Warning: Permanently added '10.128.0.243' (ECDSA) to the list of known hosts. 2023/05/15 11:56:50 ignoring optional flag "sandboxArg"="0" 2023/05/15 11:56:50 parsed 1 programs 2023/05/15 11:56:50 executed programs: 0 [ 37.062142][ T30] audit: type=1400 audit(1684151810.390:152): avc: denied { mounton } for pid=335 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 37.086924][ T30] audit: type=1400 audit(1684151810.390:153): avc: denied { mount } for pid=335 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 37.118275][ T339] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.125148][ T339] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.132396][ T339] device bridge_slave_0 entered promiscuous mode [ 37.138931][ T339] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.145908][ T339] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.153224][ T339] device bridge_slave_1 entered promiscuous mode [ 37.186000][ T30] audit: type=1400 audit(1684151810.510:154): avc: denied { write } for pid=339 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 37.190292][ T339] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.206397][ T30] audit: type=1400 audit(1684151810.510:155): avc: denied { read } for pid=339 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 37.213172][ T339] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.213256][ T339] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.247295][ T339] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.263650][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.270733][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.277922][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 37.285989][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 37.302059][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.310052][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.316842][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.323964][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 37.332068][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.338992][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.346236][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 37.353978][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 37.364385][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 37.374435][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 37.382515][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 37.389674][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 37.397863][ T339] device veth0_vlan entered promiscuous mode [ 37.406694][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 37.415495][ T339] device veth1_macvtap entered promiscuous mode [ 37.425819][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 37.434320][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 37.446245][ T30] audit: type=1400 audit(1684151810.770:156): avc: denied { mounton } for pid=339 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 37.474946][ T30] audit: type=1400 audit(1684151810.800:157): avc: denied { ioctl } for pid=343 comm="syz-executor.0" path="/dev/raw-gadget" dev="devtmpfs" ino=162 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 37.741190][ T60] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 38.101268][ T60] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 38.271298][ T60] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 38.280206][ T60] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 38.288259][ T60] usb 1-1: Product: syz [ 38.292424][ T60] usb 1-1: Manufacturer: syz [ 38.296826][ T60] usb 1-1: SerialNumber: syz [ 39.771223][ T60] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 39.777637][ T60] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 39.784842][ T60] cdc_ncm 1-1:1.0: setting rx_max = 2048 [ 39.992903][ T60] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM, 42:42:42:42:42:42 [ 40.027117][ T30] audit: type=1400 audit(1684151813.350:158): avc: denied { read } for pid=138 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 40.121284][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): usb0: link becomes ready [ 40.161289][ T293] skbuff: skb_over_panic: text:ffffffff831f5f3b len:184 put:172 head:ffff88812371d400 data:ffff88812371d400 tail:0xb8 end:0x80 dev: [ 40.175385][ T293] ------------[ cut here ]------------ [ 40.180749][ T293] kernel BUG at net/core/skbuff.c:113! [ 40.186079][ T293] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 40.192000][ T293] CPU: 1 PID: 293 Comm: kworker/1:2 Not tainted 5.15.106-syzkaller-05912-g19c0ed55a470 #0 [ 40.201675][ T293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 40.211567][ T293] Workqueue: mld mld_ifc_work [ 40.216073][ T293] RIP: 0010:skb_over_panic+0x14c/0x150 [ 40.221455][ T293] Code: 40 c6 b1 85 48 c7 c6 80 67 fd 85 48 8b 55 c0 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 53 41 55 41 54 41 57 e8 cd 08 dd 