[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.144' (ECDSA) to the list of known hosts. syzkaller login: [ 30.183815] IPVS: ftp: loaded support on port[0] = 21 [ 30.249436] chnl_net:caif_netlink_parms(): no params data found [ 30.323667] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.330775] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.338281] device bridge_slave_0 entered promiscuous mode [ 30.345644] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.352005] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.359943] device bridge_slave_1 entered promiscuous mode [ 30.375696] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 30.384166] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 30.401955] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 30.409456] team0: Port device team_slave_0 added [ 30.415701] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 30.422716] team0: Port device team_slave_1 added [ 30.437546] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.443896] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.469605] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.480970] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.487580] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.513240] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.523920] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 30.531641] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 30.549504] device hsr_slave_0 entered promiscuous mode [ 30.555617] device hsr_slave_1 entered promiscuous mode [ 30.561345] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 30.568966] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 30.626813] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.633201] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.639981] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.646394] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.672682] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 30.679468] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.687528] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 30.696462] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.714782] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.721680] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.731458] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 30.737641] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.745700] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.753265] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.759721] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.775388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.782908] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.789265] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.796901] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 30.804646] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 30.812507] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 30.821479] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 30.831986] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.842426] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 30.850309] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 30.857796] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 30.870098] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 30.877428] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 30.884220] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 30.893522] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.941384] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 30.950567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.976444] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 30.983290] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 30.990380] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 30.999380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 31.007128] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 31.014541] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 31.022756] device veth0_vlan entered promiscuous mode [ 31.030686] device veth1_vlan entered promiscuous mode [ 31.036740] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 31.045764] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 31.056250] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 31.065080] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 31.072152] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 31.079604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 31.088436] device veth0_macvtap entered promiscuous mode [ 31.095041] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 