[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts.
syzkaller login: [  149.349862][ T8489] IPVS: ftp: loaded support on port[0] = 21
[  149.514550][ T8489] chnl_net:caif_netlink_parms(): no params data found
[  149.698152][ T8489] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.705473][ T8489] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.714973][ T8489] device bridge_slave_0 entered promiscuous mode
[  149.727250][ T8489] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.734597][ T8489] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.743967][ T8489] device bridge_slave_1 entered promiscuous mode
[  149.783072][ T8489] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  149.795994][ T8489] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  149.841422][ T8489] team0: Port device team_slave_0 added
[  149.851103][ T8489] team0: Port device team_slave_1 added
[  149.889707][ T8489] batman_adv: batadv0: Adding interface: batadv_slave_0
[  149.897104][ T8489] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  149.923247][ T8489] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  149.937330][ T8489] batman_adv: batadv0: Adding interface: batadv_slave_1
[  149.944540][ T8489] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  149.971317][ T8489] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  150.057004][ T8489] device hsr_slave_0 entered promiscuous mode
[  150.112584][ T8489] device hsr_slave_1 entered promiscuous mode
[  150.321311][ T8489] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  150.362779][ T8489] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  150.397078][ T8489] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  150.456984][ T8489] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  150.615333][ T8489] 8021q: adding VLAN 0 to HW filter on device bond0
[  150.633841][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  150.643524][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  150.660819][ T8489] 8021q: adding VLAN 0 to HW filter on device team0
[  150.682416][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  150.693597][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  150.703048][ T3378] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.710282][ T3378] bridge0: port 1(bridge_slave_0) entered forwarding state
[  150.719201][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  150.729099][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  150.738681][ T3378] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.745976][ T3378] bridge0: port 2(bridge_slave_1) entered forwarding state
[  150.757450][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  150.780425][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  150.805368][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  150.816115][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  150.826574][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  150.844928][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  150.854227][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  150.869204][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  150.887072][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  150.897334][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  150.920197][ T8489] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  150.934174][ T8489] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  150.944930][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  150.954520][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  150.993596][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  151.001229][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  151.029836][ T8489] 8021q: adding VLAN 0 to HW filter on device batadv0
[  151.067484][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  151.078178][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  151.123227][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  151.133257][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  151.145047][ T8489] device veth0_vlan entered promiscuous mode
[  151.158638][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  151.169700][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  151.188408][ T8489] device veth1_vlan entered promiscuous mode
[  151.231118][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  151.241089][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  151.250100][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  151.259423][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  151.278461][ T8489] device veth0_macvtap entered promiscuous mode
[  151.296982][ T8489] device veth1_macvtap entered promiscuous mode
