[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.209' (ECDSA) to the list of known hosts. 2020/03/29 20:51:07 parsed 1 programs syzkaller login: [ 64.158111][ T3824] kmemleak: Automatic memory scanning thread ended 2020/03/29 20:51:16 executed programs: 0 [ 71.734003][ T25] audit: type=1400 audit(1585515076.385:8): avc: denied { execmem } for pid=6625 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 71.742744][ T6626] IPVS: ftp: loaded support on port[0] = 21 [ 71.790097][ T6626] chnl_net:caif_netlink_parms(): no params data found [ 71.858632][ T6626] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.865692][ T6626] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.873106][ T6626] device bridge_slave_0 entered promiscuous mode [ 71.880065][ T6626] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.887421][ T6626] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.894824][ T6626] device bridge_slave_1 entered promiscuous mode [ 71.904535][ T6626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.914264][ T6626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.926411][ T6626] team0: Port device team_slave_0 added [ 71.932458][ T6626] team0: Port device team_slave_1 added [ 71.940897][ T6626] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.947849][ T6626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.973707][ T6626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.984673][ T6626] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.991616][ T6626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.017485][ T6626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.077376][ T6626] device hsr_slave_0 entered promiscuous mode [ 72.126437][ T6626] device hsr_slave_1 entered promiscuous mode [ 72.205991][ T6626] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 72.237326][ T6626] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 72.307153][ T6626] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 72.347137][ T6626] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 72.390956][ T6626] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.398067][ T6626] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.405293][ T6626] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.412355][ T6626] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.430050][ T6626] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.438458][ T6829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.446042][ T6829] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.453709][ T6829] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.461861][ T6829] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 72.470734][ T6626] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.478638][ T3903] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.487343][ T3903] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.494371][ T3903] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.508562][ T6626] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 72.519195][ T6626] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 72.530489][ T3903] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.539213][ T3903] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.546300][ T3903] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.553983][ T3903] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 72.562558][ T3903] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 72.570799][ T3903] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 72.578871][ T3903] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 72.587045][ T3903] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 72.594388][ T3903] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 72.604659][ T6829] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 72.612347][ T6829] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 72.621367][ T6626] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.631894][ T6829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 72.643948][ T6626] device veth0_vlan entered promiscuous mode [ 72.650285][ T3574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 72.658401][ T3574] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 72.665820][ T3574] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 72.675426][ T6626] device veth1_vlan entered promiscuous mode [ 72.685871][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 72.693932][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 72.701681][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 72.710556][ T6626] device veth0_macvtap entered promiscuous mode [ 72.718215][ T6626] device veth1_macvtap entered promiscuous mode [ 72.728144][ T6626] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.735371][ T3574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 72.744134][ T3574] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 72.753354][ T6626] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.760664][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 72.802964][ T6849] ubi0: attaching mtd0 [ 72.807603][ T6849] ubi0: scanning is finished [ 72.812216][ T6849] ubi0: empty MTD device detected [ 72.856997][ T6849] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 72.864493][ T6849] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 72.872290][ T6849] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 72.879528][ T6849] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 72.887102][ T6849] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 72.894287][ T6849] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 72.902748][ T6849] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3040872058 [ 72.913051][ T6849] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 72.923333][ T6853] ubi0: background thread "ubi_bgt0d" started, PID 6853 2020/03/29 20:51:23 executed programs: 1 [ 78.705657][ T6859] ubi0: detaching mtd0 [ 78.710200][ T6859] ubi0: mtd0 is detached [ 78.714554][ T6859] ubi0: attaching mtd0 [ 78.718824][ T6859] ubi0: scanning is finished [ 78.776721][ T6859] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 78.784217][ T6859] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 78.791679][ T6859] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 78.798768][ T6859] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 78.806243][ T6859] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 78.812987][ T6859] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 78.820983][ T6859] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3040872058 [ 78.830976][ T6859] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 78.841197][ T6862] ubi0: background thread "ubi_bgt0d" started, PID 6862 [ 78.850330][ T6865] ubi0: detaching mtd0 [ 78.854719][ T6865] ubi0: mtd0 is detached [ 78.859224][ T6865] ubi0: attaching mtd0 [ 78.863478][ T6865] ubi0: scanning is finished [ 78.896511][ T6865] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 78.904149][ T6865] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 78.911763][ T6865] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 78.919666][ T6865] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 78.927203][ T6865] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 78.933990][ T6865] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 78.942474][ T6865] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3040872058 [ 78.952728][ T6865] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 78.962950][ T6871] ubi0: background thread "ubi_bgt0d" started, PID 6871 [ 82.045562][ T0] NOHZ: local_softirq_pending 08 [ 84.570396][ T6873] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) BUG: memory leak unreferenced object 0xffff888127e7abc0 (size 32): comm "syz-executor.0", pid 6849, jiffies 4294944549 (age 14.260s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 ................ backtrace: [<000000003fb89b12>] erase_aeb+0x25/0x110 [<00000000e2dc5711>] ubi_wl_init+0x193/0x5c0 [<000000005f1f9f56>] ubi_attach+0x611/0x18ba [<0000000071a1d6dd>] ubi_attach_mtd_dev+0x584/0xca0 [<00000000f79b3afb>] ctrl_cdev_ioctl+0x143/0x1b0 [<00000000061677b0>] ksys_ioctl+0xa6/0xd0 [<00000000d661f952>] __x64_sys_ioctl+0x1a/0x20 [<00000000ac3fb95d>] do_syscall_64+0x6e/0x220 [<00000000d1c34836>] entry_SYSCALL_64_after_hwframe+0x44/0xa9