A sample crash report can be found here. https://syzkaller.appspot.com/text?tag=CrashReport&x=17486911900000 The line where the bug seems to get triggered is, if (!batadv_compare_eth(hard_iface->net_dev->dev_addr, net_dev->dev_addr)) Looks like it goes through the list of ethernet interfaces, and compares it with the address of the new device; which can end up going uninitialized too. The address should have been set by set_ethernet_addr: static inline void set_ethernet_addr(rtl8150_t * dev) { u8 node_id[6]; get_registers(dev, IDR, sizeof(node_id), node_id); memcpy(dev->netdev->dev_addr, node_id, sizeof(node_id)); } However, when get_registers() fails (when ret <= 0 or ret > size), no memory is copied back into node_id, which remains uninitialized. The address is then set to be this uninitialized node_id value. Checking for the return value of get_registers() in set_ethernet_addr() and further checking the value of set_ethernet_addr() where ever it has been invoked, and handling the condition wherein get_registers() fails appropriately helps solve this issue. Thank you for your time. Thanks, Anant