[ OK ] Started Getty on tty3. [ OK ] Started Getty on tty1. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.138' (ECDSA) to the list of known hosts. syzkaller login: [ 85.870611][ T8834] IPVS: ftp: loaded support on port[0] = 21 [ 86.047430][ T8834] chnl_net:caif_netlink_parms(): no params data found [ 86.200509][ T8834] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.207692][ T8834] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.217206][ T8834] device bridge_slave_0 entered promiscuous mode [ 86.226922][ T8834] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.234318][ T8834] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.243373][ T8834] device bridge_slave_1 entered promiscuous mode [ 86.277879][ T8834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.290366][ T8834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.325612][ T8834] team0: Port device team_slave_0 added [ 86.335477][ T8834] team0: Port device team_slave_1 added [ 86.364981][ T8834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.372003][ T8834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.398159][ T8834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.410598][ T8834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.417755][ T8834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.443905][ T8834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.528769][ T8834] device hsr_slave_0 entered promiscuous mode [ 86.592907][ T8834] device hsr_slave_1 entered promiscuous mode [ 86.795060][ T8834] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.858304][ T8834] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.917357][ T8834] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 86.977402][ T8834] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.140452][ T8834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.159345][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 87.169459][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 87.185878][ T8834] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.205846][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 87.216358][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 87.226579][ T32] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.233951][ T32] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.242449][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 87.251709][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 87.261170][ T32] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.268534][ T32] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.278543][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 87.293404][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 87.317750][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 87.334252][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 87.345185][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 87.357910][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 87.375571][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 87.386231][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 87.402393][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 87.411348][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 87.430525][ T8834] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 87.444243][ T8834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 87.454576][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 87.463730][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 87.494901][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 87.504036][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 87.524325][ T8834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.555452][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 87.566363][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 87.600055][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 87.609199][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 87.620291][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 87.629779][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 87.648182][ T8834] device veth0_vlan entered promiscuous mode [ 87.665642][ T8834] device veth1_vlan entered promiscuous mode [ 87.702844][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 87.712912][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 87.722444][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 87.731567][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 87.746952][ T8834] device veth0_macvtap entered promiscuous mode [ 87.760722][ T8834] device veth1_macvtap entered promiscuous mode [ 87.790272][ T8834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.798511][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 87.808080][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 87.816771][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 87.826689][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 87.844705][ T8834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.852695][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 87.862681][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 88.137661][ T9053] device veth0_to_hsr entered promiscuous mode [ 88.173094][ T9053] device batadv0 entered promiscuous mode executing program [ 88.277132][ T9056] veth0_to_hsr: This device is already a HSR slave. executing program [ 88.429612][ T9061] veth0_to_hsr: This device is already a HSR slave. executing program [ 88.557398][ T9066] veth0_to_hsr: This device is already a HSR slave. executing program [ 88.697344][ T9071] veth0_to_hsr: This device is already a HSR slave. executing program [ 88.847318][ T9076] veth0_to_hsr: This device is already a HSR slave. executing program [ 89.006845][ T9081] veth0_to_hsr: This device is already a HSR slave. executing program [ 89.157318][ T9086] veth0_to_hsr: This device is already a HSR slave. executing program [ 89.297221][ T9091] veth0_to_hsr: This device is already a HSR slave. executing program [ 89.447353][ T9096] veth0_to_hsr: This device is already a HSR slave. executing program [ 89.606652][ T9101] veth0_to_hsr: This device is