syzkaller login: [ 95.123060][ T30] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.10.33' (ECDSA) to the list of known hosts. [ 100.042974][ T3481] chnl_net:caif_netlink_parms(): no params data found [ 100.214786][ T3481] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.222278][ T3481] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.230877][ T3481] device bridge_slave_0 entered promiscuous mode [ 100.243894][ T3481] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.251130][ T3481] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.260325][ T3481] device bridge_slave_1 entered promiscuous mode [ 100.309410][ T3481] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.325679][ T3481] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.373791][ T3481] team0: Port device team_slave_0 added [ 100.386397][ T3481] team0: Port device team_slave_1 added [ 100.429257][ T3481] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.436537][ T3481] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.462649][ T3481] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.477588][ T3481] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.484780][ T3481] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.510865][ T3481] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.570786][ T3481] device hsr_slave_0 entered promiscuous mode [ 100.579096][ T3481] device hsr_slave_1 entered promiscuous mode [ 100.789335][ T3481] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.805649][ T3481] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.820474][ T3481] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.837802][ T3481] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 100.906933][ T3481] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.914265][ T3481] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.922266][ T3481] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.929585][ T3481] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.037606][ T3481] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.056968][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.066257][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.078005][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 101.100353][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 101.109407][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 101.125719][ T3481] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.140109][ T117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.150285][ T117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.159558][ T117] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.166934][ T117] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.182487][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.193144][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 101.202746][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.210082][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.226006][ T117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 101.243616][ T117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 101.261954][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 101.273002][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.284916][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 101.300315][ T117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 101.311196][ T117] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.333783][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 101.343515][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 101.362280][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 101.372064][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 101.387034][ T3481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 101.421352][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 101.429345][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 101.453572][ T3481] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.490537][ T117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 101.500557][ T117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 101.543466][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 101.553411][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 101.567101][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 101.576578][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 101.592665][ T3481] device veth0_vlan