[[0;32m  OK  [0m] Reached target Timers.
         Starting OpenBSD Secure Shell server...
[[0;32m  OK  [0m] Started Permit User Sessions.
[[0;32m  OK  [0m] Found device /dev/ttyS0.
[[0;32m  OK  [0m] Started System Logging Service.
[   [0;31m*[0;1;31m*[0m[0;31m*[0m] (1 of 2) A start job is running for…Shell server (1min 25s / 2min 46s)[K[  [0;31m*[0;1;31m*[0m[0;31m* [0m] (1 of 2) A start job is running for…Shell server (1min 26s / 2min 46s)[K[[0;32m  OK  [0m] Started getty on tty2-tty6 if dbus and logind are not available.
[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.
[  145.817879][ T8379] sshd (8379) used greatest stack depth: 4536 bytes left
[[0;32m  OK  [0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[[0;32m  OK  [0m] Started Getty on tty6.
[[0;32m  OK  [0m] Started Getty on tty5.
[[0;32m  OK  [0m] Started Getty on tty4.
[[0;32m  OK  [0m] Started Getty on tty3.
[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Getty on tty1.
Warning: Permanently added '10.128.0.48' (ECDSA) to the list of known hosts.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.
[  160.819679][   T29] audit: type=1400 audit(1597566185.857:8): avc:  denied  { execmem } for  pid=8423 comm="syz-executor281" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[  160.856264][ T8479] IPVS: ftp: loaded support on port[0] = 21
[  161.005614][ T8479] chnl_net:caif_netlink_parms(): no params data found
[  161.096101][ T8479] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.103419][ T8479] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.113026][ T8479] device bridge_slave_0 entered promiscuous mode
[  161.123581][ T8479] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.130973][ T8479] bridge0: port 2(bridge_slave_1) entered disabled state

[  161.141599][ T8479] device bridge_slave_1 entered promiscuous mode
Debian GNU/Linux 9 syzkaller ttyS0

syzkaller login: [  161.180481][ T8479] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  161.193792][ T8479] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  161.230254][ T8479] team0: Port device team_slave_0 added
[  161.241389][ T8479] team0: Port device team_slave_1 added
[  161.272217][ T8479] batman_adv: batadv0: Adding interface: batadv_slave_0
[  161.279714][ T8479] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  161.305969][ T8479] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  161.320500][ T8479] batman_adv: batadv0: Adding interface: batadv_slave_1
[  161.327509][ T8479] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  161.353720][ T8479] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  161.399010][ T8479] device hsr_slave_0 entered promiscuous mode
[  161.406794][ T8479] device hsr_slave_1 entered promiscuous mode
[  161.615974][ T8479] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  161.640630][ T8479] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  161.666030][ T8479] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  161.681187][ T8479] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  161.776532][ T8479] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.783768][ T8479] bridge0: port 2(bridge_slave_1) entered forwarding state
[  161.791687][ T8479] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.799072][ T8479] bridge0: port 1(bridge_slave_0) entered forwarding state
[  161.885395][ T8479] 8021q: adding VLAN 0 to HW filter on device bond0
[  161.909967][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  161.921981][   T28] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.931504][   T28] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.943860][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  161.962996][ T8479] 8021q: adding VLAN 0 to HW filter on device team0
[  161.982272][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  161.991358][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.998778][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  162.023963][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  162.035079][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  162.045216][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  162.052647][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  162.062517][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  162.077054][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  162.098736][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  162.109123][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  162.139168][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  162.148985][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  162.158615][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  162.168705][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  162.177772][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  162.195174][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  162.204296][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  162.223663][ T8479] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  162.260502][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  162.268215][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  162.290884][ T8479] 8021q: adding VLAN 0 to HW filter on device batadv0
