DUID 00:04:f2:44:87:71:f8:0d:58:ee:4a:2e:c3:89:cb:7d:08:0c forked to background, child pid 3170 [ 11.882353][ T3171] 8021q: adding VLAN 0 to HW filter on device bond0 [ 11.886011][ T3171] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 69.875900][ T142] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.119' (ECDSA) to the list of known hosts. 2022/04/03 16:09:17 parsed 1 programs [ 1109.212570][ T3662] cgroup: Unknown subsys name 'net' [ 1109.337682][ T3662] cgroup: Unknown subsys name 'rlimit' 2022/04/03 16:09:24 executed programs: 0 [ 1117.556293][ T3671] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1117.563433][ T3673] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1117.570448][ T3673] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1117.577584][ T3671] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1117.584670][ T3671] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1117.591837][ T3671] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1117.620593][ T3670] chnl_net:caif_netlink_parms(): no params data found [ 1117.637496][ T3670] bridge0: port 1(bridge_slave_0) entered blocking state [ 1117.644562][ T3670] bridge0: port 1(bridge_slave_0) entered disabled state [ 1117.652006][ T3670] device bridge_slave_0 entered promiscuous mode [ 1117.658913][ T3670] bridge0: port 2(bridge_slave_1) entered blocking state [ 1117.665985][ T3670] bridge0: port 2(bridge_slave_1) entered disabled state [ 1117.673258][ T3670] device bridge_slave_1 entered promiscuous mode [ 1117.683809][ T3670] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1117.693522][ T3670] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1117.706564][ T3670] team0: Port device team_slave_0 added [ 1117.712835][ T3670] team0: Port device team_slave_1 added [ 1117.722041][ T3670] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1117.729117][ T3670] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1117.755108][ T3670] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1117.766164][ T3670] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1117.773077][ T3670] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1117.798946][ T3670] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1117.814297][ T3670] device hsr_slave_0 entered promiscuous mode [ 1117.820611][ T3670] device hsr_slave_1 entered promiscuous mode [ 1117.846263][ T3670] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1117.853645][ T3670] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1117.861153][ T3670] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1117.868705][ T3670] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1117.879226][ T3670] bridge0: port 2(bridge_slave_1) entered blocking state [ 1117.886258][ T3670] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1117.893456][ T3670] bridge0: port 1(bridge_slave_0) entered blocking state [ 1117.900477][ T3670] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1117.918947][ T3670] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1117.927356][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1117.935020][ T3678] bridge0: port 1(bridge_slave_0) entered disabled state [ 1117.942978][ T3678] bridge0: port 2(bridge_slave_1) entered disabled state [ 1117.950642][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1117.959532][ T3670] 8021q: adding VLAN 0 to HW filter on device team0 [ 1117.967410][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1117.975646][ T3678] bridge0: port 1(bridge_slave_0) entered blocking state [ 1117.982656][ T3678] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1117.991069][ T3663] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1117.999232][ T3663] bridge0: port 2(bridge_slave_1) entered blocking state [ 1118.006255][ T3663] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1118.019787][ T3670] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1118.030192][ T3670] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1118.041616][ T142] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1118.049971][ T142] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1118.058076][ T142] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1118.066156][ T142] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1118.074100][ T142] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1118.081510][ T142] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1118.091370][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1118.098773][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1118.107481][ T3670] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1118.140001][ T3670] device veth0_vlan entered promiscuous mode [ 