Project

General

Profile

Bug #11743 » CrashLog.txt

Alexey Khoroshilov, 07/08/2022 11:30 AM

 
Warning: Permanently added '[localhost]:56017' (ECDSA) to the list of known hosts.
syzkaller login: [ 141.403621] audit: type=1400 audit(1655090523.353:6): avc: denied { execmem } for pid=1035 comm="syz-executor882" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[ 155.759396] IPVS: ftp: loaded support on port[0] = 21
[ 155.823008] chnl_net:caif_netlink_parms(): no params data found
[ 155.862657] bridge0: port 1(bridge_slave_0) entered blocking state
[ 155.863599] bridge0: port 1(bridge_slave_0) entered disabled state
[ 155.865257] device bridge_slave_0 entered promiscuous mode
[ 155.868533] bridge0: port 2(bridge_slave_1) entered blocking state
[ 155.869057] bridge0: port 2(bridge_slave_1) entered disabled state
[ 155.870262] device bridge_slave_1 entered promiscuous mode
[ 155.884417] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 155.886903] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 155.900648] team0: Port device team_slave_0 added
[ 155.902411] team0: Port device team_slave_1 added
[ 155.913762] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 155.914229] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 155.915990] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 155.917783] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 155.918243] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 155.919969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 155.935810] device hsr_slave_0 entered promiscuous mode
[ 155.936703] device hsr_slave_1 entered promiscuous mode
[ 156.023898] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 156.030737] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 156.033334] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 156.035956] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 156.053705] bridge0: port 2(bridge_slave_1) entered blocking state
[ 156.054277] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 156.055002] bridge0: port 1(bridge_slave_0) entered blocking state
[ 156.055508] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 156.097085] 8021q: adding VLAN 0 to HW filter on device bond0
[ 156.104075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 156.106366] bridge0: port 1(bridge_slave_0) entered disabled state
[ 156.108723] bridge0: port 2(bridge_slave_1) entered disabled state
[ 156.109900] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 156.115637] 8021q: adding VLAN 0 to HW filter on device team0
[ 156.120942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 156.121978] bridge0: port 1(bridge_slave_0) entered blocking state
[ 156.122482] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 156.127930] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 156.129096] bridge0: port 2(bridge_slave_1) entered blocking state
[ 156.129587] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 156.141131] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 156.144189] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 156.149190] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 156.154101] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 156.159533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 156.163015] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 156.175007] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 156.175841] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 156.182159] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 156.240166] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 156.250785] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 156.251786] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 156.252987] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 156.256848] device veth0_vlan entered promiscuous mode
[ 156.262182] device veth1_vlan entered promiscuous mode
[ 156.277986] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 156.281025] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 156.282222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 156.285053] device veth0_macvtap entered promiscuous mode
[ 156.288947] device veth1_macvtap entered promiscuous mode
[ 156.300593] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 156.301192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 156.302862] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 156.307068] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 156.308519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 156.312044] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 156.313166] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 156.314824] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 156.316783] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
executing program
[ 157.600316] vxcan1: j1939_tp_rxtimer: 0x00000000f98fb43f: rx timeout, send abort
[ 157.602102] vxcan1: j1939_xtp_rx_abort_one: 0x00000000f98fb43f: 0x0f001: (3) A timeout occurred and this is the connection abort to close the session.
[ 168.214594] kmemleak: 7 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
BUG: memory leak
unreferenced object 0xffff8881052f1000 (size 2048):
comm "syz-executor882", pid 1048, jiffies 4294823345 (age 18.287s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1d 00 07 41 00 00 00 00 00 00 00 00 00 00 00 00 ...A............
backtrace:
[<0000000072375c62>] sk_prot_alloc+0x1a4/0x2d0
[<00000000d2df37bc>] sk_alloc+0x36/0xbe0
[<000000002335221a>] can_create+0x1de/0x4d0
[<0000000012359a50>] __sock_create+0x359/0x790
[<00000000c2932e82>] __sys_socket+0xef/0x200
[<00000000ee5e0448>] __x64_sys_socket+0x6e/0xb0
[<00000000787ee121>] do_syscall_64+0x33/0x40
[<00000000015aa16d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888107ffb4c0 (size 32):
comm "syz-executor882", pid 1048, jiffies 4294823345 (age 18.287s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01 00 00 00 03 00 00 00 4a 00 00 00 00 00 00 00 ........J.......
backtrace:
[<00000000b7f65d19>] selinux_sk_alloc_security+0x7d/0x1c0
[<0000000061633e79>] security_sk_alloc+0x56/0xb0
[<00000000257771ac>] sk_prot_alloc+0x1be/0x2d0
[<00000000d2df37bc>] sk_alloc+0x36/0xbe0
[<000000002335221a>] can_create+0x1de/0x4d0
[<0000000012359a50>] __sock_create+0x359/0x790
[<00000000c2932e82>] __sys_socket+0xef/0x200
[<00000000ee5e0448>] __x64_sys_socket+0x6e/0xb0
[<00000000787ee121>] do_syscall_64+0x33/0x40
[<00000000015aa16d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811a464000 (size 8192):
comm "syz-executor882", pid 1048, jiffies 4294823346 (age 18.286s)
hex dump (first 32 bytes):
00 40 46 1a 81 88 ff ff 00 40 46 1a 81 88 ff ff .@F......@F.....
00 00 00 00 00 00 00 00 ed 1e af de ff ff ff ff ................
backtrace:
[<0000000073ea1e80>] j1939_netdev_start+0x10d/0x860
[<0000000059ac4991>] j1939_sk_bind+0x8bd/0xcf0
[<00000000e7c0264f>] __sys_bind+0x211/0x260
[<000000001054b65c>] __x64_sys_bind+0x6e/0xb0
[<00000000787ee121>] do_syscall_64+0x33/0x40
[<00000000015aa16d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811835e000 (size 224):
comm "syz-executor882", pid 1048, jiffies 4294823347 (age 18.285s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 80 39 18 81 88 ff ff 00 10 2f 05 81 88 ff ff ..9......./.....
backtrace:
[<00000000a49564f4>] __alloc_skb+0x6d/0x630
[<0000000083cf112f>] alloc_skb_with_frags+0x95/0x530
[<00000000231b76d7>] sock_alloc_send_pskb+0x72f/0x890
[<000000001fb9eb5d>] j1939_sk_sendmsg+0x6b0/0x1320
[<000000006b837130>] sock_sendmsg+0x150/0x190
[<000000007f2f2260>] ____sys_sendmsg+0x701/0x860
[<000000007e929e17>] ___sys_sendmsg+0x100/0x170
[<00000000a479ca4b>] __sys_sendmsg+0xe9/0x1b0
[<00000000787ee121>] do_syscall_64+0x33/0x40
[<00000000015aa16d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88810b65e000 (size 4096):
comm "syz-executor882", pid 1048, jiffies 4294823347 (age 18.285s)
hex dump (first 32 bytes):
15 00 00 00 00 00 00 00 01 00 00 00 76 02 c0 9a ............v...
35 14 12 1f e9 cb c8 1a de 4d 83 de 65 06 c0 96 5........M..e...
backtrace:
[<00000000cf9483dd>] __alloc_skb+0xac/0x630
[<0000000083cf112f>] alloc_skb_with_frags+0x95/0x530
[<00000000231b76d7>] sock_alloc_send_pskb+0x72f/0x890
[<000000001fb9eb5d>] j1939_sk_sendmsg+0x6b0/0x1320
[<000000006b837130>] sock_sendmsg+0x150/0x190
[<000000007f2f2260>] ____sys_sendmsg+0x701/0x860
[<000000007e929e17>] ___sys_sendmsg+0x100/0x170
[<00000000a479ca4b>] __sys_sendmsg+0xe9/0x1b0
[<00000000787ee121>] do_syscall_64+0x33/0x40
[<00000000015aa16d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