[  162.327046][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  162.337399][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  162.376367][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  162.385326][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  162.403608][ T8479] device veth0_vlan entered promiscuous mode
[  162.411653][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  162.421082][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  162.443810][ T8479] device veth1_vlan entered promiscuous mode
[  162.489079][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  162.497993][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  162.507260][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  162.516765][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  162.534065][ T8479] device veth0_macvtap entered promiscuous mode
[  162.550404][ T8479] device veth1_macvtap entered promiscuous mode
[  162.585483][ T8479] batman_adv: batadv0: Interface activated: batadv_slave_0
[  162.593138][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  162.602664][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  162.612499][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  162.622605][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  162.643136][ T8479] batman_adv: batadv0: Interface activated: batadv_slave_1
[  162.662414][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  162.673139][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[  162.841966][ T8479] =====================================================
[  162.848958][ T8479] BUG: KMSAN: uninit-value in eth_type_trans+0x655/0xc10
[  162.855996][ T8479] CPU: 0 PID: 8479 Comm: syz-executor281 Not tainted 5.8.0-rc5-syzkaller #0
[  162.864666][ T8479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  162.874713][ T8479] Call Trace:
[  162.877989][ T8479]  dump_stack+0x21c/0x280
[  162.882299][ T8479]  kmsan_report+0xf7/0x1e0
[  162.886695][ T8479]  __msan_warning+0x58/0xa0
[  162.891218][ T8479]  eth_type_trans+0x655/0xc10
[  162.895876][ T8479]  __dev_forward_skb+0x4b0/0xb30
[  162.900795][ T8479]  veth_xmit+0x486/0xcf0
[  162.905018][ T8479]  ? veth_close+0x160/0x160
[  162.909497][ T8479]  xmit_one+0x3cf/0x750
[  162.913655][ T8479]  ? kmsan_get_metadata+0x116/0x180
[  162.918834][ T8479]  __dev_queue_xmit+0x3aad/0x4470
[  162.923867][ T8479]  dev_queue_xmit+0x4b/0x60
[  162.928363][ T8479]  __bpf_redirect+0x1479/0x16b0
[  162.933200][ T8479]  ? skb_ensure_writable+0x4d1/0x590
[  162.938469][ T8479]  bpf_clone_redirect+0x498/0x650
[  162.943483][ T8479]  ? kmsan_slab_alloc+0x8a/0xe0
[  162.948318][ T8479]  ___bpf_prog_run+0x4498/0x98e0
[  162.953239][ T8479]  ? bpf_csum_level+0x780/0x780
[  162.958075][ T8479]  __bpf_prog_run512+0x12e/0x190
[  162.962995][ T8479]  ? kmsan_slab_alloc+0x8a/0xe0
[  162.967825][ T8479]  ? bpf_prog_test_run_skb+0x8cb/0x2ad0
[  162.973369][ T8479]  ? __do_sys_bpf+0xb364/0x1a4c0
[  162.978344][ T8479]  ? __ia32_sys_bpf+0x4a/0x70
[  162.982997][ T8479]  ? 0xffffffff81000000
[  162.987134][ T8479]  ? do_fast_syscall_32+0x6b/0xd0
[  162.992138][ T8479]  ? do_SYSENTER_32+0x73/0x90
[  162.996792][ T8479]  ? entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  163.003275][ T8479]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  163.009410][ T8479]  ? kmsan_get_metadata+0x116/0x180
[  163.014585][ T8479]  ? kmsan_internal_set_origin+0x75/0xb0
[  163.020197][ T8479]  ? __msan_poison_alloca+0xf0/0x120
[  163.025516][ T8479]  ? kmsan_get_metadata+0x116/0x180
[  163.030692][ T8479]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  163.036474][ T8479]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  163.042520][ T8479]  ? ktime_get+0x384/0x470
[  163.046917][ T8479]  ? kmsan_get_metadata+0x4f/0x180
[  163.052008][ T8479]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  163.057792][ T8479]  ? __bpf_prog_run480+0x190/0x190
[  163.062882][ T8479]  bpf_test_run+0x52d/0xed0
[  163.067372][ T8479]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  163.073158][ T8479]  bpf_prog_test_run_skb+0x1053/0x2ad0
[  163.078606][ T8479]  ? bpf_prog_test_run_tracing+0xa00/0xa00
[  163.084404][ T8479]  __do_sys_bpf+0xb364/0x1a4c0
[  163.089163][ T8479]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  163.094966][ T8479]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  163.101017][ T8479]  ? handle_mm_fault+0x46b0/0x4940
[  163.106112][ T8479]  ? kmsan_get_metadata+0x116/0x180
[  163.111323][ T8479]  ? kmsan_set_origin_checked+0x95/0xf0
[  163.116848][ T8479]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  163.122894][ T8479]  ? kmsan_get_metadata+0x116/0x180
[  163.128115][ T8479]  ? kmsan_get_metadata+0x116/0x180
[  163.133294][ T8479]  __se_sys_bpf+0x8e/0xa0
[  163.137604][ T8479]  __ia32_sys_bpf+0x4a/0x70
[  163.142083][ T8479]  __do_fast_syscall_32+0x2af/0x480
[  163.147260][ T8479]  do_fast_syscall_32+0x6b/0xd0
[  163.152088][ T8479]  do_SYSENTER_32+0x73/0x90
[  163.156569][ T8479]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  163.162871][ T8479] RIP: 0023:0xf7fee549
[  163.166914][ T8479] Code: Bad RIP value.
