[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   47.624772][   T26] audit: type=1800 audit(1560993478.362:25): pid=7871 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   47.652457][   T26] audit: type=1800 audit(1560993478.372:26): pid=7871 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   47.690389][   T26] audit: type=1800 audit(1560993478.372:27): pid=7871 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.15.193' (ECDSA) to the list of known hosts.
syzkaller login: [   71.106060][ T8023] IPVS: ftp: loaded support on port[0] = 21
[   71.160420][ T8023] chnl_net:caif_netlink_parms(): no params data found
[   71.182967][ T8023] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.191794][ T8023] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.199732][ T8023] device bridge_slave_0 entered promiscuous mode
[   71.207873][ T8023] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.215393][ T8023] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.223225][ T8023] device bridge_slave_1 entered promiscuous mode
[   71.239932][ T8023] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   71.249659][ T8023] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   71.266137][ T8023] team0: Port device team_slave_0 added
[   71.272853][ T8023] team0: Port device team_slave_1 added
[   71.347155][ T8023] device hsr_slave_0 entered promiscuous mode
[   71.414973][ T8023] device hsr_slave_1 entered promiscuous mode
[   71.472022][ T8023] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.479272][ T8023] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.486949][ T8023] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.494603][ T8023] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.527528][ T8023] 8021q: adding VLAN 0 to HW filter on device bond0
[   71.538534][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   71.559484][   T22] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.567505][   T22] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.576487][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   71.587469][ T8023] 8021q: adding VLAN 0 to HW filter on device team0
[   71.597105][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   71.606014][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.613119][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.626208][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   71.634557][   T22] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.641684][   T22] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.654506][ T2994] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   71.666866][ T2994] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   71.678821][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   71.689619][ T2994] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   71.700419][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   71.710833][ T8023] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
executing program
[   71.727993][ T8023] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.811273][ T8023] FAULT_INJECTION: forcing a failure.
[   71.811273][ T8023] name failslab, interval 1, probability 0, space 0, times 1
[   71.833595][ T8023] CPU: 0 PID: 8023 Comm: syz-executor694 Not tainted 5.2.0-rc5+ #3
[   71.841472][ T8023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   71.851512][ T8023] Call Trace:
[   71.854791][ T8023]  dump_stack+0x1d8/0x2f8
[   71.859212][ T8023]  should_fail+0x608/0x860
[   71.863623][ T8023]  ? setup_fault_attr+0x2b0/0x2b0
[   71.868637][ T8023]  ? shash_ahash_update+0x370/0x370
[   71.873842][ T8023]  __should_failslab+0x11a/0x160
[   71.878763][ T8023]  ? kzalloc+0x26/0x40
[   71.882818][ T8023]  should_failslab+0x9/0x20
[   71.887302][ T8023]  __kmalloc+0x7a/0x310
[   71.891448][ T8023]  kzalloc+0x26/0x40
[   71.895340][ T8023]  skcipher_walk_next+0x7ad/0x19b0
[   71.900444][ T8023]  skcipher_walk_done+0xb50/0xd60
[   71.905450][ T8023]  ctr_crypt+0x1e7/0x3b0
[   71.909688][ T8023]  ? __aes_decrypt+0x40/0x40
[   71.914265][ T8023]  ? cbc_decrypt+0x2a0/0x2a0
[   71.918851][ T8023]  ? simd_skcipher_encrypt+0x55/0x1a0
[   71.924200][ T8023]  simd_skcipher_encrypt+0x163/0x1a0
