[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ 81.314719][ T8725] sshd (8725) used greatest stack depth: 3376 bytes left Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts. syzkaller login: [ 94.845502][ T8815] IPVS: ftp: loaded support on port[0] = 21 [ 94.995737][ T8815] chnl_net:caif_netlink_parms(): no params data found [ 95.129277][ T8815] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.136760][ T8815] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.146093][ T8815] device bridge_slave_0 entered promiscuous mode [ 95.156398][ T8815] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.164350][ T8815] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.173787][ T8815] device bridge_slave_1 entered promiscuous mode [ 95.206139][ T8815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.218612][ T8815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.253002][ T8815] team0: Port device team_slave_0 added [ 95.263174][ T8815] team0: Port device team_slave_1 added [ 95.289968][ T8815] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.297677][ T8815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.323944][ T8815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.336656][ T8815] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.344140][ T8815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.371148][ T8815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.446949][ T8815] device hsr_slave_0 entered promiscuous mode [ 95.501866][ T8815] device hsr_slave_1 entered promiscuous mode [ 95.697539][ T8815] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 95.756367][ T8815] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.815863][ T8815] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.875780][ T8815] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.959334][ T8815] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.966663][ T8815] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.974908][ T8815] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.982651][ T8815] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.016239][ T27] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.025402][ T27] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.075750][ T8815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.093532][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 96.103903][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 96.118246][ T8815] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.131171][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 96.141248][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 96.150475][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.157835][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.172492][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 96.182356][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 96.191551][ T2721] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.199048][ T2721] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.223568][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 96.233217][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 96.244554][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 96.256485][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 96.267931][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 96.282489][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 96.293554][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 96.313062][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 96.323211][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 96.333550][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 96.343369][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 96.357583][ T8815] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 96.386903][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 96.395057][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 96.413761][ T8815] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.443572][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 96.453818][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 96.486033][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 96.495948][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 96.506569][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 96.515975][ T2721] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 96.529665][ T8815] device veth0_vlan entered promiscuous mode [ 96.547246][ T8815] device veth1_vlan entered promiscuous mode [ 96.582289][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 96.591531][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 96.601243][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 96.611353][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 96.627003][ T8815] device veth0_macvtap entered promiscuous mode [ 96.640141][ T8815] device veth1_macvtap entered promiscuous mode [ 96.669147][ T8815] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.676912][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 96.686725][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 96.695747][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 96.705686][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 96.724032][ T8815] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.732173][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 96.742330][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 96.995778][ T9035] device veth0_to_hsr entered promiscuous mode [ 97.042082][ T9035] device batadv0 entered promiscuous mode executing program [ 97.146112][ T9039] veth0_to_hsr: This device is already a HSR slave. executing program [ 97.296065][ T9044] veth0_to_hsr: This device is already a HSR slave. executing program [ 97.435822][ T9049] veth0_to_hsr: This device is already a HSR slave. executing program [ 97.565790][ T9054] veth0_to_hsr: This device is already a HSR slave. executing program [ 97.706808][ T9059] veth0_to_hsr: This device is already a HSR slave. executing program [ 97.845660][ T9064] veth0_to_hsr: This device is already a HSR slave. executing program [ 97.996036][ T9069] veth0_to_hsr: This device is already a HSR slave. executing program [ 98.125837][ T9074] veth0_to_hsr: This device is already a HSR slave. executing program [ 98.266185][ T9079] veth0_to_hsr: This device is already a HSR slave. executing program [ 98.406071][ T9084] veth0_to_hsr: This device is already a HSR