Starting sshd: OK syzkaller syzkaller login: [ 15.031520][ T23] kauditd_printk_skb: 38 callbacks suppressed [ 15.031532][ T23] audit: type=1400 audit(1671593141.479:72): avc: denied { transition } for pid=2935 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.035996][ T23] audit: type=1400 audit(1671593141.479:73): avc: denied { write } for pid=2935 comm="sh" path="pipe:[10849]" dev="pipefs" ino=10849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 16.137277][ T2938] scp (2938) used greatest stack depth: 11728 bytes left [ 16.146491][ T2936] sshd (2936) used greatest stack depth: 11504 bytes left Warning: Permanently added '10.128.0.171' (ECDSA) to the list of known hosts. 2022/12/21 03:26:18 ignoring optional flag "sandboxArg"="0" 2022/12/21 03:26:18 parsed 1 programs [ 51.893675][ T23] audit: type=1400 audit(1671593178.339:74): avc: denied { getattr } for pid=3105 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 51.917422][ T23] audit: type=1400 audit(1671593178.349:75): avc: denied { read } for pid=3105 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 51.922427][ T3111] cgroup: Unknown subsys name 'net' [ 51.938621][ T23] audit: type=1400 audit(1671593178.349:76): avc: denied { open } for pid=3105 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 51.967390][ T23] audit: type=1400 audit(1671593178.369:77): avc: denied { mounton } for pid=3111 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1137 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 51.990073][ T23] audit: type=1400 audit(1671593178.369:78): avc: denied { mount } for pid=3111 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 52.012203][ T23] audit: type=1400 audit(1671593178.389:79): avc: denied { unmount } for pid=3111 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 52.149406][ T3111] cgroup: Unknown subsys name 'rlimit' 2022/12/21 03:26:18 executed programs: 0 [ 52.299042][ T23] audit: type=1400 audit(1671593178.749:80): avc: denied { mounton } for pid=3111 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 52.326888][ T23] audit: type=1400 audit(1671593178.759:81): avc: denied { mount } for pid=3111 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 52.350216][ T23] audit: type=1400 audit(1671593178.759:82): avc: denied { create } for pid=3111 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 52.370639][ T23] audit: type=1400 audit(1671593178.759:83): avc: denied { write } for pid=3111 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 52.481621][ T3116] chnl_net:caif_netlink_parms(): no params data found [ 52.509389][ T3116] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.516480][ T3116] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.523909][ T3116] device bridge_slave_0 entered promiscuous mode [ 52.531099][ T3116] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.538112][ T3116] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.545604][ T3116] device bridge_slave_1 entered promiscuous mode [ 52.560015][ T3116] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.569845][ T3116] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.586849][ T3116] team0: Port device team_slave_0 added [ 52.593076][ T3116] team0: Port device team_slave_1 added [ 52.605804][ T3116] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 52.612766][ T3116] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 52.638660][ T3116] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 52.649631][ T3116] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 52.656569][ T3116] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 52.682559][ T3116] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 52.704339][ T3116] device hsr_slave_0 entered promiscuous mode [ 52.710772][ T3116] device hsr_slave_1 entered promiscuous mode [ 52.762768][ T3116] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 52.771237][ T3116] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 52.779573][ T3116] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 52.788080][ T3116] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 52.800420][ T3116] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.807442][ T3116] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.814747][ T3116] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.821825][ T3116] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.844748][ T3116] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.854388][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.863295][ T3132] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.871385][ T3132] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.879562][ T3132] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 52.889202][ T3116] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.898323][ T883] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.906644][ T883] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.913739][ T883] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.922963][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.931200][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.938237][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.956175][ T3116] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 52.966513][ T3116] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.979317][ T883] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.987502][ T883] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.995890][ T883] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.003490][ T883] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.042642][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 53.050133][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 53.058776][ T3116] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.070674][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 53.118638][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 53.127084][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 53.134949][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 53.142541][ T3116] device veth0_vlan entered promiscuous mode [ 53.150695][ T3116] device veth1_vlan entered promiscuous mode [ 53.161081][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 53.169146][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 53.177147][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 53.186644][ T3116] device veth0_macvtap entered promiscuous mode [ 53.194144][ T3116] device veth1_macvtap entered promiscuous mode [ 53.204854][ T3116] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 53.212916][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 53.221934][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 53.231768][ T3116] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 53.239363][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 53.249170][ T3116] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.257843][ T3116] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.266579][ T3116] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.275281][ T3116] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 2022/12/21 03:26:23 executed programs: 527 2022/12/21 03:26:28 executed programs: 1250 2022/12/21 03:26:33 executed programs: 1999 [ 70.234533][ T2737] ================================================================== [ 70.242623][ T2737] BUG: KCSAN: data-race in dentry_unlink_inode / step_into [ 70.249827][ T2737] [ 70.252132][ T2737] write to 0xffff88810acf5930 of 8 bytes by task 3114 on cpu 1: [ 70.259742][ T2737] dentry_unlink_inode+0x65/0x240 [ 70.264785][ T2737] d_delete+0x70/0xa0 [ 70.268759][ T2737] d_delete_notify+0x30/0xe0 [ 70.273338][ T2737] vfs_unlink+0x306/0x3e0 [ 70.277653][ T2737] do_unlinkat+0x258/0x510 [ 70.282059][ T2737] __x64_sys_unlink+0x2c/0x30 [ 70.286718][ T2737] do_syscall_64+0x2b/0x70 [ 70.291116][ T2737] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.296991][ T2737] [ 70.299296][ T2737] read to 0xffff88810acf5930 of 8 bytes by task 2737 on cpu 0: [ 70.306817][ T2737] step_into+0x115/0x7d0 [ 70.311050][ T2737] walk_component+0x164/0x230 [ 70.315708][ T2737] path_lookupat+0x11d/0x2b0 [ 70.320281][ T2737] filename_lookup+0x133/0x310 [ 70.325027][ T2737] user_path_at_empty+0x3e/0x110 [ 70.329947][ T2737] do_readlinkat+0x98/0x210 [ 70.334428][ T2737] __x64_sys_readlink+0x43/0x50 [ 70.339261][ T2737] do_syscall_64+0x2b/0x70 [ 70.343652][ T2737] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.349527][ T2737] [ 70.351827][ T2737] value changed: 0xffff88810bc26a58 -> 0x0000000000000000 [ 70.358906][ T2737] [ 70.361208][ T2737] Reported by Kernel Concurrency Sanitizer on: [ 70.367331][ T2737] CPU: 0 PID: 2737 Comm: udevd Not tainted 6.1.0-syzkaller-13822-g6feb57c2fd7c-dirty #0 [ 70.377022][ T2737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 70.387056][ T2737] ================================================================== 2022/12/21 03:26:38 executed programs: 2716