[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.3' (ECDSA) to the list of known hosts. 2020/08/27 14:41:22 parsed 1 programs syzkaller login: [ 550.960670][ T3676] kmemleak: Automatic memory scanning thread ended 2020/08/27 14:41:29 executed programs: 0 [ 558.309162][ T24] audit: type=1400 audit(1598539289.846:8): avc: denied { execmem } for pid=6493 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 559.417633][ T6494] IPVS: ftp: loaded support on port[0] = 21 [ 559.468850][ T6494] chnl_net:caif_netlink_parms(): no params data found [ 559.561397][ T6494] bridge0: port 1(bridge_slave_0) entered blocking state [ 559.568497][ T6494] bridge0: port 1(bridge_slave_0) entered disabled state [ 559.576332][ T6494] device bridge_slave_0 entered promiscuous mode [ 559.583287][ T6494] bridge0: port 2(bridge_slave_1) entered blocking state [ 559.590298][ T6494] bridge0: port 2(bridge_slave_1) entered disabled state [ 559.597775][ T6494] device bridge_slave_1 entered promiscuous mode [ 559.607639][ T6494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 559.617309][ T6494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 559.629627][ T6494] team0: Port device team_slave_0 added [ 559.635878][ T6494] team0: Port device team_slave_1 added [ 559.644683][ T6494] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 559.651600][ T6494] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 559.677869][ T6494] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 559.688987][ T6494] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 559.696143][ T6494] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 559.722223][ T6494] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 559.737805][ T6494] device hsr_slave_0 entered promiscuous mode [ 559.744219][ T6494] device hsr_slave_1 entered promiscuous mode [ 559.770658][ T6494] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 559.778001][ T6494] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 559.787674][ T6494] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 559.795597][ T6494] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 559.807178][ T6494] bridge0: port 2(bridge_slave_1) entered blocking state [ 559.814205][ T6494] bridge0: port 2(bridge_slave_1) entered forwarding state [ 559.821397][ T6494] bridge0: port 1(bridge_slave_0) entered blocking state [ 559.828402][ T6494] bridge0: port 1(bridge_slave_0) entered forwarding state [ 559.844597][ T6494] 8021q: adding VLAN 0 to HW filter on device bond0 [ 559.853091][ T6710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 559.860604][ T6710] bridge0: port 1(bridge_slave_0) entered disabled state [ 559.868338][ T6710] bridge0: port 2(bridge_slave_1) entered disabled state [ 559.876052][ T6710] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 559.884549][ T6494] 8021q: adding VLAN 0 to HW filter on device team0 [ 559.892426][ T2916] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 559.900496][ T2916] bridge0: port 1(bridge_slave_0) entered blocking state [ 559.907507][ T2916] bridge0: port 1(bridge_slave_0) entered forwarding state [ 559.921551][ T6494] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 559.932153][ T6494] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 559.943183][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 559.951295][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 559.958369][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 559.965900][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 559.974589][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 559.982665][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 559.990540][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 559.998452][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 560.005742][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 560.015815][ T2517] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 560.023252][ T2517] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 560.031914][ T6494] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 560.041980][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 560.053633][ T2517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 560.061514][ T2517] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 560.069160][ T2517] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 560.077282][ T6494] device veth0_vlan entered promiscuous mode [ 560.085068][ T6494] device veth1_vlan entered promiscuous mode [ 560.095283][ T6472] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 560.102976][ T6472] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 560.110594][ T6472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 560.119498][ T6494] device veth0_macvtap entered promiscuous mode [ 560.126851][ T6494] device veth1_macvtap entered promiscuous mode [ 560.136184][ T6494] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 560.143404][ T2517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 560.152010][ T2517] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 560.160811][ T6494] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 560.168187][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 560.177212][ T6494] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.186744][ T6494] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.196103][ T6494] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.205639][ T6494] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.482045][ T2517] Bluetooth: hci0: command 0x0409 tx timeout [ 563.551746][ T45] Bluetooth: hci0: command 0x041b tx timeout [ 565.631625][ T45] Bluetooth: hci0: command 0x040f tx timeout 2020/08/27 14:41:37 executed programs: 1 [ 567.711339][ T6472] Bluetooth: hci0: command 0x0419 tx timeout [ 569.711235][ T0] NOHZ: local_softirq_pending 08 2020/08/27 14:41:42 executed programs: 3 2020/08/27 14:41:48 executed programs: 5 [ 577.756902][ T6786] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) BUG: memory leak unreferenced object 0xffff88811324fd00 (size 224): comm "syz-executor.0", pid 6743, jiffies 4294993840 (age 18.400s) hex dump (first 32 bytes): a0 ec 09 13 81 88 ff ff a0 ec 09 13 81 88 ff ff ................ 00 40 2e 13 81 88 ff ff 00 00 00 00 00 00 00 00 .@.............. backtrace: [<000000002376aa4b>] __build_skb+0x1f/0x100 [<00000000f2d6617f>] __napi_alloc_skb+0xe5/0x140 [<00000000ea64bec6>] napi_get_frags+0x3a/0x70 [<0000000016172525>] tun_get_user+0xa43/0x1660 [<0000000097959d6d>] tun_chr_write_iter+0x66/0xa0 [<00000000356deaaf>] new_sync_write+0x173/0x210 [<00000000f434eeae>] __kernel_write+0x140/0x1f0 [<00000000ff1a18eb>] write_pipe_buf+0x61/0x80 [<00000000c15bfc1d>] __splice_from_pipe+0x154/0x290 [<00000000b9b0a894>] do_splice+0x772/0x8d0 [<00000000c3b39cb6>] __x64_sys_splice+0xaa/0x110 [<00000000deccd7b6>] do_syscall_64+0x2d/0x70 [<0000000012979010>] entry_SYSCALL_64_after_hwframe+0x44/0xa9