[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.16' (ECDSA) to the list of known hosts. syzkaller login: [ 79.979112][ T8825] IPVS: ftp: loaded support on port[0] = 21 [ 80.123899][ T8825] chnl_net:caif_netlink_parms(): no params data found [ 80.301832][ T8825] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.309015][ T8825] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.318259][ T8825] device bridge_slave_0 entered promiscuous mode [ 80.327540][ T8825] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.334923][ T8825] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.343486][ T8825] device bridge_slave_1 entered promiscuous mode [ 80.374467][ T8825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.386161][ T8825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.417352][ T8825] team0: Port device team_slave_0 added [ 80.425689][ T8825] team0: Port device team_slave_1 added [ 80.452935][ T8825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.459975][ T8825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.486034][ T8825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.498215][ T8825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.505398][ T8825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.531562][ T8825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.615023][ T8825] device hsr_slave_0 entered promiscuous mode [ 80.659493][ T8825] device hsr_slave_1 entered promiscuous mode [ 80.841755][ T8825] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 80.903207][ T8825] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.973299][ T8825] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 81.033042][ T8825] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 81.125446][ T8825] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.132679][ T8825] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.140598][ T8825] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.147746][ T8825] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.160139][ T3898] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.170134][ T3898] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.233997][ T8825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.252158][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 81.260967][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 81.274404][ T8825] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.286203][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 81.296258][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 81.305508][ T3898] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.312874][ T3898] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.328072][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 81.337136][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 81.346682][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.353982][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.387524][ T8825] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 81.398015][ T8825] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 81.415272][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 81.425729][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 81.436085][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 81.446108][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 81.456028][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 81.466412][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 81.476312][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 81.485850][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 81.495567][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 81.505028][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 81.518133][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 81.527224][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 81.557858][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 81.565393][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 81.582469][ T8825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.609831][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 81.619575][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 81.647956][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 81.657546][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 81.669286][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 81.678669][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 81.690002][ T8825] device veth0_vlan entered promiscuous mode [ 81.704633][ T8825] device veth1_vlan entered promiscuous mode [ 81.734560][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 81.743885][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 