entered promiscuous mode [ 101.615399][ T3481] device veth1_vlan entered promiscuous mode [ 101.661577][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 101.671496][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 101.680926][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 101.690491][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 101.707827][ T3481] device veth0_macvtap entered promiscuous mode [ 101.725588][ T3481] device veth1_macvtap entered promiscuous mode [ 101.759629][ T3481] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.767689][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 101.777331][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 101.786401][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 101.796337][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 101.815233][ T3481] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.823807][ T117] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 101.836758][ T117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 101.853659][ T3481] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.862542][ T3481] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.871327][ T3481] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.880256][ T3481] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 102.451339][ T3481] ===================================================== [ 102.458440][ T3481] BUG: KMSAN: uninit-value in ax25cmp+0x4a2/0x5f0 [ 102.464869][ T3481] ax25cmp+0x4a2/0x5f0 [ 102.468943][ T3481] nr_dev_get+0x1c1/0x420 [ 102.473334][ T3481] nr_route_frame+0x233/0x1470 [ 102.478113][ T3481] nr_xmit+0x9c/0x280 [ 102.482110][ T3481] xmit_one+0x2f4/0x840 [ 102.486289][ T3481] dev_hard_start_xmit+0x186/0x440 [ 102.491421][ T3481] __dev_queue_xmit+0x2104/0x3290 [ 102.496515][ T3481] dev_queue_xmit+0x4b/0x60 [ 102.501039][ T3481] raw_sendmsg+0x819/0xcd0 [ 102.505473][ T3481] ieee802154_sock_sendmsg+0xec/0x130 [ 102.510861][ T3481] ____sys_sendmsg+0xe11/0x12c0 [ 102.515734][ T3481] __sys_sendmmsg+0x845/0xf60 [ 102.520427][ T3481] __ia32_compat_sys_sendmmsg+0x127/0x180 [ 102.526166][ T3481] __do_fast_syscall_32+0x96/0xf0 [ 102.531210][ T3481] do_fast_syscall_32+0x34/0x70 [ 102.536076][ T3481] do_SYSENTER_32+0x1b/0x20 [ 102.540596][ T3481] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 102.546943][ T3481] [ 102.549256][ T3481] Uninit was created at: [ 102.553556][ T3481] __kmalloc_node_track_caller+0xe0c/0x1510 [ 102.559472][ T3481] __alloc_skb+0x545/0xf90 [ 102.563900][ T3481] alloc_skb_with_frags+0x1db/0xbc0 [ 102.569122][ T3481] sock_alloc_send_pskb+0xdf4/0xfc0 [ 102.574335][ T3481] sock_alloc_send_skb+0xca/0xe0 [ 102.579284][ T3481] raw_sendmsg+0x4cf/0xcd0 [ 102.583713][ T3481] ieee802154_sock_sendmsg+0xec/0x130 [ 102.589103][ T3481] ____sys_sendmsg+0xe11/0x12c0 [ 102.593978][ T3481] __sys_sendmmsg+0x845/0xf60 [ 102.598687][ T3481] __ia32_compat_sys_sendmmsg+0x127/0x180 [ 102.604425][ T3481] __do_fast_syscall_32+0x96/0xf0 [ 102.609467][ T3481] do_fast_syscall_32+0x34/0x70 [ 102.614335][ T3481] do_SYSENTER_32+0x1b/0x20 [ 102.618853][ T3481] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 102.625201][ T3481] [ 102.627515][ T3481] CPU: 1 PID: 3481 Comm: syz-executor365 Not tainted 5.16.0-rc5-syzkaller #0 [ 102.636286][ T3481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 102.646339][ T3481] ===================================================== [ 102.653257][ T3481] Disabling lock debugging due to kernel taint [ 102.659549][ T3481] Kernel panic - not syncing: kmsan.panic set ... [ 102.665974][ T3481] CPU: 1 PID: 3481 Comm: syz-executor365 Tainted: G B 5.16.0-rc5-syzkaller #0 [ 102.676166][ T3481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 102.686244][ T3481] Call Trace: [ 102.689534][ T3481] [ 102.692478][ T3481] dump_stack_lvl+0x1ff/0x28e [ 102.697217][ T3481] dump_stack+0x25/0x28 [ 102.701417][ T3481] panic+0x487/0xe1f [ 102.705335][ T3481] ? add_taint+0x181/0x210 [ 102.709763][ T3481] ? _raw_spin_unlock_irqrestore+0x78/0xb0 [ 102.715592][ T3481] kmsan_report+0x2e6/0x2f0 [ 102.720121][ T3481] ? _raw_spin_unlock_irqrestore+0x78/0xb0 [ 102.725949][ T3481] ? __msan_warning+0xb8/0x130 [ 102.730730][ T3481] ? ax25cmp+0x4a2/0x5f0 [ 102.734983][ T3481] ? nr_dev_get+0x1c1/0x420 [ 102.739500][ T3481] ? nr_route_frame+0x233/0x1470 [ 102.744456][ T3481] ? nr_xmit+0x9c/0x280 [ 102.748623][ T3481] ? xmit_one+0x2f4/0x840 [ 102.752976][ T3481] ? dev_hard_start_xmit+0x186/0x440 [ 102.758287][ T3481] ? __dev_queue_xmit+0x2104/0x3290 [ 102.763511][ T3481] ? dev_queue_xmit+0x4b/0x60 [ 102.768210][ T3481] ? raw_sendmsg+0x819/0xcd0 [ 102.772818][ T3481] ? ieee802154_sock_sendmsg+0xec/0x130 [ 102.778394][ T3481] ? ____sys_sendmsg+0xe11/0x12c0 [ 102.783437][ T3481] ? __sys_sendmmsg+0x845/0xf60 [ 102.788304][ T3481] ? __ia32_compat_sys_sendmmsg+0x127/0x180 [ 102.794260][ T3481] ? __do_fast_syscall_32+0x96/0xf0 [ 102.799477][ T3481] ? do_fast_syscall_32+0x34/0x70 [ 102.804604][ T3481] ? do_SYSENTER_32+0x1b/0x20 [ 102.809298][ T3481] ? entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 102.815825][ T3481] ? kmsan_internal_poison_memory+0x45/0xa0 [ 102.821752][ T3481] ? kmsan_slab_alloc+0xe1/0x150 [ 102.826724][ T3481] ? __kmalloc_node_track_caller+0xe0c/0x1510 [ 102.832817][ T3481] ? __alloc_skb+0x545/0xf90 [ 102.837436][ T3481] ? alloc_skb_with_frags+0x1db/0xbc0 [ 102.842833][ T3481] ? sock_alloc_send_pskb+0xdf4/0xfc0 [ 102.848219][ T3481] ? sock_alloc_send_skb+0xca/0xe0 [ 102.853340][ T3481] ? raw_sendmsg+0x4cf/0xcd0 [ 102.857946][ T3481] ? ieee802154_sock_sendmsg+0xec/0x130 [ 102.863511][ T3481] ? ____sys_sendmsg+0xe11/0x12c0 [ 102.868553][ T3481] ? __sys_sendmmsg+0x845/0xf60 [ 102.873435][ T3481] ? __ia32_compat_sys_sendmmsg+0x127/0x180 [ 102.879344][ T3481] ? __do_fast_syscall_32+0x96/0xf0 [ 102.884570][ T3481] ? do_fast_syscall_32+0x34/0x70 [ 102.889636][ T3481] ? do_SYSENTER_32+0x1b/0x20 [ 102.894341][ T3481] ? entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 102.900873][ T3481] ? update_stack_state+0x883/0xa60 [ 102.906093][ T3481] ? stack_trace_save+0x117/0x1a0 [ 102.911144][ T3481] ? update_stack_state+0x883/0xa60 [ 102.916364][ T3481] ? kmsan_get_metadata+0x33/0x220 [ 102.921498][ T3481] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 102.927335][ T3481] __msan_warning+0xb8/0x130 [ 102.931946][ T3481] ax25cmp+0x4a2/0x5f0 [ 102.936033][ T3481] nr_dev_get+0x1c1/0x420 [ 102.940384][ T3481] nr_route_frame+0x233/0x1470 [ 102.945172][ T3481] ? kmsan_get_metadata+0x33/0x220 [ 102.950403][ T3481] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 102.956233][ T3481] ? kmsan_get_metadata+0x33/0x220 [ 102.961366][ T3481] nr_xmit+0x9c/0x280 [ 102.965363][ T3481] ? nr_close+0x100/0x100 [ 102.969707][ T3481] xmit_one+0x2f4/0x840 [ 102.973900][ T3481] dev_hard_start_xmit+0x186/0x440 [ 102.979046][ T3481] __dev_queue_xmit+0x2104/0x3290 [ 102.984114][ T3481] ? kmsan_get_metadata+0x33/0x220 [ 102.989245][ T3481] dev_queue_xmit+0x4b/0x60 [ 102.993773][ T3481] raw_sendmsg+0x819/0xcd0 [ 102.998219][ T3481] ? raw_getsockopt+0x30/0x30 [ 103.002910][ T3481] ieee802154_sock_sendmsg+0xec/0x130 [ 103.008310][ T3481] ____sys_sendmsg+0xe11/0x12c0 [ 103.013198][ T3481] ? ieee802154_sock_ioctl+0x780/0x780 [ 103.018701][ T3481] __sys_sendmmsg+0x845/0xf60 [ 103.023449][ T3481] ? sock_setsockopt+0x7a8/0x4a70 [ 103.028509][ T3481] ? kfree+0x29/0x9e0 [ 103.032527][ T3481] ? kmsan_get_metadata+0x33/0x220 [ 103.037833][ T3481] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 103.043668][ T3481] ? __sys_setsockopt+0xbd3/0xdc0 [ 103.048730][ T3481] ? kmsan_get_metadata+0x33/0x220 [ 103.053863][ T3481] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 103.059696][ T3481] ? kmsan_get_metadata+0x33/0x220 [ 103.064837][ T3481] ? kmsan_get_shadow_origin_ptr+0x9b/0xf0 [ 103.070677][ T3481] __ia32_compat_sys_sendmmsg+0x127/0x180 [ 103.076436][ T3481] __do_fast_syscall_32+0x96/0xf0 [ 103.081489][ T3481] do_fast_syscall_32+0x34/0x70 [ 103.086365][ T3481] do_SYSENTER_32+0x1b/0x20 [ 103.090887][ T3481] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 103.097240][ T3481] RIP: 0023:0xf7f28549 [ 103.101310][ T3481] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 [ 103.120931][ T3481] RSP: 002b:00000000fff2bcec EFLAGS: 00000286 ORIG_RAX: 0000000000000159 [ 103.129356][ T3481] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020001380 [ 103.137334][ T3481] RDX: 00000000fffffeed RSI: 0000000000000000 RDI: 0000000000000010 [ 103.145312][ T3481] RBP: 0000000000000005 R08: 0000000000000000 R09: 0000000000000000 [ 103.153296][ T3481] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 103.161277][ T3481] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 103.169271][ T3481] [ 103.172367][ T3481] Kernel Offset: disabled [ 103.176692][ T3481] Rebooting in 86400 seconds..