[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.247' (ECDSA) to the list of known hosts. syzkaller login: [ 45.766201] audit: type=1400 audit(1595502582.150:8): avc: denied { execmem } for pid=6464 comm="syz-executor531" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 45.783213] IPVS: ftp: loaded support on port[0] = 21 [ 45.856511] chnl_net:caif_netlink_parms(): no params data found [ 45.934788] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.941975] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.950656] device bridge_slave_0 entered promiscuous mode [ 45.957879] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.965349] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.972831] device bridge_slave_1 entered promiscuous mode [ 45.991035] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.000382] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.018541] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.025958] team0: Port device team_slave_0 added [ 46.031804] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.039016] team0: Port device team_slave_1 added [ 46.054762] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.061082] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.086994] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.098737] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.105061] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.130434] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.141397] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.149400] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 46.212370] device hsr_slave_0 entered promiscuous mode [ 46.249596] device hsr_slave_1 entered promiscuous mode [ 46.289641] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 46.296723] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 46.362236] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.368645] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.375574] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.381991] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.416259] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 46.423474] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.433327] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 46.442298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.461308] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.468441] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.476363] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 46.487218] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 46.494057] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.503232] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.511430] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.517755] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.527619] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.535733] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.542118] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.557369] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.565034] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.575910] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.587065] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.598670] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 46.609479] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 46.615658] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 46.624136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.637639] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 46.645722] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 46.652983] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 46.663509] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.676670] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 46.686294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.718560] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 46.726294] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 46.733621] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 46.744277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.752303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.759906] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.768509] device veth0_vlan entered promiscuous mode [ 46.777512] device veth1_vlan entered promiscuous mode [ 46.783753] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 46.792523] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 46.804949] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 46.814629] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 46.822028] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 46.829586] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.840568] device veth0_macvtap entered promiscuous mode [ 46.849544] device veth1_macvtap entered promiscuous mode [ 46.857953] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 46.868390] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 46.878521] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 46.887236] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.894683] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 46.903738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.914693] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 46.922110] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.930293] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.938042] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 47.098609] kasan: CONFIG_KASAN_INLINE enabled [ 47.103341] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 47.110747] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 47.116975] CPU: 0 PID: 6688 Comm: syz-executor531 Not tainted 4.19.134-syzkaller #0 [ 47.124833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.134173] RIP: 0010:xfrmi_decode_session+0x146/0x770 [ 47.139427] Code: 7c dc 10 