31.102956] device veth1_macvtap entered promiscuous mode [ 31.111760] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 31.120554] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 31.129746] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.136871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 31.145321] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 31.155260] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.161906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 31.233000] ip_tables: iptables: counters copy to user failed while replacing table [ 31.241936] lo: caps=(0x00000144401d7c69, 0x00000144401d7c69) len=2552 data_len=1092 gso_size=500 gso_type=1 ip_summed=3 [ 31.244848] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 31.253240] ------------[ cut here ]------------ [ 31.264221] WARNING: CPU: 0 PID: 7986 at net/core/dev.c:2609 skb_warn_bad_offload.cold+0x1d1/0x44d [ 31.273328] Kernel panic - not syncing: panic_on_warn set ... [ 31.273328] [ 31.280671] CPU: 0 PID: 7986 Comm: syz-executor318 Not tainted 4.14.213-syzkaller #0 [ 31.288523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.297857] Call Trace: [ 31.300425] dump_stack+0x1b2/0x283 [ 31.304028] panic+0x1f9/0x42d [ 31.307200] ? add_taint.cold+0x16/0x16 [ 31.311152] ? skb_warn_bad_offload.cold+0x1d1/0x44d [ 31.316228] ? skb_warn_bad_offload.cold+0x1d1/0x44d [ 31.321304] __warn.cold+0x20/0x4b [ 31.324819] ? ist_end_non_atomic+0x10/0x10 [ 31.329210] ? skb_warn_bad_offload.cold+0x1d1/0x44d [ 31.334333] report_bug+0x208/0x249 [ 31.338074] do_error_trap+0x195/0x2d0 [ 31.341938] ? math_error+0x2d0/0x2d0 [ 31.345716] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.350539] invalid_op+0x1b/0x40 [ 31.354003] RIP: 0010:skb_warn_bad_offload.cold+0x1d1/0x44d [ 31.359683] RSP: 0018:ffff88809cf3f340 EFLAGS: 00010282 [ 31.365055] RAX: 000000000000006c RBX: ffff88809c0b5828 RCX: 0000000000000000 [ 31.372357] RDX: 0000000000000000 RSI: ffffffff878bbac0 RDI: ffffed10139e7e5e [ 31.379601] RBP: ffff8880a4ddc7d0 R08: 000000000000006c R09: 0000000000000000 [ 31.386960] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880a4ddc700 [ 31.394201] R13: 00000000000001f4 R14: 0000000000000444 R15: 00000000000009f8 [ 31.401458] skb_checksum_help+0x627/0x7d0 [ 31.405668] ? mark_held_locks+0xa6/0xf0 [ 31.409701] ? __local_bh_enable_ip+0xc1/0x170 [ 31.414272] checksum_tg+0x52/0x65 [ 31.417784] ipt_do_table+0xa9a/0x16f0 [ 31.421651] ? trace_hardirqs_on+0x10/0x10 [ 31.425871] ? ipt_alloc_initial_table+0x630/0x630 [ 31.430794] ? kasan_kmalloc+0x139/0x160 [ 31.434831] iptable_mangle_hook+0x9c/0x560 [ 31.439128] nf_hook_slow+0xb0/0x1a0 [ 31.442819] ip_output+0x2e7/0x510 [ 31.446340] ? ip_mc_output+0xcb0/0xcb0 [ 31.450326] ? ip_fragment.constprop.0+0x200/0x200 [ 31.455232] ip_local_out+0x93/0x170 [ 31.458919] ip_queue_xmit+0x7d3/0x1a80 [ 31.462909] __tcp_transmit_skb+0x17e2/0x2cb0 [ 31.467379] ? bictcp_cong_avoid+0xde0/0xde0 [ 31.471795] ? __tcp_select_window+0x680/0x680 [ 31.476357] tcp_write_xmit+0x654/0x5570 [ 31.480443] ? _copy_from_iter_full+0x1c9/0x690 [ 31.485084] ? __phys_addr_symbol+0x1f/0x60 [ 31.489391] ? __sk_mem_schedule+0x99/0xd0 [ 31.493609] tcp_sendmsg_locked+0x14e6/0x2ef0 [ 31.498093] ? tcp_sendpage+0x60/0x60 [ 31.501890] ? __local_bh_enable_ip+0xc1/0x170 [ 31.506476] tcp_sendmsg+0x2b/0x40 [ 31.509990] inet_sendmsg+0x11a/0x4e0 [ 31.513765] ? security_socket_sendmsg+0x83/0xb0 [ 31.518511] ? inet_recvmsg+0x4d0/0x4d0 [ 31.522469] sock_sendmsg+0xb5/0x100 [ 31.526170] sock_write_iter+0x22c/0x370 [ 31.530204] ? sock_sendmsg+0x100/0x100 [ 31.534155] ? tcp_sendmsg+0x36/0x40 [ 31.537865] ? iov_iter_init+0xa6/0x1c0 [ 31.541818] __vfs_write+0x44c/0x630 [ 31.545508] ? kernel_read+0x110/0x110 [ 31.549388] ? rw_verify_area+0xe1/0x2a0 [ 31.553430] vfs_write+0x17f/0x4d0 [ 31.556944] SyS_write+0xf2/0x210 [ 31.560371] ? SyS_read+0x210/0x210 [ 31.563982] ? __do_page_fault+0x159/0xad0 [ 31.568190] ? do_syscall_64+0x4c/0x640 [ 31.572148] ? SyS_read+0x210/0x210 [ 31.575751] do_syscall_64+0x1d5/0x640 [ 31.579621] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.584782] RIP: 0033:0x444479 [ 31.587943] RSP: 002b:00007ffd59e6b9e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 31.595624] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000444479 [ 31.602868] RDX: 0000000100000530 RSI: 0000000020000300 RDI: 0000000000000005 [ 31.610124] RBP: 00007ffd59e6ba00 R08: 0000000000000014 R09: 0000000000000010 [ 31.617382] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd59e6ba10 [ 31.624632] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 31.632701] Kernel Offset: disabled [ 31.636377] Rebooting in 86400 seconds..