[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. Warning: Permanently added '10.128.0.141' (ECDSA) to the list of known hosts. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. [ 159.688145][ T29] audit: type=1400 audit(1597548202.522:8): avc: denied { execmem } for pid=8427 comm="syz-executor932" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 159.723713][ T8469] IPVS: ftp: loaded support on port[0] = 21 [ 159.871314][ T8469] chnl_net:caif_netlink_parms(): no params data found [ 159.960572][ T8469] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.968141][ T8469] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.977705][ T8469] device bridge_slave_0 entered promiscuous mode [ 159.988290][ T8469] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.995982][ T8469] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.004827][ T8469] device bridge_slave_1 entered promiscuous mode [ 160.039706][ T8469] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 160.053993][ T8469] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 160.087426][ T8469] team0: Port device team_slave_0 added [ 160.097127][ T8469] team0: Port device team_slave_1 added [ 160.128721][ T8469] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 160.135849][ T8469] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 160.161969][ T8469] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 160.175782][ T8469] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 160.182959][ T8469] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 160.209115][ T8469] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 160.256151][ T8469] device hsr_slave_0 entered promiscuous mode [ 160.264831][ T8469] device hsr_slave_1 entered promiscuous mode [ 160.450185][ T8469] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 160.462986][ T8469] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 160.480656][ T8469] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 160.498353][ T8469] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 160.589644][ T8469] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.596845][ T8469] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.604810][ T8469] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.611972][ T8469] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.697795][ T8469] 8021q: adding VLAN 0 to HW filter on device bond0 [ 160.721104][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.732730][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.741735][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.754286][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 160.773604][ T8469] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.792038][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 160.800919][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.808294][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.825476][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 160.834662][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.841762][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.875360][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 160.885760][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 160.896633][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 160.906764][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 160.918781][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 160.943698][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 160.954620][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 160.967089][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 160.976530][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 161.004574][ T8469] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 161.017537][ T8469] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 161.030069][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 161.039789][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 161.074322][ T8675] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 161.081841][ T8675] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 161.105969][ T8469] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.143419][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 161.152924][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 161.189201][ T8675] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 161.198073][ T8675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 161.209274][ T8675] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 161.218539][ T8675] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 161.236642][ T8469] device veth0_vlan entered promiscuous mode [ 161.257595][ T8469] device veth1_vlan entered promiscuous mode [ 161.301980][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 161.310755][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 161.320206][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 161.329651][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 