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 f4 05 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5c dc 10 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 c7 05 00 00 4c 8b 23 e8 28 68 18 fb e8 e3 2b 2a [ 47.158314] RSP: 0018:ffff8880860ff188 EFLAGS: 00010246 [ 47.163675] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff863f8884 [ 47.170928] RDX: 0000000000000000 RSI: ffffffff863f82d0 RDI: ffff88809e8c8708 [ 47.178176] RBP: 0000000000000039 R08: 0000000000000000 R09: 0000000000000000 [ 47.185470] R10: 0000000000000003 R11: 00000000eeb03607 R12: ffff88809e8c8700 [ 47.192718] R13: 000000000000003f R14: ffff8880896e0900 R15: 0000000000000000 [ 47.199967] FS: 00007f02def82700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 47.208256] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.214112] CR2: 0000000020000040 CR3: 00000000a083e000 CR4: 00000000001406f0 [ 47.221362] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.228612] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.235857] Call Trace: [ 47.238430] __xfrm_policy_check+0x1eb/0x2300 [ 47.242907] ? __lock_acquire+0x6de/0x3ff0 [ 47.247123] ? __xfrm_route_forward+0x710/0x710 [ 47.251794] ? mark_held_locks+0xf0/0xf0 [ 47.255840] ? ip_vs_in+0x24d/0x25c0 [ 47.259533] ? ip_vs_out+0x6a5/0x1e10 [ 47.263384] ? nf_ct_deliver_cached_events+0x205/0x630 [ 47.268641] ? mark_held_locks+0xf0/0xf0 [ 47.272678] ? lock_downgrade+0x720/0x720 [ 47.276804] ? check_preemption_disabled+0x41/0x280 [ 47.281799] ? vti_input+0x21d/0x800 [ 47.285490] ? lock_downgrade+0x720/0x720 [ 47.289654] ? check_preemption_disabled+0x41/0x280 [ 47.294645] ? ip_tunnel_lookup+0x9e9/0xdf0 [ 47.298958] vti_input+0x57c/0x800 [ 47.302485] xfrm4_esp_rcv+0xc8/0x220 [ 47.306267] ip_local_deliver_finish+0x495/0xc00 [ 47.311005] ip_local_deliver+0x188/0x500 [ 47.315132] ? ip_call_ra_chain+0x5d0/0x5d0 [ 47.319445] ? inet_add_protocol.cold+0x27/0x27 [ 47.324141] ? ip_rcv_finish_core.constprop.0+0x875/0x1a60 [ 47.329781] ip_rcv_finish+0x1ca/0x2e0 [ 47.333699] ip_rcv+0xca/0x3c0 [ 47.336873] ? ip_local_deliver+0x500/0x500 [ 47.341217] ? lock_downgrade+0x720/0x720 [ 47.345342] ? ip_sublist_rcv+0xc40/0xc40 [ 47.349467] ? netif_receive_skb_internal+0x1da/0x3f0 [ 47.354634] ? ip_local_deliver+0x500/0x500 [ 47.358933] __netif_receive_skb_one_core+0x114/0x180 [ 47.364099] ? __netif_receive_skb_core+0x3270/0x3270 [ 47.369265] ? mark_held_locks+0xa6/0xf0 [ 47.373307] ? lock_acquire+0x170/0x3c0 [ 47.377259] ? netif_receive_skb_internal+0x6e/0x3f0 [ 47.382341] __netif_receive_skb+0x27/0x1c0 [ 47.386641] netif_receive_skb_internal+0xf0/0x3f0 [ 47.391547] ? __netif_receive_skb+0x1c0/0x1c0 [ 47.396105] ? eth_get_headlen+0x1b0/0x1b0 [ 47.400317] napi_gro_frags+0x67b/0x990 [ 47.404266] tun_get_user+0x2a53/0x4be0 [ 47.408221] ? tun_chr_read_iter+0x1d0/0x1d0 [ 47.412609] ? lock_downgrade+0x720/0x720 [ 47.416758] ? check_preemption_disabled+0x41/0x280 [ 47.421756] ? check_preemption_disabled+0x41/0x280 [ 47.426753] tun_chr_write_iter+0xb0/0x150 [ 47.430975] __vfs_write+0x51b/0x770 [ 47.434669] ? kernel_read+0x110/0x110 [ 47.438550] __kernel_write+0x109/0x370 [ 47.442543] write_pipe_buf+0x153/0x1f0 [ 47.446496] ? default_file_splice_read+0xa00/0xa00 [ 47.451492] ? splice_from_pipe_next.part.0+0x2ad/0x360 [ 47.456861] ? anon_pipe_buf_release+0x2a0/0x380 [ 47.461596] __splice_from_pipe+0x389/0x800 [ 47.465900] ? default_file_splice_read+0xa00/0xa00 [ 47.470898] default_file_splice_write+0xd8/0x180 [ 47.475753] ? generic_splice_sendpage+0x140/0x140 [ 47.480660] ? security_file_permission+0x1c0/0x220 [ 47.485652] ? generic_splice_sendpage+0x140/0x140 [ 47.490557] __se_sys_splice+0xfe7/0x16d0 [ 47.494685] ? lock_acquire+0x170/0x3c0 [ 47.498643] ? ret_from_fork+0x8/0x30 [ 47.502477] ? __se_sys_tee+0xb90/0xb90 [ 47.506428] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 47.511160] ? trace_hardirqs_off_caller+0x69/0x210 [ 47.516428] ? do_syscall_64+0x21/0x620 [ 47.520394] do_syscall_64+0xf9/0x620 [ 47.524180] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.529353] RIP: 0033:0x448c79 [ 47.532528] Code: e8 cc 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 47.551409] RSP: 002b:00007f02def81d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 47.559208] RAX: ffffffffffffffda RBX: 00000000006dec78 RCX: 0000000000448c79 [ 47.566468] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 47.573716] RBP: 00000000006dec70 R08: 0000000000010005 R09: 0000000000000000 [ 47.580964] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dec7c [ 47.588220] R13: 0000000000003172 R14: 656c6c616b7a7973 R15: 00000000006dec7c [ 47.595478] Modules linked in: [ 47.598712] ---[ end trace 797c78e7ec769cfa ]--- [ 47.603473] RIP: 0010:xfrmi_decode_session+0x146/0x770 [ 47.608792] Code: 7c dc 10 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 f4 05 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5c dc 10 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 c7 05 00 00 4c 8b 23 e8 28 68 18 fb e8 e3 2b 2a [ 47.628211] RSP: 0018:ffff8880860ff188 EFLAGS: 00010246 [ 47.633615] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff863f8884 [ 47.640924] RDX: 0000000000000000 RSI: ffffffff863f82d0 RDI: ffff88809e8c8708 [ 47.648185] RBP: 0000000000000039 R08: 0000000000000000 R09: 0000000000000000 [ 47.655473] R10: 0000000000000003 R11: 00000000eeb03607 R12: ffff88809e8c8700 [ 47.662768] R13: 000000000000003f R14: ffff8880896e0900 R15: 0000000000000000 [ 47.670066] FS: 00007f02def82700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 47.678284] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.684182] CR2: 0000000020000040 CR3: 00000000a083e000 CR4: 00000000001406f0 [ 47.691501] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.698804] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.706069] Kernel panic - not syncing: Fatal exception in interrupt [ 47.713887] Kernel Offset: disabled [ 47.717520] Rebooting in 86400 seconds..