[ 174.862681] syz-executor882 (1036) used greatest stack depth: 23456 bytes left

VM DIAGNOSIS:
06:22:36 Registers:
info registers vcpu 0
RAX=0000000094627490 RBX=ffffffff8ca58e00 RCX=00000000d9bbbc0e RDX=00000000d06e76c6
RSI=00000000a3cca69f RDI=ffffffff8ca58e40 RBP=0000000000000000 RSP=ffff888014d07ac0
R8 =0000000000000000 R9 =ffffffff8ca577e7 R10=fffffbfff194aefc R11=0000000000000001
R12=ffff888020274010 R13=ffff888020273680 R14=ffffffff8af72e78 R15=0000000000000000
RIP=ffffffff81552ecc RFL=00000897 [-OS-APC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555556598880 ffffffff 00c00000
GS =0000 ffff888064000000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f5bc92f7ec0 CR3=000000001be20000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000000000000000ff00 XMM01=25252525252525252525252525252525
XMM02=7365696666696a202c38343031206469 XMM03=00000000000000000000000000000000
XMM04=0000000000000000000000000000ff00 XMM05=62303138383866666666783020746365
XMM06=39303420657a69732820303030653536 XMM07=2d7a797322206d6d6f6320200a3a2936
XMM08=0a396178302f343478302b656d617266 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=ffffffff87c6b6a0 RBX=ffff8881003c8000 RCX=ffffffff87c46517 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=0000000000000001 RSP=ffff8881003d7e78
R8 =0000000000000001 R9 =ffff888135c3ddab R10=ffffed1026b87bb5 R11=0000000000000001
R12=ffffed1020079000 R13=ffffffff8af6fcc8 R14=0000000000000000 R15=dffffc0000000000
RIP=ffffffff87c6b6ae RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888135c00000 ffffffff 00c00000
LDT=0000 0000000000000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000048000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000055cf08d74d78 CR3=000000001ed40000 CR4=00350ee0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=206465636e6572656665726e750a6b61
XMM02=20657a69732820303030316632353031 XMM03=2c22323838726f7475636578652d7a79
XMM04=2e2e2020303020303020303020303020 XMM05=30203030203030203030203030203030
XMM06=32332074737269662820706d75642078 XMM07=61282035343333323834393234207365
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000

(1-1/4)