[ 29.953467][ T3178] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.963929][ T3178] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 40.294679][ T25] kauditd_printk_skb: 37 callbacks suppressed [ 40.294694][ T25] audit: type=1400 audit(1647744645.087:73): avc: denied { transition } for pid=3385 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 40.323676][ T25] audit: type=1400 audit(1647744645.097:74): avc: denied { write } for pid=3385 comm="sh" path="pipe:[27826]" dev="pipefs" ino=27826 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.0.103' (ECDSA) to the list of known hosts. [ 50.492720][ T25] audit: type=1400 audit(1647744655.287:75): avc: denied { execmem } for pid=3592 comm="syz-executor380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 50.514217][ T25] audit: type=1400 audit(1647744655.307:76): avc: denied { mounton } for pid=3593 comm="syz-executor380" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 50.539454][ T25] audit: type=1400 audit(1647744655.317:77): avc: denied { mount } for pid=3593 comm="syz-executor380" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 50.562295][ T25] audit: type=1400 audit(1647744655.317:78): avc: denied { mounton } for pid=3593 comm="syz-executor380" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 50.622365][ T3593] chnl_net:caif_netlink_parms(): no params data found [ 50.666077][ T3593] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.674271][ T3593] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.682490][ T3593] device bridge_slave_0 entered promiscuous mode [ 50.692503][ T3593] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.699667][ T3593] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.707370][ T3593] device bridge_slave_1 entered promiscuous mode [ 50.729718][ T3593] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.741051][ T3593] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 50.764056][ T3593] team0: Port device team_slave_0 added [ 50.772136][ T3593] team0: Port device team_slave_1 added [ 50.792320][ T3593] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 50.799344][ T3593] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 50.825313][ T3593] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 50.838581][ T3593] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 50.845647][ T3593] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 50.872105][ T3593] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 50.897827][ T3593] device hsr_slave_0 entered promiscuous mode [ 50.905192][ T3593] device hsr_slave_1 entered promiscuous mode [ 50.995978][ T25] audit: type=1400 audit(1647744655.787:79): avc: denied { create } for pid=3593 comm="syz-executor380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 50.997604][ T3593] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 51.020034][ T25] audit: type=1400 audit(1647744655.787:80): avc: denied { write } for pid=3593 comm="syz-executor380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 51.045093][ T25] audit: type=1400 audit(1647744655.787:81): avc: denied { read } for pid=3593 comm="syz-executor380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 51.052737][ T3593] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 51.076769][ T3593] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 51.085688][ T3593] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 51.108427][ T3593] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.115618][ T3593] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.123694][ T3593] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.130818][ T3593] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.173535][ T3593] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.189381][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.199769][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.208098][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.216437][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 51.230737][ T3593] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.242224][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.251505][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.258568][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.285138][ T1133] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.293597][ T1133] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.300724][ T1133] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.309647][ T1133] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.318161][ T1133] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.327278][ T1133] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.337862][ T1133] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.350530][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.359993][ T3593] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.377307][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 51.384875][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 51.399702][ T3593] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.411464][ T25] audit: type=1400 audit(1647744656.207:82): avc: denied { module_request } for pid=3593 comm="syz-executor380" kmod="netdev-xfrm0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 51.452268][ T25] audit: type=1400 audit(1647744656.247:83): avc: denied { sys_module } for pid=3593 comm="syz-executor380" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 51.543329][ T3599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 51.556514][ T1133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 51.565102][ T1133] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 51.573346][ T1133] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 51.584995][ T3593] device veth0_vlan entered promiscuous mode [ 51.595396][ T3593] device veth1_vlan entered promiscuous mode [ 51.615007][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 51.623876][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 51.632425][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 51.645007][ T3593] device veth0_macvtap entered promiscuous mode [ 51.656474][ T3593] device veth1_macvtap entered promiscuous mode [ 51.671030][ T3593] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 51.680540][ T1133] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 51.689569][ T1133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 51.701291][ T3593] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 51.708562][ T1133] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 51.717235][ T1133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 51.729950][ T3593] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.738864][ T3593] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.747565][ T3593] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.756986][ T3593] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 51.791992][ T25] audit: type=1400 audit(1647744656.587:84): avc: denied { mounton } for pid=3593 comm="syz-executor380" path="/dev/binderfs" dev="devtmpfs" ino=2315 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 executing program executing program [ 51.826426][ T3609] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. executing program executing program executing program [ 51.934261][ T3614] divide error: 0000 [#1] PREEMPT SMP KASAN [ 51.940179][ T3614] CPU: 1 PID: 3614 Comm: syz-executor380 Not tainted 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 [ 51.950760][ T3614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.960790][ T3614] RIP: 0010:tcp_reno_cong_avoid+0x288/0x310 [ 51.966781][ T3614] Code: ab 80 09 00 00 e8 18 76 bb f9 45 85 e4 0f 85 aa fe ff ff 5b 5d 41 5c 41 5d 41 5e e9 62 74 bb f9 e8 5d 74 bb f9 44 89 e0 31 d2 f5 41 01 c5 89 93 84 09 00 00 44 89 ab 80 09 00 00 e9 fb fe ff [ 51.986382][ T3614] RSP: 0018:ffffc900027876b0 EFLAGS: 00010246 [ 51.992428][ T3614] RAX: 0000000000000011 RBX: ffff8880736a20c0 RCX: 0000000000000000 [ 52.000379][ T3614] RDX: 0000000000000000 RSI: ffffffff87bc8133 RDI: 0000000000000003 [ 52.008326][ T3614] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 52.016462][ T3614] R10: ffffffff87bc8035 R11: 0000000000000000 R12: 0000000000000011 [ 52.024411][ T3614] R13: 0000000000000001 R14: 00000000ffffffff R15: ffff8880736a2a40 [ 52.032364][ T3614] FS: 0000555556ccf300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 52.041290][ T3614] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.047855][ T3614] CR2: 0000000020102000 CR3: 000000001d16d000 CR4: 00000000003506e0 [ 52.055808][ T3614] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.063798][ T3614] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.071849][ T3614] Call Trace: [ 52.075123][ T3614] [ 52.078035][ T3614] tcp_cdg_cong_avoid+0x5d6/0x1600 [ 52.083141][ T3614] tcp_ack+0x3766/0x5900 [ 52.087463][ T3614] ? tcp_fastretrans_alert+0x2ec0/0x2ec0 [ 52.093090][ T3614] ? tcp_reset+0x4a0/0x4a0 [ 52.097506][ T3614] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 52.103213][ T3614] ? ktime_get+0x30b/0x470 [ 52.107616][ T3614] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 52.113848][ T3614] tcp_rcv_established+0x5d9/0x1ff0 [ 52.119036][ T3614] ? __release_sock+0xd0/0x3b0 [ 52.123812][ T3614] ? tcp_data_queue+0x4bb0/0x4bb0 [ 52.128820][ T3614] tcp_v4_do_rcv+0x65e/0x980 [ 52.133395][ T3614] __release_sock+0x134/0x3b0 [ 52.138144][ T3614] __sk_flush_backlog+0x22/0x30 [ 52.142979][ T3614] tcp_sendmsg_locked+0x2836/0x2e20 [ 52.148176][ T3614] ? tcp_sendpage+0xd0/0xd0 [ 52.152677][ T3614] ? mark_held_locks+0x9f/0xe0 [ 52.157612][ T3614] ? __local_bh_enable_ip+0xa0/0x120 [ 52.162915][ T3614] tcp_sendmsg+0x2b/0x40 [ 52.167158][ T3614] inet_sendmsg+0x99/0xe0 [ 52.171477][ T3614] ? inet_send_prepare+0x4e0/0x4e0 [ 52.176573][ T3614] sock_sendmsg+0xcf/0x120 [ 52.180985][ T3614] __sys_sendto+0x21c/0x320 [ 52.185476][ T3614] ? __ia32_sys_getpeername+0xb0/0xb0 [ 52.190840][ T3614] ? __context_tracking_exit+0xb8/0xe0 [ 52.196286][ T3614] ? lock_downgrade+0x6e0/0x6e0 [ 52.201146][ T3614] ? lock_downgrade+0x6e0/0x6e0 [ 52.205982][ T3614] __x64_sys_sendto+0xdd/0x1b0 [ 52.210732][ T3614] ? lockdep_hardirqs_on+0x79/0x100 [ 52.215938][ T3614] ? syscall_enter_from_user_mode+0x21/0x70 [ 52.221867][ T3614] do_syscall_64+0x35/0xb0 [ 52.226341][ T3614] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 52.232320][ T3614] RIP: 0033:0x7f7069a8c559 [ 52.236721][ T3614] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 52.256401][ T3614] RSP: 002b:00007ffd628436b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 52.264806][ T3614] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7069a8c559 [ 52.272765][ T3614] RDX: 00000000fffffd46 RSI: 0000000020000240 RDI: 0000000000000004 [ 52.280716][ T3614] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000000001f4 [ 52.288668][ T3614] R10: 00000000000081f4 R11: 0000000000000246 R12: 00007ffd628436e0 [ 52.296618][ T3614] R13: 00007ffd628436f0 R14: 000000000000caaa R15: 00007ffd628436d0 [ 52.304720][ T3614] [ 52.307721][ T3614] Modules linked in: [ 52.313200][ T3614] ---[ end trace 0000000000000000 ]--- [ 52.320061][ T3614] RIP: 0010:tcp_reno_cong_avoid+0x288/0x310 [ 52.326017][ T3614] Code: ab 80 09 00 00 e8 18 76 bb f9 45 85 e4 0f 85 aa fe ff ff 5b 5d 41 5c 41 5d 41 5e e9 62 74 bb f9 e8 5d 74 bb f9 44 89 e0 31 d2 f5 41 01 c5 89 93 84 09 00 00 44 89 ab 80 09 00 00 e9 fb fe ff [ 52.345906][ T3614] RSP: 0018:ffffc900027876b0 EFLAGS: 00010246 [ 52.352193][ T3614] RAX: 0000000000000011 RBX: ffff8880736a20c0 RCX: 0000000000000000 [ 52.360500][ T3614] RDX: 0000000000000000 RSI: ffffffff87bc8133 RDI: 0000000000000003 [ 52.368457][ T3614] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 52.376544][ T3614] R10: ffffffff87bc8035 R11: 0000000000000000 R12: 0000000000000011 [ 52.385562][ T3614] R13: 0000000000000001 R14: 00000000ffffffff R15: ffff8880736a2a40 [ 52.393643][ T3614] FS: 0000555556ccf300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 52.402902][ T3614] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.409773][ T3614] CR2: 00007f7069b0f110 CR3: 000000001d16d000 CR4: 00000000003506f0 [ 52.417776][ T3614] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.425929][ T3614] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.434105][ T3614] Kernel panic - not syncing: Fatal exception [ 52.440334][ T3614] Kernel Offset: disabled [ 52.444664][ T3614] Rebooting in 86400 seconds..