forked to background, child pid 197 Starting sshd: OK syzkaller syzkaller login: [ 7.861686][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 13.922928][ T23] kauditd_printk_skb: 60 callbacks suppressed [ 13.922935][ T23] audit: type=1400 audit(1636462508.239:71): avc: denied { transition } for pid=290 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.929069][ T23] audit: type=1400 audit(1636462508.239:72): avc: denied { write } for pid=290 comm="sh" path="pipe:[11532]" dev="pipefs" ino=11532 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.1.152' (ECDSA) to the list of known hosts. 2021/11/09 12:55:15 fuzzer started 2021/11/09 12:55:15 connecting to host at 10.128.0.163:41073 2021/11/09 12:55:15 checking machine... 2021/11/09 12:55:15 checking revisions... 2021/11/09 12:55:15 testing simple program... [ 21.201875][ T23] audit: type=1400 audit(1636462515.519:73): avc: denied { getattr } for pid=362 comm="syz-fuzzer" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 21.224353][ T371] cgroup: Unknown subsys name 'net' [ 21.225267][ T23] audit: type=1400 audit(1636462515.519:74): avc: denied { read } for pid=362 comm="syz-fuzzer" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 21.251383][ T23] audit: type=1400 audit(1636462515.519:75): avc: denied { open } for pid=362 comm="syz-fuzzer" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 21.251557][ T371] cgroup: Unknown subsys name 'devices' [ 21.274622][ T23] audit: type=1400 audit(1636462515.519:76): avc: denied { read } for pid=362 comm="syz-fuzzer" name="raw-gadget" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.302712][ T23] audit: type=1400 audit(1636462515.519:77): avc: denied { open } for pid=362 comm="syz-fuzzer" path="/dev/raw-gadget" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.326182][ T23] audit: type=1400 audit(1636462515.519:78): avc: denied { mounton } for pid=371 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1136 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.349018][ T23] audit: type=1400 audit(1636462515.519:79): avc: denied { mount } for pid=371 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.371224][ T23] audit: type=1400 audit(1636462515.539:80): avc: denied { unmount } for pid=371 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.462930][ T371] cgroup: Unknown subsys name 'hugetlb' [ 21.468810][ T371] cgroup: Unknown subsys name 'rlimit' [ 21.562374][ T23] audit: type=1400 audit(1636462515.879:81): avc: denied { setattr } for pid=371 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.596496][ T23] audit: type=1400 audit(1636462515.909:82): avc: denied { execmem } for pid=373 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.669374][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.676454][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.684079][ T374] device bridge_slave_0 entered promiscuous mode [ 21.690845][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.697934][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.705249][ T374] device bridge_slave_1 entered promiscuous mode [ 21.734488][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.741657][ T374] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.748915][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.755954][ T374] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.772889][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.780199][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.787665][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 21.795412][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.812226][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.820465][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.828020][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.835622][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.844029][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.851039][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.858408][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.866305][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.882395][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.890683][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.898587][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.911753][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.920144][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.935881][ T24] ================================================================================ [ 21.945195][ T24] UBSAN: object-size-mismatch in ./include/linux/skbuff.h:2023:28 [ 21.953027][ T24] member access within address ffffc9000019f1c0 with insufficient space [ 21.961359][ T24] for an object of type 'struct sk_buff' [ 21.966984][ T24] CPU: 1 PID: 24 Comm: kworker/1:1 Not tainted 5.10.78-syzkaller-01155-gbb235e8cc2b6 #0 [ 21.976671][ T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.986730][ T24] Workqueue: ipv6_addrconf addrconf_dad_work [ 21.992690][ T24] Call Trace: [ 21.995965][ T24] dump_stack_lvl+0x1e2/0x24b [ 22.000632][ T24] ? show_regs_print_info+0x18/0x18 [ 22.005812][ T24] ? wg_allowedips_lookup_dst+0x190/0x190 [ 22.011510][ T24] dump_stack+0x15/0x1d [ 22.015648][ T24] ubsan_type_mismatch_common+0x1ed/0x3a0 [ 22.021348][ T24] ? __sanitizer_cov_trace_switch+0x74/0x90 [ 22.027224][ T24] __ubsan_handle_type_mismatch_v1+0x5b/0x70 [ 22.033191][ T24] wg_xmit+0x4a2/0xae0 [ 22.037242][ T24] ? wg_stop+0x140/0x140 [ 22.041470][ T24] ? __sanitizer_cov_trace_const_cmp2+0x19/0x20 [ 22.047692][ T24] netdev_start_xmit+0x8a/0x160 [ 22.052526][ T24] dev_hard_start_xmit+0x18d/0x2f0 [ 22.057631][ T24] __dev_queue_xmit+0xfbe/0x1bb0 [ 22.062566][ T24] ? dev_queue_xmit+0x20/0x20 [ 22.067261][ T24] ? __local_bh_enable_ip+0xa8/0x170 [ 22.072536][ T24] ? do_raw_spin_unlock+0x50/0x50 [ 22.077554][ T24] ? _local_bh_enable+0x30/0x30 [ 22.082405][ T24] ? __sanitizer_cov_trace_const_cmp4+0x19/0x20 [ 22.088630][ T24] ? ndisc_constructor+0x690/0x8a0 [ 22.093740][ T24] ? _raw_write_unlock_bh+0x31/0x47 [ 22.099617][ T24] ? dev_hard_header+0xdb/0xf0 [ 22.104365][ T24] dev_queue_xmit+0x17/0x20 [ 22.108850][ T24] neigh_connected_output+0x288/0x2b0 [ 22.114202][ T24] ip6_finish_output2+0xde2/0x1440 [ 22.119294][ T24] ? __rcu_read_lock+0x50/0x50 [ 22.124045][ T24] ? __ip6_finish_output+0x520/0x520 [ 22.129311][ T24] ? dst_cow_metrics_generic+0x55/0x1d0 [ 22.134836][ T24] ? __sanitizer_cov_trace_const_cmp4+0x19/0x20 [ 22.141055][ T24] ? ip6_skb_dst_mtu+0xaf/0x260 [ 22.145887][ T24] __ip6_finish_output+0x3e4/0x520 [ 22.150979][ T24] ip6_finish_output+0x3f/0x220 [ 22.155808][ T24] ? ip6_output+0x1d3/0x4b0 [ 22.160288][ T24] ip6_output+0x1f8/0x4b0 [ 22.164600][ T24] ? asan.module_dtor+0x20/0x20 [ 22.169431][ T24] ? skb_dst+0x40/0x40 [ 22.173480][ T24] ? __rcu_read_lock+0x50/0x50 [ 22.178223][ T24] ? selinux_ipv6_forward+0x50/0x50 [ 22.183404][ T24] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 22.189104][ T24] ? nf_hook_slow+0x150/0x1b0 [ 22.193763][ T24] NF_HOOK+0xdd/0x280 [ 22.197730][ T24] ? addrconf_addr_solict_mult+0xe0/0xe0 [ 22.203340][ T24] ? NF_HOOK+0x280/0x280 [ 22.207736][ T24] ? __rcu_read_lock+0x50/0x50 [ 22.212479][ T24] ? __sanitizer_cov_trace_const_cmp4+0x19/0x20 [ 22.218698][ T24] ? ndisc_send_skb+0x547/0x9f0 [ 22.223527][ T24] ? memcpy+0x56/0x70 [ 22.227511][ T24] ndisc_send_skb+0x646/0x9f0 [ 22.232169][ T24] ? slab_post_alloc_hook+0x90/0xa0 [ 22.237353][ T24] ? ndisc_fill_addr_option+0x2f0/0x2f0 [ 22.242878][ T24] ? skb_set_owner_w+0x1a8/0x310 [ 22.247802][ T24] ? __sanitizer_cov_trace_cmp4+0x19/0x20 [ 22.253505][ T24] ? skb_put+0x11d/0x200 [ 22.257732][ T24] ndisc_send_rs+0x26c/0x360 [ 22.262304][ T24] addrconf_dad_completed+0x4f3/0x9f0 [ 22.267655][ T24] ? addrconf_dad_stop+0x430/0x430 [ 22.272747][ T24] ? switch_mm_irqs_off+0x2dd/0x720 [ 22.277928][ T24] addrconf_dad_work+0x9c1/0x1520 [ 22.282934][ T24] ? ipv6_use_optimistic_addr+0x1d0/0x1d0 [ 22.288749][ T24] ? __kasan_check_write+0x14/0x20 [ 22.293862][ T24] process_one_work+0x3ca/0x660 [ 22.298850][ T24] worker_thread+0x709/0xa20 [ 22.303424][ T24] ? __kthread_parkme+0x11b/0x150 [ 22.308428][ T24] kthread+0x371/0x390 [ 22.312478][ T24] ? pr_cont_work+0x110/0x110 [ 22.317137][ T24] ? __list_add+0xc0/0xc0 [ 22.321449][ T24] ret_from_fork+0x1f/0x30 [ 22.325883][ T24] ================================================================================ [ 22.335162][ T24] ================================================================================ [ 22.344449][ T24] UBSAN: object-size-mismatch in ./include/linux/skbuff.h:1916:2 [ 22.352160][ T24] member access within address ffffc9000019f1c0 with insufficient space [ 22.360456][ T24] for an object of type 'struct sk_buff' [ 22.366088][ T24] CPU: 1 PID: 24 Comm: kworker/1:1 Not tainted 5.10.78-syzkaller-01155-gbb235e8cc2b6 #0 [ 22.375774][ T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.385816][ T24] Workqueue: ipv6_addrconf addrconf_dad_work [ 22.392080][ T24] Call Trace: [ 22.395356][ T24] dump_stack_lvl+0x1e2/0x24b [ 22.400030][ T24] ? show_regs_print_info+0x18/0x18 [ 22.405226][ T24] ? wg_allowedips_lookup_dst+0x190/0x190 [ 22.410924][ T24] dump_stack+0x15/0x1d [ 22.415062][ T24] ubsan_type_mismatch_common+0x1ed/0x3a0 [ 22.420758][ T24] __ubsan_handle_type_mismatch_v1+0x5b/0x70 [ 22.426717][ T24] wg_xmit+0x513/0xae0 [ 22.430763][ T24] ? wg_stop+0x140/0x140 [ 22.435018][ T24] ? __sanitizer_cov_trace_const_cmp2+0x19/0x20 [ 22.441236][ T24] netdev_start_xmit+0x8a/0x160 [ 22.446067][ T24] dev_hard_start_xmit+0x18d/0x2f0 [ 22.451174][ T24] __dev_queue_xmit+0xfbe/0x1bb0 [ 22.456092][ T24] ? dev_queue_xmit+0x20/0x20 [ 22.460746][ T24] ? __local_bh_enable_ip+0xa8/0x170 [ 22.466014][ T24] ? do_raw_spin_unlock+0x50/0x50 [ 22.471025][ T24] ? _local_bh_enable+0x30/0x30 [ 22.476297][ T24] ? __sanitizer_cov_trace_const_cmp4+0x19/0x20 [ 22.482513][ T24] ? ndisc_constructor+0x690/0x8a0 [ 22.487606][ T24] ? _raw_write_unlock_bh+0x31/0x47 [ 22.492779][ T24] ? dev_hard_header+0xdb/0xf0 [ 22.497533][ T24] dev_queue_xmit+0x17/0x20 [ 22.502018][ T24] neigh_connected_output+0x288/0x2b0 [ 22.507371][ T24] ip6_finish_output2+0xde2/0x1440 [ 22.512462][ T24] ? __rcu_read_lock+0x50/0x50 [ 22.517200][ T24] ? __ip6_finish_output+0x520/0x520 [ 22.522465][ T24] ? dst_cow_metrics_generic+0x55/0x1d0 [ 22.527989][ T24] ? __sanitizer_cov_trace_const_cmp4+0x19/0x20 [ 22.534220][ T24] ? ip6_skb_dst_mtu+0xaf/0x260 [ 22.539065][ T24] __ip6_finish_output+0x3e4/0x520 [ 22.544168][ T24] ip6_finish_output+0x3f/0x220 [ 22.548992][ T24] ? ip6_output+0x1d3/0x4b0 [ 22.553471][ T24] ip6_output+0x1f8/0x4b0 [ 22.557788][ T24] ? asan.module_dtor+0x20/0x20 [ 22.562699][ T24] ? skb_dst+0x40/0x40 [ 22.566743][ T24] ? __rcu_read_lock+0x50/0x50 [ 22.571482][ T24] ? selinux_ipv6_forward+0x50/0x50 [ 22.576668][ T24] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 22.582379][ T24] ? nf_hook_slow+0x150/0x1b0 [ 22.587042][ T24] NF_HOOK+0xdd/0x280 [ 22.591017][ T24] ? addrconf_addr_solict_mult+0xe0/0xe0 [ 22.596721][ T24] ? NF_HOOK+0x280/0x280 [ 22.600951][ T24] ? __rcu_read_lock+0x50/0x50 [ 22.605786][ T24] ? __sanitizer_cov_trace_const_cmp4+0x19/0x20 [ 22.612008][ T24] ? ndisc_send_skb+0x547/0x9f0 [ 22.616846][ T24] ? memcpy+0x56/0x70 [ 22.620807][ T24] ndisc_send_skb+0x646/0x9f0 [ 22.625465][ T24] ? slab_post_alloc_hook+0x90/0xa0 [ 22.630644][ T24] ? ndisc_fill_addr_option+0x2f0/0x2f0 [ 22.636171][ T24] ? skb_set_owner_w+0x1a8/0x310 [ 22.641080][ T24] ? __sanitizer_cov_trace_cmp4+0x19/0x20 [ 22.646770][ T24] ? skb_put+0x11d/0x200 [ 22.650999][ T24] ndisc_send_rs+0x26c/0x360 [ 22.655572][ T24] addrconf_dad_completed+0x4f3/0x9f0 [ 22.660953][ T24] ? addrconf_dad_stop+0x430/0x430 [ 22.666045][ T24] ? switch_mm_irqs_off+0x2dd/0x720 [ 22.671235][ T24] addrconf_dad_work+0x9c1/0x1520 [ 22.676243][ T24] ? ipv6_use_optimistic_addr+0x1d0/0x1d0 [ 22.681959][ T24] ? __kasan_check_write+0x14/0x20 [ 22.687095][ T24] process_one_work+0x3ca/0x660 [ 22.691919][ T24] worker_thread+0x709/0xa20 [ 22.696487][ T24] ? __kthread_parkme+0x11b/0x150 [ 22.701495][ T24] kthread+0x371/0x390 [ 22.705540][ T24] ? pr_cont_work+0x110/0x110 [ 22.710191][ T24] ? __list_add+0xc0/0xc0 [ 22.714498][ T24] ret_from_fork+0x1f/0x30 [ 22.718927][ T24] ================================================================================ 2021/11/09 12:55:17 building call list... [ 22.730113][ T374] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 23.241522][ T9] device bridge_slave_1 left promiscuous mode [ 23.261502][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.269255][ T9] device bridge_slave_0 left promiscuous mode [ 23.275511][ T9] bridge0: port 1(bridge_slave_0) entered disabled state