1118.146734][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1118.155101][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1118.163233][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1118.170960][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1118.179758][ T3670] device veth1_vlan entered promiscuous mode [ 1118.189045][ T142] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1118.196866][ T142] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1118.204546][ T142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1118.213303][ T3670] device veth0_macvtap entered promiscuous mode [ 1118.220608][ T3670] device veth1_macvtap entered promiscuous mode [ 1118.229692][ T3670] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1118.237029][ T142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1118.245798][ T142] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1118.254713][ T3670] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1118.262082][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1118.271067][ T3670] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1118.279976][ T3670] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1118.288689][ T3670] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1118.297368][ T3670] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1118.316713][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1118.324507][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1118.333749][ T142] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1118.343432][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1118.351305][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1118.358844][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1119.333808][ C1] vcan0: j1939_tp_rxtimer: 0xffff888111edbe00: rx timeout, send abort [ 1119.342003][ C1] vcan0: j1939_tp_rxtimer: 0xffff888111d5fe00: rx timeout, send abort [ 1119.350514][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888111edbe00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1119.364754][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888111d5fe00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1119.635618][ T3678] Bluetooth: hci0: command 0x0409 tx timeout [ 1121.715201][ T3679] Bluetooth: hci0: command 0x041b tx timeout [ 1123.795515][ T139] Bluetooth: hci0: command 0x040f tx timeout [ 1124.564513][ T3691] kmemleak: 30 new suspected memory leaks (see /sys/kernel/debug/kmemleak) [ 1125.875168][ T3679] Bluetooth: hci0: command 0x0419 tx timeout [ 1126.723265][ T3691] kmemleak: 10 new suspected memory leaks (see /sys/kernel/debug/kmemleak) BUG: memory leak unreferenced object 0xffff88810b907500 (size 232): comm "syz-executor.0", pid 3690, jiffies 4295049106 (age 8.400s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 80 9d 0d 81 88 ff ff 00 40 3c 0f 81 88 ff ff .........@<..... backtrace: [] __alloc_skb+0x216/0x290 [] alloc_skb_with_frags+0x6a/0x340 [] sock_alloc_send_pskb+0x353/0x3c0 [] j1939_sk_sendmsg+0x2cf/0x810 [] sock_sendmsg+0x56/0x80 [] sock_no_sendpage+0x8f/0xc0 [] kernel_sendpage+0xdc/0x310 [] sock_sendpage+0x40/0x50 [] pipe_to_sendpage+0xa2/0x110 [] __splice_from_pipe+0x1e2/0x330 [] generic_splice_sendpage+0x6f/0xa0 [] direct_splice_actor+0x4b/0x70 [] splice_direct_to_actor+0x153/0x350 [] do_splice_direct+0xe8/0x150 [] do_sendfile+0x587/0x7f0 [] __x64_sys_sendfile64+0xe2/0x100 BUG: memory leak unreferenced object 0xffff88810b907e00 (size 232): comm "syz-executor.0", pid 3690, jiffies 4295049106 (age 8.400s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 80 9d 0d 81 88 ff ff 00 40 3c 0f 81 88 ff ff .........@<..... backtrace: [] __alloc_skb+0x216/0x290 [] alloc_skb_with_frags+0x6a/0x340 [] sock_alloc_send_pskb+0x353/0x3c0 [] j1939_sk_sendmsg+0x2cf/0x810 [] sock_sendmsg+0x56/0x80 [] sock_no_sendpage+0x8f/0xc0 [] kernel_sendpage+0xdc/0x310 [] sock_sendpage+0x40/0x50 [] pipe_to_sendpage+0xa2/0x110 [] __splice_from_pipe+0x1e2/0x330 [] generic_splice_sendpage+0x6f/0xa0 [] direct_splice_actor+0x4b/0x70 [] splice_direct_to_actor+0x153/0x350 [] do_splice_direct+0xe8/0x150 [] do_sendfile+0x587/0x7f0 [] __x64_sys_sendfile64+0xe2/0x100 BUG: memory leak unreferenced object 0xffff888111fc9c00 (size 1024): comm "syz-executor.0", pid 3690, jiffies 4295049106 (age 8.400s) hex dump (first 32 bytes): 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] __alloc_skb+0xe3/0x290 [] alloc_skb_with_frags+0x6a/0x340 [] sock_alloc_send_pskb+0x353/0x3c0 [] j1939_sk_sendmsg+0x2cf/0x810 [] sock_sendmsg+0x56/0x80 [] sock_no_sendpage+0x8f/0xc0 [] kernel_sendpage+0xdc/0x310 [] sock_sendpage+0x40/0x50 [] pipe_to_sendpage+0xa2/0x110 [] __splice_from_pipe+0x1e2/0x330 [] generic_splice_sendpage+0x6f/0xa0 [] direct_splice_actor+0x4b/0x70 [] splice_direct_to_actor+0x153/0x350 [] do_splice_direct+0xe8/0x150 [] do_sendfile+0x587/0x7f0 [] __x64_sys_sendfile64+0xe2/0x100