Warning: Permanently added '10.128.1.83' (ECDSA) to the list of known hosts. 2023/05/15 15:07:43 ignoring optional flag "sandboxArg"="0" 2023/05/15 15:07:43 parsed 1 programs 2023/05/15 15:07:43 executed programs: 0 [ 37.932671][ T30] audit: type=1400 audit(1684163263.507:152): avc: denied { mounton } for pid=337 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 37.957493][ T30] audit: type=1400 audit(1684163263.507:153): avc: denied { mount } for pid=337 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 37.988184][ T341] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.995106][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.002404][ T341] device bridge_slave_0 entered promiscuous mode [ 38.009047][ T341] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.016014][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.023325][ T341] device bridge_slave_1 entered promiscuous mode [ 38.053580][ T30] audit: type=1400 audit(1684163263.627:154): avc: denied { write } for pid=341 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 38.071956][ T341] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.074039][ T30] audit: type=1400 audit(1684163263.647:155): avc: denied { read } for pid=341 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 38.080827][ T341] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.080924][ T341] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.115017][ T341] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.132113][ T298] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.139419][ T298] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.146576][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.153910][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.162685][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.170769][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.177628][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.187860][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.195747][ T298] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.202524][ T298] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.216933][ T341] device veth0_vlan entered promiscuous mode [ 38.223866][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.231961][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.239738][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 38.246859][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 38.254048][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.262114][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.273161][ T341] device veth1_macvtap entered promiscuous mode [ 38.279923][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 38.290228][ T298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 38.301262][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 38.313220][ T30] audit: type=1400 audit(1684163263.887:156): avc: denied { mounton } for pid=341 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 38.341211][ T30] audit: type=1400 audit(1684163263.917:157): avc: denied { ioctl } for pid=347 comm="syz-executor.0" path="/dev/raw-gadget" dev="devtmpfs" ino=162 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 38.607264][ T26] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 38.967317][ T26] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 39.137318][ T26] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 39.146342][ T26] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 39.154370][ T26] usb 1-1: Product: syz [ 39.158373][ T26] usb 1-1: Manufacturer: syz [ 39.162751][ T26] usb 1-1: SerialNumber: syz [ 40.207277][ T26] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 dwNtbOutMaxSize=2 wNdpOutPayloadRemainder=0 wNdpOutDivisor=0 wNdpOutAlignment=0 wNtbOutMaxDatagrams=0 flags=0x0 [ 40.222121][ T26] cdc_ncm 1-1:1.0: ctx->max_ndp_size = 172 [ 40.647350][ T26] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 40.653622][ T26] cdc_ncm 1-1:1.0: cdc_ncm_setup le32_to_cpu(ctx->ncm_parm.dwNtbInMaxSize) = 0, le32_to_cpu(ctx->ncm_parm.dwNtbOutMaxSize) = 2 [ 40.667687][ T26] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 40.674904][ T26] cdc_ncm 1-1:1.0: cdc_ncm_check_rx_max: [new_rx, min, max] [0, 2048, 2048] range [ 40.684159][ T26] cdc_ncm 1-1:1.0: setting rx_max = 2048 [ 40.867292][ T26] cdc_ncm 1-1:1.0: cdc_ncm_check_tx_max: [new_tx, min, max] [2, 2, 2] [ 40.876706][ T26] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM, 42:42:42:42:42:42 [ 40.949256][ T30] audit: type=1400 audit(1684163266.527:158): avc: denied { read } for pid=138 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 41.037317][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): usb0: link becomes ready [ 41.077435][ T20] skbuff: skb_over_panic: text:ffffffff831f637b len:184 put:172 head:ffff88810cc6a800 data:ffff88810cc6a800 tail:0xb8 end:0x80 dev: [ 41.091426][ T20] ------------[ cut here ]------------ [ 41.096622][ T20] kernel BUG at net/core/skbuff.c:113! [ 41.101947][ T20] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 41.107842][ T20] CPU: 0 PID: 20 Comm: kworker/0:1 Not tainted 5.15.106-syzkaller-05913-g41c2901e24e0 #0 [ 41.117457][ T20] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 