81.753272][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 81.762706][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 81.775646][ T8825] device veth0_macvtap entered promiscuous mode [ 81.788119][ T8825] device veth1_macvtap entered promiscuous mode [ 81.810902][ T8825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.818813][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 81.827830][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 81.836438][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 81.846168][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 81.864523][ T8825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.873298][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 81.883061][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 82.123673][ T9046] device veth1_to_hsr entered promiscuous mode executing program [ 82.178335][ T9046] device batadv0 entered promiscuous mode [ 82.271721][ T9049] veth1_to_hsr: This device is already a HSR slave. executing program [ 82.441469][ T9054] veth1_to_hsr: This device is already a HSR slave. executing program [ 82.601387][ T9059] veth1_to_hsr: This device is already a HSR slave. executing program [ 82.731506][ T9064] veth1_to_hsr: This device is already a HSR slave. executing program [ 82.871151][ T9069] veth1_to_hsr: This device is already a HSR slave. executing program [ 83.021330][ T9074] veth1_to_hsr: This device is already a HSR slave. executing program [ 83.160694][ T9079] veth1_to_hsr: This device is already a HSR slave. executing program [ 83.302205][ T9084] veth1_to_hsr: This device is already a HSR slave. executing program [ 83.460412][ T9089] veth1_to_hsr: This device is already a HSR slave. executing program [ 83.610031][ T9094] veth1_to_hsr: This device is already a HSR slave. executing program [ 83.770029][ T9099] veth1_to_hsr: This device is already a HSR slave. executing program [ 83.900399][ T9104] veth1_to_hsr: This device is already a HSR slave. executing program [ 84.030690][ T9109] veth1_to_hsr: This device is already a HSR slave. executing program [ 84.150328][ T9114] veth1_to_hsr: This device is already a HSR slave. executing program [ 84.309831][ T9119] veth1_to_hsr: This device is already a HSR slave. executing program [ 84.449432][ T9124] veth1_to_hsr: This device is already a HSR slave. executing program [ 84.579193][ T9129] veth1_to_hsr: This device is already a HSR slave. executing program [ 84.708833][ T9134] veth1_to_hsr: This device is already a HSR slave. executing program [ 84.838796][ T9139] veth1_to_hsr: This device is already a HSR slave. executing program [ 85.008629][ T9144] veth1_to_hsr: This device is already a HSR slave. executing program [ 85.139029][ T9149] veth1_to_hsr: This device is already a HSR slave. executing program [ 85.268031][ T9154] veth1_to_hsr: This device is already a HSR slave. executing program [ 85.398148][ T9159] veth1_to_hsr: This device is already a HSR slave. executing program [ 85.547768][ T9164] veth1_to_hsr: This device is already a HSR slave. executing program [ 85.678116][ T9169] veth1_to_hsr: This device is already a HSR slave. executing program [ 85.817889][ T9174] veth1_to_hsr: This device is already a HSR slave. executing program [ 85.947827][ T9179] veth1_to_hsr: This device is already a HSR slave. executing program [ 86.087687][ T9184] veth1_to_hsr: This device is already a HSR slave. [ 86.104157][ C0] ===================================================== [ 86.111164][ C0] BUG: KMSAN: uninit-value in batadv_bla_tx+0x2675/0x3730 [ 86.118281][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.6.0-rc7-syzkaller #0 [ 86.126326][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.136372][ C0] Call Trace: [ 86.139656][ C0] dump_stack+0x1c9/0x220 [ 86.143986][ C0] kmsan_report+0xf7/0x1e0 [ 86.148391][ C0] __msan_warning+0x58/0xa0 [ 86.152883][ C0] batadv_bla_tx+0x2675/0x3730 [ 86.157633][ C0] ? ptrace_set_debugreg+0xe30/0x18f0 [ 86.163039][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 86.168256][ C0] batadv_interface_tx+0x67c/0x2450 [ 86.173443][ C0] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 86.179498][ C0] ? batadv_softif_is_valid+0xb0/0xb0 [ 86.184850][ C0] dev_hard_start_xmit+0x531/0xab0 [ 86.189948][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 86.195130][ C0] __dev_queue_xmit+0x2f8d/0x3b20 [ 86.200134][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 86.205334][ C0] ? skb_clone+0x404/0x5d0 [ 86.209743][ C0] dev_queue_xmit+0x4b/0x60 [ 86.214236][ C0] hsr_forward_skb+0x2614/0x30d0 [ 86.219169][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 86.224292][ C0] hsr_handle_frame+0x3bc/0x4e0 [ 86.229135][ C0] ? hsr_port_exists+0x90/0x90 [ 86.233942][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 