forked to background, child pid 193 Starting sshd: OK syzkaller syzkaller login: [ 13.865673][ T22] kauditd_printk_skb: 35 callbacks suppressed [ 13.865681][ T22] audit: type=1400 audit(1646856421.029:71): avc: denied { transition } for pid=265 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.873563][ T22] audit: type=1400 audit(1646856421.029:72): avc: denied { write } for pid=265 comm="sh" path="pipe:[702]" dev="pipefs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 66.938524][ T12] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.206' (ECDSA) to the list of known hosts. 2022/03/09 20:08:00 parsed 1 programs [ 73.021744][ T22] audit: type=1400 audit(1646856480.179:73): avc: denied { getattr } for pid=300 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 73.035788][ T305] cgroup1: Unknown subsys name 'net' [ 73.045233][ T22] audit: type=1400 audit(1646856480.179:74): avc: denied { read } for pid=300 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 73.050853][ T305] cgroup1: Unknown subsys name 'net_prio' [ 73.071801][ T22] audit: type=1400 audit(1646856480.179:75): avc: denied { open } for pid=300 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 73.077863][ T305] cgroup1: Unknown subsys name 'devices' [ 73.100729][ T22] audit: type=1400 audit(1646856480.179:76): avc: denied { read } for pid=300 comm="syz-execprog" name="raw-gadget" dev="devtmpfs" ino=211 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 73.106749][ T305] cgroup1: Unknown subsys name 'blkio' [ 73.129236][ T22] audit: type=1400 audit(1646856480.179:77): avc: denied { open } for pid=300 comm="syz-execprog" path="/dev/raw-gadget" dev="devtmpfs" ino=211 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 73.157715][ T22] audit: type=1400 audit(1646856480.189:78): avc: denied { mounton } for pid=305 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1137 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 73.180313][ T22] audit: type=1400 audit(1646856480.189:79): avc: denied { mount } for pid=305 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 73.202520][ T22] audit: type=1400 audit(1646856480.299:80): avc: denied { unmount } for pid=305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 73.320546][ T305] cgroup1: Unknown subsys name 'hugetlb' [ 73.326504][ T305] cgroup1: Unknown subsys name 'rlimit' 2022/03/09 20:08:00 executed programs: 0 [ 73.420061][ T22] audit: type=1400 audit(1646856480.579:81): avc: denied { mounton } for pid=305 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 73.444906][ T22] audit: type=1400 audit(1646856480.579:82): avc: denied { mount } for pid=305 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 73.485742][ T309] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.492883][ T309] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.500741][ T309] device bridge_slave_0 entered promiscuous mode [ 73.507549][ T309] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.514810][ T309] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.522192][ T309] device bridge_slave_1 entered promiscuous mode [ 73.559341][ T309] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.566459][ T309] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.573752][ T309] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.580770][ T309] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.600996][ T67] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.608495][ T67] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.615715][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 73.623644][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 73.638917][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 73.647046][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.654075][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.662333][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.670656][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.677654][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.685048][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.693121][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.707124][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 73.729731][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 73.738106][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 73.746677][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 73.754786][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.038271][ T12] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 74.398343][ T12] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 74.568367][ T12] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 74.577391][ T12] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.585689][ T12] usb 1-1: Product: syz [ 74.589979][ T12] usb 1-1: Manufacturer: syz [ 74.594543][ T12] usb 1-1: SerialNumber: syz [ 74.838539][ T316] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 76.068307][ T12] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 76.074765][ T12] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 76.082282][ T12] cdc_ncm 1-1:1.0: setting rx_max = 2048 [ 76.280287][ T12] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM, 42:42:42:42:42:42 [ 76.868321][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): usb0: link becomes ready [ 76.908405][ C0] skbuff: skb_over_panic: text:ffffffff82b1da03 len:184 put:172 head:ffff8881dc143400 data:ffff8881dc143400 