[   71.929464][ T8023]  crypto_ccm_encrypt+0x33d/0x480
[   71.934467][ T8023]  tls_push_record+0x16e2/0x3650
[   71.939433][ T8023]  ? tls_data_ready+0x2a0/0x2a0
[   71.944274][ T8023]  ? rcu_lock_release+0x9/0x30
[   71.949167][ T8023]  bpf_exec_tx_verdict+0xc3e/0xfd0
[   71.954264][ T8023]  ? kasan_check_write+0x14/0x20
[   71.959185][ T8023]  ? tls_get_rec+0x510/0x510
[   71.963777][ T8023]  ? sk_msg_alloc+0x9bd/0xa60
[   71.968438][ T8023]  tls_sw_sendpage+0xc0d/0x11e0
[   71.973283][ T8023]  ? bpf_exec_tx_verdict+0xfd0/0xfd0
[   71.978553][ T8023]  ? trace_lock_acquire+0x11c/0x190
[   71.983726][ T8023]  ? sock_rps_record_flow+0x1f/0x370
[   71.988989][ T8023]  ? bpf_exec_tx_verdict+0xfd0/0xfd0
[   71.994249][ T8023]  inet_sendpage+0x16d/0x340
[   71.998821][ T8023]  ? inet_sendmsg+0x310/0x310
[   72.003591][ T8023]  sock_sendpage+0xd3/0x120
[   72.008147][ T8023]  pipe_to_sendpage+0x23e/0x310
[   72.012997][ T8023]  ? sock_fasync+0x100/0x100
[   72.017567][ T8023]  ? generic_splice_sendpage+0x200/0x200
[   72.023184][ T8023]  ? kasan_check_write+0x14/0x20
[   72.028101][ T8023]  ? anon_pipe_buf_release+0x185/0x230
[   72.033591][ T8023]  __splice_from_pipe+0x2f7/0x8a0
[   72.038696][ T8023]  ? generic_splice_sendpage+0x200/0x200
[   72.044309][ T8023]  generic_splice_sendpage+0x172/0x200
[   72.049754][ T8023]  ? iter_file_splice_write+0xf40/0xf40
[   72.055293][ T8023]  ? security_file_permission+0x51/0x350
[   72.060922][ T8023]  ? rw_verify_area+0x1c2/0x360
[   72.066148][ T8023]  ? __fdget+0x156/0x200
[   72.070369][ T8023]  ? iter_file_splice_write+0xf40/0xf40
[   72.075892][ T8023]  __se_sys_splice+0x12ec/0x1db0
[   72.080888][ T8023]  ? vfs_write+0x448/0x510
[   72.085305][ T8023]  ? check_preemption_disabled+0xb7/0x280
[   72.091029][ T8023]  ? debug_smp_processor_id+0x1c/0x20
[   72.096380][ T8023]  ? __x64_sys_splice+0x100/0x100
[   72.101395][ T8023]  ? prepare_exit_to_usermode+0x1e1/0x4f0
[   72.107104][ T8023]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   72.112540][ T8023]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[   72.118245][ T8023]  __x64_sys_splice+0xe5/0x100
[   72.122992][ T8023]  do_syscall_64+0xfe/0x140
[   72.127526][ T8023]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   72.133409][ T8023] RIP: 0033:0x441ba9
[   72.137460][ T8023] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   72.157186][ T8023] RSP: 002b:00007ffd6d336548 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[   72.165757][ T8023] RAX: ffffffffffffffda RBX: 00007ffd6d3365b0 RCX: 0000000000441ba9
[   72.173713][ T8023] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
[   72.181673][ T8023] RBP: 0000000000000000 R08: 0000000100000000 R09: 0000000000000000
[   72.189633][ T8023] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
[   72.198364][ T8023] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000
[   72.208843][ T8023] ------------[ cut here ]------------
[   72.214312][ T8023] kernel BUG at ./include/linux/scatterlist.h:97!
[   72.221184][ T8023] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   72.227356][ T8023] CPU: 1 PID: 8023 Comm: syz-executor694 Not tainted 5.2.0-rc5+ #3
[   72.235212][ T8023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   72.245378][ T8023] RIP: 0010:tls_sw_sendpage+0x11b5/0x11e0
[   72.251200][ T8023] Code: c1 38 c1 0f 8c 12 fe ff ff 4c 89 f7 e8 14 bb 27 fb e9 05 fe ff ff e8 0a 92 ee fa 44 8b 7c 24 18 e9 b2 fe ff ff e8 fb 91 ee fa <0f> 0b e8 f4 91 ee fa 0f 0b e8 ed 91 ee fa 4c 89 f7 48 c7 c6 87 e5
[   72.270794][ T8023] RSP: 0018:ffff888094adf7c0 EFLAGS: 00010293
[   72.276840][ T8023] RAX: ffffffff86871ff5 RBX: 0000000000000001 RCX: ffff888095bfc300
[   72.284787][ T8023] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   72.292802][ T8023] RBP: ffff888094adf998 R08: ffffffff8687170c R09: fffff9400045851f
[   72.300819][ T8023] R10: fffff9400045851f R11: 1ffffd400045851e R12: 0000000000000000
[   72.308797][ T8023] R13: 0000000000000080 R14: ffffea00022c28c0 R15: 1ffff110124d0d01
[   72.316907][ T8023] FS:  0000555556a2f880(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