slave. executing program [ 98.535679][ T9089] veth0_to_hsr: This device is already a HSR slave. executing program [ 98.675696][ T9094] veth0_to_hsr: This device is already a HSR slave. executing program [ 98.805575][ T9099] veth0_to_hsr: This device is already a HSR slave. [ 98.813600][ C0] ===================================================== [ 98.821605][ C0] BUG: KMSAN: uninit-value in batadv_bla_tx+0x2675/0x3730 [ 98.829053][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 98.837315][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 98.847623][ C0] Call Trace: [ 98.850909][ C0] dump_stack+0x1c9/0x220 [ 98.855343][ C0] kmsan_report+0xf7/0x1e0 [ 98.859767][ C0] __msan_warning+0x58/0xa0 [ 98.864384][ C0] batadv_bla_tx+0x2675/0x3730 [ 98.869136][ C0] ? ptrace_set_debugreg+0xe30/0x18f0 [ 98.874542][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 98.879802][ C0] batadv_interface_tx+0x67c/0x2450 [ 98.885001][ C0] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 98.891101][ C0] ? batadv_softif_is_valid+0xb0/0xb0 [ 98.896509][ C0] dev_hard_start_xmit+0x531/0xab0 [ 98.901753][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 98.906963][ C0] __dev_queue_xmit+0x2f8d/0x3b20 [ 98.911996][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 98.917361][ C0] ? skb_clone+0x404/0x5d0 [ 98.921769][ C0] dev_queue_xmit+0x4b/0x60 [ 98.926274][ C0] hsr_forward_skb+0x2614/0x30d0 [ 98.931204][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 98.936323][ C0] hsr_handle_frame+0x3bc/0x4e0 [ 98.941312][ C0] ? hsr_port_exists+0x90/0x90 [ 98.946191][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 98.951976][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 98.957200][ C0] ? kmsan_get_shadow_origin_ptr+0x80/0xb0 [ 98.963028][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 98.968377][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 98.973575][ C0] process_backlog+0x936/0x1410 [ 98.978569][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 98.983699][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 98.988996][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 98.994294][ C0] net_rx_action+0x786/0x1aa0 [ 98.999123][ C0] ? net_tx_action+0xc30/0xc30 [ 99.003975][ C0] __do_softirq+0x311/0x83d [ 99.008508][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 99.013726][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 99.018846][ C0] run_ksoftirqd+0x25/0x40 [ 99.023251][ C0] smpboot_thread_fn+0x493/0x980 [ 99.028656][ C0] kthread+0x4b5/0x4f0 [ 99.032838][ C0] ? cpu_report_death+0x180/0x180 [ 99.037881][ C0] ? kthread_blkcg+0xf0/0xf0 [ 99.042656][ C0] ret_from_fork+0x35/0x40 [ 99.047201][ C0] [ 99.049705][ C0] Uninit was stored to memory at: [ 99.055138][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 99.061262][ C0] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 99.067611][ C0] kmsan_memcpy_metadata+0xb/0x10 [ 99.072775][ C0] __msan_memcpy+0x43/0x50 [ 99.077184][ C0] pskb_expand_head+0x38b/0x1b00 [ 99.082118][ C0] __skb_pad+0x47f/0x900 [ 99.086365][ C0] send_hsr_supervision_frame+0x122d/0x1500 [ 99.093981][ C0] hsr_announce+0x1e2/0x370 [ 99.098934][ C0] call_timer_fn+0x218/0x510 [ 99.103634][ C0] __run_timers+0xcff/0x1210 [ 99.108400][ C0] run_timer_softirq+0x2d/0x50 [ 99.113339][ C0] __do_softirq+0x311/0x83d [ 99.117957][ C0] [ 99.120282][ C0] Uninit was created at: [ 99.124525][ C0] kmsan_save_stack_with_flags+0x3c/0x90 [ 99.130178][ C0] kmsan_alloc_page+0x12a/0x310 [ 99.135740][ C0] __alloc_pages_nodemask+0x5712/0x5e80 [ 99.141279][ C0] page_frag_alloc+0x3ae/0x910 [ 99.146282][ C0] __napi_alloc_skb+0x193/0xa60 [ 99.151132][ C0] page_to_skb+0x19f/0x1100 [ 99.155635][ C0] receive_buf+0xe79/0x8b30 [ 99.160161][ C0] virtnet_poll+0x64b/0x19f0 [ 99.164874][ C0] net_rx_action+0x786/0x1aa0 [ 99.169545][ C0] __do_softirq+0x311/0x83d [ 99.174032][ C0] ===================================================== [ 99.180969][ C0] Disabling lock debugging due to kernel taint [ 99.187151][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 99.193733][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Tainted: G B 5.6.0-rc7-syzkaller #0 [ 99.204109][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 99.214167][ C0] Call Trace: [ 99.218337][ C0] dump_stack+0x1c9/0x220 [ 99.222660][ C0] panic+0x3d5/0xc3e [ 99.226750][ C0] kmsan_report+0x1df/0x1e0 [ 99.231260][ C0] __msan_warning+0x58/0xa0 [ 99.236105][ C0] batadv_bla_tx+0x2675/0x3730 [ 99.240936][ C0] ? ptrace_set_debugreg+0xe30/0x18f0 [ 99.246331][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 99.251558][ C0] batadv_interface_tx+0x67c/0x2450 [ 99.256782][ C0] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 99.262963][ C0] ? batadv_softif_is_valid+0xb0/0xb0 [ 99.268342][ C0] dev_hard_start_xmit+0x531/0xab0 [ 99.273487][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 99.278879][ C0] __dev_queue_xmit+0x2f8d/0x3b20 [ 99.284431][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 99.289633][ C0] ? skb_clone+0x404/0x5d0 [ 99.294043][ C0] dev_queue_xmit+0x4b/0x60 [ 99.298541][ C0] hsr_forward_skb+0x2614/0x30d0 [ 99.303823][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 99.309019][ C0] hsr_handle_frame+0x3bc/0x4e0 [ 99.313874][ C0] ? hsr_port_exists+0x90/0x90 [ 99.318840][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 99.324572][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 99.329778][ C0] ? kmsan_get_shadow_origin_ptr+0x80/0xb0 [ 99.335780][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 99.341269][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 99.346408][ C0] process_backlog+0x936/0x1410 [ 99.351284][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 99.356417][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 99.361660][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 99.366954][ C0] net_rx_action+0x786/0x1aa0 [ 99.371643][ C0] ? net_tx_action+0xc30/0xc30 [ 99.376410][ C0] __do_softirq+0x311/0x83d [ 99.381061][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 99.386336][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 99.391444][ C0] run_ksoftirqd+0x25/0x40 [ 99.395867][ C0] smpboot_thread_fn+0x493/0x980 [ 99.401416][ C0] kthread+0x4b5/0x4f0 [ 99.405491][ C0] ? cpu_report_death+0x180/0x180 [ 99.410603][ C0] ? kthread_blkcg+0xf0/0xf0 [ 99.415189][ C0] ret_from_fork+0x35/0x40 [ 99.421420][ C0] Kernel Offset: 0x13a00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 99.433238][ C0] Rebooting in 86400 seconds..