Warning: Permanently added '[localhost]:56017' (ECDSA) to the list of known hosts. syzkaller login: [ 141.403621] audit: type=1400 audit(1655090523.353:6): avc: denied { execmem } for pid=1035 comm="syz-executor882" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 155.759396] IPVS: ftp: loaded support on port[0] = 21 [ 155.823008] chnl_net:caif_netlink_parms(): no params data found [ 155.862657] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.863599] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.865257] device bridge_slave_0 entered promiscuous mode [ 155.868533] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.869057] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.870262] device bridge_slave_1 entered promiscuous mode [ 155.884417] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 155.886903] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 155.900648] team0: Port device team_slave_0 added [ 155.902411] team0: Port device team_slave_1 added [ 155.913762] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 155.914229] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.915990] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 155.917783] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 155.918243] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.919969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 155.935810] device hsr_slave_0 entered promiscuous mode [ 155.936703] device hsr_slave_1 entered promiscuous mode [ 156.023898] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 156.030737] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 156.033334] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 156.035956] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 156.053705] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.054277] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.055002] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.055508] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.097085] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.104075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 156.106366] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.108723] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.109900] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 156.115637] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.120942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 156.121978] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.122482] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.127930] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 156.129096] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.129587] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.141131] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 156.144189] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 156.149190] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 156.154101] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 156.159533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 156.163015] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 156.175007] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 156.175841] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 156.182159] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 156.240166] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 156.250785] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 156.251786] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 156.252987] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 156.256848] device veth0_vlan entered promiscuous mode [ 156.262182] device veth1_vlan entered promiscuous mode [ 156.277986] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 156.281025] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 156.282222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 156.285053] device veth0_macvtap entered promiscuous mode [ 156.288947] device veth1_macvtap entered promiscuous mode [ 156.300593] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 156.301192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 156.302862] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 156.307068] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 156.308519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 156.312044] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.313166] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.314824] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.316783] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 157.600316] vxcan1: j1939_tp_rxtimer: 0x00000000f98fb43f: rx timeout, send abort [ 157.602102] vxcan1: j1939_xtp_rx_abort_one: 0x00000000f98fb43f: 0x0f001: (3) A timeout occurred and this is the connection abort to close the session. [ 168.214594] kmemleak: 7 new suspected memory leaks (see /sys/kernel/debug/kmemleak) BUG: memory leak unreferenced object 0xffff8881052f1000 (size 2048): comm "syz-executor882", pid 1048, jiffies 4294823345 (age 18.287s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 1d 00 07 41 00 00 00 00 00 00 00 00 00 00 00 00 ...A............ backtrace: [<0000000072375c62>] sk_prot_alloc+0x1a4/0x2d0 [<00000000d2df37bc>] sk_alloc+0x36/0xbe0 [<000000002335221a>] can_create+0x1de/0x4d0 [<0000000012359a50>] __sock_create+0x359/0x790 [<00000000c2932e82>] __sys_socket+0xef/0x200 [<00000000ee5e0448>] __x64_sys_socket+0x6e/0xb0 [<00000000787ee121>] do_syscall_64+0x33/0x40 [<00000000015aa16d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff888107ffb4c0 (size 32): comm "syz-executor882", pid 1048, jiffies 4294823345 (age 18.287s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 01 00 00 00 03 00 00 00 4a 00 00 00 00 00 00 00 ........J....... backtrace: [<00000000b7f65d19>] selinux_sk_alloc_security+0x7d/0x1c0 [<0000000061633e79>] security_sk_alloc+0x56/0xb0 [<00000000257771ac>] sk_prot_alloc+0x1be/0x2d0 [<00000000d2df37bc>] sk_alloc+0x36/0xbe0 [<000000002335221a>] can_create+0x1de/0x4d0 [<0000000012359a50>] __sock_create+0x359/0x790 [<00000000c2932e82>] __sys_socket+0xef/0x200 [<00000000ee5e0448>] __x64_sys_socket+0x6e/0xb0 [<00000000787ee121>] do_syscall_64+0x33/0x40 [<00000000015aa16d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811a464000 (size 8192): comm "syz-executor882", pid 1048, jiffies 4294823346 (age 18.286s) hex dump (first 32 bytes): 00 40 46 1a 81 88 ff ff 00 40 46 1a 81 88 ff ff .@F......@F..... 00 00 00 00 00 00 00 00 ed 1e af de ff ff ff ff ................ backtrace: [<0000000073ea1e80>] j1939_netdev_start+0x10d/0x860 [<0000000059ac4991>] j1939_sk_bind+0x8bd/0xcf0 [<00000000e7c0264f>] __sys_bind+0x211/0x260 [<000000001054b65c>] __x64_sys_bind+0x6e/0xb0 [<00000000787ee121>] do_syscall_64+0x33/0x40 [<00000000015aa16d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811835e000 (size 224): comm "syz-executor882", pid 1048, jiffies 4294823347 (age 18.285s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 80 39 18 81 88 ff ff 00 10 2f 05 81 88 ff ff ..9......./..... backtrace: [<00000000a49564f4>] __alloc_skb+0x6d/0x630 [<0000000083cf112f>] alloc_skb_with_frags+0x95/0x530 [<00000000231b76d7>] sock_alloc_send_pskb+0x72f/0x890 [<000000001fb9eb5d>] j1939_sk_sendmsg+0x6b0/0x1320 [<000000006b837130>] sock_sendmsg+0x150/0x190 [<000000007f2f2260>] ____sys_sendmsg+0x701/0x860 [<000000007e929e17>] ___sys_sendmsg+0x100/0x170 [<00000000a479ca4b>] __sys_sendmsg+0xe9/0x1b0 [<00000000787ee121>] do_syscall_64+0x33/0x40 [<00000000015aa16d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88810b65e000 (size 4096): comm "syz-executor882", pid 1048, jiffies 4294823347 (age 18.285s) hex dump (first 32 bytes): 15 00 00 00 00 00 00 00 01 00 00 00 76 02 c0 9a ............v... 35 14 12 1f e9 cb c8 1a de 4d 83 de 65 06 c0 96 5........M..e... backtrace: [<00000000cf9483dd>] __alloc_skb+0xac/0x630 [<0000000083cf112f>] alloc_skb_with_frags+0x95/0x530 [<00000000231b76d7>] sock_alloc_send_pskb+0x72f/0x890 [<000000001fb9eb5d>] j1939_sk_sendmsg+0x6b0/0x1320 [<000000006b837130>] sock_sendmsg+0x150/0x190 [<000000007f2f2260>] ____sys_sendmsg+0x701/0x860 [<000000007e929e17>] ___sys_sendmsg+0x100/0x170 [<00000000a479ca4b>] __sys_sendmsg+0xe9/0x1b0 [<00000000787ee121>] do_syscall_64+0x33/0x40 [<00000000015aa16d>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 174.862681] syz-executor882 (1036) used greatest stack depth: 23456 bytes left VM DIAGNOSIS: 06:22:36 Registers: info registers vcpu 0 RAX=0000000094627490 RBX=ffffffff8ca58e00 RCX=00000000d9bbbc0e RDX=00000000d06e76c6 RSI=00000000a3cca69f RDI=ffffffff8ca58e40 RBP=0000000000000000 RSP=ffff888014d07ac0 R8 =0000000000000000 R9 =ffffffff8ca577e7 R10=fffffbfff194aefc R11=0000000000000001 R12=ffff888020274010 R13=ffff888020273680 R14=ffffffff8af72e78 R15=0000000000000000 RIP=ffffffff81552ecc RFL=00000897 [-OS-APC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000555556598880 ffffffff 00c00000 GS =0000 ffff888064000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f5bc92f7ec0 CR3=000000001be20000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000000000000000000000000000ff00 XMM01=25252525252525252525252525252525 XMM02=7365696666696a202c38343031206469 XMM03=00000000000000000000000000000000 XMM04=0000000000000000000000000000ff00 XMM05=62303138383866666666783020746365 XMM06=39303420657a69732820303030653536 XMM07=2d7a797322206d6d6f6320200a3a2936 XMM08=0a396178302f343478302b656d617266 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffffffff87c6b6a0 RBX=ffff8881003c8000 RCX=ffffffff87c46517 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000000 RBP=0000000000000001 RSP=ffff8881003d7e78 R8 =0000000000000001 R9 =ffff888135c3ddab R10=ffffed1026b87bb5 R11=0000000000000001 R12=ffffed1020079000 R13=ffffffff8af6fcc8 R14=0000000000000000 R15=dffffc0000000000 RIP=ffffffff87c6b6ae RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888135c00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055cf08d74d78 CR3=000000001ed40000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=206465636e6572656665726e750a6b61 XMM02=20657a69732820303030316632353031 XMM03=2c22323838726f7475636578652d7a79 XMM04=2e2e2020303020303020303020303020 XMM05=30203030203030203030203030203030 XMM06=32332074737269662820706d75642078 XMM07=61282035343333323834393234207365 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000