Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.219' (ECDSA) to the list of known hosts. syzkaller login: [ 69.206794][ T8463] chnl_net:caif_netlink_parms(): no params data found [ 69.261612][ T8463] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.269955][ T8463] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.279295][ T8463] device bridge_slave_0 entered promiscuous mode [ 69.290438][ T8463] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.298918][ T8463] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.307202][ T8463] device bridge_slave_1 entered promiscuous mode [ 69.329162][ T8463] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.341460][ T8463] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.364523][ T8463] team0: Port device team_slave_0 added [ 69.371615][ T8463] team0: Port device team_slave_1 added [ 69.389224][ T8463] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.396366][ T8463] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.422354][ T8463] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.434983][ T8463] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.441929][ T8463] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.468142][ T8463] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.495023][ T8463] device hsr_slave_0 entered promiscuous mode [ 69.501652][ T8463] device hsr_slave_1 entered promiscuous mode [ 69.599861][ T8463] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 69.610150][ T8463] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 69.620413][ T8463] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 69.630491][ T8463] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 69.655985][ T8463] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.663127][ T8463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.671190][ T8463] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.678376][ T8463] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.721816][ T8463] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.736485][ T4855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 69.748146][ T4855] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.757003][ T4855] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.766531][ T4855] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 69.780066][ T8463] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.791455][ T2959] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.800173][ T2959] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.807593][ T2959] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.819289][ T4855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.828419][ T4855] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.835522][ T4855] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.855801][ T8690] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.870691][ T8690] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 69.879343][ T8690] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.894062][ T8463] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 69.904604][ T8463] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 69.917347][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 69.926570][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 69.935661][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 69.953805][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 69.961236][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 69.974160][ T8463] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.993884][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 70.013947][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 70.022549][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 70.030638][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 70.040029][ T8463] device veth0_vlan entered promiscuous mode [ 70.055209][ T8463] device veth1_vlan entered promiscuous mode [ 70.076510][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 70.085072][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 70.093271][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 70.104993][ T8463] device veth0_macvtap entered promiscuous mode [ 70.116308][ T8463] device veth1_macvtap entered promiscuous mode [ 70.133043][ T8463] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.140743][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 70.151717][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 70.166109][ T8463] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.173892][ T2959] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 70.185352][ T8463] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.195111][ T8463] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.204255][ T8463] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.212957][ T8463] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.342740][ T705] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN [ 70.354487][ T705] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 70.362913][ T705] CPU: 1 PID: 705 Comm: kworker/u4:5 Not tainted 5.14.0-rc4-syzkaller #0 [ 70.371327][ T705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.381373][ T705] Workqueue: pencrypt_parallel padata_parallel_worker [ 70.388146][ T705] RIP: 0010:scatterwalk_copychunks+0x4db/0x6a0 [ 70.394297][ T705] Code: ff df 80 3c 02 00 0f 85 b4 01 00 00 49 8d 44 24 08 4d 89 26 48 89 c2 48 89 44 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 77 01 00 00 48 b8 00 00 00 00 [ 70.413904][ T705] RSP: 0018:ffffc900033cf628 EFLAGS: 00010202 [ 70.419975][ T705] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 70.427934][ T705] RDX: 0000000000000001 RSI: ffffffff83d3d2c3 RDI: 0000000000000003 [ 70.435905][ T705] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff888015fff01b [ 70.443863][ T705] R10: ffffffff83d3d273 R11: 0000000000086088 R12: 0000000000000000 [ 70.451820][ T705] R13: 0000000000000001 R14: ffffc900033cf888 R15: 0000000000000000 [ 70.459777][ T705] FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 70.468697][ T705] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.475273][ T705] CR2: 00007ffce245aec0 CR3: 000000000b68e000 CR4: 00000000001506e0 [ 70.483233][ T705] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.491192][ T705] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.499156][ T705] Call Trace: [ 70.502429][ T705] skcipher_walk_next+0x7af/0x1680 [ 70.507568][ T705] skcipher_walk_first+0xf8/0x3c0 [ 70.512589][ T705] skcipher_walk_aead_common+0x7a5/0xbc0 [ 70.518218][ T705] gcmaes_crypt_by_sg+0x31d/0x890 [ 70.523248][ T705] ? aes_set_key+0x30/0x30 [ 70.527662][ T705] ? unwind_next_frame+0x3da/0x1ce0 [ 70.532859][ T705] ? create_prof_cpu_mask+0x20/0x20 [ 70.538044][ T705] ? arch_stack_walk+0x7d/0xe0 [ 70.542803][ T705] ? is_dynamic_key+0x1a0/0x1a0 [ 70.547639][ T705] ? add_lock_to_list.constprop.0+0x185/0x370 [ 70.553693][ T705] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 70.559667][ T705] ? __lock_acquire+0x162f/0x54a0 [ 70.564681][ T705] gcmaes_encrypt+0xe2/0x230 [ 70.569275][ T705] ? helper_rfc4106_decrypt+0x370/0x370 [ 70.574820][ T705] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 70.580802][ T705] generic_gcmaes_encrypt+0x12e/0x190 [ 70.586178][ T705] ? gcmaes_encrypt+0x230/0x230 [ 70.591020][ T705] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 70.597271][ T705] crypto_aead_encrypt+0xaa/0xf0 [ 70.602730][ T705] crypto_aead_encrypt+0xaa/0xf0 [ 70.607660][ T705] pcrypt_aead_enc+0x13/0x70 [ 70.612243][ T705] padata_parallel_worker+0x60/0xb0 [ 70.617440][ T705] process_one_work+0x98d/0x1630 [ 70.622373][ T705] ? pwq_dec_nr_in_flight+0x320/0x320 [ 70.627759][ T705] ? rwlock_bug.part.0+0x90/0x90 [ 70.632687][ T705] ? _raw_spin_lock_irq+0x41/0x50 [ 70.637711][ T705] worker_thread+0x658/0x11f0 [ 70.642385][ T705] ? process_one_work+0x1630/0x1630 [ 70.647578][ T705] kthread+0x3e5/0x4d0 [ 70.651634][ T705] ? set_kthread_struct+0x130/0x130 [ 70.656822][ T705] ret_from_fork+0x1f/0x30 [ 70.661249][ T705] Modules linked in: [ 70.665182][ T705] ---[ end trace 4997e30f3b0b1766 ]--- [ 70.670631][ T705] RIP: 0010:scatterwalk_copychunks+0x4db/0x6a0 [ 70.676820][ T705] Code: ff df 80 3c 02 00 0f 85 b4 01 00 00 49 8d 44 24 08 4d 89 26 48 89 c2 48 89 44 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 77 01 00 00 48 b8 00 00 00 00 [ 70.696447][ T705] RSP: 0018:ffffc900033cf628 EFLAGS: 00010202 [ 70.702515][ T705] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 70.710522][ T705] RDX: 0000000000000001 RSI: ffffffff83d3d2c3 RDI: 0000000000000003 [ 70.718532][ T705] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff888015fff01b [ 70.726541][ T705] R10: ffffffff83d3d273 R11: 0000000000086088 R12: 0000000000000000 [ 70.734640][ T705] R13: 0000000000000001 R14: ffffc900033cf888 R15: 0000000000000000 [ 70.742618][ T705] FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 70.751576][ T705] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.758192][ T705] CR2: 00007ffce245aec0 CR3: 000000000b68e000 CR4: 00000000001506e0 [ 70.766192][ T705] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.774196][ T705] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.782165][ T705] Kernel panic - not syncing: Fatal exception in interrupt [ 70.790674][ T705] Kernel Offset: disabled [ 70.794986][ T705] Rebooting in 86400 seconds..