00 48 83 c4 20 <0f> 0b 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 10 89 [ 40.240984][ T293] RSP: 0018:ffffc900009f6f80 EFLAGS: 00010282 [ 40.246883][ T293] RAX: 0000000000000087 RBX: ffffffff85b1c6c0 RCX: 7dbcee8b8cbeea00 [ 40.254695][ T293] RDX: 0000000000000000 RSI: 0000000000000603 RDI: 0000000000000000 [ 40.262515][ T293] RBP: ffffc900009f6fc0 R08: ffffffff815748e5 R09: ffffed103ee265e8 [ 40.270424][ T293] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000000000b8 [ 40.278226][ T293] R13: 0000000000000080 R14: dffffc0000000000 R15: ffff88812371d400 [ 40.286040][ T293] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 40.294815][ T293] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.301225][ T293] CR2: 0000562b10818000 CR3: 000000011ee83000 CR4: 00000000003506a0 [ 40.309040][ T293] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.316852][ T293] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.324667][ T293] Call Trace: [ 40.327894][ T293] [ 40.330674][ T293] ? cdc_ncm_fill_tx_frame+0x11ab/0x3da0 [ 40.336136][ T293] ? cdc_ncm_fill_tx_frame+0x11ab/0x3da0 [ 40.341696][ T293] skb_put+0x151/0x210 [ 40.345602][ T293] cdc_ncm_fill_tx_frame+0x11ab/0x3da0 [ 40.350892][ T293] cdc_ncm_tx_fixup+0xa3/0x100 [ 40.355515][ T293] usbnet_start_xmit+0x118/0x1b60 [ 40.360349][ T293] ? netif_skb_features+0x7b9/0xae0 [ 40.365387][ T293] ? validate_xmit_skb+0x6a2/0xce0 [ 40.370338][ T293] dev_hard_start_xmit+0x228/0x620 [ 40.375368][ T293] sch_direct_xmit+0x298/0x9b0 [ 40.379963][ T293] ? __kasan_check_write+0x14/0x20 [ 40.384911][ T293] ? _raw_spin_trylock+0xcd/0x1a0 [ 40.389773][ T293] ? stp_proto_unregister+0x200/0x200 [ 40.394978][ T293] ? mld_sendpack+0x662/0xbb0 [ 40.399495][ T293] ? process_one_work+0x6bb/0xc10 [ 40.404353][ T293] ? netdev_core_pick_tx+0xce/0x300 [ 40.409389][ T293] __dev_queue_xmit+0x161e/0x2e70 [ 40.414338][ T293] ? dev_queue_xmit+0x20/0x20 [ 40.418847][ T293] ? __kasan_check_write+0x14/0x20 [ 40.423792][ T293] ? _raw_write_lock_bh+0xa4/0x170 [ 40.428743][ T293] ? _raw_write_lock_irq+0x170/0x170 [ 40.433860][ T293] ? eth_header+0x120/0x200 [ 40.438198][ T293] ? memcpy+0x56/0x70 [ 40.442020][ T293] dev_queue_xmit+0x17/0x20 [ 40.446361][ T293] neigh_resolve_output+0x6b8/0x760 [ 40.451394][ T293] ip6_finish_output2+0xf95/0x16e0 [ 40.456342][ T293] ? __ip6_finish_output+0x850/0x850 [ 40.461465][ T293] __ip6_finish_output+0x678/0x850 [ 40.466409][ T293] ip6_finish_output+0x31/0x210 [ 40.471094][ T293] ? ip6_output+0x486/0x4d0 [ 40.475441][ T293] ip6_output+0x1f7/0x4d0 [ 40.479697][ T293] ? ac6_seq_show+0xf0/0xf0 [ 40.484028][ T293] ? xfrm_lookup+0x38/0x50 [ 40.488283][ T293] ? ip6_output+0x4d0/0x4d0 [ 40.492727][ T293] ? icmp6_dst_alloc+0x4f0/0x560 [ 40.497500][ T293] mld_sendpack+0x662/0xbb0 [ 40.501845][ T293] ? add_grec+0x13a0/0x13a0 [ 40.506178][ T293] ? igmp6_send+0x10a0/0x10a0 [ 40.510696][ T293] ? add_grec+0x112/0x13a0 [ 40.514945][ T293] ? finish_task_switch+0x167/0x7b0 [ 40.520080][ T293] mld_ifc_work+0x7dc/0xbb0 [ 40.524409][ T293] ? __kasan_check_read+0x11/0x20 [ 40.529278][ T293] ? strscpy+0x9c/0x260 [ 40.533273][ T293] process_one_work+0x6bb/0xc10 [ 40.537960][ T293] worker_thread+0xad5/0x12a0 [ 40.542467][ T293] ? _raw_spin_lock+0x1b0/0x1b0 [ 40.547148][ T293] kthread+0x421/0x510 [ 40.551050][ T293] ? worker_clr_flags+0x180/0x180 [ 40.555911][ T293] ? kthread_blkcg+0xd0/0xd0 [ 40.560406][ T293] ret_from_fork+0x1f/0x30 [ 40.564600][ T293] [ 40.567455][ T293] Modules linked in: [ 40.571249][ T293] ---[ end trace f1e38367dfd87335 ]--- [ 40.574981][ T60] usb 1-1: USB disconnect, device number 2 [ 40.576486][ T293] RIP: 0010:skb_over_panic+0x14c/0x150 [ 40.587423][ T293] Code: 40 c6 b1 85 48 c7 c6 80 67 fd 85 48 8b 55 c0 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 53 41 55 41 54 41 57 e8 cd 08 dd 00 48 83 c4 20 <0f> 0b 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 10 89 [ 40.606897][ T293] RSP: 0018:ffffc900009f6f80 EFLAGS: 00010282 [ 40.612778][ T293] RAX: 0000000000000087 RBX: ffffffff85b1c6c0 RCX: 7dbcee8b8cbeea00 [ 40.620577][ T293] RDX: 0000000000000000 RSI: 0000000000000603 RDI: 0000000000000000 [ 40.628451][ T293] RBP: ffffc900009f6fc0 R08: ffffffff815748e5 R09: ffffed103ee265e8 [ 40.636221][ T293] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000000000b8 [ 40.644042][ T293] R13: 0000000000000080 R14: dffffc0000000000 R15: ffff88812371d400 [ 40.651835][ T293] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 40.660670][ T293] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.667126][ T293] CR2: 0000562b10818000 CR3: 000000011ee83000 CR4: 00000000003506a0 [ 40.674925][ T293] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.682740][ T293] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.690531][ T293] Kernel panic - not syncing: Fatal exception in interrupt [ 40.697712][ T293] Kernel Offset: disabled [ 40.701832][ T293] Rebooting in 86400 seconds..