[  163.170955][ T8479] RSP: 002b:00000000ff83163c EFLAGS: 00000246 ORIG_RAX: 0000000000000165
[  163.179342][ T8479] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000740
[  163.187289][ T8479] RDX: 0000000000000028 RSI: 00000000f7fee28c RDI: 0000000000000004
[  163.195238][ T8479] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  163.203186][ T8479] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  163.211134][ T8479] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  163.219106][ T8479] 
[  163.221409][ T8479] Uninit was created at:
[  163.225651][ T8479]  kmsan_internal_poison_shadow+0x66/0xd0
[  163.231353][ T8479]  kmsan_slab_alloc+0x8a/0xe0
[  163.236009][ T8479]  __kmalloc_node_track_caller+0xeab/0x12e0
[  163.241881][ T8479]  pskb_expand_head+0x26e/0x1e30
[  163.246795][ T8479]  skb_ensure_writable+0x4d1/0x590
[  163.251884][ T8479]  bpf_clone_redirect+0x26c/0x650
[  163.256886][ T8479]  ___bpf_prog_run+0x4498/0x98e0
[  163.261800][ T8479]  __bpf_prog_run512+0x12e/0x190
[  163.266713][ T8479]  bpf_test_run+0x52d/0xed0
[  163.271195][ T8479]  bpf_prog_test_run_skb+0x1053/0x2ad0
[  163.276654][ T8479]  __do_sys_bpf+0xb364/0x1a4c0
[  163.281409][ T8479]  __se_sys_bpf+0x8e/0xa0
[  163.285735][ T8479]  __ia32_sys_bpf+0x4a/0x70
[  163.290229][ T8479]  __do_fast_syscall_32+0x2af/0x480
[  163.295404][ T8479]  do_fast_syscall_32+0x6b/0xd0
[  163.300232][ T8479]  do_SYSENTER_32+0x73/0x90
[  163.304711][ T8479]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  163.311007][ T8479] =====================================================
[  163.318121][ T8479] Disabling lock debugging due to kernel taint
[  163.324256][ T8479] Kernel panic - not syncing: panic_on_warn set ...