[  151.338543][ T8489] batman_adv: batadv0: Interface activated: batadv_slave_0
[  151.346522][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  151.355928][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  151.365361][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  151.375379][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  151.398963][ T8489] batman_adv: batadv0: Interface activated: batadv_slave_1
[  151.423363][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  151.433893][   T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[  151.657499][ T8708] device macvtap1 entered promiscuous mode
executing program
[  151.798633][ T8713] device macvtap1 entered promiscuous mode
executing program
[  151.917566][ T8718] device macvtap1 entered promiscuous mode
executing program
[  152.058377][ T8723] device macvtap1 entered promiscuous mode
executing program
[  152.180180][ T8728] device macvtap1 entered promiscuous mode
executing program
[  152.297478][ T8733] device macvtap1 entered promiscuous mode
executing program
[  152.419228][ T8738] device macvtap1 entered promiscuous mode
executing program
[  152.570839][ T8743] device macvtap1 entered promiscuous mode
executing program
[  152.709835][ T8749] device macvtap1 entered promiscuous mode
executing program
[  152.828416][ T8754] device macvtap1 entered promiscuous mode
executing program
[  152.947364][ T8759] device macvtap1 entered promiscuous mode
[  152.956711][ T8759] bridge0: port 3(macvtap1) entered blocking state
[  152.964128][ T8759] bridge0: port 3(macvtap1) entered disabled state
executing program
[  153.130441][ T8765] device macvtap1 entered promiscuous mode
executing program
[  153.269405][ T8770] device macvtap1 entered promiscuous mode
[  153.277716][ T8770] bond0: (slave macvtap1): Error: Device is in use and cannot be enslaved
executing program
[  153.426732][ T8775] device macvtap1 entered promiscuous mode
[  153.435501][ T8775] team0: Device macvtap1 is up. Set it down before adding it as a team port
executing program
[  153.577673][ T8780] device macvtap1 entered promiscuous mode
executing program
[  153.719805][ T8785] device macvtap1 entered promiscuous mode
executing program
[  153.828222][ T8790] device macvtap1 entered promiscuous mode
executing program
executing program
[  153.967379][ T8795] device macvtap1 entered promiscuous mode
[  153.976695][ T8795] batman_adv: batadv0: Adding interface: macvtap1
[  153.983433][ T8795] batman_adv: batadv0: The MTU of interface macvtap1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  154.009451][ T8795] batman_adv: batadv0: Interface activated: macvtap1
[  154.035803][ T8798] device macvtap2 entered promiscuous mode
executing program
[  154.157498][ T8803] device macvtap2 entered promiscuous mode
executing program
[  154.267871][ T8808] device macvtap2 entered promiscuous mode
executing program
[  154.387528][ T8813] device macvtap2 entered promiscuous mode
executing program
[  154.507627][ T8818] device macvtap2 entered promiscuous mode
executing program
[  154.650236][ T8823] device macvtap2 entered promiscuous mode
executing program
[  154.787172][ T8828] device macvtap2 entered promiscuous mode
executing program
[  154.927564][ T8833] device macvtap2 entered promiscuous mode
executing program
[  155.057752][ T8838] device macvtap2 entered promiscuous mode
[  155.122533][  T949] =====================================================
[  155.129516][  T949] BUG: KMSAN: uninit-value in kmsan_check_skb+0x3c/0x210
[  155.136556][  T949] CPU: 1 PID: 949 Comm: kworker/u4:14 Not tainted 5.8.0-rc5-syzkaller #0
[  155.144954][  T949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  155.155018][  T949] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
[  155.162811][  T949] Call Trace:
[  155.166090][  T949]  dump_stack+0x1df/0x240
[  155.170432][  T949]  kmsan_report+0xf7/0x1e0
[  155.174843][  T949]  kmsan_internal_check_memory+0x238/0x3d0
[  155.180833][  T949]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  155.186897][  T949]  kmsan_check_skb+0x3c/0x210
[  155.191561][  T949]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  155.197383][  T949]  pfifo_fast_dequeue+0xdb4/0xfd0
[  155.202411][  T949]  ? pfifo_fast_enqueue+0x980/0x980
[  155.207614][  T949]  __qdisc_run+0x401/0x33a0
[  155.212140][  T949]  ? kmsan_get_metadata+0x11d/0x180
[  155.217333][  T949]  __dev_queue_xmit+0x23b7/0x3b20
[  155.222371][  T949]  ? kmsan_get_metadata+0x11d/0x180
[  155.227612][  T949]  dev_queue_xmit+0x4b/0x60
[  155.232124][  T949]  batadv_send_skb_packet+0x59b/0x8c0
[  155.237519][  T949]  batadv_send_broadcast_skb+0x76/0x90
