[ 29.654318][ T201] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.661610][ T201] device bridge_slave_0 left promiscuous mode [ 29.667511][ T201] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.674955][ T201] device veth1_macvtap left promiscuous mode [ 29.680922][ T201] device veth0_vlan left promiscuous mode [ 39.550213][ T29] kauditd_printk_skb: 71 callbacks suppressed [ 39.550221][ T29] audit: type=1400 audit(1683628805.252:147): avc: denied { transition } for pid=409 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 39.577941][ T29] audit: type=1400 audit(1683628805.252:148): avc: denied { noatsecure } for pid=409 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 39.596645][ T29] audit: type=1400 audit(1683628805.252:149): avc: denied { rlimitinh } for pid=409 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 39.616016][ T29] audit: type=1400 audit(1683628805.252:150): avc: denied { siginh } for pid=409 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.185' (ECDSA) to the list of known hosts. 2023/05/09 10:40:11 ignoring optional flag "sandboxArg"="0" 2023/05/09 10:40:12 parsed 1 programs 2023/05/09 10:40:12 executed programs: 0 [ 46.339459][ T29] audit: type=1400 audit(1683628812.042:151): avc: denied { mounton } for pid=430 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 46.364130][ T29] audit: type=1400 audit(1683628812.042:152): avc: denied { mount } for pid=430 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 46.394013][ T434] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.400992][ T434] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.408094][ T434] device bridge_slave_0 entered promiscuous mode [ 46.414548][ T434] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.421399][ T434] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.428490][ T434] device bridge_slave_1 entered promiscuous mode [ 46.455178][ T29] audit: type=1400 audit(1683628812.152:153): avc: denied { create } for pid=434 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 46.458507][ T434] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.475635][ T29] audit: type=1400 audit(1683628812.152:154): avc: denied { write } for pid=434 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 46.482428][ T434] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.482516][ T434] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.503185][ T29] audit: type=1400 audit(1683628812.152:155): avc: denied { read } for pid=434 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 46.510034][ T434] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.551155][ T393] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.558319][ T393] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.565376][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 46.573138][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.581691][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.589582][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.596326][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.610260][ T434] device veth0_vlan entered promiscuous mode [ 46.618568][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.628602][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.637028][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.644219][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.652804][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.660889][ T19] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.667737][ T19] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.675136][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.683127][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.691540][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.700484][ T434] device veth1_macvtap entered promiscuous mode [ 46.710311][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.718384][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 46.730226][ T29] audit: type=1400 audit(1683628812.432:156): avc: denied { mounton } for pid=434 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 46.759413][ T29] audit: type=1400 audit(1683628812.462:157): avc: denied { ioctl } for pid=440 comm="syz-executor.0" path="/dev/raw-gadget" dev="devtmpfs" ino=162 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 47.027675][ T393] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 47.387747][ T393] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 47.557723][ T393] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 47.566991][ T393] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 47.574999][ T393] usb 1-1: Product: syz [ 47.579059][ T393] usb 1-1: Manufacturer: syz [ 47.583373][ T393] usb 1-1: SerialNumber: syz [ 49.057669][ T393] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 49.064003][ T393] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 49.071653][ T393] cdc_ncm 1-1:1.0: setting rx_max = 2048 [ 49.270633][ T393] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM, 42:42:42:42:42:42 [ 49.283280][ T29] audit: type=1400 audit(1683628814.982:158): avc: denied { read } for pid=223 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 49.367684][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): usb0: link becomes ready [ 49.407941][ T393] skbuff: skb_over_panic: text:ffffffff82dab104 len:184 put:172 head:ffff8881232e1800 data:ffff8881232e1800 tail:0xb8 end:0x80 dev: [ 49.421885][ T393] ------------[ cut here ]------------ [ 49.427138][ T393] kernel BUG at net/core/skbuff.c:113! [ 49.432421][ T393] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 49.438295][ T393] CPU: 1 PID: 393 Comm: kworker/1:3 Not tainted 5.15.41-syzkaller #0 [ 49.446741][ T393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 49.456755][ T393] Workqueue: mld mld_ifc_work [ 49.461254][ T393] RIP: 0010:skb_over_panic+0x14c/0x150 [ 49.466551][ T393] Code: 80 62 2f 85 48 c7 c6 00 ed 76 85 48 8b 55 c0 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 53 41 55 41 54 41 57 e8 bd df c5 00 48 83 c4 20 <0f> 0b 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 10 89 [ 49.486265][ T393] RSP: 0018:ffffc9000046efb8 EFLAGS: 00010286 [ 49.492155][ T393] RAX: 0000000000000087 RBX: ffffffff852f6300 RCX: d482ddc3f2d20d00 [ 49.499980][ T393] RDX: 1ffff9200008ddbc RSI: ffffffff8501b780 RDI: 0000000000000001 [ 49.508239][ T393] RBP: ffffc9000046eff8 R08: dffffc0000000000 R09: ffffed103ee665c0 [ 49.516142][ T393] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000000000b8 [ 49.523954][ T393] R13: 0000000000000080 R14: dffffc0000000000 R15: ffff8881232e1800 [ 49.531782][ T393] FS: 0000000000000000(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000 [ 49.540550][ T393] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.547040][ T393] CR2: 0000563022216000 CR3: 0000000115c9c000 CR4: 00000000003506a0 [ 49.555017][ T393] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.563267][ T393] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.571081][ T393] Call Trace: [ 49.574203][ T393] [ 49.577153][ T393] ? cdc_ncm_fill_tx_frame+0xff4/0x4460 [ 49.582729][ T393] ? cdc_ncm_fill_tx_frame+0xff4/0x4460 [ 49.588085][ T393] skb_put+0x10c/0x200 [ 49.591998][ T393] cdc_ncm_fill_tx_frame+0xff4/0x4460 [ 49.597202][ T393] cdc_ncm_tx_fixup+0x83/0xd0 [ 49.601729][ T393] usbnet_start_xmit+0x105/0x1a70 [ 49.606575][ T393] ? netif_skb_features+0x5fa/0x960 [ 49.611700][ T393] ? validate_xmit_skb+0x77/0xb10 [ 49.616557][ T393] dev_hard_start_xmit+0x21b/0x530 [ 49.621505][ T393] sch_direct_xmit+0x228/0x890 [ 49.626116][ T393] ? __kasan_check_write+0x14/0x20 [ 49.631138][ T393] ? _raw_spin_trylock+0xcd/0x1a0 [ 49.636081][ T393] ? stp_proto_unregister+0x180/0x180 [ 49.641395][ T393] __dev_queue_xmit+0x132b/0x2790 [ 49.646245][ T393] ? __kasan_check_read+0x11/0x20 [ 49.651100][ T393] ? dev_queue_xmit+0x10/0x10 [ 49.655618][ T393] ? rcu_gp_kthread_wake+0x90/0x90 [ 49.661014][ T393] ? eth_header+0xce/0x1a0 [ 49.665360][ T393] ? memcpy+0x56/0x70 [ 49.669264][ T393] ? eth_header+0xce/0x1a0 [ 49.673554][ T393] dev_queue_xmit+0xb/0x10 [ 49.677772][ T393] neigh_resolve_output+0x5ec/0x6c0 [ 49.682810][ T393] ip6_finish_output2+0xdb4/0x16b0 [ 49.688048][ T393] ? kmem_cache_alloc_trace+0x115/0x210 [ 49.693502][ T393] ? __ip6_finish_output+0x740/0x740 [ 49.698706][ T393] __ip6_finish_output+0x541/0x740 [ 49.703751][ T393] ip6_finish_output+0x27/0x180 [ 49.708447][ T393] ip6_output+0x1aa/0x410 [ 49.712599][ T393] ? ac6_seq_show+0xe0/0xe0 [ 49.716929][ T393] ? ip6_output+0x410/0x410 [ 49.721356][ T393] ? icmp6_dst_alloc+0x46e/0x4d0 [ 49.726131][ T393] mld_sendpack+0x61b/0xb20 [ 49.730480][ T393] ? add_grec+0x1010/0x1010 [ 49.734811][ T393] ? igmp6_send+0x10d0/0x10d0 [ 49.739322][ T393] ? add_grec+0xc60/0x1010 [ 49.743576][ T393] ? wait_for_completion_killable_timeout+0x10/0x10 [ 49.750116][ T393] ? finish_task_switch+0x215/0x760 [ 49.755154][ T393] mld_ifc_work+0x73f/0xa70 [ 49.759722][ T393] ? read_word_at_a_time+0x12/0x20 [ 49.764683][ T393] ? strscpy+0x9c/0x260 [ 49.768643][ T393] process_one_work+0x635/0xa70 [ 49.773332][ T393] worker_thread+0x8b8/0xf40 [ 49.777758][ T393] ? _raw_spin_lock+0x1b0/0x1b0 [ 49.782451][ T393] kthread+0x3a1/0x480 [ 49.786350][ T393] ? worker_clr_flags+0x120/0x120 [ 49.791211][ T393] ? kthread_blkcg+0xa0/0xa0 [ 49.795636][ T393] ret_from_fork+0x1f/0x30 [ 49.799892][ T393] [ 49.802753][ T393] Modules linked in: [ 49.806531][ T393] ---[ end trace 997dbd768bd9f9c8 ]--- [ 49.811809][ T393] RIP: 0010:skb_over_panic+0x14c/0x150 [ 49.817074][ T393] Code: 80 62 2f 85 48 c7 c6 00 ed 76 85 48 8b 55 c0 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 53 41 55 41 54 41 57 e8 bd df c5 00 48 83 c4 20 <0f> 0b 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 10 89 [ 49.819351][ T19] usb 1-1: USB disconnect, device number 2 [ 49.836542][ T393] RSP: 0018:ffffc9000046efb8 EFLAGS: 00010286 [ 49.836555][ T393] RAX: 0000000000000087 RBX: ffffffff852f6300 RCX: d482ddc3f2d20d00 [ 49.836559][ T393] RDX: 1ffff9200008ddbc RSI: ffffffff8501b780 RDI: 0000000000000001 [ 49.836563][ T393] RBP: ffffc9000046eff8 R08: dffffc0000000000 R09: ffffed103ee665c0 [ 49.836567][ T393] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000000000b8 [ 49.842895][ T19] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM [ 49.848166][ T393] R13: 0000000000000080 R14: dffffc0000000000 R15: ffff8881232e1800 [ 49.848174][ T393] FS: 0000000000000000(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000 [ 49.848179][ T393] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.848182][ T393] CR2: 0000563022216000 CR3: 0000000115c9c000 CR4: 00000000003506a0 [ 49.848190][ T393] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.848195][ T393] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.848200][ T393] Kernel panic - not syncing: Fatal exception in interrupt [ 49.941966][ T393] Kernel Offset: disabled [ 49.946110][ T393] Rebooting in 86400 seconds..