41.127351][ T20] Workqueue: mld mld_ifc_work [ 41.131864][ T20] RIP: 0010:skb_over_panic+0x14c/0x150 [ 41.137157][ T20] Code: 40 c7 b1 85 48 c7 c6 b0 68 fd 85 48 8b 55 c0 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 53 41 55 41 54 41 57 e8 3d 03 dd 00 48 83 c4 20 <0f> 0b 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 10 89 [ 41.156687][ T20] RSP: 0018:ffffc90000146f80 EFLAGS: 00010282 [ 41.162677][ T20] RAX: 0000000000000087 RBX: ffffffff85b1c7c0 RCX: 01d7663484d4ff00 [ 41.170489][ T20] RDX: 0000000000000000 RSI: 0000000000000603 RDI: 0000000000000000 [ 41.178306][ T20] RBP: ffffc90000146fc0 R08: ffffffff815748e5 R09: ffffed103ee065e8 [ 41.186110][ T20] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000000000b8 [ 41.194089][ T20] R13: 0000000000000080 R14: dffffc0000000000 R15: ffff88810cc6a800 [ 41.201902][ T20] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 41.210694][ T20] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.217092][ T20] CR2: 00007f06af4a4a12 CR3: 000000011eef6000 CR4: 00000000003506b0 [ 41.224909][ T20] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.232721][ T20] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.240525][ T20] Call Trace: [ 41.243738][ T20] [ 41.246513][ T20] ? cdc_ncm_fill_tx_frame+0x11ab/0x3da0 [ 41.251980][ T20] ? cdc_ncm_fill_tx_frame+0x11ab/0x3da0 [ 41.257573][ T20] skb_put+0x151/0x210 [ 41.261460][ T20] cdc_ncm_fill_tx_frame+0x11ab/0x3da0 [ 41.266767][ T20] cdc_ncm_tx_fixup+0xa3/0x100 [ 41.271353][ T20] usbnet_start_xmit+0x118/0x1b60 [ 41.276387][ T20] ? netif_skb_features+0x7b9/0xae0 [ 41.281533][ T20] ? validate_xmit_skb+0x6a2/0xce0 [ 41.286463][ T20] dev_hard_start_xmit+0x228/0x620 [ 41.291410][ T20] sch_direct_xmit+0x298/0x9b0 [ 41.296005][ T20] ? __kasan_check_write+0x14/0x20 [ 41.301038][ T20] ? _raw_spin_trylock+0xcd/0x1a0 [ 41.305904][ T20] ? stp_proto_unregister+0x200/0x200 [ 41.311106][ T20] ? mld_sendpack+0x662/0xbb0 [ 41.315628][ T20] ? process_one_work+0x6bb/0xc10 [ 41.320479][ T20] ? netdev_core_pick_tx+0xce/0x300 [ 41.325512][ T20] __dev_queue_xmit+0x161e/0x2e70 [ 41.330375][ T20] ? dev_queue_xmit+0x20/0x20 [ 41.334894][ T20] ? __kasan_check_write+0x14/0x20 [ 41.339833][ T20] ? _raw_write_lock_bh+0xa4/0x170 [ 41.344782][ T20] ? _raw_write_lock_irq+0x170/0x170 [ 41.350231][ T20] ? eth_header+0x120/0x200 [ 41.354740][ T20] ? memcpy+0x56/0x70 [ 41.358587][ T20] dev_queue_xmit+0x17/0x20 [ 41.363171][ T20] neigh_resolve_output+0x6b8/0x760 [ 41.368193][ T20] ip6_finish_output2+0xf95/0x16e0 [ 41.373143][ T20] ? __ip6_finish_output+0x850/0x850 [ 41.378262][ T20] __ip6_finish_output+0x678/0x850 [ 41.383209][ T20] ip6_finish_output+0x31/0x210 [ 41.387898][ T20] ? ip6_output+0x486/0x4d0 [ 41.392249][ T20] ip6_output+0x1f7/0x4d0 [ 41.396403][ T20] ? ac6_seq_show+0xf0/0xf0 [ 41.400743][ T20] ? xfrm_lookup+0x38/0x50 [ 41.405008][ T20] ? ip6_output+0x4d0/0x4d0 [ 41.409418][ T20] ? icmp6_dst_alloc+0x4f0/0x560 [ 41.414200][ T20] mld_sendpack+0x662/0xbb0 [ 41.418631][ T20] ? add_grec+0x13a0/0x13a0 [ 41.422969][ T20] ? igmp6_send+0x10a0/0x10a0 [ 41.427567][ T20] ? add_grec+0x112/0x13a0 [ 41.431821][ T20] ? finish_task_switch+0x167/0x7b0 [ 41.436856][ T20] mld_ifc_work+0x7dc/0xbb0 [ 41.441205][ T20] ? __kasan_check_read+0x11/0x20 [ 41.446060][ T20] ? strscpy+0x9c/0x260 [ 41.450051][ T20] process_one_work+0x6bb/0xc10 [ 41.454769][ T20] worker_thread+0xad5/0x12a0 [ 41.459250][ T20] ? _raw_spin_lock+0x1b0/0x1b0 [ 41.463943][ T20] kthread+0x421/0x510 [ 41.467850][ T20] ? worker_clr_flags+0x180/0x180 [ 41.472703][ T20] ? kthread_blkcg+0xd0/0xd0 [ 41.477244][ T20] ret_from_fork+0x1f/0x30 [ 41.481498][ T20] [ 41.484503][ T20] Modules linked in: [ 41.488219][ T20] ---[ end trace 2fab3b4c1ff6a42f ]--- [ 41.492569][ T39] usb 1-1: USB disconnect, device number 2 [ 41.493468][ T20] RIP: 0010:skb_over_panic+0x14c/0x150 [ 41.499810][ T39] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM [ 41.504405][ T20] Code: 40 c7 b1 85 48 c7 c6 b0 68 fd 85 48 8b 55 c0 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 53 41 55 41 54 41 57 e8 3d 03 dd 00 48 83 c4 20 <0f> 0b 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 10 89 [ 41.504422][ T20] RSP: 0018:ffffc90000146f80 EFLAGS: 00010282 [ 41.537917][ T20] RAX: 0000000000000087 RBX: ffffffff85b1c7c0 RCX: 01d7663484d4ff00 [ 41.545724][ T20] RDX: 0000000000000000 RSI: 0000000000000603 RDI: 0000000000000000 [ 41.553561][ T20] RBP: ffffc90000146fc0 R08: ffffffff815748e5 R09: ffffed103ee065e8 [ 41.561357][ T20] R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000000000b8 [ 41.569169][ T20] R13: 0000000000000080 R14: dffffc0000000000 R15: ffff88810cc6a800 [ 41.576962][ T20] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 41.585743][ T20] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.592181][ T20] CR2: 00007f06af4a4a12 CR3: 000000011eef6000 CR4: 00000000003506b0 [ 41.600010][ T20] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.607800][ T20] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.615615][ T20] Kernel panic - not syncing: Fatal exception in interrupt [ 41.622779][ T20] Kernel Offset: disabled [ 41.626925][ T20] Rebooting in 86400 seconds..