[ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.93' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 31.565671] skbuff: skb_over_panic: text:ffffffff85cf6adc len:692 put:3 head:ffff88809875ad80 data:ffff88809875ad8e tail:0x2c2 end:0x2c0 dev:bond0 [ 31.579791] ------------[ cut here ]------------ [ 31.584748] kernel BUG at net/core/skbuff.c:104! [ 31.591019] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 31.596393] Modules linked in: [ 31.599794] CPU: 0 PID: 7972 Comm: syz-executor626 Not tainted 4.14.232-syzkaller #0 [ 31.607737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.617071] task: ffff88809d6685c0 task.stack: ffff88809eab8000 [ 31.623112] RIP: 0010:skb_panic+0x172/0x174 [ 31.627411] RSP: 0018:ffff88809eabf888 EFLAGS: 00010282 [ 31.632841] RAX: 0000000000000086 RBX: ffff888099216900 RCX: 0000000000000000 [ 31.640091] RDX: 0000000000000000 RSI: ffffffff878bbbc0 RDI: ffffed1013d57f07 [ 31.647447] RBP: ffffffff885571e0 R08: 0000000000000086 R09: 0000000000000000 [ 31.654694] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff85cf6adc [ 31.661957] R13: 0000000000000003 R14: ffff8880ac2b4440 R15: 00000000000002c0 [ 31.669294] FS: 0000000002025300(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 [ 31.677689] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.683564] CR2: 000055845ea058f0 CR3: 00000000af111000 CR4: 00000000001406f0 [ 31.690838] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.698539] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.705910] Call Trace: [ 31.708479] ? iov_iter_advance+0x1c9/0xc00 [ 31.712783] ? llc_sap_action_send_xid_c+0x23c/0x2f0 [ 31.717882] ? llc_sap_action_send_ui+0x240/0x240 [ 31.722792] skb_put.cold+0x24/0x24 [ 31.726398] llc_sap_action_send_xid_c+0x23c/0x2f0 [ 31.731649] llc_sap_state_process+0x20b/0x490 [ 31.736242] llc_ui_sendmsg+0x8e1/0xe80 [ 31.740240] ? llc_ui_connect+0xab0/0xab0 [ 31.744376] ? copy_msghdr_from_user+0x218/0x3b0 [ 31.749110] ? kernel_recvmsg+0x210/0x210 [ 31.753334] ? security_socket_sendmsg+0x83/0xb0 [ 31.758166] ? llc_ui_connect+0xab0/0xab0 [ 31.762295] sock_sendmsg+0xb5/0x100 [ 31.765986] ___sys_sendmsg+0x326/0x800 [ 31.770023] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 31.774860] ? trace_hardirqs_on+0x10/0x10 [ 31.779110] ? trace_hardirqs_on+0x10/0x10 [ 31.783628] ? trace_hardirqs_on+0x10/0x10 [ 31.787871] ? schedule_timeout+0x500/0xe90 [ 31.792175] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 31.797278] ? reacquire_held_locks+0xb5/0x3f0 [ 31.801838] ? release_sock+0x1b/0x1b0 [ 31.805704] ? llc_ui_connect+0x45b/0xab0 [ 31.809832] ? lock_downgrade+0x740/0x740 [ 31.813956] ? __fdget+0x167/0x1f0 [ 31.817643] ? sockfd_lookup_light+0xb2/0x160 [ 31.822156] __sys_sendmmsg+0x129/0x330 [ 31.826110] ? SyS_sendmsg+0x40/0x40 [ 31.829892] ? security_socket_connect+0x83/0xb0 [ 31.834857] ? llc_ui_autobind.isra.0+0x3e0/0x3e0 [ 31.840043] ? SyS_connect+0xf6/0x240 [ 31.844174] ? SyS_accept+0x30/0x30 [ 31.848147] ? up_read+0x17/0x30 [ 31.851495] SyS_sendmmsg+0x2f/0x50 [ 31.855138] ? __sys_sendmmsg+0x330/0x330 [ 31.859268] do_syscall_64+0x1d5/0x640 [ 31.863135] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.868311] RIP: 0033:0x43f319 [ 31.872187] RSP: 002b:00007ffe7b827eb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 31.879996] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f319 [ 31.887246] RDX: 0000000000000006 RSI: 0000000020005bc0 RDI: 0000000000000003 [ 31.894981] RBP: 0000000000403300 R08: 0000000000400488 R09: 0000000000400488 [ 31.902249] R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000403390 [ 31.909661] R13: 0000000000000000 R14: 00000000004ad018 R15: 0000000000400488 [ 31.917356] Code: 8b 4c 24 10 8b 8b 80 00 00 00 41 56 45 89 e8 4c 89 e2 41 57 48 89 ee 48 c7 c7 80 6a 55 88 ff 74 24 10 ff 74 24 20 e8 1c 6e e4 ff <0f> 0b e8 e1 56 38 fa 4c 8b 64 24 18 e8 47 e5 61 fa 48 c7 c1 a0 [ 31.936881] RIP: skb_panic+0x172/0x174 RSP: ffff88809eabf888 [ 31.945155] ---[ end trace 50a73ff038f36254 ]--- [ 31.949913] Kernel panic - not syncing: Fatal exception [ 31.957043] Kernel Offset: disabled [ 31.960785] Rebooting in 86400 seconds..