[  163.330833][ T8479] CPU: 0 PID: 8479 Comm: syz-executor281 Tainted: G    B             5.8.0-rc5-syzkaller #0
[  163.340869][ T8479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  163.350903][ T8479] Call Trace:
[  163.354178][ T8479]  dump_stack+0x21c/0x280
[  163.358490][ T8479]  panic+0x4d7/0xef7
[  163.362421][ T8479]  ? add_taint+0x17c/0x210
[  163.366820][ T8479]  kmsan_report+0x1df/0x1e0
[  163.371305][ T8479]  __msan_warning+0x58/0xa0
[  163.375788][ T8479]  eth_type_trans+0x655/0xc10
[  163.380456][ T8479]  __dev_forward_skb+0x4b0/0xb30
[  163.385372][ T8479]  veth_xmit+0x486/0xcf0
[  163.389595][ T8479]  ? veth_close+0x160/0x160
[  163.394075][ T8479]  xmit_one+0x3cf/0x750
[  163.398210][ T8479]  ? kmsan_get_metadata+0x116/0x180
[  163.403385][ T8479]  __dev_queue_xmit+0x3aad/0x4470
[  163.408397][ T8479]  dev_queue_xmit+0x4b/0x60
[  163.412881][ T8479]  __bpf_redirect+0x1479/0x16b0
[  163.417719][ T8479]  ? skb_ensure_writable+0x4d1/0x590
[  163.422985][ T8479]  bpf_clone_redirect+0x498/0x650
[  163.428011][ T8479]  ? kmsan_slab_alloc+0x8a/0xe0
[  163.432839][ T8479]  ___bpf_prog_run+0x4498/0x98e0
[  163.437757][ T8479]  ? bpf_csum_level+0x780/0x780
[  163.442589][ T8479]  __bpf_prog_run512+0x12e/0x190
[  163.447505][ T8479]  ? kmsan_slab_alloc+0x8a/0xe0
[  163.452333][ T8479]  ? bpf_prog_test_run_skb+0x8cb/0x2ad0
[  163.457854][ T8479]  ? __do_sys_bpf+0xb364/0x1a4c0
[  163.462768][ T8479]  ? __ia32_sys_bpf+0x4a/0x70
[  163.467427][ T8479]  ? 0xffffffff81000000
[  163.471578][ T8479]  ? do_fast_syscall_32+0x6b/0xd0
[  163.476579][ T8479]  ? do_SYSENTER_32+0x73/0x90
[  163.481235][ T8479]  ? entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  163.487714][ T8479]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  163.493844][ T8479]  ? kmsan_get_metadata+0x116/0x180
[  163.499019][ T8479]  ? kmsan_internal_set_origin+0x75/0xb0
[  163.504630][ T8479]  ? __msan_poison_alloca+0xf0/0x120
[  163.509893][ T8479]  ? kmsan_get_metadata+0x116/0x180
[  163.515079][ T8479]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  163.520863][ T8479]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  163.526908][ T8479]  ? ktime_get+0x384/0x470
[  163.531322][ T8479]  ? kmsan_get_metadata+0x4f/0x180
[  163.536410][ T8479]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  163.542193][ T8479]  ? __bpf_prog_run480+0x190/0x190
[  163.547279][ T8479]  bpf_test_run+0x52d/0xed0
[  163.551770][ T8479]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  163.557556][ T8479]  bpf_prog_test_run_skb+0x1053/0x2ad0
[  163.563003][ T8479]  ? bpf_prog_test_run_tracing+0xa00/0xa00
[  163.568784][ T8479]  __do_sys_bpf+0xb364/0x1a4c0
[  163.573532][ T8479]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  163.579315][ T8479]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  163.585357][ T8479]  ? handle_mm_fault+0x46b0/0x4940
[  163.590447][ T8479]  ? kmsan_get_metadata+0x116/0x180
[  163.595623][ T8479]  ? kmsan_set_origin_checked+0x95/0xf0
[  163.601145][ T8479]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  163.607188][ T8479]  ? kmsan_get_metadata+0x116/0x180
[  163.612362][ T8479]  ? kmsan_get_metadata+0x116/0x180
[  163.617546][ T8479]  __se_sys_bpf+0x8e/0xa0
[  163.621854][ T8479]  __ia32_sys_bpf+0x4a/0x70
[  163.626339][ T8479]  __do_fast_syscall_32+0x2af/0x480
[  163.631524][ T8479]  do_fast_syscall_32+0x6b/0xd0
[  163.636369][ T8479]  do_SYSENTER_32+0x73/0x90
[  163.640851][ T8479]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  163.647152][ T8479] RIP: 0023:0xf7fee549
[  163.651193][ T8479] Code: Bad RIP value.
[  163.655232][ T8479] RSP: 002b:00000000ff83163c EFLAGS: 00000246 ORIG_RAX: 0000000000000165
[  163.663617][ T8479] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000740
[  163.671573][ T8479] RDX: 0000000000000028 RSI: 00000000f7fee28c RDI: 0000000000000004
[  163.679519][ T8479] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  163.687478][ T8479] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  163.695423][ T8479] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  163.705009][ T8479] Kernel Offset: disabled
[  163.709332][ T8479] Rebooting in 86400 seconds..