[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.60' (ECDSA) to the list of known hosts. syzkaller login: [ 32.374598] IPVS: ftp: loaded support on port[0] = 21 [ 32.447232] chnl_net:caif_netlink_parms(): no params data found [ 32.577423] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.583994] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.591802] device bridge_slave_0 entered promiscuous mode [ 32.598525] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.605766] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.612975] device bridge_slave_1 entered promiscuous mode [ 32.628654] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 32.638062] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 32.655414] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 32.662620] team0: Port device team_slave_0 added [ 32.667949] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 32.675984] team0: Port device team_slave_1 added [ 32.691044] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 32.697303] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.723216] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 32.734734] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 32.741368] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.766989] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 32.778017] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 32.785426] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 32.802969] device hsr_slave_0 entered promiscuous mode [ 32.808526] device hsr_slave_1 entered promiscuous mode [ 32.815188] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 32.822339] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 32.881394] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.887802] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.894742] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.901140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.929087] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 32.935953] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.945006] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 32.953633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 32.961802] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.978745] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.988481] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 32.994722] 8021q: adding VLAN 0 to HW filter on device team0 [ 33.003142] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.011177] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.017505] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.036985] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 33.047062] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 33.058384] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 33.066175] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.074156] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.080534] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.087898] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 33.095889] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 33.103532] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.111119] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.118905] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 33.125880] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 33.138338] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 33.146113] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 33.153199] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 33.164689] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.214616] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 33.224537] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.254227] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 33.261695] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 33.268069] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 33.277679] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.285675] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.293105] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.302668] device veth0_vlan entered promiscuous mode [ 33.311528] device veth1_vlan entered promiscuous mode [ 33.317287] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 33.325720] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 33.336296] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 33.345563] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 33.353070] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 33.360694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.370543] device veth0_macvtap entered promiscuous mode [ 33.376506] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 33.384916] device veth1_macvtap entered promiscuous mode [ 33.393187] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 