syzkaller syzkaller login: [ 13.083913][ T23] kauditd_printk_skb: 60 callbacks suppressed [ 13.083920][ T23] audit: type=1400 audit(1642657478.630:71): avc: denied { transition } for pid=290 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.089739][ T23] audit: type=1400 audit(1642657478.640:72): avc: denied { write } for pid=290 comm="sh" path="pipe:[10722]" dev="pipefs" ino=10722 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 13.437173][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 13.446036][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 13.455752][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 13.466059][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 17.317204][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! Warning: Permanently added '10.128.0.150' (ECDSA) to the list of known hosts. [ 21.345141][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 21.451654][ T23] audit: type=1400 audit(1642657487.000:73): avc: denied { execmem } for pid=365 comm="syz-executor693" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.471354][ T23] audit: type=1400 audit(1642657487.020:74): avc: denied { mounton } for pid=366 comm="syz-executor693" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 21.495545][ T23] audit: type=1400 audit(1642657487.020:75): avc: denied { mount } for pid=366 comm="syz-executor693" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 21.499952][ T366] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.518129][ T23] audit: type=1400 audit(1642657487.020:76): avc: denied { mounton } for pid=366 comm="syz-executor693" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 21.524874][ T366] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.546493][ T23] audit: type=1400 audit(1642657487.020:77): avc: denied { module_request } for pid=366 comm="syz-executor693" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 21.553644][ T366] device bridge_slave_0 entered promiscuous mode [ 21.582145][ T366] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.589215][ T366] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.596416][ T366] device bridge_slave_1 entered promiscuous mode [ 21.617872][ T23] audit: type=1400 audit(1642657487.170:78): avc: denied { create } for pid=366 comm="syz-executor693" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 21.622156][ T366] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.638506][ T23] audit: type=1400 audit(1642657487.170:79): avc: denied { write } for pid=366 comm="syz-executor693" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 21.645458][ T366] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.666223][ T23] audit: type=1400 audit(1642657487.170:80): avc: denied { read } for pid=366 comm="syz-executor693" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 21.673152][ T366] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.700483][ T366] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.715965][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.723144][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.730562][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 21.738237][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.746906][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.754994][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.762001][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.770226][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.778320][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.785312][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.806941][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.815216][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.824159][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.832804][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.840749][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.849194][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready executing program [ 21.857002][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.869170][ T23] audit: type=1400 audit(1642657487.420:81): avc: denied { mounton } for pid=366 comm="syz-executor693" path="/dev/binderfs" dev="devtmpfs" ino=363 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 21.870091][ T366] skbuff: skb_over_panic: text:ffffffff842f46b6 len:65575 put:65575 head:ffff88811d74a000 data:ffff88811d74a088 tail:0x100af end:0x680 dev: [ 21.892114][ T23] audit: type=1400 audit(1642657487.420:82): avc: denied { mount } for pid=366 comm="syz-executor693" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 21.929969][ T366] ------------[ cut here ]------------ [ 21.935431][ T366] kernel BUG at net/core/skbuff.c:110! [ 21.940970][ T366] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 21.947017][ T366] CPU: 1 PID: 366 Comm: syz-executor693 Not tainted 5.10.92-syzkaller-01003-gf45f895af546 #0 [ 21.957137][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.967541][ T366] RIP: 0010:skb_panic+0x14f/0x160 [ 21.972538][ T366] Code: 87 85 48 8b 75 c0 48 8b 55 b8 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 b8 00 00 00 00 53 41 56 41 55 41 54 e8 9c 42 89 fd 48 83 c4 20 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 48 89 e5 41 [ 21.992115][ T366] RSP: 0018:ffffc90000ba71b0 EFLAGS: 00010282 [ 21.998150][ T366] RAX: 000000000000008f RBX: ffffffff858750a0 RCX: 24e716add774bb00 [ 22.006093][ T366] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 22.014035][ T366] RBP: ffffc90000ba71f8 R08: ffffffff815457c8 R09: ffffed103ee2a5d8 [ 22.021975][ T366] R10: ffffed103ee2a5d8 R11: 0000000000000000 R12: ffff88811d74a088 [ 22.029916][ T366] R13: 00000000000100af R14: 0000000000000680 R15: dffffc0000000000 [ 22.037858][ T366] FS: 00005555557e2300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 22.046755][ T366] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.053305][ T366] CR2: 0000558102e15048 CR3: 000000011ccbd000 CR4: 00000000003506a0 [ 22.061250][ T366] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.069192][ T366] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.077137][ T366] Call Trace: [ 22.080405][ T366] ? __ip6_append_data+0x2ad6/0x3d80 [ 22.085658][ T366] ? __ip6_append_data+0x2ad6/0x3d80 [ 22.090913][ T366] skb_over_panic+0x2c/0x30 [ 22.095388][ T366] ? __ip6_append_data+0x2ad6/0x3d80 [ 22.100640][ T366] skb_put+0x205/0x210 [ 22.104679][ T366] __ip6_append_data+0x2ad6/0x3d80 [ 22.109761][ T366] ? __rcu_read_lock+0x50/0x50 [ 22.114495][ T366] ? kmemdup+0x3f/0x50 [ 22.118532][ T366] ? ip6_setup_cork+0x1220/0x1220 [ 22.123521][ T366] ? __kasan_check_read+0x11/0x20 [ 22.128512][ T366] ? ip6_setup_cork+0xd15/0x1220 [ 22.133417][ T366] ip6_append_data+0x1ab/0x2d0 [ 22.138149][ T366] ? rawv6_send_hdrinc+0x11e0/0x11e0 [ 22.143401][ T366] ? rawv6_send_hdrinc+0x11e0/0x11e0 [ 22.148650][ T366] rawv6_sendmsg+0x1e4f/0x2cd0 [ 22.153382][ T366] ? compat_rawv6_ioctl+0x10/0x10 [ 22.158377][ T366] ? debug_smp_processor_id+0x1c/0x20 [ 22.163717][ T366] ? selinux_socket_sendmsg+0x23f/0x340 [ 22.169231][ T366] ? inet_send_prepare+0x58/0x480 [ 22.174242][ T366] inet_sendmsg+0xa1/0xc0 [ 22.178537][ T366] ? inet_send_prepare+0x480/0x480 [ 22.183618][ T366] ____sys_sendmsg+0x5b9/0x910 [ 22.188353][ T366] ? __sys_sendmsg_sock+0xc0/0xc0 [ 22.193345][ T366] ? import_iovec+0xe5/0x120 [ 22.197908][ T366] __sys_sendmmsg+0x5ae/0x7f0 [ 22.202553][ T366] ? __ia32_sys_sendmsg+0x90/0x90 [ 22.207546][ T366] ? avc_has_perm_noaudit+0x4d0/0x4d0 [ 22.212886][ T366] ? selinux_socket_setsockopt+0x25c/0x360 [ 22.218665][ T366] ? debug_smp_processor_id+0x1c/0x20 [ 22.224008][ T366] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 22.230046][ T366] __x64_sys_sendmmsg+0xa0/0xb0 [ 22.234866][ T366] do_syscall_64+0x31/0x70 [ 22.239251][ T366] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 22.245109][ T366] RIP: 0033:0x7f1eb12453f9 [ 22.249493][ T366] Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 22.269065][ T366] RSP: 002b:00007ffd42c6b928 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 22.277484][ T366] RAX: ffffffffffffffda RBX: 00007ffd42c6b938 RCX: 00007f1eb12453f9 [ 22.285425][ T366] RDX: 0000000000000001 RSI: 00000000200002c0 RDI: 0000000000000003 [ 22.293403][ T366] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 22.301344][ T366] R10: 000000000000fe80 R11: 0000000000000246 R12: 00007ffd42c6b940 [ 22.309295][ T366] R13: 00007ffd42c6b960 R14: 0000000000000000 R15: 0000000000000000 [ 22.317236][ T366] Modules linked in: [ 22.321504][ T366] ---[ end trace e41daba6b63d41fe ]--- [ 22.326957][ T366] RIP: 0010:skb_panic+0x14f/0x160 [ 22.332010][ T366] Code: 87 85 48 8b 75 c0 48 8b 55 b8 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 b8 00 00 00 00 53 41 56 41 55 41 54 e8 9c 42 89 fd 48 83 c4 20 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 48 89 e5 41 [ 22.351618][ T366] RSP: 0018:ffffc90000ba71b0 EFLAGS: 00010282 [ 22.357803][ T366] RAX: 000000000000008f RBX: ffffffff858750a0 RCX: 24e716add774bb00 [ 22.365758][ T366] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 22.373739][ T366] RBP: ffffc90000ba71f8 R08: ffffffff815457c8 R09: ffffed103ee2a5d8 [ 22.381793][ T366] R10: ffffed103ee2a5d8 R11: 0000000000000000 R12: ffff88811d74a088 [ 22.389775][ T366] R13: 00000000000100af R14: 0000000000000680 R15: dffffc0000000000 [ 22.397762][ T366] FS: 00005555557e2300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 22.406664][ T366] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.413273][ T366] CR2: 0000558102e15048 CR3: 000000011ccbd000 CR4: 00000000003506a0 [ 22.421263][ T366] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.429237][ T366] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.437228][ T366] Kernel panic - not syncing: Fatal exception [ 22.443506][ T366] Kernel Offset: disabled [ 22.447815][ T366] Rebooting in 86400 seconds..