[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 101.912706][ T33] audit: type=1800 audit(1584813559.968:25): pid=10967 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 101.942491][ T33] audit: type=1800 audit(1584813559.988:26): pid=10967 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 101.982656][ T33] audit: type=1800 audit(1584813560.018:27): pid=10967 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 107.260365][T11105] sshd (11105) used greatest stack depth: 3352 bytes left Warning: Permanently added '10.128.0.127' (ECDSA) to the list of known hosts. [ 115.272958][T11120] IPVS: ftp: loaded support on port[0] = 21 [ 115.361421][T11120] chnl_net:caif_netlink_parms(): no params data found [ 115.434478][T11120] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.441721][T11120] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.450344][T11120] device bridge_slave_0 entered promiscuous mode [ 115.459074][T11120] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.466403][T11120] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.474763][T11120] device bridge_slave_1 entered promiscuous mode [ 115.500237][T11120] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 115.512020][T11120] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 115.538215][T11120] team0: Port device team_slave_0 added [ 115.546587][T11120] team0: Port device team_slave_1 added [ 115.569333][T11120] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 115.576406][T11120] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.602477][T11120] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 115.614604][T11120] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 115.621597][T11120] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.647720][T11120] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 115.715716][T11120] device hsr_slave_0 entered promiscuous mode [ 115.752822][T11120] device hsr_slave_1 entered promiscuous mode [ 115.898555][T11120] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 115.956629][T11120] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 116.016932][T11120] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 116.076631][T11120] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 116.158698][T11120] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.165942][T11120] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.173808][T11120] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.180948][T11120] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.242066][T11120] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.258543][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 116.269310][ T4090] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.279319][ T4090] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.289144][ T4090] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 116.305420][T11120] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.320141][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 116.329007][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.336246][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.351548][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 116.361171][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 116.370485][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.377653][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.393475][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 116.412554][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 116.422526][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 116.431708][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 116.454016][T11120] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 116.467798][T11120] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 116.481400][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 116.491481][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 116.501043][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 116.510203][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 116.519271][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 116.528352][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 116.537504][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 116.548859][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 116.575189][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 116.582889][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 116.600306][T11120] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.626271][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 116.637006][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 116.665194][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 116.674580][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 116.686566][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 116.695173][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 116.706483][T11120] device veth0_vlan entered promiscuous mode [ 116.720607][T11120] device veth1_vlan entered promiscuous mode [ 116.749092][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 116.759738][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 116.769050][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 116.778164][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 116.792108][T11120] device veth0_macvtap entered promiscuous mode [ 116.804508][T11120] device veth1_macvtap entered promiscuous mode [ 116.828757][T11120] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.836650][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 116.846381][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 116.854809][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 116.864498][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 116.881231][T11120] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.889153][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 116.899062][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 117.140233][T11147] device veth0_to_hsr entered promiscuous mode executing program [ 117.203611][T11147] device batadv0 entered promiscuous mode [ 117.297039][T11148] veth0_to_hsr: This device is already a HSR slave. executing program [ 117.426710][T11149] veth0_to_hsr: This device is already a HSR slave. executing program [ 117.556373][T11150] veth0_to_hsr: This device is already a HSR slave. executing program [ 117.686973][T11151] veth0_to_hsr: This device is already a HSR slave. executing program [ 117.826517][T11152] veth0_to_hsr: This device is already a HSR slave. executing program [ 117.966496][T11153] veth0_to_hsr: This device is already a HSR slave. executing program [ 118.096282][T11154] veth0_to_hsr: This device is already a HSR slave. executing program [ 118.247117][T11155] veth0_to_hsr: This device is already a HSR slave. executing