[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.187' (ECDSA) to the list of known hosts. syzkaller login: [ 45.637904] IPVS: ftp: loaded support on port[0] = 21 [ 45.710084] chnl_net:caif_netlink_parms(): no params data found [ 45.786894] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.793956] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.801938] device bridge_slave_0 entered promiscuous mode [ 45.809509] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.815878] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.823455] device bridge_slave_1 entered promiscuous mode [ 45.841217] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.849969] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.868250] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 45.875600] team0: Port device team_slave_0 added [ 45.881585] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 45.888925] team0: Port device team_slave_1 added [ 45.904353] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.910648] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.935943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.947643] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.954926] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.980164] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.993771] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.001394] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 46.020380] device hsr_slave_0 entered promiscuous mode [ 46.026090] device hsr_slave_1 entered promiscuous mode [ 46.032480] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 46.039745] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 46.106264] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.112725] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.119722] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.126082] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.159191] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 46.165269] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.173979] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 46.183221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.191658] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.199212] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.206159] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 46.216489] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 46.223521] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.232475] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.240391] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.246734] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.268234] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.275889] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.282302] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.290604] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.299472] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.307792] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.315212] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.323102] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.332052] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 46.338647] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 46.351777] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 46.359516] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 46.366152] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 46.378447] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.412334] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 46.421596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.455555] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 46.463183] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 46.470175] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 46.479353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.487395] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.494278] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.503536] device veth0_vlan entered promiscuous mode [ 46.512268] device veth1_vlan entered promiscuous mode [ 46.519066] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 46.527801] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 46.539375] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 46.548759] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 46.556211] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 46.564676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.574496] device veth0_macvtap entered promiscuous mode [ 46.581751] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 46.590850] device veth1_macvtap entered promiscuous mode [ 46.601011] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 46.610298] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 46.621238] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.628339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.636393] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 46.647631] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.654305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 46.747698] syz-executor333 uses obsolete (PF_INET,SOCK_PACKET) [ 46.754915] kasan: CONFIG_KASAN_INLINE enabled [ 46.759641] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 46.767170] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 46.773393] CPU: 1 PID: 8101 Comm: syz-executor333 Not tainted 4.19.211-syzkaller #0 [ 