netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access audit: type=1804 audit(1658689717.163:8): pid=10551 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir1170492627/syzkaller.VjgKk7/24/bus" dev="sda1" ino=13983 res=1 general protection fault: 0000 [#1] PREEMPT SMP KASAN Modules linked in: audit: type=1804 audit(1658689717.263:9): pid=10558 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir1390327275/syzkaller.2JKRDL/25/bus" dev="sda1" ino=13966 res=1 CPU: 1 PID: 10543 Comm: syz-executor.5 Not tainted 4.14.289-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 task: ffff888051c00500 task.stack: ffff8880522f0000 RIP: 0010:scatterwalk_start include/crypto/scatterwalk.h:86 [inline] RIP: 0010:scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline] RIP: 0010:scatterwalk_copychunks+0x4a3/0x680 crypto/scatterwalk.c:55 RSP: 0018:ffff8880522f7520 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000001000 RCX: 0000000000000000 TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. RDX: 0000000000000002 RSI: ffff88804b9ef000 RDI: ffff88808f9ceea8 RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100a3aa4e9 R10: ffff888051d5274c R11: 0000000000000000 R12: 0000000000001000 R13: ffff8880522f75d8 R14: 0000000000003000 R15: ffff88808f9ceeb4 FS: 00007f4527992700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c0000b7860 CR3: 000000009e88a000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: scatterwalk_map_and_copy crypto/scatterwalk.c:72 [inline] scatterwalk_map_and_copy+0x100/0x1a0 crypto/scatterwalk.c:60 gcmaes_encrypt.constprop.0+0x5b5/0xc00 arch/x86/crypto/aesni-intel_glue.c:778 audit: type=1804 audit(1658689717.263:10): pid=10565 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir1390327275/syzkaller.2JKRDL/25/bus" dev="sda1" ino=13966 res=1 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access Code: fc ff df 80 3c 02 00 0f 85 d9 01 00 00 48 8d 45 10 49 89 6d 00 48 89 c2 48 89 44 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 81 01 00 00 48 b8 00 00 00 RIP: scatterwalk_start include/crypto/scatterwalk.h:86 [inline] RSP: ffff8880522f7520 RIP: scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline] RSP: ffff8880522f7520 RIP: scatterwalk_copychunks+0x4a3/0x680 crypto/scatterwalk.c:55 RSP: ffff8880522f7520 general protection fault: 0000 [#2] PREEMPT SMP KASAN Modules linked in: CPU: 0 PID: 10558 Comm: syz-executor.3 Tainted: G D 4.14.289-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 task: ffff8880525a6200 task.stack: ffff888051de0000 RIP: 0010:scatterwalk_start include/crypto/scatterwalk.h:86 [inline] RIP: 0010:scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline] RIP: 0010:scatterwalk_copychunks+0x4a3/0x680 crypto/scatterwalk.c:55 RSP: 0018:ffff888051de7520 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000001000 RCX: ffffc9000a205000 RDX: 0000000000000002 RSI: ffffffff83171c84 RDI: ffff888095b5b528 RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100a3666d1 R10: ffff888051b3368c R11: 0000000000000000 R12: 0000000000001000 R13: ffff888051de75d8 R14: 0000000000003000 R15: ffff888095b5b534 FS: 00007fba2db0d700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fd89e427000 CR3: 00000000a1b27000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: scatterwalk_map_and_copy crypto/scatterwalk.c:72 [inline] scatterwalk_map_and_copy+0x100/0x1a0 crypto/scatterwalk.c:60 gcmaes_encrypt.constprop.0+0x5b5/0xc00 arch/x86/crypto/aesni-intel_glue.c:778 Code: fc ff df 80 3c 02 00 0f 85 