[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.164' (ECDSA) to the list of known hosts. syzkaller login: [ 63.373157][ T6521] chnl_net:caif_netlink_parms(): no params data found [ 63.395081][ T6521] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.402896][ T6521] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.410197][ T6521] device bridge_slave_0 entered promiscuous mode [ 63.417602][ T6521] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.424807][ T6521] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.432105][ T6521] device bridge_slave_1 entered promiscuous mode [ 63.444487][ T6521] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.454233][ T6521] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.469163][ T6521] team0: Port device team_slave_0 added [ 63.475653][ T6521] team0: Port device team_slave_1 added [ 63.486717][ T6521] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.493857][ T6521] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.519901][ T6521] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.531059][ T6521] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.538006][ T6521] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.563889][ T6521] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.580789][ T6521] device hsr_slave_0 entered promiscuous mode [ 63.587180][ T6521] device hsr_slave_1 entered promiscuous mode [ 63.619916][ T6521] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.628150][ T6521] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 63.639474][ T6521] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 63.648242][ T6521] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 63.660326][ T6521] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.667486][ T6521] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.674722][ T6521] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.681722][ T6521] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.701712][ T6521] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.710324][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.718422][ T2991] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.726097][ T2991] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.733742][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 63.742421][ T6521] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.750590][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.758778][ T2958] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.765824][ T2958] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.781285][ T6521] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 63.791685][ T6521] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.803603][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.811853][ T2958] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.818902][ T2958] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.826654][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.834879][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.843026][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.851083][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.859128][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.866523][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.877485][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 63.885086][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 63.894466][ T6521] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.905823][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 63.918507][ T6521] device veth0_vlan entered promiscuous mode [ 63.924776][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 63.933104][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 63.940611][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 63.950492][ T6521] device veth1_vlan entered promiscuous mode [ 63.961914][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 63.969706][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 63.977742][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 63.987138][ T6521] device veth0_macvtap entered promiscuous mode [ 63.994890][ T6521] device veth1_macvtap entered promiscuous mode [ 64.005273][ T6521] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.012727][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 64.021138][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 64.030165][ T6521] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.037635][ T2958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 64.046796][ T6521] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.055554][ T6521] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 64.065401][ T6521] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.075188][ T6521] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.063549][ C1] vcan0: j1939_tp_rxtimer: 0xffff888118097400: rx timeout, send abort [ 65.071764][ C1] vcan0: j1939_tp_rxtimer: 0xffff888118097000: rx timeout, send abort [ 65.080055][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888118097400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 65.094333][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888118097000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 70.285075][ T6521] kmemleak: 52 new suspected memory leaks (see /sys/kernel/debug/kmemleak) [ 72.453543][ T6521] kmemleak: 13 new suspected memory leaks (see /sys/kernel/debug/kmemleak) BUG: memory leak unreferenced object 0xffff8881133d1d00 (size 232): comm "syz-executor303", pid 6840, jiffies 4294943681 (age 8.420s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 81 10 81 88 ff ff 00 0c 5b 16 81 88 ff ff ..........[..... backtrace: [] __alloc_skb+0x20f/0x280 [] alloc_skb_with_frags+0x6a/0x2b0 [] sock_alloc_send_pskb+0x353/0x3c0 [] j1939_sk_sendmsg+0x2cf/0x800 [] sock_sendmsg+0x56/0x80 [] sock_no_sendpage+0x8f/0xc0 [] kernel_sendpage.part.0+0xa3/0x140 [] sock_sendpage+0x5b/0x90 [] pipe_to_sendpage+0xa2/0x110 [] __splice_from_pipe+0x1e2/0x330 [] generic_splice_sendpage+0x6f/0xa0 [] direct_splice_actor+0x4b/0x70 [] splice_direct_to_actor+0x153/0x350 [] do_splice_direct+0xe8/0x150 [] do_sendfile+0x587/0x7e0 [] __x64_sys_sendfile64+0xe2/0x100 BUG: memory leak unreferenced object 0xffff8881133d1400 (size 232): comm "syz-executor303", pid 6840, jiffies 4294943681 (age 8.420s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 81 10 81 88 ff ff 00 0c 5b 16 81 88 ff ff ..........[..... backtrace: [] __alloc_skb+0x20f/0x280 [] alloc_skb_with_frags+0x6a/0x2b0 [] sock_alloc_send_pskb+0x353/0x3c0 [] j1939_sk_sendmsg+0x2cf/0x800 [] sock_sendmsg+0x56/0x80 [] sock_no_sendpage+0x8f/0xc0 [] kernel_sendpage.part.0+0xa3/0x140 [] sock_sendpage+0x5b/0x90 [] pipe_to_sendpage+0xa2/0x110 [] __splice_from_pipe+0x1e2/0x330 [] generic_splice_sendpage+0x6f/0xa0 [] direct_splice_actor+0x4b/0x70 [] splice_direct_to_actor+0x153/0x350 [] do_splice_direct+0xe8/0x150 [] do_sendfile+0x587/0x7e0 [] __x64_sys_sendfile64+0xe2/0x100 BUG: memory leak unreferenced object 0xffff888117a7a800 (size 1024): comm "syz-executor303", pid 6840, jiffies 4294943681 (age 8.420s) hex dump (first 32 bytes): 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] __alloc_skb+0xdf/0x280 [] alloc_skb_with_frags+0x6a/0x2b0 [] sock_alloc_send_pskb+0x353/0x3c0 [] j1939_sk_sendmsg+0x2cf/0x800 [] sock_sendmsg+0x56/0x80 [] sock_no_sendpage+0x8f/0xc0 [] kernel_sendpage.part.0+0xa3/0x140 [] sock_sendpage+0x5b/0x90 [] pipe_to_sendpage+0xa2/0x110 [] __splice_from_pipe+0x1e2/0x330 [] generic_splice_sendpage+0x6f/0xa0 [] direct_splice_actor+0x4b/0x70 [] splice_direct_to_actor+0x153/0x350 [] do_splice_direct+0xe8/0x150 [] do_sendfile+0x587/0x7e0 [] __x64_sys_sendfile64+0xe2/0x100