[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.103' (ECDSA) to the list of known hosts. syzkaller login: [ 32.931059] IPVS: ftp: loaded support on port[0] = 21 [ 32.996125] chnl_net:caif_netlink_parms(): no params data found [ 33.059957] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.067365] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.074302] device bridge_slave_0 entered promiscuous mode [ 33.081875] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.089492] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.096715] device bridge_slave_1 entered promiscuous mode [ 33.112549] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 33.121100] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 33.138172] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 33.145282] team0: Port device team_slave_0 added [ 33.150556] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 33.158420] team0: Port device team_slave_1 added [ 33.172721] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.179011] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.205106] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.216248] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.222463] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.248940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.259695] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 33.267268] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 33.285967] device hsr_slave_0 entered promiscuous mode [ 33.291581] device hsr_slave_1 entered promiscuous mode [ 33.297950] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 33.305545] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 33.362373] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.368802] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.375577] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.381922] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.409135] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 33.415804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.423179] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.431860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.440217] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.457557] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.467612] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 33.473665] 8021q: adding VLAN 0 to HW filter on device team0 [ 33.482217] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.490218] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.496589] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.505390] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.512875] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.519244] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.535509] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 33.543017] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 33.550721] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.558925] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 33.568914] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 33.579481] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 33.585563] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 33.592362] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.604741] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 33.611736] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 33.619285] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 33.628971] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.675888] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 33.685672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.709068] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 33.716101] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 33.722472] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 33.732009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.739883] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.747042] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.755773] device veth0_vlan entered promiscuous mode [ 33.763607] device veth1_vlan entered promiscuous mode [ 33.770024] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 33.779410] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 33.790470] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 33.800088] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 33.807871] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 33.815481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.824653] device veth0_macvtap entered promiscuous mode [ 33.830675] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 33.839462] device veth1_macvtap entered promiscuous mode [ 33.847517] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 33.856201] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 33.865898] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.872697] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 33.881204] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 33.890406] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.897313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 33.984343] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 34.021204] ------------[ cut here ]------------ [ 34.026074] kernel BUG at include/linux/skbuff.h:2133! [ 34.031382] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 34.036725] Modules linked in: [ 34.039895] CPU: 0 PID: 8217 Comm: syz-executor776 Not tainted 4.14.213-syzkaller #0 [ 34.047794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.057122] task: ffff8880afeb2600 task.stack: ffff8880b4eb8000 [ 34.063250] RIP: 0010:skb_pull+0xe1/0x100 [ 34.067369] RSP: 0018:ffff8880b4ebf518 EFLAGS: 00010297 [ 34.072715] RAX: ffff8880afeb2600 RBX: ffff88809c4ebdc0 RCX: 00000000000000a0 [ 34.079958] RDX: 0000000000000000 RSI: 0000000000000018 RDI: ffff88809c4ebe44 [ 34.091327] RBP: 0000000000000018 R08: 0000000000000000 R09: 0000000000000002 [ 34.098591] R10: 0000000000000000 R11: ffff8880afeb2600 R12: 0000000000000fde [ 34.105847] R13: ffff88809d3c70c0 R14: ffff88809d3c7160 R15: ffff88809c4ebe98 [ 34.113090] FS: 00007effac529700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 [ 34.121300] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.127161] CR2: 0000000020000040 CR3: 000000009f7a2000 CR4: 00000000001406f0 [ 34.134418] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.141667] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.148907] Call Trace: [ 34.151494] ipgre_xmit+0x26d/0x6d0 [ 34.155094] dev_hard_start_xmit+0x188/0x890 [ 34.159478] __dev_queue_xmit+0x1d7f/0x2480 [ 34.163775] ? copy_page_from_iter+0x4fd/0x730 [ 34.168328] ? netdev_pick_tx+0x2e0/0x2e0 [ 34.172448] ? __check_object_size+0x179/0x22c [ 34.177002] ? skb_copy_datagram_from_iter+0x3c1/0x5f0 [ 34.182253] ? skb_partial_csum_set+0x1e2/0x260 [ 34.186899] packet_snd+0x1393/0x21e0 [ 34.190674] ? prb_retire_rx_blk_timer_expired+0x630/0x630 [ 34.196275] packet_sendmsg+0x1139/0x2aca [ 34.200399] ? __lock_acquire+0x5fc/0x3f20 [ 34.204605] ? compat_packet_setsockopt+0x140/0x140 [ 34.209607] ? security_socket_sendmsg+0x83/0xb0 [ 34.214332] ? compat_packet_setsockopt+0x140/0x140 [ 34.219340] sock_sendmsg+0xb5/0x100 [ 34.223031] sock_no_sendpage+0xe2/0x110 [ 34.227064] ? __sk_mem_schedule+0xd0/0xd0 [ 34.231276] ? __sk_mem_schedule+0xd0/0xd0 [ 34.235482] sock_sendpage+0xdf/0x140 [ 34.239258] pipe_to_sendpage+0x226/0x2d0 [ 34.243376] ? sockfs_setattr+0x140/0x140 [ 34.247496] ? direct_splice_actor+0x160/0x160 [ 34.252049] __splice_from_pipe+0x326/0x7a0 [ 34.256353] ? direct_splice_actor+0x160/0x160 [ 34.260907] generic_splice_sendpage+0xc1/0x110 [ 34.265551] ? vmsplice_to_user+0x1b0/0x1b0 [ 34.269846] ? rw_verify_area+0xe1/0x2a0 [ 34.273878] ? vmsplice_to_user+0x1b0/0x1b0 [ 34.278169] SyS_splice+0xd59/0x1380 [ 34.281854] ? _raw_spin_unlock_irq+0x24/0x80 [ 34.286321] ? compat_SyS_vmsplice+0x150/0x150 [ 34.290874] ? do_syscall_64+0x4c/0x640 [ 34.294823] ? compat_SyS_vmsplice+0x150/0x150 [ 34.299397] do_syscall_64+0x1d5/0x640 [ 34.303273] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 34.308439] RIP: 0033:0x448de9 [ 34.311604] RSP: 002b:00007effac528d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 34.319289] RAX: ffffffffffffffda RBX: 00000000006dec78 RCX: 0000000000448de9 [ 34.326546] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 34.333790] RBP: 00000000006dec70 R08: 000000000004ffe0 R09: 0000000000000000 [ 34.341034] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dec7c [ 34.348298] R13: 0000000000000000 R14: 0000000030657267 R15: 00000000006dec7c [ 34.355544] Code: 00 00 4c 89 a3 d8 00 00 00 e8 8c 86 7d fb 4c 89 e0 5b 5d 41 5c c3 e8 7f 86 7d fb 45 31 e4 5b 4c 89 e0 5d 41 5c c3 e8 6f 86 7d fb <0f> 0b e8 58 56 a7 fb e9 49 ff ff ff e8 4e 56 a7 fb eb 8e e8 b7 [ 34.374605] RIP: skb_pull+0xe1/0x100 RSP: ffff8880b4ebf518 [ 34.380333] ---[ end trace 06ddcbbb28c76911 ]--- [ 34.385100] Kernel panic - not syncing: Fatal exception in interrupt [ 34.392394] Kernel Offset: disabled [ 34.396006] Rebooting in 86400 seconds..