[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.110' (ECDSA) to the list of known hosts. syzkaller login: [ 30.356606] IPVS: ftp: loaded support on port[0] = 21 [ 30.421891] chnl_net:caif_netlink_parms(): no params data found [ 30.513097] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.519716] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.526681] device bridge_slave_0 entered promiscuous mode [ 30.534174] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.541113] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.548088] device bridge_slave_1 entered promiscuous mode [ 30.563656] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 30.572184] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 30.589637] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 30.596753] team0: Port device team_slave_0 added [ 30.602277] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 30.609402] team0: Port device team_slave_1 added [ 30.623429] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.629700] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.654887] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.665836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.672107] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.697318] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.708027] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 30.715210] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 30.733027] device hsr_slave_0 entered promiscuous mode [ 30.738631] device hsr_slave_1 entered promiscuous mode [ 30.744365] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 30.751387] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 30.809833] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.816339] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.823088] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.829468] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.855199] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 30.862023] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.870410] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 30.878704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.886261] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.903863] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.912982] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 30.919443] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.927452] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.934964] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.941336] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.950229] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.958455] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.964772] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.982293] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 30.992373] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 31.004010] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 31.011031] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 31.018745] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 31.026123] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 31.034212] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 31.042233] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 31.049158] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 31.062048] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 31.069281] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 31.075927] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 31.085966] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.132553] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 31.142329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 31.168139] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 31.174940] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 31.182085] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 31.190591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 31.198082] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 31.204832] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 31.213101] device veth0_vlan entered promiscuous mode [ 31.221740] device veth1_vlan entered promiscuous mode [ 31.227774] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 31.235725] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 31.247348] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 31.255830] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 31.263688] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 31.271143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 31.280506] device veth0_macvtap entered promiscuous mode [ 31.287057] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 31.294689] device veth1_macvtap entered promiscuous mode [ 31.303087] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 31.312414] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 31.321572] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.328525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 31.346819] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 31.355457] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.363203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 31.406870] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 31.439974] xt_physdev: using --physdev-out and --physdev-is-out are only supported in the FORWARD and POSTROUTING chains with bridged traffic. [ 31.457614] ip_tables: iptables: counters copy to user failed while replacing table [ 31.466165] lo: caps=(0x00000144401d7c69, 0x0000000000000000) len=2720 data_len=0 gso_size=536 gso_type=1 ip_summed=3 [ 31.477196] ------------[ cut here ]------------ [ 31.481946] WARNING: CPU: 0 PID: 7995 at net/core/dev.c:2609 skb_warn_bad_offload.cold+0x1d1/0x44d [ 31.491061] Kernel panic - not syncing: panic_on_warn set ... [ 31.491061] [ 31.498439] CPU: 0 PID: 7995 Comm: syz-executor527 Not tainted 4.14.212-syzkaller #0 [ 31.506330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.515699] Call Trace: [ 31.518256] [ 31.520389] dump_stack+0x1b2/0x283 [ 31.523992] panic+0x1f9/0x42d [ 31.527164] ? add_taint.cold+0x16/0x16 [ 31.531117] ? skb_warn_bad_offload.cold+0x1d1/0x44d [ 31.536200] ? skb_warn_bad_offload.cold+0x1d1/0x44d [ 31.541284] __warn.cold+0x20/0x4b [ 31.544798] ? ist_end_non_atomic+0x10/0x10 [ 31.549108] ? skb_warn_bad_offload.cold+0x1d1/0x44d [ 31.554183] report_bug+0x208/0x249 [ 31.557786] do_error_trap+0x195/0x2d0 [ 31.561646] ? math_error+0x2d0/0x2d0 [ 31.565423] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.570286] invalid_op+0x1b/0x40 [ 31.573712] RIP: 0010:skb_warn_bad_offload.cold+0x1d1/0x44d [ 31.579393] RSP: 0018:ffff8880ba407790 EFLAGS: 00010282 [ 31.584728] RAX: 0000000000000069 RBX: ffffffff88559320 RCX: 0000000000000000 [ 31.592015] RDX: 0000000000000100 RSI: ffffffff878bbac0 RDI: ffffed1017480ee8 [ 31.599258] RBP: ffff8880b2ec86d0 R08: 0000000000000069 R09: 0000000000000000 [ 31.606540] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880b2ec8600 [ 31.613781] R13: 0000000000000218 R14: 0000000000000000 R15: 0000000000000aa0 [ 31.621037] skb_checksum_help+0x627/0x7d0 [ 31.625247] checksum_tg+0x52/0x65 [ 31.628762] ipt_do_table+0xa9a/0x16f0 [ 31.632633] ? trace_hardirqs_on+0x10/0x10 [ 31.636841] ? trace_hardirqs_on_caller+0x288/0x580 [ 31.641844] ? ipt_do_table+0xb7c/0x16f0 [ 31.645891] ? __local_bh_enable_ip+0xc1/0x170 [ 31.650450] ? ipt_alloc_initial_table+0x630/0x630 [ 31.655359] iptable_mangle_hook+0x9c/0x560 [ 31.659706] nf_hook_slow+0xb0/0x1a0 [ 31.663409] ip_local_deliver+0x28c/0x460 [ 31.667533] ? ip_call_ra_chain+0x540/0x540 [ 31.671832] ? inet_add_protocol.cold+0x2d/0x2d [ 31.676484] ip_rcv_finish+0x6e3/0x19f0 [ 31.680440] ip_rcv+0x8a7/0xf01 [ 31.683695] ? __lock_acquire+0x5fc/0x3f20 [ 31.687907] ? ip_local_deliver+0x460/0x460 [ 31.692207] ? ip_local_deliver_finish+0xab0/0xab0 [ 31.697148] ? ip_local_deliver+0x460/0x460 [ 31.701465] __netif_receive_skb_core+0x15ee/0x2a30 [ 31.706456] ? cpuacct_charge+0x1cf/0x350 [ 31.710578] ? is_skb_forwardable+0x1e0/0x1e0 [ 31.715048] ? __cpu_to_node+0x7b/0xa0 [ 31.718913] ? account_entity_enqueue+0x2e5/0x440 [ 31.723730] ? process_backlog+0x414/0x6f0 [ 31.727939] ? lock_acquire+0x170/0x3f0 [ 31.731886] ? process_backlog+0x1c2/0x6f0 [ 31.736100] __netif_receive_skb+0x27/0x1a0 [ 31.740406] process_backlog+0x218/0x6f0 [ 31.744444] ? net_rx_action+0x244/0xfd0 [ 31.748478] net_rx_action+0x466/0xfd0 [ 31.752342] ? napi_gro_frags+0x8f0/0x8f0 [ 31.756472] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 31.761921] __do_softirq+0x254/0xa1d [ 31.765701] do_softirq_own_stack+0x2a/0x40 [ 31.769994] [ 31.772205] do_softirq.part.0+0x154/0x1b0 [ 31.776419] ? ip_finish_output2+0xbc9/0x1340 [ 31.780894] __local_bh_enable_ip+0x12b/0x170 [ 31.785369] ip_finish_output2+0xbfc/0x1340 [ 31.789665] ? ip_send_check+0xb0/0xb0 [ 31.793527] ip_finish_output+0x37b/0xc50 [ 31.797651] ip_output+0x1cd/0x510 [ 31.801165] ? ip_mc_output+0xcb0/0xcb0 [ 31.805132] ? splice_direct_to_actor+0x27c/0x730 [ 31.809946] ? do_splice_direct+0x164/0x210 [ 31.814242] ? do_sendfile+0x47f/0xb30 [ 31.818104] ? ip_fragment.constprop.0+0x200/0x200 [ 31.823018] ip_local_out+0x93/0x170 [ 31.826708] ip_queue_xmit+0x7d3/0x1a80 [ 31.830667] __tcp_transmit_skb+0x17e2/0x2cb0 [ 31.835153] ? bictcp_cong_avoid+0xde0/0xde0 [ 31.839540] ? __tcp_select_window+0x680/0x680 [ 31.844111] tcp_write_xmit+0x69d/0x4e10 [ 31.848153] ? tcp_leave_memory_pressure+0xa/0xd0 [ 31.852969] __tcp_push_pending_frames+0xa0/0x2d0 [ 31.857786] tcp_push+0x3fd/0x5f0 [ 31.861213] ? tcp_tx_timestamp+0x17/0x250 [ 31.865419] do_tcp_sendpages+0x1223/0x1750 [ 31.869730] ? sk_stream_alloc_skb+0x760/0x760 [ 31.874289] tcp_sendpage_locked+0x81/0x130 [ 31.878588] tcp_sendpage+0x3a/0x60 [ 31.882190] inet_sendpage+0x155/0x590 [ 31.886050] ? tcp_sendpage_locked+0x130/0x130 [ 31.890602] ? inet_getname+0x3a0/0x3a0 [ 31.894548] sock_sendpage+0xdf/0x140 [ 31.898330] pipe_to_sendpage+0x226/0x2d0 [ 31.902462] ? sockfs_setattr+0x140/0x140 [ 31.906585] ? direct_splice_actor+0x160/0x160 [ 31.911142] __splice_from_pipe+0x326/0x7a0 [ 31.915437] ? direct_splice_actor+0x160/0x160 [ 31.919995] generic_splice_sendpage+0xc1/0x110 [ 31.924639] ? vmsplice_to_user+0x1b0/0x1b0 [ 31.928938] ? rw_verify_area+0xe1/0x2a0 [ 31.932970] ? vmsplice_to_user+0x1b0/0x1b0 [ 31.937281] direct_splice_actor+0x115/0x160 [ 31.941663] splice_direct_to_actor+0x27c/0x730 [ 31.946306] ? generic_pipe_buf_nosteal+0x10/0x10 [ 31.951123] ? do_splice_to+0x140/0x140 [ 31.955070] ? rw_verify_area+0xe1/0x2a0 [ 31.959106] do_splice_direct+0x164/0x210 [ 31.963226] ? splice_direct_to_actor+0x730/0x730 [ 31.968044] ? rw_verify_area+0xe1/0x2a0 [ 31.972079] do_sendfile+0x47f/0xb30 [ 31.975767] ? do_compat_writev+0x180/0x180 [ 31.980073] ? tcp_setsockopt+0x83/0xc0 [ 31.984022] SyS_sendfile64+0xff/0x110 [ 31.987885] ? SyS_sendfile+0x130/0x130 [ 31.991833] ? do_syscall_64+0x4c/0x640 [ 31.995778] ? SyS_sendfile+0x130/0x130 [ 31.999864] do_syscall_64+0x1d5/0x640 [ 32.003731] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 32.008897] RIP: 0033:0x4448d9 [ 32.012060] RSP: 002b:00007ffe5a8c18f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 32.019741] RAX: ffffffffffffffda RBX: 00007ffe5a8c1950 RCX: 00000000004448d9 [ 32.026985] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 [ 32.034231] RBP: 00007ffe5a8c1900 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 32.041477] R10: 000000010000edbe R11: 0000000000000246 R12: 0000000000000003 [ 32.048721] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 32.057039] Kernel Offset: disabled [ 32.060688] Rebooting in 86400 seconds..