33.402241] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 33.411630] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.418220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 33.427459] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 33.435756] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 33.445348] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 33.452235] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.458742] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 33.466871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 33.545808] ip_tables: iptables: counters copy to user failed while replacing table [ 33.555589] : caps=(0x0000000000000000, 0x00000144401d7c69) len=632 data_len=0 gso_size=116 gso_type=1 ip_summed=3 [ 33.566412] ------------[ cut here ]------------ [ 33.571171] WARNING: CPU: 0 PID: 8218 at net/core/dev.c:2609 skb_warn_bad_offload.cold+0x1d1/0x44d [ 33.580269] Kernel panic - not syncing: panic_on_warn set ... [ 33.580269] [ 33.587618] CPU: 0 PID: 8218 Comm: syz-executor651 Not tainted 4.14.212-syzkaller #0 [ 33.595481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.604843] Call Trace: [ 33.607435] dump_stack+0x1b2/0x283 [ 33.611055] panic+0x1f9/0x42d [ 33.614242] ? add_taint.cold+0x16/0x16 [ 33.618205] ? skb_warn_bad_offload.cold+0x1d1/0x44d [ 33.623299] ? skb_warn_bad_offload.cold+0x1d1/0x44d [ 33.628404] __warn.cold+0x20/0x4b [ 33.631933] ? ist_end_non_atomic+0x10/0x10 [ 33.636264] ? skb_warn_bad_offload.cold+0x1d1/0x44d [ 33.641355] report_bug+0x208/0x249 [ 33.644989] do_error_trap+0x195/0x2d0 [ 33.648861] ? math_error+0x2d0/0x2d0 [ 33.652695] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.657527] invalid_op+0x1b/0x40 [ 33.660986] RIP: 0010:skb_warn_bad_offload.cold+0x1d1/0x44d [ 33.666680] RSP: 0018:ffff8880b0b172c8 EFLAGS: 00010282 [ 33.672031] RAX: 0000000000000066 RBX: ffff8880afbed828 RCX: 0000000000000000 [ 33.679308] RDX: 0000000000000000 RSI: ffffffff878bbac0 RDI: ffffed1016162e4f [ 33.686568] RBP: ffffffff88559320 R08: 0000000000000066 R09: 0000000000000000 [ 33.693821] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff88557080 [ 33.701073] R13: 0000000000000074 R14: 0000000000000000 R15: 0000000000000278 [ 33.708359] ? skb_warn_bad_offload.cold+0x1d1/0x44d [ 33.713457] skb_checksum_help+0x627/0x7d0 [ 33.717681] ? trace_hardirqs_on_caller+0x288/0x580 [ 33.722680] ? quota_mt+0xf7/0x150 [ 33.726223] checksum_tg+0x52/0x65 [ 33.729779] ipt_do_table+0xa9a/0x16f0 [ 33.733662] ? trace_hardirqs_on+0x10/0x10 [ 33.737896] ? ipt_alloc_initial_table+0x630/0x630 [ 33.742815] ? kasan_kmalloc+0x139/0x160 [ 33.746863] iptable_mangle_hook+0x2d5/0x560 [ 33.751264] nf_hook_slow+0xb0/0x1a0 [ 33.754973] __ip_local_out+0x398/0x730 [ 33.758934] ? __ip_flush_pending_frames.constprop.0+0x2c0/0x2c0 [ 33.765061] ? is_bpf_text_address+0xb8/0x150 [ 33.769568] ? ip_forward_options.cold+0x1f/0x1f [ 33.774315] ? check_preemption_disabled+0x35/0x240 [ 33.779322] ip_local_out+0x25/0x170 [ 33.783023] ip_queue_xmit+0x7d3/0x1a80 [ 33.786986] __tcp_transmit_skb+0x17e2/0x2cb0 [ 33.791486] ? bictcp_cong_avoid+0xde0/0xde0 [ 33.796060] ? __tcp_select_window+0x680/0x680 [ 33.800665] tcp_write_xmit+0x69d/0x4e10 [ 33.804738] ? iov_iter_advance+0x1c9/0xc00 [ 33.809061] __tcp_push_pending_frames+0xa0/0x2d0 [ 33.813897] tcp_push+0x3fd/0x5f0 [ 33.817337] ? tcp_tx_timestamp+0x17/0x250 [ 33.821561] tcp_sendmsg_locked+0x2153/0x2ef0 [ 33.826117] ? tcp_sendpage+0x60/0x60 [ 33.829924] ? __local_bh_enable_ip+0xc1/0x170 [ 33.834505] tcp_sendmsg+0x2b/0x40 [ 33.838034] inet_sendmsg+0x11a/0x4e0 [ 33.841825] ? security_socket_sendmsg+0x83/0xb0 [ 33.846566] ? inet_recvmsg+0x4d0/0x4d0 [ 33.850545] sock_sendmsg+0xb5/0x100 [ 33.854260] sock_write_iter+0x22c/0x370 [ 33.858321] ? sock_sendmsg+0x100/0x100 [ 33.862284] ? lock_sock_nested+0x98/0x100 [ 33.866503] ? iov_iter_init+0xa6/0x1c0 [ 33.870466] __vfs_write+0x44c/0x630 [ 33.874163] ? kernel_read+0x110/0x110 [ 33.878044] ? rw_verify_area+0xe1/0x2a0 [ 33.882092] vfs_write+0x17f/0x4d0 [ 33.885622] SyS_write+0xf2/0x210 [ 33.889081] ? SyS_read+0x210/0x210 [ 33.892745] ? __do_page_fault+0x159/0xad0 [ 33.896965] ? do_syscall_64+0x4c/0x640 [ 33.900932] ? SyS_read+0x210/0x210 [ 33.904548] do_syscall_64+0x1d5/0x640 [ 33.908424] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.913619] RIP: 0033:0x44a399 [ 33.916792] RSP: 002b:00007fb4dd7a4d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 33.924483] RAX: ffffffffffffffda RBX: 00000000006e0c48 RCX: 000000000044a399 [ 33.931739] RDX: 0000000000002bcf RSI: 0000000020000100 RDI: 0000000000000003 [ 33.939005] RBP: 00000000006e0c40 R08: 0000000000000000 R09: 0000000000000000 [ 33.946267] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006e0c4c [ 33.953530] R13: 0000000000000000 R14: 0000000000000000 R15: 00000000004c5454 [ 33.961355] Kernel Offset: disabled [ 33.965001] Rebooting in 86400 seconds..