d9 01 00 00 48 8d 45 10 49 89 6d 00 48 89 c2 48 89 44 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 81 01 00 00 48 b8 00 00 00 RIP: scatterwalk_start include/crypto/scatterwalk.h:86 [inline] RSP: ffff888051de7520 RIP: scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline] RSP: ffff888051de7520 RIP: scatterwalk_copychunks+0x4a3/0x680 crypto/scatterwalk.c:55 RSP: ffff888051de7520 audit: type=1804 audit(1658689718.093:11): pid=10578 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir87703279/syzkaller.OF2kBb/23/bus" dev="sda1" ino=13984 res=1 netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. audit: type=1804 audit(1658689718.253:12): pid=10605 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir120490441/syzkaller.LIhBRu/18/bus" dev="sda1" ino=13978 res=1 Bluetooth: hci5 command 0x0405 tx timeout TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. audit: type=1800 audit(1658689718.313:13): pid=10608 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=13877 res=0 audit: type=1804 audit(1658689718.313:14): pid=10608 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir87703279/syzkaller.OF2kBb/24/file0" dev="sda1" ino=13877 res=1 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#3] PREEMPT SMP KASAN Modules linked in: CPU: 1 PID: 10605 Comm: syz-executor.2 Tainted: G D 4.14.289-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 task: ffff8880af9ba300 task.stack: ffff888051798000 RIP: 0010:scatterwalk_start include/crypto/scatterwalk.h:86 [inline] RIP: 0010:scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline] RIP: 0010:scatterwalk_copychunks+0x4a3/0x680 crypto/scatterwalk.c:55 RSP: 0018:ffff88805179f520 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000001000 RCX: ffffc90008dfb000 RDX: 0000000000000002 RSI: ffffffff83171c84 RDI: ffff88805301a350 RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100a1fc969 R10: ffff888050fe4b4c R11: 0000000000000000 R12: 0000000000001000 R13: ffff88805179f5d8 R14: 0000000000002000 R15: ffff88805301a35c FS: 00007f8f01d3b700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f563e2c6728 CR3: 00000000a3ae8000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: scatterwalk_map_and_copy crypto/scatterwalk.c:72 [inline] scatterwalk_map_and_copy+0x100/0x1a0 crypto/scatterwalk.c:60 gcmaes_encrypt.constprop.0+0x5b5/0xc00 arch/x86/crypto/aesni-intel_glue.c:778 Code: fc ff df 80 3c 02 00 0f 85 d9 01 00 00 48 8d 45 10 49 89 6d 00 48 89 c2 48 89 44 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 81 01 00 00 48 b8 00 00 00 RIP: scatterwalk_start include/crypto/scatterwalk.h:86 [inline] RSP: ffff88805179f520 RIP: scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline] RSP: ffff88805179f520 RIP: scatterwalk_copychunks+0x4a3/0x680 crypto/scatterwalk.c:55 RSP: ffff88805179f520 ---[ end trace de4e2703d3c33af2 ]--- ---------------- Code disassembly (best guess), 2 bytes skipped: 0: df 80 3c 02 00 0f filds 0xf00023c(%rax) 6: 85 d9 test %ebx,%ecx 8: 01 00 add %eax,(%rax) a: 00 48 8d add %cl,-0x73(%rax) d: 45 10 49 89 adc %r9b,-0x77(%r9) 11: 6d insl (%dx),%es:(%rdi) 12: 00 48 89 add %cl,-0x77(%rax) 15: c2 48 89 retq $0x8948 18: 44 24 18 rex.R and $0x18,%al 1b: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 22: fc ff df 25: 48 c1 ea 03 shr $0x3,%rdx * 29: 0f b6 04 02 movzbl (%rdx,%rax,1),%eax <-- trapping instruction 2d: 84 c0 test %al,%al 2f: 74 08 je 0x39 31: 3c 03 cmp $0x3,%al 33: 0f 8e 81 01 00 00 jle 0x1ba 39: 48 rex.W 3a: b8 .byte 0xb8 3b: 00 00 add %al,(%rax)