsan_slab_alloc+0xaa/0x120 [ 101.356693][T12718] __kmalloc_node_track_caller+0xb55/0x1320 [ 101.363200][T12718] __alloc_skb+0x306/0xa10 [ 101.367856][T12718] __ip6_append_data+0x46ad/0x6060 [ 101.373223][T12718] ip6_append_data+0x3c2/0x650 [ 101.378328][T12718] rawv6_sendmsg+0x232e/0x5b10 [ 101.383094][T12718] inet_sendmsg+0x2d8/0x2e0 [ 101.387751][T12718] sock_write_iter+0x599/0x650 [ 101.392659][T12718] __vfs_write+0xa2c/0xcb0 [ 101.397641][T12718] vfs_write+0x481/0x920 [ 101.402324][T12718] ksys_write+0x265/0x430 [ 101.406651][T12718] __se_sys_write+0x92/0xb0 [ 101.411234][T12718] __x64_sys_write+0x4a/0x70 [ 101.415964][T12718] do_syscall_64+0xbc/0xf0 [ 101.420387][T12718] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 101.426270][T12718] ================================================================== [ 101.434335][T12718] Disabling lock debugging due to kernel taint [ 101.440703][T12718] Kernel panic - not syncing: panic_on_warn set ... [ 101.447290][T12718] CPU: 0 PID: 12718 Comm: syz-executor830 Tainted: G B 5.3.0-rc7+ #0 [ 101.456959][T12718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 101.467244][T12718] Call Trace: [ 101.470554][T12718] dump_stack+0x191/0x1f0 [ 101.475292][T12718] panic+0x3c9/0xc1e [ 101.479514][T12718] kmsan_report+0x2ca/0x2d0 [ 101.484032][T12718] __msan_warning+0x75/0xe0 [ 101.488864][T12718] ipv6_find_tlv+0x370/0x3c0 [ 101.493545][T12718] ip6_find_1stfragopt+0x2b6/0x500 [ 101.499337][T12718] ip6_fragment+0x275/0x37d0 [ 101.504200][T12718] ? __msan_poison_alloca+0x1c0/0x270 [ 101.509956][T12718] ? __ip6_finish_output+0x8f0/0x8f0 [ 101.515355][T12718] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 101.521473][T12718] ? kmsan_get_metadata_or_null+0x208/0x290 [ 101.527550][T12718] ? __msan_poison_alloca+0x1c0/0x270 [ 101.533140][T12718] ? ip_vs_out+0x4d5/0x46b0 [ 101.537943][T12718] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 101.543927][T12718] ? nf_conntrack_in+0x2434/0x2664 [ 101.549211][T12718] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 101.555288][T12718] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 101.561520][T12718] __ip6_finish_output+0x753/0x8f0 [ 101.566946][T12718] ip6_finish_output+0x2db/0x420 [ 101.572125][T12718] ip6_output+0x5d3/0x720 [ 101.576676][T12718] ? ip6_output+0x720/0x720 [ 101.581262][T12718] ? ac6_seq_show+0x200/0x200 [ 101.586402][T12718] ip6_local_out+0x164/0x1d0 [ 101.591171][T12718] ip6_push_pending_frames+0x215/0x4f0 [ 101.597061][T12718] rawv6_sendmsg+0x40da/0x5b10 [ 101.601911][T12718] ? sock_write_iter+0x101/0x650 [ 101.607074][T12718] ? __vfs_write+0xa2c/0xcb0 [ 101.612143][T12718] ? kmsan_get_shadow_origin_ptr+0x28c/0x3a0 [ 101.618139][T12718] ? udp_cmsg_send+0x5d0/0x5d0 [ 101.623454][T12718] ? compat_rawv6_ioctl+0x100/0x100 [ 101.629045][T12718] inet_sendmsg+0x2d8/0x2e0 [ 101.633880][T12718] ? inet_send_prepare+0x600/0x600 [ 101.641002][T12718] sock_write_iter+0x599/0x650 [ 101.646144][T12718] ? sock_read_iter+0x660/0x660 [ 101.651351][T12718] __vfs_write+0xa2c/0xcb0 [ 101.655874][T12718] vfs_write+0x481/0x920 [ 101.660127][T12718] ksys_write+0x265/0x430 [ 101.664944][T12718] __se_sys_write+0x92/0xb0 [ 101.669859][T12718] __x64_sys_write+0x4a/0x70 [ 101.674744][T12718] do_syscall_64+0xbc/0xf0 [ 101.679736][T12718] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 101.685870][T12718] RIP: 0033:0x448a59 [ 101.689849][T12718] Code: e8 5c 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 101.710824][T12718] RSP: 002b:00007fce7f5f6d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 101.719832][T12718] RAX: ffffffffffffffda RBX: 00000000006dec28 RCX: 0000000000448a59 [ 101.728507][T12718] RDX: 00000000000041a0 RSI: 00000000200001c0 RDI: 0000000000000004 [ 101.736843][T12718] RBP: 00000000006dec20 R08: 0000000000000000 R09: 0000000000000000 [ 101.745249][T12718] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dec2c [ 101.753642][T12718] R13: 0000000000000000 R14: 0000000000000000 R15: 00007265746c6966 [ 101.763687][T12718] Kernel Offset: disabled [ 101.768168][T12718] Rebooting in 86400 seconds..