tail:0xb8 end:0x80 dev: [ 76.922535][ C0] ------------[ cut here ]------------ [ 76.927964][ C0] kernel BUG at net/core/skbuff.c:109! [ 76.933425][ C0] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 76.939465][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.4.161-syzkaller-00001-g2d28921044b9 #0 [ 76.948880][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.958919][ C0] RIP: 0010:skb_panic+0x14d/0x150 [ 76.963928][ C0] Code: 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 49 89 e9 b8 00 00 00 00 53 41 55 41 54 41 57 e8 73 ba ed fd 48 83 c4 20 <0f> 0b 90 55 41 57 41 56 41 55 41 54 53 48 83 ec 68 4d 89 cd 4c 89 [ 76.983505][ C0] RSP: 0018:ffff8881f6e09460 EFLAGS: 00010286 [ 76.989546][ C0] RAX: 0000000000000087 RBX: ffffffff851bf880 RCX: ef731b58cff8d000 [ 76.997490][ C0] RDX: 0000000000000704 RSI: 0000000000000704 RDI: 0000000000000000 [ 77.005459][ C0] RBP: ffff8881dc143400 R08: ffffffff814b15ec R09: ffffed103edcaa08 [ 77.013403][ C0] R10: ffffed103edcaa08 R11: 0000000000000000 R12: 00000000000000b8 [ 77.021346][ C0] R13: 0000000000000080 R14: dffffc0000000000 R15: ffff8881dc143400 [ 77.029295][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 77.038209][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 77.044789][ C0] CR2: 00007f272a908ff8 CR3: 00000001e49e2000 CR4: 00000000003406f0 [ 77.052731][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 77.060696][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 77.068650][ C0] Call Trace: [ 77.071911][ C0] [ 77.074737][ C0] ? cdc_ncm_fill_tx_frame+0xcf3/0x2be0 [ 77.080249][ C0] ? cdc_ncm_fill_tx_frame+0xcf3/0x2be0 [ 77.085761][ C0] skb_over_panic+0x25/0x30 [ 77.090232][ C0] ? cdc_ncm_fill_tx_frame+0xcf3/0x2be0 [ 77.095751][ C0] skb_put+0x1e0/0x1e0 [ 77.099795][ C0] cdc_ncm_fill_tx_frame+0xcf3/0x2be0 [ 77.105135][ C0] cdc_ncm_tx_fixup+0x62/0xa0 [ 77.109797][ C0] usbnet_start_xmit+0x107/0x1a40 [ 77.114859][ C0] ? __kasan_kmalloc+0x1a3/0x1e0 [ 77.119790][ C0] ? netif_skb_features+0x550/0x9a0 [ 77.124972][ C0] ? check_preemption_disabled+0x51/0x2c0 [ 77.130683][ C0] xmit_one+0xfa/0x470 [ 77.134758][ C0] dev_hard_start_xmit+0xac/0x1b0 [ 77.139756][ C0] sch_direct_xmit+0x212/0x930 [ 77.145366][ C0] __qdisc_run+0x1ea/0x3a0 [ 77.149770][ C0] __dev_queue_xmit+0xc07/0x2c30 [ 77.154683][ C0] ip6_finish_output2+0xf45/0x1810 [ 77.159762][ C0] ip6_output+0x158/0x380 [ 77.164064][ C0] ? ip6_output+0x380/0x380 [ 77.168538][ C0] mld_sendpack+0x540/0xa20 [ 77.173039][ C0] ? mld_send_report+0x220/0x220 [ 77.177956][ C0] mld_ifc_timer_expire+0x804/0xb30 [ 77.183126][ C0] ? mld_gq_timer_expire+0x80/0x80 [ 77.188306][ C0] call_timer_fn+0x30/0x330 [ 77.192783][ C0] ? mld_gq_timer_expire+0x80/0x80 [ 77.197865][ C0] expire_timers+0x21e/0x3f0 [ 77.202427][ C0] __run_timers+0x573/0x670 [ 77.206925][ C0] run_timer_softirq+0x46/0x80 [ 77.211668][ C0] __do_softirq+0x23e/0x615 [ 77.216156][ C0] irq_exit+0x195/0x1c0 [ 77.220282][ C0] smp_apic_timer_interrupt+0x113/0x420 [ 77.225798][ C0] apic_timer_interrupt+0xf/0x20 [ 77.230718][ C0] [ 77.233637][ C0] RIP: 0010:default_idle+0x1f/0x30 [ 77.238718][ C0] Code: 90 90 90 90 90 90 90 90 90 90 90 e8 db 45 fb fd bf 01 00 00 00 89 c6 e8 1f 9b 03 fd e9 07 00 00 00 0f 00 2d 63 50 62 00 fb f4 bc 45 fb fd bf ff ff ff ff 89 c6 e9 00 9b 03 fd 41 57 41 56 53 [ 77.258297][ C0] RSP: 0018:ffffffff85c07e88 EFLAGS: 00000296 ORIG_RAX: ffffffffffffff13 [ 77.266683][ C0] RAX: 0000000000000000 RBX: ffffffff85c18a40 RCX: ffffffff85c18a40 [ 77.274637][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 77.282579][ C0] RBP: 0000000000000000 R08: ffffffff821f62c4 R09: fffffbfff0b83149 [ 77.290522][ C0] R10: fffffbfff0b83149 R11: 0000000000000000 R12: 0000000000000000 [ 77.298550][ C0] R13: 1ffffffff0b83148 R14: ffffffff862755e0 R15: dffffc0000000000 [ 77.306497][ C0] ? check_preemption_disabled+0x44/0x2c0 [ 77.312197][ C0] ? default_idle+0x11/0x30 [ 77.316757][ C0] do_idle+0x1c3/0x530 [ 77.320825][ C0] cpu_startup_entry+0x15/0x20 [ 77.325573][ C0] ? time_init+0x33/0x33 [ 77.329785][ C0] start_kernel+0x6e0/0x78b [ 77.334261][ C0] secondary_startup_64+0xa4/0xb0 [ 77.339257][ C0] Modules linked in: [ 77.343165][ C0] ---[ end trace f49d62db71f191ca ]--- [ 77.348641][ C0] RIP: 0010:skb_panic+0x14d/0x150 [ 77.353656][ C0] Code: 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 49 89 e9 b8 00 00 00 00 53 41 55 41 54 41 57 e8 73 ba ed fd 48 83 c4 20 <0f> 0b 90 55 41 57 41 56 41 55 41 54 53 48 83 ec 68 4d 89 cd 4c 89 [ 77.373253][ C0] RSP: 0018:ffff8881f6e09460 EFLAGS: 00010286 [ 77.379300][ C0] RAX: 0000000000000087 RBX: ffffffff851bf880 RCX: ef731b58cff8d000 [ 77.387243][ C0] RDX: 0000000000000704 RSI: 0000000000000704 RDI: 0000000000000000 [ 77.395197][ C0] RBP: ffff8881dc143400 R08: ffffffff814b15ec R09: ffffed103edcaa08 [ 77.403159][ C0] R10: ffffed103edcaa08 R11: 0000000000000000 R12: 00000000000000b8 [ 77.411116][ C0] R13: 0000000000000080 R14: dffffc0000000000 R15: ffff8881dc143400 [ 77.419086][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 77.427990][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 77.434559][ C0] CR2: 00007f272a908ff8 CR3: 00000001e49e2000 CR4: 00000000003406f0 [ 77.442528][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 77.450484][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 77.458438][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 77.465767][ C0] Kernel Offset: disabled [ 77.470074][ C0] Rebooting in 86400 seconds..