syzkaller syzkaller login: [ 13.806214][ T24] kauditd_printk_skb: 61 callbacks suppressed [ 13.806221][ T24] audit: type=1400 audit(1653201299.166:72): avc: denied { transition } for pid=1639 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.813046][ T24] audit: type=1400 audit(1653201299.166:73): avc: denied { write } for pid=1639 comm="sh" path="pipe:[1763]" dev="pipefs" ino=1763 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 13.861264][ T1641] sshd (1641) used greatest stack depth: 11912 bytes left [ 14.256162][ T1642] scp (1642) used greatest stack depth: 11896 bytes left [ 14.265981][ T1640] sshd (1640) used greatest stack depth: 11528 bytes left Warning: Permanently added '10.128.1.22' (ECDSA) to the list of known hosts. 2022/05/22 06:35:05 fuzzer started 2022/05/22 06:35:05 connecting to host at 10.128.0.163:34921 2022/05/22 06:35:05 checking machine... 2022/05/22 06:35:05 checking revisions... 2022/05/22 06:35:05 testing simple program... [ 20.050078][ T24] audit: type=1400 audit(1653201305.406:74): avc: denied { getattr } for pid=1800 comm="syz-fuzzer" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 20.062284][ T1810] cgroup: Unknown subsys name 'net' [ 20.073676][ T24] audit: type=1400 audit(1653201305.406:75): avc: denied { read } for pid=1800 comm="syz-fuzzer" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 20.100435][ T24] audit: type=1400 audit(1653201305.406:76): avc: denied { open } for pid=1800 comm="syz-fuzzer" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 20.123927][ T24] audit: type=1400 audit(1653201305.416:77): avc: denied { mounton } for pid=1810 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1136 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.146910][ T24] audit: type=1400 audit(1653201305.416:78): avc: denied { mount } for pid=1810 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.169802][ T24] audit: type=1400 audit(1653201305.436:79): avc: denied { unmount } for pid=1810 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.334031][ T1810] cgroup: Unknown subsys name 'rlimit' [ 20.520172][ T24] audit: type=1400 audit(1653201305.876:80): avc: denied { execmem } for pid=1811 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.540179][ T24] audit: type=1400 audit(1653201305.896:81): avc: denied { mounton } for pid=1812 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 20.562703][ T24] audit: type=1400 audit(1653201305.896:82): avc: denied { module_request } for pid=1812 comm="syz-executor.0" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 20.584944][ T24] audit: type=1400 audit(1653201305.906:83): avc: denied { sys_module } for pid=1812 comm="syz-executor.0" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 20.626373][ T1812] chnl_net:caif_netlink_parms(): no params data found [ 20.654047][ T1812] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.661437][ T1812] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.669586][ T1812] device bridge_slave_0 entered promiscuous mode [ 20.676991][ T1812] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.684153][ T1812] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.692054][ T1812] device bridge_slave_1 entered promiscuous mode [ 20.706025][ T1812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 20.715904][ T1812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 20.731892][ T1812] team0: Port device team_slave_0 added [ 20.738230][ T1812] team0: Port device team_slave_1 added [ 20.751070][ T1812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 20.758010][ T1812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 20.783966][ T1812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 20.794830][ T1812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 20.801743][ T1812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 20.827640][ T1812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 20.847556][ T1812] device hsr_slave_0 entered promiscuous mode [ 20.853813][ T1812] device hsr_slave_1 entered promiscuous mode [ 20.903123][ T1812] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 20.911212][ T1812] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 20.919531][ T1812] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 20.927851][ T1812] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 20.939973][ T1812] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.947004][ T1812] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.954336][ T1812] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.961350][ T1812] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.985444][ T1812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 20.994872][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.003262][ T25] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.010915][ T25] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.019289][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 21.029253][ T1812] 8021q: adding VLAN 0 to HW filter on device team0 [ 21.038524][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.046913][ T29] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.054001][ T29] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.063647][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.072030][ T29] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.079094][ T29] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.092049][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 21.101064][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 21.113954][ T1812] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 21.124464][ T1812] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 21.136727][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 21.145350][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.156800][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.165309][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 21.178560][ T1812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 21.187740][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 21.195546][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 21.204377][ T1826] ================================================================== [ 21.212879][ T1826] BUG: KCSAN: data-race in prandom_seed / prandom_u32 [ 21.219732][ T1826] [ 21.222251][ T1826] write to 0xffff888237d28850 of 8 bytes by task 892 on cpu 1: [ 21.229897][ T1826] prandom_u32+0x11f/0x190 [ 21.234726][ T1826] mld_ifc_work+0x6dd/0x800 [ 21.239309][ T1826] process_one_work+0x3d3/0x720 [ 21.244387][ T1826] worker_thread+0x618/0xa70 [ 21.249067][ T1826] kthread+0x1a9/0x1e0 [ 21.253303][ T1826] ret_from_fork+0x1f/0x30 [ 21.257809][ T1826] [ 21.260289][ T1826] read to 0xffff888237d28850 of 8 bytes by task 1826 on cpu 0: [ 21.268602][ T1826] prandom_seed+0xd3/0x270 [ 21.273095][ T1826] addrconf_dad_work+0x265/0xbb0 [ 21.278347][ T1826] process_one_work+0x3d3/0x720 [ 21.283291][ T1826] worker_thread+0x618/0xa70 [ 21.287872][ T1826] kthread+0x1a9/0x1e0 [ 21.292022][ T1826] ret_from_fork+0x1f/0x30 [ 21.296633][ T1826] [ 21.298943][ T1826] value changed: 0x44bd515016fc9e70 -> 0x30cc9d42add51a82 [ 21.306125][ T1826] [ 21.308452][ T1826] Reported by Kernel Concurrency Sanitizer on: [ 21.314595][ T1826] CPU: 0 PID: 1826 Comm: kworker/0:3 Not tainted 5.18.0-rc7-syzkaller-00181-geaea45fc0e7b-dirty #0 [ 21.325345][ T1826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.335400][ T1826] Workqueue: ipv6_addrconf addrconf_dad_work [ 21.341958][ T1826] ================================================================== [ 21.384345][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.420555][ T1812] device veth0_vlan entered promiscuous mode [ 21.427614][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.437158][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.445273][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.455329][ T1812] device veth1_vlan entered promiscuous mode [ 21.466617][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 21.474651][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 21.483124][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.493457][ T1812] device veth0_macvtap entered promiscuous mode [ 21.500997][ T1812] device veth1_macvtap entered promiscuous mode [ 21.512657][ T1812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 21.520270][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.529543][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 21.539028][ T1812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 21.547112][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.557221][ T1812] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 21.566339][ T1812] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 21.575125][ T1812] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 2022/05/22 06:35:06 building call list... [ 21.584428][ T1812] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 21.660453][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program [ 23.813587][ T1807] can: request_module (can-proto-0) failed. [ 23.825312][ T1807] can: request_module (can-proto-0) failed. [ 23.836557][ T1807] can: request_module (can-proto-0) failed.