[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.0' (ECDSA) to the list of known hosts. syzkaller login: [ 155.621547][ T8492] IPVS: ftp: loaded support on port[0] = 21 [ 155.816554][ T8492] chnl_net:caif_netlink_parms(): no params data found [ 155.925348][ T8492] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.933293][ T8492] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.942863][ T8492] device bridge_slave_0 entered promiscuous mode [ 155.956597][ T8492] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.964186][ T8492] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.973128][ T8492] device bridge_slave_1 entered promiscuous mode [ 156.012876][ T8492] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 156.026759][ T8492] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 156.068331][ T8492] team0: Port device team_slave_0 added [ 156.079144][ T8492] team0: Port device team_slave_1 added [ 156.115792][ T8492] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 156.122980][ T8492] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.149253][ T8492] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 156.163021][ T8492] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 156.170236][ T8492] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.196704][ T8492] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 156.249572][ T8492] device hsr_slave_0 entered promiscuous mode [ 156.257489][ T8492] device hsr_slave_1 entered promiscuous mode [ 156.476096][ T8492] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 156.490886][ T8492] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 156.515036][ T8492] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 156.535627][ T8492] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 156.635502][ T8492] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.642823][ T8492] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.650968][ T8492] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.658348][ T8492] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.780450][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.802076][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.884835][ T8492] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.912549][ T4025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 156.921199][ T4025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 156.940997][ T8492] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.960026][ T4025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 156.969671][ T4025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 156.978586][ T4025] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.985942][ T4025] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.015431][ T4025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 157.025560][ T4025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 157.035772][ T4025] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.043221][ T4025] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.051915][ T4025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 157.072270][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 157.092016][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 157.102253][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 157.139808][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 157.148553][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 157.158708][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 157.169836][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 157.179150][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 157.188823][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 157.198212][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 157.217694][ T8492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 157.263346][ T4025] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 157.271130][ T4025] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 157.296530][ T8492] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.338833][ T4025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 157.350718][ T4025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 157.392878][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 157.402945][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 157.421888][ T8492] device veth0_vlan entered promiscuous mode [ 157.431227][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 157.441761][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 157.465120][ T8492] device veth1_vlan entered promiscuous mode [ 157.523712][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 157.533156][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 157.542896][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 157.552552][ T27] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 157.571999][ T8492] device veth0_macvtap entered promiscuous mode [ 157.592751][ T8492] device veth1_macvtap entered promiscuous mode [ 157.630549][ T8492] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 157.638257][ T4025] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 157.648532][ T4025] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 157.657638][ T4025] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 157.667966][ T4025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 157.688573][ T8492] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 157.706286][ T8492] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.715126][ T8492] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.724080][ T8492] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.733126][ T8492] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.748339][ T4025] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 157.758677][ T4025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 157.917529][ T8700] hsr0: VLAN not yet