161.348489][ T8469] device veth0_macvtap entered promiscuous mode [ 161.366000][ T8469] device veth1_macvtap entered promiscuous mode [ 161.398321][ T8469] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 161.406014][ T8675] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 161.415754][ T8675] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 161.424692][ T8675] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 161.434609][ T8675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 161.457194][ T8469] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 161.465837][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 161.475762][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 161.596013][ T8469] ===================================================== [ 161.603002][ T8469] BUG: KMSAN: uninit-value in eth_type_trans+0x655/0xc10 [ 161.610027][ T8469] CPU: 0 PID: 8469 Comm: syz-executor932 Not tainted 5.8.0-rc5-syzkaller #0 [ 161.618687][ T8469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 161.628822][ T8469] Call Trace: [ 161.632115][ T8469] dump_stack+0x21c/0x280 [ 161.636454][ T8469] kmsan_report+0xf7/0x1e0 [ 161.640878][ T8469] __msan_warning+0x58/0xa0 [ 161.645385][ T8469] eth_type_trans+0x655/0xc10 [ 161.650080][ T8469] __dev_forward_skb+0x4b0/0xb30 [ 161.655027][ T8469] veth_xmit+0x486/0xcf0 [ 161.659275][ T8469] ? veth_close+0x160/0x160 [ 161.663780][ T8469] xmit_one+0x3cf/0x750 [ 161.667940][ T8469] ? kmsan_get_metadata+0x116/0x180 [ 161.673141][ T8469] __dev_queue_xmit+0x3aad/0x4470 [ 161.678186][ T8469] dev_queue_xmit+0x4b/0x60 [ 161.682692][ T8469] __bpf_redirect+0x1479/0x16b0 [ 161.687549][ T8469] ? skb_ensure_writable+0x4d1/0x590 [ 161.692833][ T8469] bpf_clone_redirect+0x498/0x650 [ 161.697840][ T8469] ? kmsan_slab_alloc+0x8a/0xe0 [ 161.702669][ T8469] ___bpf_prog_run+0x4498/0x98e0 [ 161.707585][ T8469] ? bpf_csum_level+0x780/0x780 [ 161.712431][ T8469] __bpf_prog_run512+0x12e/0x190 [ 161.717345][ T8469] ? kmsan_slab_alloc+0x8a/0xe0 [ 161.722174][ T8469] ? bpf_prog_test_run_skb+0x8cb/0x2ad0 [ 161.727703][ T8469] ? __do_sys_bpf+0xb364/0x1a4c0 [ 161.732615][ T8469] ? __ia32_sys_bpf+0x4a/0x70 [ 161.737263][ T8469] ? 0xffffffff81000000 [ 161.741440][ T8469] ? do_fast_syscall_32+0x6b/0xd0 [ 161.746437][ T8469] ? do_SYSENTER_32+0x73/0x90 [ 161.751092][ T8469] ? entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 161.757572][ T8469] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 161.763700][ T8469] ? kmsan_get_metadata+0x116/0x180 [ 161.768874][ T8469] ? kmsan_internal_set_origin+0x75/0xb0 [ 161.774481][ T8469] ? __msan_poison_alloca+0xf0/0x120 [ 161.779739][ T8469] ? kmsan_get_metadata+0x116/0x180 [ 161.784968][ T8469] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 161.790754][ T8469] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 161.796799][ T8469] ? ktime_get+0x384/0x470 [ 161.801192][ T8469] ? kmsan_get_metadata+0x4f/0x180 [ 161.806338][ T8469] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 161.812137][ T8469] ? __bpf_prog_run480+0x190/0x190 [ 161.817236][ T8469] bpf_test_run+0x52d/0xed0 [ 161.821727][ T8469] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 161.827510][ T8469] bpf_prog_test_run_skb+0x1053/0x2ad0 [ 161.832957][ T8469] ? bpf_prog_test_run_tracing+0xa00/0xa00 [ 161.838739][ T8469] __do_sys_bpf+0xb364/0x1a4c0 [ 161.843496][ T8469] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 161.849285][ T8469] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 161.855325][ T8469] ? handle_mm_fault+0x46b0/0x4940 [ 161.860439][ T8469] ? kmsan_get_metadata+0x116/0x180 [ 161.865618][ T8469] ? kmsan_set_origin_checked+0x95/0xf0 [ 161.871138][ T8469] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 161.877181][ T8469] ? kmsan_get_metadata+0x116/0x180 [ 161.882415][ T8469] ? kmsan_get_metadata+0x116/0x180 [ 161.887590][ T8469] __se_sys_bpf+0x8e/0xa0 [ 161.891897][ T8469] __ia32_sys_bpf+0x4a/0x70 [ 161.896388][ T8469] __do_fast_syscall_32+0x2af/0x480 [ 161.901615][ T8469] do_fast_syscall_32+0x6b/0xd0 [ 161.906450][ T8469] do_SYSENTER_32+0x73/0x90 [ 161.910928][ T8469] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 161.917226][ T8469] RIP: 0023:0xf7f07549 [ 161.921263][ T8469] Code: Bad RIP value. [ 161.925300][ T8469] RSP: 002b:00000000ff8745bc EFLAGS: 00000246 ORIG_RAX: 0000000000000165 [ 161.933684][ T8469] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000740 [ 161.941632][ T8469] RDX: 0000000000000028 RSI: 00000000f7f0728c RDI: 0000000000000004 [ 161.949586][ T8469] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 161.957547][ T8469] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 161.965502][ T8469] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 161.973458][ T8469] [ 161.975760][ T8469] Uninit was created at: [ 161.979983][ T8469] kmsan_internal_poison_shadow+0x66/0xd0 [ 161.985680][ T8469] kmsan_slab_alloc+0x8a/0xe0 [ 161.990333][ T8469] __kmalloc_node_track_caller+0xeab/0x12e0 [ 161.996202][ T8469] pskb_expand_head+0x26e/0x1e30 [ 162.001117][ T8469] skb_ensure_writable+0x4d1/0x590 [ 162.006203][ T8469] bpf_clone_redirect+0x26c/0x650 [ 162.011245][ T8469] ___bpf_prog_run+0x4498/0x98e0 [ 162.016157][ T8469] __bpf_prog_run512+0x12e/0x190 [ 162.021067][ T8469] bpf_test_run+0x52d/0xed0 [ 162.025546][ T8469] bpf_prog_test_run_skb+0x1053/0x2ad0 [ 162.031005][ T8469] __do_sys_bpf+0xb364/0x1a4c0 [ 162.035742][ T8469] __se_sys_bpf+0x8e/0xa0 [ 162.040043][ T8469] __ia32_sys_bpf+0x4a/0x70 [ 162.044523][ T8469] __do_fast_syscall_32+0x2af/0x480 [ 162.049696][ T8469] do_fast_syscall_32+0x6b/0xd0 [ 162.054523][ T8469] do_SYSENTER_32+0x73/0x90 [ 162.059038][ T8469] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 162.065333][ T8469] ===================================================== [ 162.072236][ T8469] Disabling lock debugging due to kernel taint [ 162.078357][ T8469] Kernel panic - not syncing: panic_on_warn set ... [ 162.084920][ T8469] CPU: 0 PID: 8469 Comm: syz-executor932 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 162.094950][ T8469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 162.104979][ T8469] Call Trace: [ 162.108247][ T8469] dump_stack+0x21c/0x280 [ 162.112558][ T8469] panic+0x4d7/0xef7 [ 162.116436][ T8469] ? add_taint+0x17c/0x210 [ 162.120830][ T8469] kmsan_report+0x1df/0x1e0 [ 162.125310][ T8469] __msan_warning+0x58/0xa0 [ 162.129882][ T8469] eth_type_trans+0x655/0xc10 [ 162.134539][ T8469] __dev_forward_skb+0x4b0/0xb30 [ 162.139465][ T8469] veth_xmit+0x486/0xcf0 [ 162.143688][ T8469] ? veth_close+0x160/0x160 [ 162.148166][ T8469] xmit_one+0x3cf/0x750 [ 162.152301][ T8469] ? kmsan_get_metadata+0x116/0x180 [ 162.157482][ T8469] __dev_queue_xmit+0x3aad/0x4470 [ 162.162507][ T8469] dev_queue_xmit+0x4b/0x60 [ 162.167003][ T8469] __bpf_redirect+0x1479/0x16b0 [ 162.171848][ T8469] ? skb_ensure_writable+0x4d1/0x590 [ 162.177120][ T8469] bpf_clone_redirect+0x498/0x650 [ 162.182130][ T8469] ? kmsan_slab_alloc+0x8a/0xe0 [ 162.186965][ T8469] ___bpf_prog_run+0x4498/0x98e0 [ 162.191882][ T8469] ? bpf_csum_level+0x780/0x780 [ 162.196718][ T8469] __bpf_prog_run512+0x12e/0x190 [ 162.201651][ T8469] ? kmsan_slab_alloc+0x8a/0xe0 [ 162.206491][ T8469] ? bpf_prog_test_run_skb+0x8cb/0x2ad0 [ 162.212023][ T8469] ? __do_sys_bpf+0xb364/0x1a4c0 [ 162.217028][ T8469] ? __ia32_sys_bpf+0x4a/0x70 [ 162.221678][ T8469] ? 0xffffffff81000000 [ 162.225814][ T8469] ? do_fast_syscall_32+0x6b/0xd0 [ 162.230829][ T8469] ? do_SYSENTER_32+0x73/0x90 [ 162.235489][ T8469] ? entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 162.242062][ T8469] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 162.248198][ T8469] ? kmsan_get_metadata+0x116/0x180 [ 162.253380][ T8469] ? kmsan_internal_set_origin+0x75/0xb0 [ 162.258991][ T8469] ? __msan_poison_alloca+0xf0/0x120 [ 162.264252][ T8469] ? kmsan_get_metadata+0x116/0x180 [ 162.269428][ T8469] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 162.275209][ T8469] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 162.281250][ T8469] ? ktime_get+0x384/0x470 [ 162.285661][ T8469] ? kmsan_get_metadata+0x4f/0x180 [ 162.290749][ T8469] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 162.296544][ T8469] ? __bpf_prog_run480+0x190/0x190 [ 162.301635][ T8469] bpf_test_run+0x52d/0xed0 [ 162.306136][ T8469] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 162.311919][ T8469] bpf_prog_test_run_skb+0x1053/0x2ad0 [ 162.317367][ T8469] ? bpf_prog_test_run_tracing+0xa00/0xa00 [ 162.323147][ T8469] __do_sys_bpf+0xb364/0x1a4c0 [ 162.327896][ T8469] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 162.333677][ T8469] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 162.339808][ T8469] ? handle_mm_fault+0x46b0/0x4940 [ 162.344908][ T8469] ? kmsan_get_metadata+0x116/0x180 [ 162.350082][ T8469] ? kmsan_set_origin_checked+0x95/0xf0 [ 162.355603][ T8469] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 162.361659][ T8469] ? kmsan_get_metadata+0x116/0x180 [ 162.366842][ T8469] ? kmsan_get_metadata+0x116/0x180 [ 162.372027][ T8469] __se_sys_bpf+0x8e/0xa0 [ 162.376400][ T8469] __ia32_sys_bpf+0x4a/0x70 [ 162.380886][ T8469] __do_fast_syscall_32+0x2af/0x480 [ 162.386068][ T8469] do_fast_syscall_32+0x6b/0xd0 [ 162.390898][ T8469] do_SYSENTER_32+0x73/0x90 [ 162.395380][ T8469] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 162.401680][ T8469] RIP: 0023:0xf7f07549 [ 162.405717][ T8469] Code: Bad RIP value. [ 162.409762][ T8469] RSP: 002b:00000000ff8745bc EFLAGS: 00000246 ORIG_RAX: 0000000000000165 [ 162.418149][ T8469] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000740 [ 162.426096][ T8469] RDX: 0000000000000028 RSI: 00000000f7f0728c RDI: 0000000000000004 [ 162.434044][ T8469] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 162.442033][ T8469] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 162.449978][ T8469] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 162.459248][ T8469] Kernel Offset: disabled [ 162.463566][ T8469] Rebooting in 86400 seconds..