[   72.325822][ T8023] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   72.332387][ T8023] CR2: 00007ffc5c9d1f18 CR3: 00000000a8a2c000 CR4: 00000000001406e0
[   72.340455][ T8023] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   72.348505][ T8023] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   72.356461][ T8023] Call Trace:
[   72.359754][ T8023]  ? bpf_exec_tx_verdict+0xfd0/0xfd0
[   72.365024][ T8023]  ? trace_lock_acquire+0x11c/0x190
[   72.370409][ T8023]  ? sock_rps_record_flow+0x1f/0x370
[   72.375763][ T8023]  ? bpf_exec_tx_verdict+0xfd0/0xfd0
[   72.381023][ T8023]  inet_sendpage+0x16d/0x340
[   72.385653][ T8023]  ? inet_sendmsg+0x310/0x310
[   72.390308][ T8023]  sock_sendpage+0xd3/0x120
[   72.394804][ T8023]  pipe_to_sendpage+0x23e/0x310
[   72.399628][ T8023]  ? sock_fasync+0x100/0x100
[   72.404373][ T8023]  ? generic_splice_sendpage+0x200/0x200
[   72.409986][ T8023]  ? kasan_check_write+0x14/0x20
[   72.415256][ T8023]  ? anon_pipe_buf_release+0x185/0x230
[   72.420690][ T8023]  __splice_from_pipe+0x2f7/0x8a0
[   72.425762][ T8023]  ? generic_splice_sendpage+0x200/0x200
[   72.431451][ T8023]  generic_splice_sendpage+0x172/0x200
[   72.436943][ T8023]  ? iter_file_splice_write+0xf40/0xf40
[   72.442477][ T8023]  ? security_file_permission+0x51/0x350
[   72.448090][ T8023]  ? rw_verify_area+0x1c2/0x360
[   72.452923][ T8023]  ? __fdget+0x156/0x200
[   72.457187][ T8023]  ? iter_file_splice_write+0xf40/0xf40
[   72.462719][ T8023]  __se_sys_splice+0x12ec/0x1db0
[   72.467705][ T8023]  ? vfs_write+0x448/0x510
[   72.472114][ T8023]  ? check_preemption_disabled+0xb7/0x280
[   72.477919][ T8023]  ? debug_smp_processor_id+0x1c/0x20
[   72.483264][ T8023]  ? __x64_sys_splice+0x100/0x100
[   72.488268][ T8023]  ? prepare_exit_to_usermode+0x1e1/0x4f0
[   72.493971][ T8023]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   72.499405][ T8023]  ? trace_irq_disable_rcuidle+0x23/0x1c0
[   72.505110][ T8023]  __x64_sys_splice+0xe5/0x100
[   72.509858][ T8023]  do_syscall_64+0xfe/0x140
[   72.514348][ T8023]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   72.520220][ T8023] RIP: 0033:0x441ba9
[   72.524096][ T8023] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   72.543681][ T8023] RSP: 002b:00007ffd6d336548 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[   72.552136][ T8023] RAX: ffffffffffffffda RBX: 00007ffd6d3365b0 RCX: 0000000000441ba9
[   72.560096][ T8023] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
[   72.568050][ T8023] RBP: 0000000000000000 R08: 0000000100000000 R09: 0000000000000000
[   72.576084][ T8023] R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
[   72.584038][ T8023] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000
[   72.592078][ T8023] Modules linked in:
[   72.598364][ T8023] ---[ end trace 3b5328faabff785c ]---
[   72.603830][ T8023] RIP: 0010:tls_sw_sendpage+0x11b5/0x11e0
[   72.610128][ T8023] Code: c1 38 c1 0f 8c 12 fe ff ff 4c 89 f7 e8 14 bb 27 fb e9 05 fe ff ff e8 0a 92 ee fa 44 8b 7c 24 18 e9 b2 fe ff ff e8 fb 91 ee fa <0f> 0b e8 f4 91 ee fa 0f 0b e8 ed 91 ee fa 4c 89 f7 48 c7 c6 87 e5
[   72.629811][ T8023] RSP: 0018:ffff888094adf7c0 EFLAGS: 00010293
[   72.636160][ T8023] RAX: ffffffff86871ff5 RBX: 0000000000000001 RCX: ffff888095bfc300
[   72.644223][ T8023] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   72.652246][ T8023] RBP: ffff888094adf998 R08: ffffffff8687170c R09: fffff9400045851f
[   72.660242][ T8023] R10: fffff9400045851f R11: 1ffffd400045851e R12: 0000000000000000
[   72.668245][ T8023] R13: 0000000000000080 R14: ffffea00022c28c0 R15: 1ffff110124d0d01
[   72.676238][ T8023] FS:  0000555556a2f880(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
[   72.685703][ T8023] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   72.692322][ T8023] CR2: 00007ffc5c9d1f18 CR3: 00000000a8a2c000 CR4: 00000000001406e0
[   72.700343][ T8023] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   72.708449][ T8023] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   72.716487][ T8023] Kernel panic - not syncing: Fatal exception
[   72.723642][ T8023] Kernel Offset: disabled
[   72.727965][ T8023] Rebooting in 86400 seconds..