program [ 118.386374][T11156] veth0_to_hsr: This device is already a HSR slave. executing program [ 118.516766][T11157] veth0_to_hsr: This device is already a HSR slave. executing program [ 118.646426][T11158] veth0_to_hsr: This device is already a HSR slave. executing program [ 118.786403][T11159] veth0_to_hsr: This device is already a HSR slave. executing program [ 118.936391][T11160] veth0_to_hsr: This device is already a HSR slave. [ 118.973151][ C1] ===================================================== [ 118.980225][ C1] BUG: KMSAN: uninit-value in batadv_bla_tx+0x2675/0x3730 [ 118.987313][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.6.0-rc6-syzkaller #0 [ 118.995445][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 119.005478][ C1] Call Trace: [ 119.008789][ C1] dump_stack+0x1c9/0x220 [ 119.013133][ C1] kmsan_report+0xf7/0x1e0 [ 119.017611][ C1] __msan_warning+0x58/0xa0 [ 119.022098][ C1] batadv_bla_tx+0x2675/0x3730 [ 119.026843][ C1] ? ptrace_set_debugreg+0xde0/0x18f0 [ 119.032249][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 119.037456][ C1] batadv_interface_tx+0x67c/0x2450 [ 119.042661][ C1] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 119.048726][ C1] ? batadv_softif_is_valid+0xb0/0xb0 [ 119.054079][ C1] dev_hard_start_xmit+0x531/0xab0 [ 119.059206][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 119.064393][ C1] __dev_queue_xmit+0x2f8d/0x3b20 [ 119.069407][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 119.074635][ C1] ? skb_clone+0x404/0x5d0 [ 119.079036][ C1] dev_queue_xmit+0x4b/0x60 [ 119.083522][ C1] hsr_forward_skb+0x2614/0x30d0 [ 119.088446][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 119.093653][ C1] hsr_handle_frame+0x3bc/0x4e0 [ 119.098488][ C1] ? hsr_port_exists+0x90/0x90 [ 119.103250][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 119.108965][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 119.114142][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 119.119938][ C1] ? __msan_poison_alloca+0xf0/0x120 [ 119.125213][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 119.130311][ C1] process_backlog+0x936/0x1410 [ 119.135147][ C1] ? __list_add_valid+0xb8/0x420 [ 119.140064][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 119.145178][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 119.150361][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 119.155671][ C1] net_rx_action+0x786/0x1aa0 [ 119.160359][ C1] ? net_tx_action+0xc30/0xc30 [ 119.165122][ C1] __do_softirq+0x311/0x83d [ 119.169642][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 119.174827][ C1] ? takeover_tasklets+0x8f0/0x8f0 [ 119.179923][ C1] run_ksoftirqd+0x25/0x40 [ 119.184331][ C1] smpboot_thread_fn+0x493/0x980 [ 119.189255][ C1] kthread+0x4b5/0x4f0 [ 119.193298][ C1] ? cpu_report_death+0x180/0x180 [ 119.198304][ C1] ? kthread_blkcg+0xf0/0xf0 [ 119.202873][ C1] ret_from_fork+0x35/0x40 [ 119.207267][ C1] [ 119.209569][ C1] Uninit was stored to memory at: [ 119.214608][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 119.220344][ C1] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 119.226303][ C1] kmsan_memcpy_metadata+0xb/0x10 [ 119.231337][ C1] __msan_memcpy+0x43/0x50 [ 119.235733][ C1] pskb_expand_head+0x38b/0x1b00 [ 119.240644][ C1] __skb_pad+0x47f/0x900 [ 119.244883][ C1] send_hsr_supervision_frame+0x122d/0x1500 [ 119.250763][ C1] hsr_announce+0x1e2/0x370 [ 119.255260][ C1] call_timer_fn+0x218/0x510 [ 119.259846][ C1] __run_timers+0xcff/0x1210 [ 119.264421][ C1] run_timer_softirq+0x2d/0x50 [ 119.269159][ C1] __do_softirq+0x311/0x83d [ 119.273628][ C1] [ 119.275933][ C1] Uninit was created at: [ 119.280159][ C1] kmsan_save_stack_with_flags+0x3c/0x90 [ 119.285808][ C1] kmsan_alloc_page+0x12a/0x310 [ 119.290634][ C1] __alloc_pages_nodemask+0x5712/0x5e80 [ 119.296160][ C1] page_frag_alloc+0x3ae/0x910 [ 119.300912][ C1] __napi_alloc_skb+0x193/0xa60 [ 119.305754][ C1] page_to_skb+0x19f/0x1100 [ 119.310243][ C1] receive_buf+0xe79/0x8b30 [ 119.314763][ C1] virtnet_poll+0x64b/0x19f0 [ 119.319335][ C1] net_rx_action+0x786/0x1aa0 [ 119.324003][ C1] __do_softirq+0x311/0x83d [ 119.328491][ C1] ===================================================== [ 119.335413][ C1] Disabling lock debugging due to kernel taint [ 119.341538][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 119.348105][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G B 5.6.0-rc6-syzkaller #0 [ 119.357729][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 119.367760][ C1] Call Trace: [ 119.371033][ C1] dump_stack+0x1c9/0x220 [ 119.375357][ C1] panic+0x3d5/0xc3e [ 119.379280][ C1] kmsan_report+0x1df/0x1e0 [ 119.385613][ C1] __msan_warning+0x58/0xa0 [ 119.390097][ C1] batadv_bla_tx+0x2675/0x3730 [ 119.394842][ C1] ? ptrace_set_debugreg+0xde0/0x18f0 [ 119.400209][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 119.405391][ C1] batadv_interface_tx+0x67c/0x2450 [ 119.410572][ C1] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 119.416627][ C1] ? batadv_softif_is_valid+0xb0/0xb0 [ 119.421974][ C1] dev_hard_start_xmit+0x531/0xab0 [ 119.427071][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 119.432265][ C1] __dev_queue_xmit+0x2f8d/0x3b20 [ 119.437282][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 119.442489][ C1] ? skb_clone+0x404/0x5d0 [ 119.446895][ C1] dev_queue_xmit+0x4b/0x60 [ 119.451378][ C1] hsr_forward_skb+0x2614/0x30d0 [ 119.456296][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 119.461399][ C1] hsr_handle_frame+0x3bc/0x4e0 [ 119.466249][ C1] ? hsr_port_exists+0x90/0x90 [ 119.470991][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 119.476687][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 119.481865][ C1] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 119.487666][ C1] ? __msan_poison_alloca+0xf0/0x120 [ 119.492928][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 119.498026][ C1] process_backlog+0x936/0x1410 [ 119.502869][ C1] ? __list_add_valid+0xb8/0x420 [ 119.507906][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 119.513038][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 119.518230][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 119.523493][ C1] net_rx_action+0x786/0x1aa0 [ 119.528163][ C1] ? net_tx_action+0xc30/0xc30 [ 119.532922][ C1] __do_softirq+0x311/0x83d [ 119.537430][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 119.542628][ C1] ? takeover_tasklets+0x8f0/0x8f0 [ 119.547750][ C1] run_ksoftirqd+0x25/0x40 [ 119.552177][ C1] smpboot_thread_fn+0x493/0x980 [ 119.557123][ C1] kthread+0x4b5/0x4f0 [ 119.561267][ C1] ? cpu_report_death+0x180/0x180 [ 119.566302][ C1] ? kthread_blkcg+0xf0/0xf0 [ 119.570896][ C1] ret_from_fork+0x35/0x40 [ 119.576448][ C1] Kernel Offset: 0x1c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 119.587979][ C1] Rebooting in 86400 seconds..