46.781274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 46.790709] RIP: 0010:xfrmi_decode_session+0x146/0x770 [ 46.795963] Code: 7c dc 10 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 f4 05 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5c dc 10 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 c7 05 00 00 4c 8b 23 e8 a8 22 51 fa e8 33 9c 62 [ 46.814934] RSP: 0018:ffff8880b161f2c8 EFLAGS: 00010246 [ 46.820280] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff86ffedb3 [ 46.827528] RDX: 0000000000000000 RSI: ffffffff86ffe8b0 RDI: ffff8880abd73788 [ 46.834782] RBP: 0000000000000039 R08: 0000000000000000 R09: 0000000000000000 [ 46.842030] R10: 0000000000000003 R11: 0000000000000000 R12: ffff8880abd73780 [ 46.849278] R13: 000000000000003e R14: ffff8880afbc0740 R15: 0000000000000000 [ 46.856528] FS: 00005555558b2300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 [ 46.864870] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.870740] CR2: 00007fda31d64150 CR3: 000000009ea7e000 CR4: 00000000003406e0 [ 46.877991] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 46.885238] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 46.892488] Call Trace: [ 46.895057] __xfrm_policy_check+0x1eb/0x2300 [ 46.899539] ? __lock_acquire+0x6de/0x3ff0 [ 46.903753] ? __xfrm_route_forward+0x710/0x710 [ 46.908425] ? vti6_tnl_lookup+0x249/0xf90 [ 46.912730] ? lock_downgrade+0x720/0x720 [ 46.916863] ? check_preemption_disabled+0x41/0x280 [ 46.921872] ? vti6_tnl_lookup+0x5e7/0xf90 [ 46.926093] ? vti6_newlink+0xd0/0xd0 [ 46.929871] ? lock_acquire+0x170/0x3c0 [ 46.933824] ? check_preemption_disabled+0x41/0x280 [ 46.938823] vti6_rcv+0x4f3/0x910 [ 46.942256] xfrm6_esp_rcv+0xc8/0x220 [ 46.946035] ip6_input_finish+0x46a/0x17a0 [ 46.950251] ip6_input+0xcf/0x3c0 [ 46.953699] ? ip6_input_finish+0x17a0/0x17a0 [ 46.958176] ? __local_bh_enable_ip+0x159/0x270 [ 46.962823] ? ip6_sublist_rcv_finish+0x2c0/0x2c0 [ 46.967645] ? ipv6_chk_mcast_addr+0x150/0x6c0 [ 46.972207] ip6_mc_input+0x399/0xa80 [ 46.975987] ? ipv6_list_rcv+0x450/0x450 [ 46.980240] ip6_rcv_finish+0x1d9/0x2f0 [ 46.984226] ipv6_rcv+0xf2/0x3f0 [ 46.987598] ? ip6_sublist_rcv+0xbf0/0xbf0 [ 46.991812] ? skb_push+0x9d/0xc0 [ 46.995249] ? ip6_rcv_finish_core.constprop.0.isra.0+0x550/0x550 [ 47.001468] ? netif_receive_skb_internal+0x1da/0x3f0 [ 47.006646] ? ip6_sublist_rcv+0xbf0/0xbf0 [ 47.010868] __netif_receive_skb_one_core+0x114/0x180 [ 47.016035] ? __netif_receive_skb_core+0x3270/0x3270 [ 47.021314] ? mark_held_locks+0xa6/0xf0 [ 47.025353] ? lock_acquire+0x170/0x3c0 [ 47.029332] ? netif_receive_skb_internal+0x6e/0x3f0 [ 47.034505] __netif_receive_skb+0x27/0x1c0 [ 47.038820] netif_receive_skb_internal+0xf0/0x3f0 [ 47.043743] ? __netif_receive_skb+0x1c0/0x1c0 [ 47.048320] ? eth_get_headlen+0x1b0/0x1b0 [ 47.052627] napi_gro_frags+0x67b/0x990 [ 47.056585] tun_get_user+0x3029/0x5100 [ 47.060547] ? tun_chr_read_iter+0x250/0x250 [ 47.064933] ? aa_file_perm+0x417/0xd20 [ 47.068890] ? lock_downgrade+0x720/0x720 [ 47.073016] ? check_preemption_disabled+0x41/0x280 [ 47.078013] ? check_preemption_disabled+0x41/0x280 [ 47.083014] tun_chr_write_iter+0xdb/0x1d0 [ 47.087237] __vfs_write+0x51b/0x770 [ 47.091102] ? common_file_perm+0x4e5/0x850 [ 47.095471] ? kernel_read+0x110/0x110 [ 47.099350] ? security_file_permission+0x1c0/0x220 [ 47.104350] vfs_write+0x1f3/0x540 [ 47.107881] ksys_write+0x12b/0x2a0 [ 47.111511] ? __ia32_sys_read+0xb0/0xb0 [ 47.115567] ? trace_hardirqs_off_caller+0x6e/0x210 [ 47.120584] ? do_syscall_64+0x21/0x620 [ 47.124556] do_syscall_64+0xf9/0x620 [ 47.128347] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.133523] RIP: 0033:0x7fda31cec6e9 [ 47.137225] Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 47.156201] RSP: 002b:00007fff8f8cbd58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 47.163893] RAX: ffffffffffffffda RBX: 00007fff8f8cbd68 RCX: 00007fda31cec6e9 [ 47.171230] RDX: 000000000000007e RSI: 0000000020000380 RDI: 0000000000000003 [ 47.178491] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 47.185758] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8f8cbd70 [ 47.193008] R13: 00007fff8f8cbd90 R14: 0000000000000000 R15: 0000000000000000 [ 47.200258] Modules linked in: [ 47.203503] ---[ end trace 47429329c0232ac7 ]--- [ 47.208298] RIP: 0010:xfrmi_decode_session+0x146/0x770 [ 47.213571] Code: 7c dc 10 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 f4 05 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5c dc 10 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 c7 05 00 00 4c 8b 23 e8 a8 22 51 fa e8 33 9c 62 [ 47.232509] RSP: 0018:ffff8880b161f2c8 EFLAGS: 00010246 [ 47.237908] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff86ffedb3 [ 47.245171] RDX: 0000000000000000 RSI: ffffffff86ffe8b0 RDI: ffff8880abd73788 [ 47.252460] RBP: 0000000000000039 R08: 0000000000000000 R09: 0000000000000000 [ 47.259761] R10: 0000000000000003 R11: 0000000000000000 R12: ffff8880abd73780 [ 47.267056] R13: 000000000000003e R14: ffff8880afbc0740 R15: 0000000000000000 [ 47.274317] FS: 00005555558b2300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 [ 47.282556] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.288462] CR2: 00007fda31d64150 CR3: 000000009ea7e000 CR4: 00000000003406e0 [ 47.295730] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.303046] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.310383] Kernel panic - not syncing: Fatal exception in interrupt [ 47.316946] Kernel Offset: disabled [ 47.320619] Rebooting in 86400 seconds..