[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. syzkaller login: [ 39.851545] IPVS: ftp: loaded support on port[0] = 21 [ 39.926392] chnl_net:caif_netlink_parms(): no params data found [ 40.005382] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.011943] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.020054] device bridge_slave_0 entered promiscuous mode [ 40.027794] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.034629] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.041562] device bridge_slave_1 entered promiscuous mode [ 40.057690] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 40.066508] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 40.084284] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 40.091673] team0: Port device team_slave_0 added [ 40.098156] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 40.105887] team0: Port device team_slave_1 added [ 40.120633] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.126962] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.154038] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.165321] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.171567] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.197776] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.211848] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 40.219530] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 40.237803] device hsr_slave_0 entered promiscuous mode [ 40.243551] device hsr_slave_1 entered promiscuous mode [ 40.249461] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 40.256741] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 40.314373] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.320788] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.327673] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.334114] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.361826] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 40.368645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.377712] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 40.386539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.395722] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.412756] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.422159] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 40.428678] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.436825] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.445613] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.451956] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.461604] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.469559] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.475952] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.493953] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 40.501551] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 40.509323] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.516778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.524496] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 40.532299] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 40.538476] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 40.550663] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 40.558050] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 40.564765] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 40.575597] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 40.623700] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 40.632784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.658183] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 40.665696] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 40.672110] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 40.681814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.690345] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.698109] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.706830] device veth0_vlan entered promiscuous mode [ 40.715622] device veth1_vlan entered promiscuous mode [ 40.721369] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 40.729841] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 40.740506] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 40.749887] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 40.757241] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 40.764508] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.774282] device veth0_macvtap entered promiscuous mode [ 40.780265] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 40.788570] device veth1_macvtap entered promiscuous mode [ 40.797113] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 40.806424] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 40.815889] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.822563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.831419] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 40.841035] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.848057] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 40.914249] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 40.978753] audit: type=1804 audit(1675159351.232:2): pid=8202 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor130" name="/root/syzkaller.JuYLh9/bus" dev="sda1" ino=13866 res=1 [ 40.999510] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 41.023503] FAULT_INJECTION: forcing a failure. [ 41.023503] name failslab, interval 1, probability 0, space 0, times 1 [ 41.034959] CPU: 0 PID: 8202 Comm: syz-executor130 Not tainted 4.14.304-syzkaller #0 [ 41.042838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 41.052171] Call Trace: [ 41.054757] dump_stack+0x1b2/0x281 [ 41.058362] should_fail.cold+0x10a/0x149 [ 41.062490] should_failslab+0xd6/0x130 [ 41.066718] __kmalloc+0x2c1/0x400 [ 41.070247] ? tls_push_record+0xfa/0x1270 [ 41.074458] tls_push_record+0xfa/0x1270 [ 41.078498] tls_sw_sendpage+0x760/0xb50 [ 41.082553] ? tls_sw_sendmsg+0xfd0/0xfd0 [ 41.086696] inet_sendpage+0x155/0x590 [ 41.090574] ? tls_sw_sendmsg+0xfd0/0xfd0 [ 41.094699] ? current_kernel_time64+0x154/0x230 [ 41.099432] ? inet_getname+0x3a0/0x3a0 [ 41.103378] sock_sendpage+0xdf/0x140 [ 41.107155] pipe_to_sendpage+0x226/0x2d0 [ 41.111279] ? sockfs_setattr+0x140/0x140 [ 41.115401] ? direct_splice_actor+0x160/0x160 [ 41.119961] __splice_from_pipe+0x326/0x7a0 [ 41.124265] ? direct_splice_actor+0x160/0x160 [ 41.128825] generic_splice_sendpage+0xc1/0x110 [ 41.133484] ? vmsplice_to_user+0x1b0/0x1b0 [ 41.137783] ? rw_verify_area+0xe1/0x2a0 [ 41.141818] ? vmsplice_to_user+0x1b0/0x1b0 [ 41.146119] direct_splice_actor+0x115/0x160 [ 41.150513] splice_direct_to_actor+0x27c/0x730 [ 41.155156] ? generic_pipe_buf_nosteal+0x10/0x10 [ 41.159977] ? do_splice_to+0x140/0x140 [ 41.163925] ? rw_verify_area+0xe1/0x2a0 [ 41.167976] do_splice_direct+0x164/0x210 [ 41.172101] ? splice_direct_to_actor+0x730/0x730 [ 41.176938] ? rw_verify_area+0xe1/0x2a0 [ 41.180973] do_sendfile+0x47f/0xb30 [ 41.184664] ? do_compat_writev+0x180/0x180 [ 41.188961] SyS_sendfile64+0xff/0x110 [ 41.192836] ? SyS_sendfile+0x130/0x130 [ 41.196785] ? do_syscall_64+0x4c/0x640 [ 41.200733] ? SyS_sendfile+0x130/0x130 [ 41.204682] do_syscall_64+0x1d5/0x640 [ 41.208552] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 41.213737] RIP: 0033:0x7f5833238fe9 [ 41.217435] RSP: 002b:00007f58329bc1e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 41.225120] RAX: ffffffffffffffda RBX: 00007f58332bc4d8 RCX: 00007f5833238fe9 [ 41.232364] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000007 [ 41.239627] RBP: 00007f58329bc1f0 R08: 0000000000000001 R09: 0000000000000034 [ 41.246962] R10: 0000800100020046 R11: 0000000000000246 R12: 0000000000000001 [ 41.254206] R13: 00007ffc05f5a9bf R14: 00007f58329bc300 R15: 0000000000022000 [ 41.342977] kasan: CONFIG_KASAN_INLINE enabled [ 41.347748] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 41.356092] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 41.362316] Modules linked in: [ 41.365491] CPU: 0 PID: 8202 Comm: syz-executor130 Not tainted 4.14.304-syzkaller #0 [ 41.373379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 41.382814] task: ffff8880b01cc1c0 task.stack: ffff88808fe30000 write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory [ 41.388861] RIP: 0010:scatterwalk_copychunks+0x4a3/0x680 [ 41.392785] syz-executor130 (7962) used greatest stack depth: 25176 bytes left [ 41.394288] RSP: 0018:ffff88808fe37520 EFLAGS: 00010202 [ 41.394295] RAX: dffffc0000000000 RBX: 000000000000401d RCX: 0000000000000000 [ 41.394299] RDX: 0000000000000002 RSI: ffff8880954144dd RDI: ffff8880b059ee58 [ 41.394302] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1012bdb803 [ 41.394306] R10: ffff888095edc01c R11: 0000000000000000 R12: 000000000000401d [ 41.394309] R13: ffff88808fe375d8 R14: 0000000000001000 R15: ffff8880b059ee64 [ 41.394314] FS: 00007f58329bc700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 [ 41.394325] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.457288] CR2: 00007ffd4e315e50 CR3: 00000000a62b2000 CR4: 00000000003406f0 [ 41.464553] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.471884] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.479127] Call Trace: [ 41.481698] scatterwalk_map_and_copy+0x100/0x1a0 [ 41.486514] ? scatterwalk_ffwd+0x420/0x420 [ 41.490825] ? aesni_gcm_enc_avx2+0x155/0x170 [ 41.495294] ? kernel_fpu_end+0xf4/0x140 [ 41.499327] ? kernel_fpu_enable+0x30/0x30 [ 41.503533] gcmaes_encrypt.constprop.0+0x6cd/0xc00 [ 41.508539] ? generic_gcmaes_encrypt+0xf4/0x130 [ 41.513269] ? helper_rfc4106_encrypt+0x2b0/0x2b0 [ 41.518096] ? tls_push_record+0xfa/0x1270 [ 41.522318] ? cryptd_aead_child+0x9/0x40 [ 41.526439] ? tls_push_record+0x938/0x1270 [ 41.530822] ? tls_sw_sendpage+0x760/0xb50 [ 41.535032] ? tls_sw_sendmsg+0xfd0/0xfd0 [ 41.539154] ? inet_sendpage+0x155/0x590 [ 41.543301] ? tls_sw_sendmsg+0xfd0/0xfd0 [ 41.547426] ? current_kernel_time64+0x154/0x230 [ 41.552186] ? inet_getname+0x3a0/0x3a0 [ 41.556139] ? sock_sendpage+0xdf/0x140 [ 41.560091] ? pipe_to_sendpage+0x226/0x2d0 [ 41.564407] ? sockfs_setattr+0x140/0x140 [ 41.568545] ? direct_splice_actor+0x160/0x160 [ 41.573105] ? __splice_from_pipe+0x326/0x7a0 [ 41.577575] ? direct_splice_actor+0x160/0x160 [ 41.582130] ? generic_splice_sendpage+0xc1/0x110 [ 41.586960] ? vmsplice_to_user+0x1b0/0x1b0 [ 41.591272] ? rw_verify_area+0xe1/0x2a0 [ 41.595322] ? vmsplice_to_user+0x1b0/0x1b0 [ 41.599648] ? direct_splice_actor+0x115/0x160 [ 41.604212] ? splice_direct_to_actor+0x27c/0x730 [ 41.609033] ? generic_pipe_buf_nosteal+0x10/0x10 [ 41.613852] ? do_splice_to+0x140/0x140 [ 41.617815] ? rw_verify_area+0xe1/0x2a0 [ 41.621861] ? do_splice_direct+0x164/0x210 [ 41.626172] ? splice_direct_to_actor+0x730/0x730 [ 41.631018] ? rw_verify_area+0xe1/0x2a0 [ 41.635068] ? do_sendfile+0x47f/0xb30 [ 41.638951] ? do_compat_writev+0x180/0x180 [ 41.643260] ? SyS_sendfile64+0xff/0x110 [ 41.647323] ? SyS_sendfile+0x130/0x130 [ 41.651284] ? do_syscall_64+0x4c/0x640 [ 41.655242] ? SyS_sendfile+0x130/0x130 [ 41.659195] ? do_syscall_64+0x1d5/0x640 [ 41.663237] ? entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 41.668580] Code: fc ff df 80 3c 02 00 0f 85 d9 01 00 00 48 8d 45 10 49 89 6d 00 48 89 c2 48 89 44 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 81 01 00 00 48 b8 00 00 00 [ 41.687650] RIP: scatterwalk_copychunks+0x4a3/0x680 RSP: ffff88808fe37520 [ 41.697630] ---[ end trace 81a6fdb1933f8c22 ]--- [ 41.702388] Kernel panic - not syncing: Fatal exception [ 41.707963] Kernel Offset: disabled [ 41.711581] Rebooting in 86400 seconds..