[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.102' (ECDSA) to the list of known hosts. 2022/10/30 22:59:58 ignoring optional flag "sandboxArg"="0" 2022/10/30 22:59:59 parsed 1 programs 2022/10/30 22:59:59 executed programs: 0 syzkaller login: [ 33.681732] IPVS: ftp: loaded support on port[0] = 21 [ 33.826892] chnl_net:caif_netlink_parms(): no params data found [ 33.865160] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.872975] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.880824] device bridge_slave_0 entered promiscuous mode [ 33.887635] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.894859] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.902340] device bridge_slave_1 entered promiscuous mode [ 33.918546] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 33.927186] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 33.944883] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 33.952352] team0: Port device team_slave_0 added [ 33.957728] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 33.965605] team0: Port device team_slave_1 added [ 33.980797] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.987043] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.013271] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.024822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.031493] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.057470] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.072125] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 34.079370] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 34.097820] device hsr_slave_0 entered promiscuous mode [ 34.103445] device hsr_slave_1 entered promiscuous mode [ 34.109255] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 34.116356] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 34.175988] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.182434] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.189192] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.195588] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.221606] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 34.227697] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.236821] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.246372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.265024] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.272138] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.281969] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 34.288027] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.296548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 34.304248] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.310647] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.329374] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 34.339286] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 34.350052] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 34.356592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 34.364634] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.371390] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.378875] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 34.386629] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 34.394345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 34.402028] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 34.409479] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 34.416174] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 34.441227] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 34.449845] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 34.456509] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 34.465942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.512445] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 34.523184] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 34.552618] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 34.560096] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 34.566534] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 34.575293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 34.582861] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 34.590200] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 34.598465] device veth0_vlan entered promiscuous mode [ 34.607448] device veth1_vlan entered promiscuous mode [ 34.613710] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 34.622146] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 34.632633] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 34.642435] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 34.649683] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 34.656808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 34.665933] device veth0_macvtap entered promiscuous mode [ 34.672262] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 34.680663] device veth1_macvtap entered promiscuous mode [ 34.688513] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 34.697470] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 34.707450] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 34.714528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 34.733612] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 34.742802] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 34.750982] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 34.758051] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 34.913914] audit: type=1804 audit(1667170801.409:2): pid=8240 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir1193472465/syzkaller.inO7B8/0/bus" dev="sda1" ino=13868 res=1 [ 34.936975] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 34.960358] FAULT_INJECTION: forcing a failure. [ 34.960358] name failslab, interval 1, probability 0, space 0, times 1 [ 34.972122] CPU: 1 PID: 8240 Comm: syz-executor.0 Not tainted 4.14.296-syzkaller #0 [ 34.979909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 [ 34.989246] Call Trace: [ 34.991819] dump_stack+0x1b2/0x281 [ 34.995436] should_fail.cold+0x10a/0x149 [ 34.999564] should_failslab+0xd6/0x130 [ 35.003527] __kmalloc+0x2c1/0x400 [ 35.007046] ? tls_push_record+0xfa/0x1270 [ 35.011422] tls_push_record+0xfa/0x1270 [ 35.015563] tls_sw_sendpage+0x760/0xb50 [ 35.019611] ? tls_sw_sendmsg+0xfd0/0xfd0 [ 35.023748] inet_sendpage+0x155/0x590 [ 35.027622] ? tls_sw_sendmsg+0xfd0/0xfd0 [ 35.031928] ? current_kernel_time64+0x154/0x230 [ 35.036658] ? inet_getname+0x3a0/0x3a0 [ 35.040615] sock_sendpage+0xdf/0x140 [ 35.044392] pipe_to_sendpage+0x226/0x2d0 [ 35.048520] ? sockfs_setattr+0x140/0x140 [ 35.052733] ? direct_splice_actor+0x160/0x160 [ 35.057485] __splice_from_pipe+0x326/0x7a0 [ 35.061793] ? direct_splice_actor+0x160/0x160 [ 35.066363] generic_splice_sendpage+0xc1/0x110 [ 35.071126] ? vmsplice_to_user+0x1b0/0x1b0 [ 35.075432] ? rw_verify_area+0xe1/0x2a0 [ 35.079504] ? vmsplice_to_user+0x1b0/0x1b0 [ 35.083901] direct_splice_actor+0x115/0x160 [ 35.088294] splice_direct_to_actor+0x27c/0x730 [ 35.092943] ? generic_pipe_buf_nosteal+0x10/0x10 [ 35.097777] ? do_splice_to+0x140/0x140 [ 35.101730] ? rw_verify_area+0xe1/0x2a0 [ 35.105771] do_splice_direct+0x164/0x210 [ 35.109912] ? splice_direct_to_actor+0x730/0x730 [ 35.114843] ? rw_verify_area+0xe1/0x2a0 [ 35.118878] do_sendfile+0x47f/0xb30 [ 35.122571] ? do_compat_writev+0x180/0x180 [ 35.126888] SyS_sendfile64+0xff/0x110 [ 35.130758] ? SyS_sendfile+0x130/0x130 [ 35.134704] ? do_syscall_64+0x4c/0x640 [ 35.138667] ? SyS_sendfile+0x130/0x130 [ 35.142626] do_syscall_64+0x1d5/0x640 [ 35.146491] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 35.151654] RIP: 0033:0x7fdecf2935a9 [ 35.155336] RSP: 002b:00007fdece5e5168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 35.163017] RAX: ffffffffffffffda RBX: 00007fdecf3b4050 RCX: 00007fdecf2935a9 [ 35.170262] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000007 [ 35.177521] RBP: 00007fdece5e51d0 R08: 0000000000000000 R09: 0000000000000000 [ 35.184773] R10: 0000800100020046 R11: 0000000000000246 R12: 0000000000000001 [ 35.192041] R13: 00007ffde1789c2f R14: 00007fdece5e5300 R15: 0000000000022000 [ 35.308831] kasan: CONFIG_KASAN_INLINE enabled [ 35.313732] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 35.322644] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 35.328890] Modules linked in: [ 35.332071] CPU: 1 PID: 8240 Comm: syz-executor.0 Not tainted 4.14.296-syzkaller #0 [ 35.339924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 [ 35.349255] task: ffff8880af4d4000 task.stack: ffff8880af4a8000 [ 35.355290] RIP: 0010:scatterwalk_copychunks+0x4a3/0x680 [ 35.360715] RSP: 0018:ffff8880af4af520 EFLAGS: 00010202 [ 35.366060] RAX: dffffc0000000000 RBX: 000000000000401d RCX: 0000000000000000 [ 35.373305] RDX: 0000000000000002 RSI: ffff8880affe445d RDI: ffff88809a223818 [ 35.380548] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1012888803 [ 35.387812] R10: ffff88809444401c R11: 0000000000000000 R12: 000000000000401d [ 35.395069] R13: ffff8880af4af5d8 R14: 0000000000001000 R15: ffff88809a223824 [ 35.402317] FS: 00007fdece5e5700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 [ 35.410634] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.416494] CR2: 00007fdece5e4ff8 CR3: 00000000aa7f8000 CR4: 00000000003406e0 [ 35.423831] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 35.431081] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 35.438330] Call Trace: [ 35.440960] scatterwalk_map_and_copy+0x100/0x1a0 [ 35.445879] ? scatterwalk_ffwd+0x420/0x420 [ 35.450175] ? aesni_gcm_enc_avx2+0x155/0x170 [ 35.454642] ? kernel_fpu_end+0xf4/0x140 [ 35.458676] ? kernel_fpu_enable+0x30/0x30 [ 35.462884] gcmaes_encrypt.constprop.0+0x6cd/0xc00 [ 35.467902] ? generic_gcmaes_encrypt+0xf4/0x130 [ 35.472632] ? helper_rfc4106_encrypt+0x2b0/0x2b0 [ 35.477448] ? tls_push_record+0xfa/0x1270 [ 35.481753] ? cryptd_aead_child+0x9/0x40 [ 35.485874] ? tls_push_record+0x938/0x1270 [ 35.490176] ? tls_sw_sendpage+0x760/0xb50 [ 35.494388] ? tls_sw_sendmsg+0xfd0/0xfd0 [ 35.498508] ? inet_sendpage+0x155/0x590 [ 35.502542] ? tls_sw_sendmsg+0xfd0/0xfd0 [ 35.506672] ? current_kernel_time64+0x154/0x230 [ 35.511493] ? inet_getname+0x3a0/0x3a0 [ 35.515442] ? sock_sendpage+0xdf/0x140 [ 35.519392] ? pipe_to_sendpage+0x226/0x2d0 [ 35.523812] ? sockfs_setattr+0x140/0x140 [ 35.527939] ? direct_splice_actor+0x160/0x160 [ 35.532590] ? __splice_from_pipe+0x326/0x7a0 [ 35.537266] ? direct_splice_actor+0x160/0x160 [ 35.541828] ? generic_splice_sendpage+0xc1/0x110 [ 35.546645] ? vmsplice_to_user+0x1b0/0x1b0 [ 35.550948] ? rw_verify_area+0xe1/0x2a0 [ 35.554982] ? vmsplice_to_user+0x1b0/0x1b0 [ 35.559277] ? direct_splice_actor+0x115/0x160 [ 35.563838] ? splice_direct_to_actor+0x27c/0x730 [ 35.568744] ? generic_pipe_buf_nosteal+0x10/0x10 [ 35.573666] ? do_splice_to+0x140/0x140 [ 35.577626] ? rw_verify_area+0xe1/0x2a0 [ 35.581668] ? do_splice_direct+0x164/0x210 [ 35.585968] ? splice_direct_to_actor+0x730/0x730 [ 35.590790] ? rw_verify_area+0xe1/0x2a0 [ 35.594829] ? do_sendfile+0x47f/0xb30 [ 35.598695] ? do_compat_writev+0x180/0x180 [ 35.603081] ? SyS_sendfile64+0xff/0x110 [ 35.607133] ? SyS_sendfile+0x130/0x130 [ 35.611082] ? do_syscall_64+0x4c/0x640 [ 35.615113] ? SyS_sendfile+0x130/0x130 [ 35.619058] ? do_syscall_64+0x1d5/0x640 [ 35.623093] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 35.628434] Code: fc ff df 80 3c 02 00 0f 85 d9 01 00 00 48 8d 45 10 49 89 6d 00 48 89 c2 48 89 44 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 81 01 00 00 48 b8 00 00 00 [ 35.647529] RIP: scatterwalk_copychunks+0x4a3/0x680 RSP: ffff8880af4af520 [ 35.656107] ---[ end trace 13bfa3d0d86a7807 ]--- [ 35.661016] Kernel panic - not syncing: Fatal exception [ 35.666555] Kernel Offset: disabled [ 35.670168] Rebooting in 86400 seconds..