[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.67' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory syzkaller login: [ 29.629275] skbuff: skb_over_panic: text:ffffffff864f820d len:232 put:72 head:ffff8880ab5c65c0 data:ffff8880ab5c65c0 tail:0xe8 end:0xc0 dev: [ 29.730549] ------------[ cut here ]------------ [ 29.735329] kernel BUG at net/core/skbuff.c:104! [ 29.829878] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 29.835269] Modules linked in: [ 29.838454] CPU: 1 PID: 7991 Comm: syz-executor341 Not tainted 4.14.284-syzkaller #0 [ 29.846322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.855671] task: ffff888096670080 task.stack: ffff88809a358000 [ 29.861729] RIP: 0010:skb_panic+0x172/0x174 [ 29.866040] RSP: 0018:ffff88809a35f1c8 EFLAGS: 00010282 [ 29.871398] RAX: 0000000000000086 RBX: ffff8880b0048e80 RCX: 0000000000000000 [ 29.878656] RDX: 0000000000000000 RSI: ffffffff878bc800 RDI: ffffed101346be2f [ 29.885915] RBP: ffffffff8855bb20 R08: 0000000000000086 R09: 0000000000000000 [ 29.893175] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff864f820d [ 29.900440] R13: 0000000000000048 R14: ffffffff8855b380 R15: 00000000000000c0 [ 29.907702] FS: 00007fe8aad22700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 [ 29.916007] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.921895] CR2: 00007ffd3bba3ff8 CR3: 00000000b100a000 CR4: 00000000003406e0 [ 29.929162] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.936422] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.943680] Call Trace: [ 29.946264] ? pfkey_send_acquire+0x161d/0x2360 [ 29.950925] skb_put.cold+0x24/0x24 [ 29.954548] pfkey_send_acquire+0x161d/0x2360 [ 29.959046] km_query+0xa9/0x1b0 [ 29.962408] xfrm_state_find+0x1847/0x27c0 [ 29.966640] ? xfrm_state_afinfo_get_rcu+0xb0/0xb0 [ 29.971563] ? __lock_acquire+0x5fc/0x3f20 [ 29.975790] xfrm_resolve_and_create_bundle+0x29b/0x2630 [ 29.981233] ? trace_hardirqs_on+0x10/0x10 [ 29.985459] ? perf_trace_lock+0x412/0x490 [ 29.989691] ? xfrm_net_init+0x970/0x970 [ 29.993744] ? xfrm_sk_policy_lookup+0x2b4/0x450 [ 29.998496] ? lock_acquire+0x170/0x3f0 [ 30.002468] ? lock_downgrade+0x740/0x740 [ 30.006610] ? xfrm_sk_policy_lookup+0x2db/0x450 [ 30.011358] ? xfrm_expand_policies+0x36e/0x520 [ 30.016017] xfrm_lookup+0x1ee/0x1790 [ 30.019822] ? rt_set_nexthop.constprop.0+0x662/0xd20 [ 30.025008] ? xfrm_expand_policies+0x520/0x520 [ 30.029704] ? ip_route_output_key_hash+0x1d6/0x2a0 [ 30.034720] ? ip_route_output_key_hash_rcu+0x29f0/0x29f0 [ 30.040253] ? udp_sendmsg+0xe43/0x1c80 [ 30.044226] xfrm_lookup_route+0x33/0x1b0 [ 30.048375] ip_route_output_flow+0xf9/0x130 [ 30.052784] udp_sendmsg+0x13b3/0x1c80 [ 30.056679] ? ip_do_fragment+0x1fb0/0x1fb0 [ 30.060994] ? udp_seq_next+0xa0/0xa0 [ 30.064791] ? __might_fault+0x104/0x1b0 [ 30.068842] ? rw_copy_check_uvector+0x1dd/0x2b0 [ 30.073590] ? lock_acquire+0x170/0x3f0 [ 30.077560] ? dup_iter+0x240/0x240 [ 30.081182] ? copy_msghdr_from_user+0x218/0x3b0 [ 30.085931] ? kernel_recvmsg+0x210/0x210 [ 30.090068] inet_sendmsg+0x11a/0x4e0 [ 30.093856] ? security_socket_sendmsg+0x83/0xb0 [ 30.098601] ? inet_recvmsg+0x4d0/0x4d0 [ 30.102566] sock_sendmsg+0xb5/0x100 [ 30.106266] ___sys_sendmsg+0x326/0x800 [ 30.110229] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 30.114975] ? trace_hardirqs_on+0x10/0x10 [ 30.119198] ? __fget+0x23e/0x3e0 [ 30.122643] ? lock_acquire+0x170/0x3f0 [ 30.126606] ? lock_downgrade+0x740/0x740 [ 30.130749] ? __might_fault+0x104/0x1b0 [ 30.134803] ? lock_acquire+0x170/0x3f0 [ 30.138775] __sys_sendmmsg+0x129/0x330 [ 30.142740] ? SyS_sendmsg+0x40/0x40 [ 30.146453] ? bpf_prog_get+0x20/0x20 [ 30.150245] ? ip_setsockopt+0x43/0xb0 [ 30.154135] ? SyS_futex+0x1da/0x290 [ 30.157850] ? SyS_futex+0x1e3/0x290 [ 30.161557] ? do_futex+0x1570/0x1570 [ 30.165349] SyS_sendmmsg+0x2f/0x50 [ 30.168963] ? __sys_sendmmsg+0x330/0x330 [ 30.173104] do_syscall_64+0x1d5/0x640 [ 30.176987] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.182164] RIP: 0033:0x7fe8aad999e9 [ 30.185860] RSP: 002b:00007fe8aad22308 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 30.193558] RAX: ffffffffffffffda RBX: 00007fe8aae1b3f8 RCX: 00007fe8aad999e9 [ 30.200820] RDX: 000000000800001d RSI: 0000000020007fc0 RDI: 0000000000000003 [ 30.208083] RBP: 00007fe8aae1b3f0 R08: 0000000000000000 R09: 0000000000000000 [ 30.215348] R10: 000000a742250118 R11: 0000000000000246 R12: 00007fe8aae1b3fc [ 30.222611] R13: 00007fe8aade82bc R14: 0100000000000000 R15: 0000000000022000 [ 30.229875] Code: 8b 4c 24 10 8b 8b 80 00 00 00 41 56 45 89 e8 4c 89 e2 41 57 48 89 ee 48 c7 c7 c0 b3 55 88 ff 74 24 10 ff 74 24 20 e8 04 6b e4 ff <0f> 0b e8 78 ac 36 fa 4c 8b 64 24 18 e8 2e 4e 60 fa 48 c7 c1 e0 [ 30.249031] RIP: skb_panic+0x172/0x174 RSP: ffff88809a35f1c8 [ 30.325449] ---[ end trace 5881563e2561e955 ]--- [ 30.330316] Kernel panic - not syncing: Fatal exception [ 30.335834] Kernel Offset: disabled [ 30.339447] Rebooting in 86400 seconds..