[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.195' (ECDSA) to the list of known hosts. syzkaller login: [ 29.196649] IPVS: ftp: loaded support on port[0] = 21 [ 29.261390] chnl_net:caif_netlink_parms(): no params data found [ 29.348515] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.355118] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.362038] device bridge_slave_0 entered promiscuous mode [ 29.369842] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.376765] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.383929] device bridge_slave_1 entered promiscuous mode [ 29.399491] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 29.408432] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 29.426388] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 29.433560] team0: Port device team_slave_0 added [ 29.438850] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 29.446084] team0: Port device team_slave_1 added [ 29.461277] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.467574] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.494148] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.505930] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.512149] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.538375] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.549241] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 29.556956] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 29.575064] device hsr_slave_0 entered promiscuous mode [ 29.580643] device hsr_slave_1 entered promiscuous mode [ 29.587123] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 29.595059] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 29.652259] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.658712] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.665616] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.671970] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.699572] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 29.706634] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.715758] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 29.724144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.742331] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.749575] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.759330] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 29.765583] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.774154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.781673] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.788060] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.797357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.805227] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.811554] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.829356] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 29.839191] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.850606] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 29.857799] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 29.865566] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 29.873554] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.881029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.888818] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 29.895648] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 29.906611] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 29.914958] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 29.921574] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 29.931285] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.980112] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 29.989290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.017015] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 30.024451] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 30.030817] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 30.039902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.047414] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 30.054644] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.063876] device veth0_vlan entered promiscuous mode [ 30.071847] device veth1_vlan entered promiscuous mode [ 30.078262] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 30.086917] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 30.097903] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 30.107056] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 30.114532] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 30.121602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.130608] device veth0_macvtap entered promiscuous mode [ 30.137057] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 30.145684] device veth1_macvtap entered promiscuous mode [ 