supported [ 157.917542][ T8700] ===================================================== [ 157.929285][ T8700] BUG: KMSAN: uninit-value in hsr_fill_frame_info+0x3d3/0x570 [ 157.936811][ T8700] CPU: 1 PID: 8700 Comm: syz-executor512 Not tainted 5.9.0-rc4-syzkaller #0 [ 157.945505][ T8700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 157.955651][ T8700] Call Trace: [ 157.958956][ T8700] dump_stack+0x21c/0x280 [ 157.963335][ T8700] kmsan_report+0xf7/0x1e0 [ 157.967781][ T8700] __msan_warning+0x58/0xa0 [ 157.972277][ T8700] hsr_fill_frame_info+0x3d3/0x570 [ 157.977380][ T8700] ? prp_drop_frame+0x200/0x200 [ 157.982229][ T8700] hsr_forward_skb+0xc63/0x2610 [ 157.987102][ T8700] hsr_dev_xmit+0x133/0x230 [ 157.991611][ T8700] ? is_hsr_master+0xb0/0xb0 [ 157.996332][ T8700] xmit_one+0x3cf/0x750 [ 158.000494][ T8700] ? kmsan_get_metadata+0x116/0x180 [ 158.005979][ T8700] __dev_queue_xmit+0x3aad/0x4470 [ 158.011028][ T8700] dev_queue_xmit+0x4b/0x60 [ 158.015616][ T8700] ? netdev_core_pick_tx+0x5a0/0x5a0 [ 158.020890][ T8700] packet_sendmsg+0x8542/0x9a80 [ 158.025732][ T8700] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 158.031531][ T8700] ? kmsan_get_metadata+0x116/0x180 [ 158.036737][ T8700] ? kmsan_internal_set_origin+0x75/0xb0 [ 158.042359][ T8700] ? kmsan_get_metadata+0x116/0x180 [ 158.047550][ T8700] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 158.053352][ T8700] ? __free_slab+0x7b0/0x8b0 [ 158.057927][ T8700] ? aa_sk_perm+0x7da/0xe70 [ 158.062483][ T8700] ? packet_getsockopt+0x1110/0x1110 [ 158.067769][ T8700] __sys_sendto+0x9dc/0xc80 [ 158.072287][ T8700] ? __fpregs_load_activate+0x3f4/0x420 [ 158.077822][ T8700] __se_sys_sendto+0x107/0x130 [ 158.082584][ T8700] __x64_sys_sendto+0x6e/0x90 [ 158.087252][ T8700] do_syscall_64+0x9f/0x140 [ 158.091745][ T8700] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 158.097617][ T8700] RIP: 0033:0x443d79 [ 158.101508][ T8700] Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 158.121112][ T8700] RSP: 002b:00007ffdeb5a7c88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 158.129506][ T8700] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000443d79 [ 158.137461][ T8700] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 158.145425][ T8700] RBP: 00007ffdeb5a7ca0 R08: 0000000020000000 R09: 0000000000000014 [ 158.153410][ T8700] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdeb5a7cb0 [ 158.161368][ T8700] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 158.169335][ T8700] [ 158.171642][ T8700] Uninit was created at: [ 158.175868][ T8700] kmsan_internal_poison_shadow+0x66/0xd0 [ 158.181567][ T8700] kmsan_slab_alloc+0x8a/0xe0 [ 158.186232][ T8700] __kmalloc_node_track_caller+0x9aa/0x12f0 [ 158.192123][ T8700] __alloc_skb+0x35f/0xb30 [ 158.196521][ T8700] alloc_skb_with_frags+0x1f2/0xc10 [ 158.201703][ T8700] sock_alloc_send_pskb+0xc83/0xe50 [ 158.206897][ T8700] packet_sendmsg+0x6abb/0x9a80 [ 158.211742][ T8700] __sys_sendto+0x9dc/0xc80 [ 158.216245][ T8700] __se_sys_sendto+0x107/0x130 [ 158.221007][ T8700] __x64_sys_sendto+0x6e/0x90 [ 158.225694][ T8700] do_syscall_64+0x9f/0x140 [ 158.230222][ T8700] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 158.236611][ T8700] ===================================================== [ 158.243531][ T8700] Disabling lock debugging due to kernel taint [ 158.249824][ T8700] Kernel panic - not syncing: panic_on_warn set ... [ 158.256399][ T8700] CPU: 1 PID: 8700 Comm: syz-executor512 Tainted: G B 5.9.0-rc4-syzkaller #0 [ 158.266457][ T8700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 158.276513][ T8700] Call Trace: [ 158.279813][ T8700] dump_stack+0x21c/0x280 [ 158.284155][ T8700] panic+0x4d7/0xef7 [ 158.288064][ T8700] ? add_taint+0x17c/0x210 [ 158.292650][ T8700] kmsan_report+0x1df/0x1e0 [ 158.297152][ T8700] __msan_warning+0x58/0xa0 [ 158.301793][ T8700] hsr_fill_frame_info+0x3d3/0x570 [ 158.306951][ T8700] ? prp_drop_frame+0x200/0x200 [ 158.312064][ T8700] hsr_forward_skb+0xc63/0x2610 [ 158.317109][ T8700] hsr_dev_xmit+0x133/0x230 [ 158.321713][ T8700] ? is_hsr_master+0xb0/0xb0 [ 158.326323][ T8700] xmit_one+0x3cf/0x750 [ 158.330474][ T8700] ? kmsan_get_metadata+0x116/0x180 [ 158.335666][ T8700] __dev_queue_xmit+0x3aad/0x4470 [ 158.340736][ T8700] dev_queue_xmit+0x4b/0x60 [ 158.345226][ T8700] ? netdev_core_pick_tx+0x5a0/0x5a0 [ 158.350498][ T8700] packet_sendmsg+0x8542/0x9a80 [ 158.355337][ T8700] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 158.361583][ T8700] ? kmsan_get_metadata+0x116/0x180 [ 158.367076][ T8700] ? kmsan_internal_set_origin+0x75/0xb0 [ 158.373105][ T8700] ? kmsan_get_metadata+0x116/0x180 [ 158.378615][ T8700] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 158.384430][ T8700] ? __free_slab+0x7b0/0x8b0 [ 158.389067][ T8700] ? aa_sk_perm+0x7da/0xe70 [ 158.393615][ T8700] ? packet_getsockopt+0x1110/0x1110 [ 158.398901][ T8700] __sys_sendto+0x9dc/0xc80 [ 158.403437][ T8700] ? __fpregs_load_activate+0x3f4/0x420 [ 158.409004][ T8700] __se_sys_sendto+0x107/0x130 [ 158.413780][ T8700] __x64_sys_sendto+0x6e/0x90 [ 158.418444][ T8700] do_syscall_64+0x9f/0x140 [ 158.422947][ T8700] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 158.428826][ T8700] RIP: 0033:0x443d79 [ 158.432707][ T8700] Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 158.452442][ T8700] RSP: 002b:00007ffdeb5a7c88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 158.460855][ T8700] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000443d79 [ 158.468826][ T8700] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 158.476784][ T8700] RBP: 00007ffdeb5a7ca0 R08: 0000000020000000 R09: 0000000000000014 [ 158.484739][ T8700] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdeb5a7cb0 [ 158.492726][ T8700] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 158.501856][ T8700] Kernel Offset: disabled [ 158.506182][ T8700] Rebooting in 86400 seconds..