[  155.243003][  T949]  batadv_iv_send_outstanding_bat_ogm_packet+0x97e/0xd50
[  155.250028][  T949]  ? batadv_iv_ogm_queue_add+0x1900/0x1900
[  155.255820][  T949]  process_one_work+0x1540/0x1f30
[  155.261599][  T949]  worker_thread+0xed2/0x23f0
[  155.266297][  T949]  kthread+0x515/0x550
[  155.270378][  T949]  ? process_one_work+0x1f30/0x1f30
[  155.275566][  T949]  ? kthread_blkcg+0xf0/0xf0
[  155.280161][  T949]  ret_from_fork+0x22/0x30
[  155.284565][  T949] 
[  155.286894][  T949] Uninit was stored to memory at:
[  155.291902][  T949]  kmsan_internal_chain_origin+0xad/0x130
[  155.297623][  T949]  kmsan_memcpy_memmove_metadata+0x272/0x2e0
[  155.303597][  T949]  kmsan_memcpy_metadata+0xb/0x10
[  155.308604][  T949]  __msan_memcpy+0x43/0x50
[  155.313014][  T949]  pskb_expand_head+0x38b/0x1b00
[  155.317965][  T949]  batadv_skb_head_push+0x234/0x350
[  155.323149][  T949]  batadv_send_skb_packet+0x1a7/0x8c0
[  155.328522][  T949]  batadv_send_broadcast_skb+0x76/0x90
[  155.333990][  T949]  batadv_iv_send_outstanding_bat_ogm_packet+0x97e/0xd50
[  155.341121][  T949]  process_one_work+0x1540/0x1f30
[  155.346128][  T949]  worker_thread+0xed2/0x23f0
[  155.350785][  T949]  kthread+0x515/0x550
[  155.354851][  T949]  ret_from_fork+0x22/0x30
[  155.359254][  T949] 
[  155.361560][  T949] Uninit was created at:
[  155.365802][  T949]  kmsan_save_stack_with_flags+0x3c/0x90
[  155.371439][  T949]  kmsan_alloc_page+0xb9/0x180
[  155.376181][  T949]  __alloc_pages_nodemask+0x56a2/0x5dc0
[  155.382330][  T949]  page_frag_alloc+0x3ae/0x910
[  155.387107][  T949]  __netdev_alloc_skb+0x703/0xbb0
[  155.392140][  T949]  batadv_iv_ogm_queue_add+0x10da/0x1900
[  155.397781][  T949]  batadv_iv_ogm_schedule+0xd63/0x1430
[  155.403232][  T949]  batadv_iv_iface_enabled+0x37/0x40
[  155.408496][  T949]  batadv_hardif_enable_interface+0x1551/0x18c0
[  155.414717][  T949]  batadv_softif_slave_add+0x198/0x260
[  155.420170][  T949]  do_setlink+0x1bfd/0x6230
[  155.424656][  T949]  rtnl_newlink+0x2edd/0x3900
[  155.429330][  T949]  rtnetlink_rcv_msg+0x1184/0x15c0
[  155.434457][  T949]  netlink_rcv_skb+0x451/0x650
[  155.439201][  T949]  rtnetlink_rcv+0x50/0x60
[  155.443603][  T949]  netlink_unicast+0xf9e/0x1100
[  155.448439][  T949]  netlink_sendmsg+0x1246/0x14d0
[  155.453372][  T949]  __sys_sendto+0xc56/0xc90
[  155.457900][  T949]  __se_sys_sendto+0x107/0x130
[  155.462650][  T949]  __x64_sys_sendto+0x6e/0x90
[  155.467308][  T949]  do_syscall_64+0xb0/0x150
[  155.471796][  T949]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  155.477659][  T949] 
[  155.479968][  T949] Bytes 52-53 of 146 are uninitialized
[  155.485422][  T949] Memory access of size 146 starts at ffff984eebd5ac40
[  155.492245][  T949] =====================================================
[  155.499165][  T949] Disabling lock debugging due to kernel taint
[  155.505308][  T949] Kernel panic - not syncing: panic_on_warn set ...
[  155.511892][  T949] CPU: 1 PID: 949 Comm: kworker/u4:14 Tainted: G    B             5.8.0-rc5-syzkaller #0
[  155.521687][  T949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  155.531745][  T949] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
[  155.539533][  T949] Call Trace:
[  155.542814][  T949]  dump_stack+0x1df/0x240
[  155.547147][  T949]  panic+0x3d5/0xc3e
[  155.551073][  T949]  kmsan_report+0x1df/0x1e0
[  155.555567][  T949]  kmsan_internal_check_memory+0x238/0x3d0
[  155.561358][  T949]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  155.567418][  T949]  kmsan_check_skb+0x3c/0x210
[  155.572087][  T949]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  155.577882][  T949]  pfifo_fast_dequeue+0xdb4/0xfd0
[  155.582920][  T949]  ? pfifo_fast_enqueue+0x980/0x980
[  155.588103][  T949]  __qdisc_run+0x401/0x33a0
[  155.592615][  T949]  ? kmsan_get_metadata+0x11d/0x180
[  155.597807][  T949]  __dev_queue_xmit+0x23b7/0x3b20
[  155.602818][  T949]  ? kmsan_get_metadata+0x11d/0x180
[  155.608049][  T949]  dev_queue_xmit+0x4b/0x60
[  155.612560][  T949]  batadv_send_skb_packet+0x59b/0x8c0
[  155.617949][  T949]  batadv_send_broadcast_skb+0x76/0x90
[  155.623405][  T949]  batadv_iv_send_outstanding_bat_ogm_packet+0x97e/0xd50
[  155.630464][  T949]  ? batadv_iv_ogm_queue_add+0x1900/0x1900
[  155.636297][  T949]  process_one_work+0x1540/0x1f30
[  155.641342][  T949]  worker_thread+0xed2/0x23f0
[  155.646030][  T949]  kthread+0x515/0x550
[  155.650086][  T949]  ? process_one_work+0x1f30/0x1f30
[  155.655286][  T949]  ? kthread_blkcg+0xf0/0xf0
[  155.659866][  T949]  ret_from_fork+0x22/0x30
[  155.665392][  T949] Kernel Offset: 0x14400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  155.677009][  T949] Rebooting in 86400 seconds..