already a HSR slave. executing program [ 89.766609][ T9106] veth0_to_hsr: This device is already a HSR slave. executing program [ 89.896557][ T9111] veth0_to_hsr: This device is already a HSR slave. [ 89.942942][ C1] ===================================================== [ 89.949929][ C1] BUG: KMSAN: uninit-value in batadv_bla_tx+0x2675/0x3730 [ 89.957055][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.6.0-rc7-syzkaller #0 [ 89.965197][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 89.975237][ C1] Call Trace: [ 89.978528][ C1] dump_stack+0x1c9/0x220 [ 89.982857][ C1] kmsan_report+0xf7/0x1e0 [ 89.987272][ C1] __msan_warning+0x58/0xa0 [ 89.991769][ C1] batadv_bla_tx+0x2675/0x3730 [ 89.996531][ C1] ? ptrace_set_debugreg+0xe30/0x18f0 [ 90.002001][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 90.007255][ C1] batadv_interface_tx+0x67c/0x2450 [ 90.012462][ C1] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 90.018553][ C1] ? batadv_softif_is_valid+0xb0/0xb0 [ 90.023914][ C1] dev_hard_start_xmit+0x531/0xab0 [ 90.029029][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 90.034223][ C1] __dev_queue_xmit+0x2f8d/0x3b20 [ 90.039254][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 90.044482][ C1] ? skb_clone+0x404/0x5d0 [ 90.048893][ C1] dev_queue_xmit+0x4b/0x60 [ 90.053388][ C1] hsr_forward_skb+0x2614/0x30d0 [ 90.058528][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 90.063727][ C1] hsr_handle_frame+0x3bc/0x4e0 [ 90.068596][ C1] ? hsr_port_exists+0x90/0x90 [ 90.073347][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 90.079098][ C1] ? __msan_poison_alloca+0xf0/0x120 [ 90.084371][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 90.089479][ C1] process_backlog+0x936/0x1410 [ 90.094322][ C1] ? __list_add_valid+0xb8/0x420 [ 90.099260][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 90.104382][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 90.109600][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 90.114889][ C1] net_rx_action+0x786/0x1aa0 [ 90.119600][ C1] ? net_tx_action+0xc30/0xc30 [ 90.124357][ C1] __do_softirq+0x311/0x83d [ 90.128878][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 90.134079][ C1] ? takeover_tasklets+0x8f0/0x8f0 [ 90.139181][ C1] run_ksoftirqd+0x25/0x40 [ 90.143590][ C1] smpboot_thread_fn+0x493/0x980 [ 90.148538][ C1] kthread+0x4b5/0x4f0 [ 90.152602][ C1] ? cpu_report_death+0x180/0x180 [ 90.157623][ C1] ? kthread_blkcg+0xf0/0xf0 [ 90.162202][ C1] ret_from_fork+0x35/0x40 [ 90.166618][ C1] [ 90.168936][ C1] Uninit was stored to memory at: [ 90.173946][ C1] kmsan_internal_chain_origin+0xad/0x130 [ 90.179682][ C1] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 90.185680][ C1] kmsan_memcpy_metadata+0xb/0x10 [ 90.190698][ C1] __msan_memcpy+0x43/0x50 [ 90.195112][ C1] pskb_expand_head+0x38b/0x1b00 [ 90.200040][ C1] __skb_pad+0x47f/0x900 [ 90.204278][ C1] send_hsr_supervision_frame+0x122d/0x1500 [ 90.210152][ C1] hsr_announce+0x1e2/0x370 [ 90.214728][ C1] call_timer_fn+0x218/0x510 [ 90.219300][ C1] __run_timers+0xcff/0x1210 [ 90.223874][ C1] run_timer_softirq+0x2d/0x50 [ 90.228619][ C1] __do_softirq+0x311/0x83d [ 90.233098][ C1] [ 90.235408][ C1] Uninit was created at: [ 90.239633][ C1] kmsan_save_stack_with_flags+0x3c/0x90 [ 90.245268][ C1] kmsan_alloc_page+0x12a/0x310 [ 90.250120][ C1] __alloc_pages_nodemask+0x5712/0x5e80 [ 90.255660][ C1] page_frag_alloc+0x3ae/0x910 [ 90.260443][ C1] __napi_alloc_skb+0x193/0xa60 [ 90.265322][ C1] page_to_skb+0x19f/0x1100 [ 90.269912][ C1] receive_buf+0xe79/0x8b30 [ 90.274424][ C1] virtnet_poll+0x64b/0x19f0 [ 90.279018][ C1] net_rx_action+0x786/0x1aa0 [ 90.283701][ C1] __do_softirq+0x311/0x83d [ 90.288248][ C1] ===================================================== [ 90.295189][ C1] Disabling lock debugging due to kernel taint [ 90.301342][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 90.307910][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G B 5.6.0-rc7-syzkaller #0 [ 90.317431][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 90.327486][ C1] Call Trace: [ 90.330771][ C1] dump_stack+0x1c9/0x220 [ 90.335115][ C1] panic+0x3d5/0xc3e [ 90.339050][ C1] kmsan_report+0x1df/0x1e0 [ 90.343552][ C1] __msan_warning+0x58/0xa0 [ 90.348050][ C1] batadv_bla_tx+0x2675/0x3730 [ 90.352804][ C1] ? ptrace_set_debugreg+0xe30/0x18f0 [ 90.358290][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 90.363510][ C1] batadv_interface_tx+0x67c/0x2450 [ 90.368722][ C1] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 90.374828][ C1] ? batadv_softif_is_valid+0xb0/0xb0 [ 90.380201][ C1] dev_hard_start_xmit+0x531/0xab0 [ 90.385364][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 90.390571][ C1] __dev_queue_xmit+0x2f8d/0x3b20 [ 90.395610][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 90.400822][ C1] ? skb_clone+0x404/0x5d0 [ 90.405236][ C1] dev_queue_xmit+0x4b/0x60 [ 90.409739][ C1] hsr_forward_skb+0x2614/0x30d0 [ 90.414698][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 90.419859][ C1] hsr_handle_frame+0x3bc/0x4e0 [ 90.424752][ C1] ? hsr_port_exists+0x90/0x90 [ 90.429510][ C1] __netif_receive_skb_core+0x21de/0x5840 [ 90.435260][ C1] ? __msan_poison_alloca+0xf0/0x120 [ 90.440548][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 90.445662][ C1] process_backlog+0x936/0x1410 [ 90.450519][ C1] ? __list_add_valid+0xb8/0x420 [ 90.455453][ C1] ? kmsan_get_metadata+0x4f/0x180 [ 90.460575][ C1] ? kmsan_get_metadata+0x11d/0x180 [ 90.465784][ C1] ? rps_trigger_softirq+0x2e0/0x2e0 [ 90.471075][ C1] net_rx_action+0x786/0x1aa0 [ 90.475765][ C1] ? net_tx_action+0xc30/0xc30 [ 90.480527][ C1] __do_softirq+0x311/0x83d [ 90.485031][ C1] ? ksoftirqd_should_run+0x30/0x30 [ 90.490214][ C1] ? takeover_tasklets+0x8f0/0x8f0 [ 90.495318][ C1] run_ksoftirqd+0x25/0x40 [ 90.499745][ C1] smpboot_thread_fn+0x493/0x980 [ 90.504716][ C1] kthread+0x4b5/0x4f0 [ 90.508776][ C1] ? cpu_report_death+0x180/0x180 [ 90.513881][ C1] ? kthread_blkcg+0xf0/0xf0 [ 90.518513][ C1] ret_from_fork+0x35/0x40 [ 90.523959][ C1] Kernel Offset: 0x2e400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 90.535602][ C1] Rebooting in 86400 seconds..