30.154080] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 30.163818] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 30.173139] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.179769] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.188856] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 30.198687] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.206501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 30.252367] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 30.287345] ------------[ cut here ]------------ [ 30.292160] kernel BUG at include/linux/skbuff.h:2149! [ 30.297508] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 30.302858] Modules linked in: [ 30.306028] CPU: 1 PID: 8013 Comm: syz-executor468 Not tainted 4.14.277-syzkaller #0 [ 30.313878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.323210] task: ffff888097d30180 task.stack: ffff888096a88000 [ 30.329247] RIP: 0010:skb_pull+0xe1/0x100 [ 30.333378] RSP: 0018:ffff888096a8f5d8 EFLAGS: 00010297 [ 30.338724] RAX: ffff888097d30180 RBX: ffff8880b3ecd940 RCX: 00000000000000a0 [ 30.346055] RDX: 0000000000000000 RSI: 0000000000000018 RDI: ffff8880b3ecd9c4 [ 30.353306] RBP: 0000000000000018 R08: ffffffff85c48e2c R09: 00000000000202b9 [ 30.360554] R10: ffff888097d30a08 R11: ffff888097d30180 R12: 00000000000010de [ 30.367920] R13: ffff8880b3ecda18 R14: ffff8880b3ecda10 R15: ffff88809f1680e0 [ 30.375166] FS: 0000555555cdc300(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 [ 30.383362] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.389216] CR2: 00000000200001c0 CR3: 0000000099010000 CR4: 00000000003406e0 [ 30.396462] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.403708] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.410949] Call Trace: [ 30.413517] ipgre_xmit+0x26f/0x780 [ 30.417121] dev_hard_start_xmit+0x188/0x890 [ 30.421589] __dev_queue_xmit+0x1d7f/0x2480 [ 30.425884] ? netdev_pick_tx+0x2e0/0x2e0 [ 30.430008] ? __pskb_pull_tail+0xb54/0x14a0 [ 30.434387] ? skb_copy_datagram_from_iter+0x3c1/0x5f0 [ 30.439636] ? skb_partial_csum_set+0x1e2/0x260 [ 30.444283] packet_snd+0x13aa/0x26f0 [ 30.448059] ? prb_retire_rx_blk_timer_expired+0x630/0x630 [ 30.453656] ? is_bpf_text_address+0xb8/0x150 [ 30.458127] ? kernel_text_address+0xbd/0xf0 [ 30.462507] ? __kernel_text_address+0x9/0x30 [ 30.466976] ? get_user_pages_fast+0x1a0/0x2b0 [ 30.471535] ? lock_acquire+0x170/0x3f0 [ 30.475484] ? lock_downgrade+0x740/0x740 [ 30.479619] packet_sendmsg+0x12ed/0x33a0 [ 30.483752] ? __might_fault+0x177/0x1b0 [ 30.487798] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 30.492531] ? import_iovec+0x1df/0x360 [ 30.496482] ? dup_iter+0x240/0x240 [ 30.500089] ? compat_packet_setsockopt+0x140/0x140 [ 30.505086] ? copy_msghdr_from_user+0x218/0x3b0 [ 30.509814] ? kernel_recvmsg+0x210/0x210 [ 30.513936] ? security_socket_sendmsg+0x83/0xb0 [ 30.518665] ? compat_packet_setsockopt+0x140/0x140 [ 30.523744] sock_sendmsg+0xb5/0x100 [ 30.527433] ___sys_sendmsg+0x6c8/0x800 [ 30.531387] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 30.536119] ? reacquire_held_locks+0xb5/0x3f0 [ 30.540688] ? release_sock+0x1b/0x1b0 [ 30.544550] ? lock_sock_nested+0x98/0x100 [ 30.548959] ? packet_do_bind+0x3ee/0xb30 [ 30.553086] ? lock_downgrade+0x740/0x740 [ 30.557209] ? __local_bh_enable_ip+0xc1/0x170 [ 30.561769] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 30.566767] ? packet_do_bind+0x3ee/0xb30 [ 30.570894] ? __local_bh_enable_ip+0xc1/0x170 [ 30.575453] ? packet_do_bind+0x3ee/0xb30 [ 30.579579] ? __fdget+0x167/0x1f0 [ 30.583093] ? sockfd_lookup_light+0xb2/0x160 [ 30.587561] __sys_sendmsg+0xa3/0x120 [ 30.591334] ? SyS_shutdown+0x160/0x160 [ 30.595285] SyS_sendmsg+0x27/0x40 [ 30.598845] ? __sys_sendmsg+0x120/0x120 [ 30.602878] do_syscall_64+0x1d5/0x640 [ 30.606740] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.611906] RIP: 0033:0x7f54fb66e3c9 [ 30.615587] RSP: 002b:00007ffd7e1c20b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 30.623268] RAX: ffffffffffffffda RBX: 0000000020000100 RCX: 00007f54fb66e3c9 [ 30.630514] RDX: 0000000000000000 RSI: 0000000020003d40 RDI: 0000000000000003 [ 30.637756] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 30.645005] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd7e1c20d0 [ 30.652246] R13: 00007ffd7e1c20f0 R14: 0000000000000000 R15: 0000000000000000 [ 30.659490] Code: 00 00 4c 89 a3 d8 00 00 00 e8 3c 0d 96 fb 4c 89 e0 5b 5d 41 5c c3 e8 2f 0d 96 fb 45 31 e4 5b 4c 89 e0 5d 41 5c c3 e8 1f 0d 96 fb <0f> 0b e8 c8 c4 bf fb e9 49 ff ff ff e8 be c4 bf fb eb 8e e8 27 [ 30.678554] RIP: skb_pull+0xe1/0x100 RSP: ffff888096a8f5d8 [ 30.684220] ---[ end trace abbdea113087fee4 ]--- [ 30.688965] Kernel panic - not syncing: Fatal exception in interrupt [ 30.695704] Kernel Offset: disabled [ 30.699311] Rebooting in 86400 seconds..