86.239649][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 86.244845][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 86.250128][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 86.255242][ C0] process_backlog+0x936/0x1410 [ 86.260305][ C0] ? __list_add_valid+0xb8/0x420 [ 86.265231][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 86.270384][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 86.275570][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 86.280888][ C0] net_rx_action+0x786/0x1aa0 [ 86.285569][ C0] ? net_tx_action+0xc30/0xc30 [ 86.290319][ C0] __do_softirq+0x311/0x83d [ 86.294811][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 86.299991][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 86.305083][ C0] run_ksoftirqd+0x25/0x40 [ 86.309528][ C0] smpboot_thread_fn+0x493/0x980 [ 86.314458][ C0] kthread+0x4b5/0x4f0 [ 86.318509][ C0] ? cpu_report_death+0x180/0x180 [ 86.323527][ C0] ? kthread_blkcg+0xf0/0xf0 [ 86.328108][ C0] ret_from_fork+0x35/0x40 [ 86.332524][ C0] [ 86.334840][ C0] Uninit was stored to memory at: [ 86.339850][ C0] kmsan_internal_chain_origin+0xad/0x130 [ 86.345550][ C0] kmsan_memcpy_memmove_metadata+0x272/0x2e0 [ 86.351508][ C0] kmsan_memcpy_metadata+0xb/0x10 [ 86.356529][ C0] __msan_memcpy+0x43/0x50 [ 86.360929][ C0] pskb_expand_head+0x38b/0x1b00 [ 86.365849][ C0] __skb_pad+0x47f/0x900 [ 86.370075][ C0] send_hsr_supervision_frame+0x122d/0x1500 [ 86.375944][ C0] hsr_announce+0x1e2/0x370 [ 86.380445][ C0] call_timer_fn+0x218/0x510 [ 86.385028][ C0] __run_timers+0xcff/0x1210 [ 86.389615][ C0] run_timer_softirq+0x2d/0x50 [ 86.394376][ C0] __do_softirq+0x311/0x83d [ 86.398853][ C0] [ 86.401160][ C0] Uninit was created at: [ 86.405396][ C0] kmsan_save_stack_with_flags+0x3c/0x90 [ 86.411019][ C0] kmsan_alloc_page+0x12a/0x310 [ 86.415877][ C0] __alloc_pages_nodemask+0x5712/0x5e80 [ 86.421408][ C0] page_frag_alloc+0x3ae/0x910 [ 86.426159][ C0] __napi_alloc_skb+0x193/0xa60 [ 86.430988][ C0] page_to_skb+0x19f/0x1100 [ 86.435490][ C0] receive_buf+0xe79/0x8b30 [ 86.439971][ C0] virtnet_poll+0x64b/0x19f0 [ 86.444542][ C0] net_rx_action+0x786/0x1aa0 [ 86.449808][ C0] __do_softirq+0x311/0x83d [ 86.454286][ C0] ===================================================== [ 86.461192][ C0] Disabling lock debugging due to kernel taint [ 86.467325][ C0] Kernel panic - not syncing: panic_on_warn set ... [ 86.473895][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Tainted: G B 5.6.0-rc7-syzkaller #0 [ 86.483334][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.493629][ C0] Call Trace: [ 86.496909][ C0] dump_stack+0x1c9/0x220 [ 86.501238][ C0] panic+0x3d5/0xc3e [ 86.505145][ C0] kmsan_report+0x1df/0x1e0 [ 86.509638][ C0] __msan_warning+0x58/0xa0 [ 86.514143][ C0] batadv_bla_tx+0x2675/0x3730 [ 86.518943][ C0] ? ptrace_set_debugreg+0xe30/0x18f0 [ 86.524338][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 86.529535][ C0] batadv_interface_tx+0x67c/0x2450 [ 86.534737][ C0] ? __msan_metadata_ptr_for_load_2+0x10/0x20 [ 86.540810][ C0] ? batadv_softif_is_valid+0xb0/0xb0 [ 86.546181][ C0] dev_hard_start_xmit+0x531/0xab0 [ 86.551318][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 86.556631][ C0] __dev_queue_xmit+0x2f8d/0x3b20 [ 86.561645][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 86.566847][ C0] ? skb_clone+0x404/0x5d0 [ 86.571257][ C0] dev_queue_xmit+0x4b/0x60 [ 86.575761][ C0] hsr_forward_skb+0x2614/0x30d0 [ 86.580697][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 86.585822][ C0] hsr_handle_frame+0x3bc/0x4e0 [ 86.590675][ C0] ? hsr_port_exists+0x90/0x90 [ 86.595601][ C0] __netif_receive_skb_core+0x21de/0x5840 [ 86.601333][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 86.606561][ C0] ? __msan_poison_alloca+0xf0/0x120 [ 86.611859][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 86.616976][ C0] process_backlog+0x936/0x1410 [ 86.621936][ C0] ? __list_add_valid+0xb8/0x420 [ 86.626871][ C0] ? kmsan_get_metadata+0x4f/0x180 [ 86.631992][ C0] ? kmsan_get_metadata+0x11d/0x180 [ 86.637468][ C0] ? rps_trigger_softirq+0x2e0/0x2e0 [ 86.642958][ C0] net_rx_action+0x786/0x1aa0 [ 86.647682][ C0] ? net_tx_action+0xc30/0xc30 [ 86.652455][ C0] __do_softirq+0x311/0x83d [ 86.656975][ C0] ? ksoftirqd_should_run+0x30/0x30 [ 86.662166][ C0] ? takeover_tasklets+0x8f0/0x8f0 [ 86.667479][ C0] run_ksoftirqd+0x25/0x40 [ 86.671898][ C0] smpboot_thread_fn+0x493/0x980 [ 86.676840][ C0] kthread+0x4b5/0x4f0 [ 86.680903][ C0] ? cpu_report_death+0x180/0x180 [ 86.686051][ C0] ? kthread_blkcg+0xf0/0xf0 [ 86.690631][ C0] ret_from_fork+0x35/0x40 [ 86.696647][ C0] Kernel Offset: 0x16400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 86.708327][ C0] Rebooting in 86400 seconds..